./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4276630160 <...> DUID 00:04:11:31:ea:d8:bb:db:47:a8:80:cb:7d:0b:3c:d8:ea:74 forked to background, child pid 4671 [ 48.540960][ T4672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.554938][ T4672] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.39' (ECDSA) to the list of known hosts. execve("./syz-executor4276630160", ["./syz-executor4276630160"], 0x7ffea1506310 /* 10 vars */) = 0 brk(NULL) = 0x555556661000 brk(0x555556661c40) = 0x555556661c40 arch_prctl(ARCH_SET_FS, 0x555556661300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555566615d0) = 5008 set_robust_list(0x5555566615e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f3af416a2d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3af416a9a0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f3af416a370, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3af416a9a0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4276630160", 4096) = 28 brk(0x555556682c40) = 0x555556682c40 brk(0x555556683000) = 0x555556683000 mprotect(0x7f3af422a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5009 attached , child_tidptr=0x5555566615d0) = 5009 [pid 5009] set_robust_list(0x5555566615e0, 24) = 0 [pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5009] setpgid(0, 0) = 0 [pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5009] write(3, "1000", 4) = 4 [pid 5009] close(3) = 0 [pid 5009] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5009] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5009] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5010 attached , parent_tid=[5010], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5010 [pid 5010] set_robust_list(0x7f3af415a9e0, 24 [pid 5009] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... set_robust_list resumed>) = 0 [pid 5009] <... futex resumed>) = 0 [pid 5009] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5010] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5009] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... futex resumed>) = 1 [pid 5010] ioctl(3, TIOCSETD, [21]) = 0 [pid 5010] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5009] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... futex resumed>) = 1 [pid 5010] ioctl(3, GSMIOC_SETCONF [pid 5009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5009] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5009] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5009] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5015], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5015 [pid 5009] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5015 attached [pid 5015] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5015] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5015] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5009] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... futex resumed>) = 1 syzkaller login: [ 74.927905][ T5015] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 74.946488][ T5015] CPU: 0 PID: 5015 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 74.957015][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 74.967110][ T5015] Call Trace: [ 74.970424][ T5015] [ 74.973391][ T5015] dump_stack_lvl+0x136/0x150 [ 74.978162][ T5015] sysfs_warn_dup+0x80/0xa0 [ 74.982743][ T5015] sysfs_create_dir_ns+0x237/0x290 [ 74.987922][ T5015] ? sysfs_create_mount_point+0xb0/0xb0 [ 74.993538][ T5015] ? spin_bug+0x1c0/0x1c0 [ 74.997939][ T5015] ? class_dir_child_ns_type+0xd/0x60 [ 75.003462][ T5015] kobject_add_internal+0x2c9/0x9c0 [ 75.008725][ T5015] kobject_add+0x158/0x230 [ 75.013197][ T5015] ? kset_create_and_add+0x1a0/0x1a0 [ 75.018634][ T5015] ? do_raw_spin_unlock+0x175/0x230 [ 75.024252][ T5015] ? kobject_put+0xbd/0x4d0 [ 75.028814][ T5015] device_add+0x37d/0x1a40 [ 75.033295][ T5015] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 75.040217][ T5015] ? __init_waitqueue_head+0xca/0x150 [ 75.045659][ T5015] tty_register_device_attr+0x38f/0x7d0 [ 75.051264][ T5015] ? lockdep_init_map_type+0x21e/0x810 [ 75.056789][ T5015] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 75.062386][ T5015] ? lockdep_init_map_type+0x21e/0x810 [ 75.067914][ T5015] ? __raw_spin_lock_init+0x3a/0x110 [ 75.073356][ T5015] ? tty_port_init+0x156/0x1b0 [ 75.078188][ T5015] gsmld_ioctl+0x97e/0x1850 [ 75.082769][ T5015] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 75.088379][ T5015] ? __ldsem_down_read_nested+0xcb/0x850 [ 75.094088][ T5015] ? __ldsem_down_read_nested+0xdc/0x850 [ 75.099792][ T5015] ? tomoyo_path_number_perm+0x166/0x570 [ 75.105482][ T5015] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 75.110937][ T5015] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 75.116905][ T5015] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 75.122525][ T5015] tty_ioctl+0x80b/0x16e0 [ 75.126912][ T5015] ? tty_release_struct+0xf0/0xf0 [ 75.132000][ T5015] ? find_held_lock+0x2d/0x110 [ 75.136828][ T5015] ? do_one_initcall+0x270/0x540 [ 75.141849][ T5015] ? __fget_files+0x26a/0x480 [ 75.146603][ T5015] ? bpf_lsm_file_ioctl+0x9/0x10 [ 75.151615][ T5015] ? tty_release_struct+0xf0/0xf0 [ 75.156690][ T5015] __x64_sys_ioctl+0x197/0x210 [ 75.161525][ T5015] do_syscall_64+0x39/0xb0 [ 75.166029][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.171996][ T5015] RIP: 0033:0x7f3af41a8c49 [pid 5015] ioctl(4, GSMIOC_SETCONF [pid 5010] <... ioctl resumed>, 0x20000040) = 0 [pid 5010] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.176450][ T5015] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.196105][ T5015] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.204571][ T5015] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 75.212572][ T5015] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 75.220565][ T5015] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [pid 5010] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5009] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = 0 [pid 5009] <... futex resumed>) = 1 [pid 5010] ioctl(4, GSMIOC_SETCONF [pid 5009] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... ioctl resumed>, 0x20000040) = 0 [pid 5010] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5009] <... futex resumed>) = 0 [pid 5010] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5015] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] exit_group(0) = ? [pid 5010] <... futex resumed>) = ? [pid 5010] +++ exited with 0 +++ [pid 5015] <... futex resumed>) = ? [ 75.228543][ T5015] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 75.236521][ T5015] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 75.244516][ T5015] [ 75.250320][ T5015] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5015] +++ exited with 0 +++ [pid 5009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5009, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5018 ./strace-static-x86_64: Process 5018 attached [pid 5018] set_robust_list(0x5555566615e0, 24) = 0 [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5018] setpgid(0, 0) = 0 [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5018] write(3, "1000", 4) = 4 [pid 5018] close(3) = 0 [pid 5018] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5018] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5019 attached , parent_tid=[5019], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5019 [pid 5019] set_robust_list(0x7f3af415a9e0, 24 [pid 5018] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... set_robust_list resumed>) = 0 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5019] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5019] <... futex resumed>) = 1 [pid 5018] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] ioctl(3, TIOCSETD, [21] [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] <... ioctl resumed>) = 0 [pid 5019] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5019] <... futex resumed>) = 1 [pid 5018] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] ioctl(3, GSMIOC_SETCONF [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5018] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5018] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5020], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5020 [pid 5018] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5020 attached [pid 5020] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5020] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5020] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... futex resumed>) = 1 [ 75.533042][ T5020] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 75.542953][ T5020] CPU: 1 PID: 5020 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 75.553431][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 75.563526][ T5020] Call Trace: [ 75.566833][ T5020] [ 75.569798][ T5020] dump_stack_lvl+0x136/0x150 [ 75.574549][ T5020] sysfs_warn_dup+0x80/0xa0 [ 75.579119][ T5020] sysfs_create_dir_ns+0x237/0x290 [ 75.584298][ T5020] ? sysfs_create_mount_point+0xb0/0xb0 [ 75.589912][ T5020] ? spin_bug+0x1c0/0x1c0 [ 75.594407][ T5020] ? class_dir_child_ns_type+0xd/0x60 [ 75.599831][ T5020] kobject_add_internal+0x2c9/0x9c0 [ 75.605092][ T5020] kobject_add+0x158/0x230 [ 75.609566][ T5020] ? kset_create_and_add+0x1a0/0x1a0 [ 75.614906][ T5020] ? do_raw_spin_unlock+0x175/0x230 [ 75.620168][ T5020] ? kobject_put+0xbd/0x4d0 [ 75.624832][ T5020] device_add+0x37d/0x1a40 [ 75.629315][ T5020] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 75.636230][ T5020] ? __init_waitqueue_head+0xca/0x150 [ 75.641668][ T5020] tty_register_device_attr+0x38f/0x7d0 [ 75.647290][ T5020] ? lockdep_init_map_type+0x21e/0x810 [ 75.652813][ T5020] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 75.658405][ T5020] ? lockdep_init_map_type+0x21e/0x810 [ 75.663925][ T5020] ? __raw_spin_lock_init+0x3a/0x110 [ 75.669277][ T5020] ? tty_port_init+0x156/0x1b0 [ 75.674111][ T5020] gsmld_ioctl+0x97e/0x1850 [ 75.678676][ T5020] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 75.684289][ T5020] ? __ldsem_down_read_nested+0xcb/0x850 [ 75.690000][ T5020] ? __ldsem_down_read_nested+0xdc/0x850 [ 75.695708][ T5020] ? tomoyo_path_number_perm+0x166/0x570 [ 75.701511][ T5020] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 75.706961][ T5020] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 75.712936][ T5020] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 75.718544][ T5020] tty_ioctl+0x80b/0x16e0 [ 75.722930][ T5020] ? tty_release_struct+0xf0/0xf0 [ 75.728098][ T5020] ? find_held_lock+0x2d/0x110 [pid 5020] ioctl(4, GSMIOC_SETCONF [pid 5019] <... ioctl resumed>, 0x20000040) = 0 [pid 5019] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.732923][ T5020] ? do_one_initcall+0x270/0x540 [ 75.737941][ T5020] ? __fget_files+0x26a/0x480 [ 75.742693][ T5020] ? bpf_lsm_file_ioctl+0x9/0x10 [ 75.747726][ T5020] ? tty_release_struct+0xf0/0xf0 [ 75.752802][ T5020] __x64_sys_ioctl+0x197/0x210 [ 75.757636][ T5020] do_syscall_64+0x39/0xb0 [ 75.762127][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.768117][ T5020] RIP: 0033:0x7f3af41a8c49 [ 75.772540][ T5020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.792155][ T5020] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.800582][ T5020] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 75.808562][ T5020] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 75.816560][ T5020] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 75.824543][ T5020] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [pid 5019] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5018] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5018] <... futex resumed>) = 1 [pid 5019] ioctl(4, GSMIOC_SETCONF [pid 5018] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] <... ioctl resumed>, 0x20000040) = 0 [pid 5019] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5019] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5020] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] exit_group(0 [pid 5020] <... futex resumed>) = ? [pid 5019] <... futex resumed>) = ? [pid 5018] <... exit_group resumed>) = ? [pid 5020] +++ exited with 0 +++ [pid 5019] +++ exited with 0 +++ [ 75.832521][ T5020] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 75.840515][ T5020] [ 75.844648][ T5020] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5022 ./strace-static-x86_64: Process 5022 attached [pid 5022] set_robust_list(0x5555566615e0, 24) = 0 [pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5022] setpgid(0, 0) = 0 [pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5022] write(3, "1000", 4) = 4 [pid 5022] close(3) = 0 [pid 5022] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5022] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5022] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5023 attached [pid 5023] set_robust_list(0x7f3af415a9e0, 24 [pid 5022] <... clone resumed>, parent_tid=[5023], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5023 [pid 5023] <... set_robust_list resumed>) = 0 [pid 5022] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5022] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... openat resumed>) = 3 [pid 5023] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] ioctl(3, TIOCSETD, [21] [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... ioctl resumed>) = 0 [pid 5023] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = 0 [pid 5023] <... futex resumed>) = 1 [pid 5022] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] ioctl(3, GSMIOC_SETCONF [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5022] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5022] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5022] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5022] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5024], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5024 [pid 5022] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5024 attached [pid 5024] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5024] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5024] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] <... futex resumed>) = 0 [pid 5024] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5022] <... futex resumed>) = 0 [pid 5024] ioctl(4, GSMIOC_SETCONF [pid 5022] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... ioctl resumed>, 0x20000040) = 0 [pid 5023] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.119975][ T5024] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 76.140079][ T5024] CPU: 1 PID: 5024 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 76.150579][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 76.160673][ T5024] Call Trace: [ 76.163987][ T5024] [ 76.166955][ T5024] dump_stack_lvl+0x136/0x150 [ 76.171709][ T5024] sysfs_warn_dup+0x80/0xa0 [ 76.176285][ T5024] sysfs_create_dir_ns+0x237/0x290 [ 76.181468][ T5024] ? sysfs_create_mount_point+0xb0/0xb0 [ 76.187086][ T5024] ? spin_bug+0x1c0/0x1c0 [ 76.191486][ T5024] ? class_dir_child_ns_type+0xd/0x60 [ 76.196998][ T5024] kobject_add_internal+0x2c9/0x9c0 [ 76.202255][ T5024] kobject_add+0x158/0x230 [ 76.206723][ T5024] ? kset_create_and_add+0x1a0/0x1a0 [ 76.212061][ T5024] ? do_raw_spin_unlock+0x175/0x230 [ 76.217322][ T5024] ? kobject_put+0xbd/0x4d0 [ 76.221904][ T5024] device_add+0x37d/0x1a40 [ 76.226383][ T5024] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 76.233302][ T5024] ? __init_waitqueue_head+0xca/0x150 [ 76.238751][ T5024] tty_register_device_attr+0x38f/0x7d0 [ 76.244353][ T5024] ? lockdep_init_map_type+0x21e/0x810 [ 76.249965][ T5024] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 76.255563][ T5024] ? lockdep_init_map_type+0x21e/0x810 [ 76.261095][ T5024] ? __raw_spin_lock_init+0x3a/0x110 [ 76.266484][ T5024] ? tty_port_init+0x156/0x1b0 [ 76.271329][ T5024] gsmld_ioctl+0x97e/0x1850 [ 76.275900][ T5024] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 76.281522][ T5024] ? __ldsem_down_read_nested+0xcb/0x850 [ 76.287232][ T5024] ? __ldsem_down_read_nested+0xdc/0x850 [ 76.292936][ T5024] ? tomoyo_path_number_perm+0x166/0x570 [ 76.298623][ T5024] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 76.304105][ T5024] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 76.310064][ T5024] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 76.315689][ T5024] tty_ioctl+0x80b/0x16e0 [ 76.320077][ T5024] ? tty_release_struct+0xf0/0xf0 [ 76.325177][ T5024] ? find_held_lock+0x2d/0x110 [ 76.330012][ T5024] ? do_one_initcall+0x270/0x540 [ 76.335020][ T5024] ? __fget_files+0x26a/0x480 [ 76.339769][ T5024] ? bpf_lsm_file_ioctl+0x9/0x10 [ 76.344768][ T5024] ? tty_release_struct+0xf0/0xf0 [ 76.349851][ T5024] __x64_sys_ioctl+0x197/0x210 [ 76.354695][ T5024] do_syscall_64+0x39/0xb0 [ 76.359179][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.365145][ T5024] RIP: 0033:0x7f3af41a8c49 [ 76.369613][ T5024] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 76.389271][ T5024] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.397727][ T5024] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 76.405715][ T5024] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [pid 5023] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5022] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5022] <... futex resumed>) = 1 [pid 5024] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] <... futex resumed>) = 0 [pid 5023] ioctl(4, GSMIOC_SETCONF, 0x20000040) = 0 [pid 5023] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] <... futex resumed>) = 0 [pid 5023] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] exit_group(0 [pid 5024] <... futex resumed>) = ? [pid 5023] <... futex resumed>) = ? [pid 5022] <... exit_group resumed>) = ? [pid 5024] +++ exited with 0 +++ [ 76.413711][ T5024] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 76.421712][ T5024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3af41fe07c [ 76.429695][ T5024] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 76.437694][ T5024] [ 76.441397][ T5024] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5023] +++ exited with 0 +++ [pid 5022] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5022, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5026 ./strace-static-x86_64: Process 5026 attached [pid 5026] set_robust_list(0x5555566615e0, 24) = 0 [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5026] setpgid(0, 0) = 0 [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5026] write(3, "1000", 4) = 4 [pid 5026] close(3) = 0 [pid 5026] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5026] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5027 attached [pid 5027] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5027] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... clone resumed>, parent_tid=[5027], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5027 [pid 5026] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5026] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... openat resumed>) = 3 [pid 5027] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] ioctl(3, TIOCSETD, [21]) = 0 [pid 5027] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5026] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5026] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] ioctl(3, GSMIOC_SETCONF [pid 5026] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5026] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5026] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5028], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5028 [pid 5026] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5028 attached [pid 5028] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5028] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5028] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... futex resumed>) = 0 [ 76.748410][ T5028] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 76.760367][ T5028] CPU: 1 PID: 5028 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 76.770857][ T5028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 76.781039][ T5028] Call Trace: [ 76.784356][ T5028] [ 76.787337][ T5028] dump_stack_lvl+0x136/0x150 [ 76.792094][ T5028] sysfs_warn_dup+0x80/0xa0 [ 76.796674][ T5028] sysfs_create_dir_ns+0x237/0x290 [ 76.801862][ T5028] ? sysfs_create_mount_point+0xb0/0xb0 [ 76.807479][ T5028] ? spin_bug+0x1c0/0x1c0 [ 76.811881][ T5028] ? class_dir_child_ns_type+0xd/0x60 [ 76.817305][ T5028] kobject_add_internal+0x2c9/0x9c0 [ 76.822579][ T5028] kobject_add+0x158/0x230 [ 76.827053][ T5028] ? kset_create_and_add+0x1a0/0x1a0 [ 76.832483][ T5028] ? do_raw_spin_unlock+0x175/0x230 [ 76.837761][ T5028] ? kobject_put+0xbd/0x4d0 [ 76.842329][ T5028] device_add+0x37d/0x1a40 [ 76.846815][ T5028] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 76.853736][ T5028] ? __init_waitqueue_head+0xca/0x150 [ 76.859188][ T5028] tty_register_device_attr+0x38f/0x7d0 [ 76.864796][ T5028] ? lockdep_init_map_type+0x21e/0x810 [ 76.870317][ T5028] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 76.875952][ T5028] ? lockdep_init_map_type+0x21e/0x810 [ 76.881489][ T5028] ? __raw_spin_lock_init+0x3a/0x110 [ 76.886852][ T5028] ? tty_port_init+0x156/0x1b0 [ 76.891691][ T5028] gsmld_ioctl+0x97e/0x1850 [ 76.896294][ T5028] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 76.901919][ T5028] ? __ldsem_down_read_nested+0xcb/0x850 [ 76.907617][ T5028] ? __ldsem_down_read_nested+0xdc/0x850 [ 76.913325][ T5028] ? tomoyo_path_number_perm+0x166/0x570 [ 76.919018][ T5028] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 76.924827][ T5028] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 76.930797][ T5028] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 76.936434][ T5028] tty_ioctl+0x80b/0x16e0 [ 76.940823][ T5028] ? tty_release_struct+0xf0/0xf0 [pid 5028] ioctl(4, GSMIOC_SETCONF [pid 5026] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5026] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5026] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5029], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5029 [pid 5026] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5029 attached [pid 5029] set_robust_list(0x7f3af41189e0, 24) = 0 [ 76.945898][ T5028] ? find_held_lock+0x2d/0x110 [ 76.950682][ T5028] ? do_one_initcall+0x270/0x540 [ 76.955663][ T5028] ? __fget_files+0x26a/0x480 [ 76.960415][ T5028] ? bpf_lsm_file_ioctl+0x9/0x10 [ 76.965410][ T5028] ? tty_release_struct+0xf0/0xf0 [ 76.970162][ T5029] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 76.970480][ T5028] __x64_sys_ioctl+0x197/0x210 [ 76.983698][ T5028] do_syscall_64+0x39/0xb0 [ 76.988192][ T5028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.994156][ T5028] RIP: 0033:0x7f3af41a8c49 [pid 5029] ioctl(4, GSMIOC_SETCONF [pid 5026] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 76.998619][ T5028] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 77.018283][ T5028] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.026747][ T5028] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 77.034751][ T5028] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 77.042751][ T5028] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 77.050759][ T5028] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3af41fe07c [ 77.058760][ T5028] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 77.066778][ T5028] [ 77.069822][ T5029] CPU: 0 PID: 5029 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 77.080289][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 77.090365][ T5029] Call Trace: [ 77.093664][ T5029] [ 77.096611][ T5029] dump_stack_lvl+0x136/0x150 [ 77.101335][ T5029] sysfs_warn_dup+0x80/0xa0 [ 77.105876][ T5029] sysfs_create_dir_ns+0x237/0x290 [ 77.111021][ T5029] ? sysfs_create_mount_point+0xb0/0xb0 [ 77.116604][ T5029] ? spin_bug+0x1c0/0x1c0 [ 77.120974][ T5029] ? class_dir_child_ns_type+0xd/0x60 [ 77.126392][ T5029] kobject_add_internal+0x2c9/0x9c0 [ 77.131620][ T5029] kobject_add+0x158/0x230 [ 77.136062][ T5029] ? kset_create_and_add+0x1a0/0x1a0 [ 77.141372][ T5029] ? do_raw_spin_unlock+0x175/0x230 [ 77.146606][ T5029] ? kobject_put+0xbd/0x4d0 [ 77.151146][ T5029] device_add+0x37d/0x1a40 [ 77.155597][ T5029] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 77.162479][ T5029] ? __init_waitqueue_head+0xca/0x150 [ 77.167890][ T5029] tty_register_device_attr+0x38f/0x7d0 [ 77.173459][ T5029] ? lockdep_init_map_type+0x21e/0x810 [ 77.178955][ T5029] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 77.184522][ T5029] ? lockdep_init_map_type+0x21e/0x810 [ 77.190029][ T5029] ? __raw_spin_lock_init+0x3a/0x110 [ 77.195351][ T5029] ? tty_port_init+0x156/0x1b0 [ 77.200247][ T5029] gsmld_ioctl+0x97e/0x1850 [ 77.204796][ T5029] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 77.210467][ T5029] ? __ldsem_down_read_nested+0xcb/0x850 [ 77.216134][ T5029] ? __ldsem_down_read_nested+0xdc/0x850 [ 77.221806][ T5029] ? tomoyo_path_number_perm+0x166/0x570 [ 77.227464][ T5029] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 77.232879][ T5029] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 77.238805][ T5029] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 77.244383][ T5029] tty_ioctl+0x80b/0x16e0 [ 77.248738][ T5029] ? tty_release_struct+0xf0/0xf0 [ 77.253792][ T5029] ? find_held_lock+0x2d/0x110 [ 77.258596][ T5029] ? __fget_files+0x26a/0x480 [ 77.263331][ T5029] ? bpf_lsm_file_ioctl+0x9/0x10 [ 77.268298][ T5029] ? tty_release_struct+0xf0/0xf0 [ 77.273365][ T5029] __x64_sys_ioctl+0x197/0x210 [ 77.278168][ T5029] do_syscall_64+0x39/0xb0 [ 77.282638][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.288571][ T5029] RIP: 0033:0x7f3af41a8c49 [ 77.293005][ T5029] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 77.312637][ T5029] RSP: 002b:00007f3af4118318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.321075][ T5029] RAX: ffffffffffffffda RBX: 00007f3af42304e8 RCX: 00007f3af41a8c49 [ 77.329063][ T5029] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 77.337054][ T5029] RBP: 00007f3af42304e0 R08: 00007f3af4118700 R09: 0000000000000000 [pid 5027] <... ioctl resumed>, 0x20000040) = 0 [pid 5029] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5027] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.345049][ T5029] R10: 00007f3af4118700 R11: 0000000000000246 R12: 00007f3af41fe07c [ 77.353132][ T5029] R13: 00007ffd74d0e68f R14: 00007f3af4118400 R15: 0000000000022000 [ 77.361137][ T5029] [ 77.375615][ T5029] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5029] futex(0x7f3af42304e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] exit_group(0 [pid 5029] <... futex resumed>) = ? [pid 5027] <... futex resumed>) = ? [pid 5026] <... exit_group resumed>) = ? [pid 5029] +++ exited with 0 +++ [pid 5027] +++ exited with 0 +++ [pid 5028] <... futex resumed>) = ? [ 77.390026][ T5028] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5028] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5030 ./strace-static-x86_64: Process 5030 attached [pid 5030] set_robust_list(0x5555566615e0, 24) = 0 [pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5030] setpgid(0, 0) = 0 [pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5030] write(3, "1000", 4) = 4 [pid 5030] close(3) = 0 [pid 5030] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5030] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5030] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5031 attached , parent_tid=[5031], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5031 [pid 5031] set_robust_list(0x7f3af415a9e0, 24 [pid 5030] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... set_robust_list resumed>) = 0 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5031] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] <... futex resumed>) = 0 [pid 5031] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 0 [pid 5031] ioctl(3, TIOCSETD, [21]) = 0 [pid 5031] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] ioctl(3, GSMIOC_SETCONF [pid 5030] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5030] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5030] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5030] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5032], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5032 [pid 5030] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5032 attached [pid 5032] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5032] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5032] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 77.652438][ T5032] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 77.665058][ T5032] CPU: 1 PID: 5032 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 77.675556][ T5032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 77.685657][ T5032] Call Trace: [ 77.688978][ T5032] [ 77.691946][ T5032] dump_stack_lvl+0x136/0x150 [ 77.696695][ T5032] sysfs_warn_dup+0x80/0xa0 [ 77.701269][ T5032] sysfs_create_dir_ns+0x237/0x290 [ 77.706459][ T5032] ? sysfs_create_mount_point+0xb0/0xb0 [ 77.712088][ T5032] ? spin_bug+0x1c0/0x1c0 [ 77.714850][ T5033] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 77.716460][ T5032] ? class_dir_child_ns_type+0xd/0x60 [ 77.730292][ T5032] kobject_add_internal+0x2c9/0x9c0 [ 77.735544][ T5032] kobject_add+0x158/0x230 [ 77.739997][ T5032] ? kset_create_and_add+0x1a0/0x1a0 [ 77.745318][ T5032] ? do_raw_spin_unlock+0x175/0x230 [pid 5032] ioctl(4, GSMIOC_SETCONF [pid 5030] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5030] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5030] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5030] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5033], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5033 [pid 5030] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x7f3af41189e0, 24) = 0 [pid 5033] ioctl(4, GSMIOC_SETCONF [pid 5030] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 77.750557][ T5032] ? kobject_put+0xbd/0x4d0 [ 77.755123][ T5032] device_add+0x37d/0x1a40 [ 77.759595][ T5032] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 77.766492][ T5032] ? __init_waitqueue_head+0xca/0x150 [ 77.771999][ T5032] tty_register_device_attr+0x38f/0x7d0 [ 77.777667][ T5032] ? lockdep_init_map_type+0x21e/0x810 [ 77.783175][ T5032] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 77.788762][ T5032] ? lockdep_init_map_type+0x21e/0x810 [ 77.794287][ T5032] ? __raw_spin_lock_init+0x3a/0x110 [ 77.799621][ T5032] ? tty_port_init+0x156/0x1b0 [ 77.804437][ T5032] gsmld_ioctl+0x97e/0x1850 [ 77.808997][ T5032] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 77.814599][ T5032] ? __ldsem_down_read_nested+0xcb/0x850 [ 77.820287][ T5032] ? __ldsem_down_read_nested+0xdc/0x850 [ 77.825964][ T5032] ? tomoyo_path_number_perm+0x166/0x570 [ 77.831628][ T5032] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 77.837053][ T5032] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 77.842993][ T5032] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 77.848601][ T5032] tty_ioctl+0x80b/0x16e0 [pid 5030] exit_group(0) = ? [ 77.852968][ T5032] ? tty_release_struct+0xf0/0xf0 [ 77.858030][ T5032] ? find_held_lock+0x2d/0x110 [ 77.862839][ T5032] ? do_one_initcall+0x270/0x540 [ 77.867822][ T5032] ? __fget_files+0x26a/0x480 [ 77.872554][ T5032] ? bpf_lsm_file_ioctl+0x9/0x10 [ 77.877549][ T5032] ? tty_release_struct+0xf0/0xf0 [ 77.882631][ T5032] __x64_sys_ioctl+0x197/0x210 [ 77.887452][ T5032] do_syscall_64+0x39/0xb0 [ 77.891928][ T5032] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.897869][ T5032] RIP: 0033:0x7f3af41a8c49 [ 77.902306][ T5032] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 77.921942][ T5032] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.930394][ T5032] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 77.938387][ T5032] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 77.946381][ T5032] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 77.954373][ T5032] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 77.962360][ T5032] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 77.970377][ T5032] [ 77.973413][ T5033] CPU: 0 PID: 5033 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 77.983871][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 77.993942][ T5033] Call Trace: [ 77.997231][ T5033] [ 78.000178][ T5033] dump_stack_lvl+0x136/0x150 [ 78.004901][ T5033] sysfs_warn_dup+0x80/0xa0 [ 78.009442][ T5033] sysfs_create_dir_ns+0x237/0x290 [ 78.014593][ T5033] ? sysfs_create_mount_point+0xb0/0xb0 [ 78.020176][ T5033] ? spin_bug+0x1c0/0x1c0 [ 78.024563][ T5033] ? class_dir_child_ns_type+0xd/0x60 [ 78.029977][ T5033] kobject_add_internal+0x2c9/0x9c0 [ 78.035206][ T5033] kobject_add+0x158/0x230 [ 78.039649][ T5033] ? kset_create_and_add+0x1a0/0x1a0 [ 78.044966][ T5033] ? do_raw_spin_unlock+0x175/0x230 [ 78.050203][ T5033] ? kobject_put+0xbd/0x4d0 [ 78.054829][ T5033] device_add+0x37d/0x1a40 [ 78.059282][ T5033] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 78.066180][ T5033] ? __init_waitqueue_head+0xca/0x150 [ 78.071591][ T5033] tty_register_device_attr+0x38f/0x7d0 [ 78.077161][ T5033] ? lockdep_init_map_type+0x21e/0x810 [ 78.082655][ T5033] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 78.088223][ T5033] ? lockdep_init_map_type+0x21e/0x810 [ 78.093729][ T5033] ? __raw_spin_lock_init+0x3a/0x110 [ 78.099088][ T5033] ? tty_port_init+0x156/0x1b0 [ 78.103889][ T5033] gsmld_ioctl+0x97e/0x1850 [ 78.108431][ T5033] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 78.114016][ T5033] ? __ldsem_down_read_nested+0xcb/0x850 [ 78.119691][ T5033] ? __ldsem_down_read_nested+0xdc/0x850 [ 78.125711][ T5033] ? tomoyo_path_number_perm+0x166/0x570 [ 78.131366][ T5033] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 78.136800][ T5033] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 78.142745][ T5033] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 78.148323][ T5033] tty_ioctl+0x80b/0x16e0 [ 78.152674][ T5033] ? tty_release_struct+0xf0/0xf0 [ 78.157727][ T5033] ? find_held_lock+0x2d/0x110 [ 78.162522][ T5033] ? do_one_initcall+0x270/0x540 [ 78.167499][ T5033] ? __fget_files+0x26a/0x480 [ 78.172214][ T5033] ? bpf_lsm_file_ioctl+0x9/0x10 [ 78.177196][ T5033] ? tty_release_struct+0xf0/0xf0 [ 78.182246][ T5033] __x64_sys_ioctl+0x197/0x210 [ 78.187056][ T5033] do_syscall_64+0x39/0xb0 [ 78.191617][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.197552][ T5033] RIP: 0033:0x7f3af41a8c49 [ 78.201999][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 78.221632][ T5033] RSP: 002b:00007f3af4118318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.230069][ T5033] RAX: ffffffffffffffda RBX: 00007f3af42304e8 RCX: 00007f3af41a8c49 [ 78.238060][ T5033] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 78.246055][ T5033] RBP: 00007f3af42304e0 R08: 00007f3af4118700 R09: 0000000000000000 [pid 5032] <... ioctl resumed> ) = ? [pid 5032] +++ exited with 0 +++ [ 78.254057][ T5033] R10: 00007f3af4118700 R11: 0000000000000246 R12: 00007f3af41fe07c [ 78.262052][ T5033] R13: 00007ffd74d0e68f R14: 00007f3af4118400 R15: 0000000000022000 [ 78.270065][ T5033] [ 78.287068][ T5032] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5031] <... ioctl resumed> ) = ? [pid 5031] +++ exited with 0 +++ [pid 5033] <... ioctl resumed> ) = ? [ 78.349239][ T5033] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5033] +++ exited with 0 +++ [pid 5030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5030, si_uid=0, si_status=0, si_utime=0, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5035 ./strace-static-x86_64: Process 5035 attached [pid 5035] set_robust_list(0x5555566615e0, 24) = 0 [pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5035] setpgid(0, 0) = 0 [pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5035] write(3, "1000", 4) = 4 [pid 5035] close(3) = 0 [pid 5035] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5035] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5035] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5036 attached , parent_tid=[5036], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5036 [pid 5035] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] set_robust_list(0x7f3af415a9e0, 24 [pid 5035] <... futex resumed>) = 0 [pid 5036] <... set_robust_list resumed>) = 0 [pid 5036] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5035] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] <... openat resumed>) = 3 [pid 5036] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] ioctl(3, TIOCSETD, [21]) = 0 [pid 5036] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] ioctl(3, GSMIOC_SETCONF [pid 5035] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5035] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5035] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5035] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5037], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5037 [pid 5035] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5037 attached [pid 5037] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5037] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5037] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... futex resumed>) = 1 [ 78.638368][ T5037] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 78.654322][ T5037] CPU: 0 PID: 5037 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 78.664806][ T5037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 78.675034][ T5037] Call Trace: [ 78.678349][ T5037] [ 78.681314][ T5037] dump_stack_lvl+0x136/0x150 [ 78.686072][ T5037] sysfs_warn_dup+0x80/0xa0 [ 78.690649][ T5037] sysfs_create_dir_ns+0x237/0x290 [ 78.695832][ T5037] ? sysfs_create_mount_point+0xb0/0xb0 [ 78.701448][ T5037] ? spin_bug+0x1c0/0x1c0 [ 78.705866][ T5037] ? class_dir_child_ns_type+0xd/0x60 [ 78.711291][ T5037] kobject_add_internal+0x2c9/0x9c0 [ 78.716578][ T5037] kobject_add+0x158/0x230 [ 78.721051][ T5037] ? kset_create_and_add+0x1a0/0x1a0 [ 78.726369][ T5037] ? do_raw_spin_unlock+0x175/0x230 [ 78.731596][ T5037] ? kobject_put+0xbd/0x4d0 [ 78.736124][ T5037] device_add+0x37d/0x1a40 [ 78.740568][ T5037] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 78.747449][ T5037] ? __init_waitqueue_head+0xca/0x150 [ 78.752862][ T5037] tty_register_device_attr+0x38f/0x7d0 [ 78.758437][ T5037] ? lockdep_init_map_type+0x21e/0x810 [ 78.763939][ T5037] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 78.769515][ T5037] ? lockdep_init_map_type+0x21e/0x810 [ 78.775023][ T5037] ? __raw_spin_lock_init+0x3a/0x110 [ 78.780345][ T5037] ? tty_port_init+0x156/0x1b0 [ 78.785149][ T5037] gsmld_ioctl+0x97e/0x1850 [ 78.789686][ T5037] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 78.795356][ T5037] ? __ldsem_down_read_nested+0xcb/0x850 [ 78.801028][ T5037] ? __ldsem_down_read_nested+0xdc/0x850 [ 78.806699][ T5037] ? tomoyo_path_number_perm+0x166/0x570 [ 78.812361][ T5037] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 78.817779][ T5037] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 78.823712][ T5037] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 78.829301][ T5037] tty_ioctl+0x80b/0x16e0 [ 78.833655][ T5037] ? tty_release_struct+0xf0/0xf0 [ 78.838908][ T5037] ? find_held_lock+0x2d/0x110 [ 78.843708][ T5037] ? do_one_initcall+0x270/0x540 [ 78.848684][ T5037] ? __fget_files+0x26a/0x480 [ 78.853407][ T5037] ? bpf_lsm_file_ioctl+0x9/0x10 [ 78.858380][ T5037] ? tty_release_struct+0xf0/0xf0 [ 78.863427][ T5037] __x64_sys_ioctl+0x197/0x210 [ 78.868230][ T5037] do_syscall_64+0x39/0xb0 [ 78.872685][ T5037] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.878612][ T5037] RIP: 0033:0x7f3af41a8c49 [ 78.883046][ T5037] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 78.902673][ T5037] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.911110][ T5037] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 78.919188][ T5037] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 78.927180][ T5037] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [pid 5037] ioctl(4, GSMIOC_SETCONF [pid 5035] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5037] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5035] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5035] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5035] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5038], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5038 [pid 5035] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5038 attached [pid 5038] set_robust_list(0x7f3af41189e0, 24) = 0 [pid 5038] ioctl(4, GSMIOC_SETCONF [ 78.935169][ T5037] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 78.943172][ T5037] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 78.951174][ T5037] [ 78.958609][ T5037] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [ 78.977879][ T5038] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 78.987397][ T5038] CPU: 0 PID: 5038 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 78.997882][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 79.008072][ T5038] Call Trace: [ 79.011664][ T5038] [ 79.014636][ T5038] dump_stack_lvl+0x136/0x150 [ 79.019388][ T5038] sysfs_warn_dup+0x80/0xa0 [ 79.023965][ T5038] sysfs_create_dir_ns+0x237/0x290 [ 79.029145][ T5038] ? sysfs_create_mount_point+0xb0/0xb0 [ 79.034766][ T5038] ? spin_bug+0x1c0/0x1c0 [ 79.039167][ T5038] ? class_dir_child_ns_type+0xd/0x60 [ 79.044592][ T5038] kobject_add_internal+0x2c9/0x9c0 [ 79.049855][ T5038] kobject_add+0x158/0x230 [ 79.054326][ T5038] ? kset_create_and_add+0x1a0/0x1a0 [ 79.059673][ T5038] ? do_raw_spin_unlock+0x175/0x230 [ 79.064942][ T5038] ? kobject_put+0xbd/0x4d0 [ 79.069511][ T5038] device_add+0x37d/0x1a40 [ 79.073994][ T5038] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 79.080910][ T5038] ? __init_waitqueue_head+0xca/0x150 [ 79.086347][ T5038] tty_register_device_attr+0x38f/0x7d0 [ 79.091944][ T5038] ? lockdep_init_map_type+0x21e/0x810 [ 79.097459][ T5038] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 79.103040][ T5038] ? lockdep_init_map_type+0x21e/0x810 [ 79.108556][ T5038] ? __raw_spin_lock_init+0x3a/0x110 [ 79.113878][ T5038] ? tty_port_init+0x156/0x1b0 [ 79.118679][ T5038] gsmld_ioctl+0x97e/0x1850 [ 79.123216][ T5038] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 79.128798][ T5038] ? __ldsem_down_read_nested+0xcb/0x850 [ 79.134469][ T5038] ? __ldsem_down_read_nested+0xdc/0x850 [ 79.140143][ T5038] ? tomoyo_path_number_perm+0x166/0x570 [ 79.145806][ T5038] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 79.151228][ T5038] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 79.157160][ T5038] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 79.162741][ T5038] tty_ioctl+0x80b/0x16e0 [ 79.167100][ T5038] ? tty_release_struct+0xf0/0xf0 [ 79.172154][ T5038] ? find_held_lock+0x2d/0x110 [ 79.176950][ T5038] ? do_one_initcall+0x270/0x540 [ 79.181951][ T5038] ? __fget_files+0x26a/0x480 [ 79.186672][ T5038] ? bpf_lsm_file_ioctl+0x9/0x10 [ 79.191646][ T5038] ? tty_release_struct+0xf0/0xf0 [ 79.196700][ T5038] __x64_sys_ioctl+0x197/0x210 [ 79.201507][ T5038] do_syscall_64+0x39/0xb0 [ 79.205962][ T5038] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.211899][ T5038] RIP: 0033:0x7f3af41a8c49 [ 79.216337][ T5038] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5037] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] <... ioctl resumed>, 0x20000040) = 0 [pid 5035] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 79.235985][ T5038] RSP: 002b:00007f3af4118318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 79.244414][ T5038] RAX: ffffffffffffffda RBX: 00007f3af42304e8 RCX: 00007f3af41a8c49 [ 79.252419][ T5038] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 79.260404][ T5038] RBP: 00007f3af42304e0 R08: 00007f3af4118700 R09: 0000000000000000 [ 79.268388][ T5038] R10: 00007f3af4118700 R11: 0000000000000246 R12: 00007f3af41fe07c [ 79.276377][ T5038] R13: 00007ffd74d0e68f R14: 00007f3af4118400 R15: 0000000000022000 [ 79.284383][ T5038] [pid 5037] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5036] <... futex resumed>) = 0 [pid 5038] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f3af42304e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] exit_group(0 [pid 5038] <... futex resumed>) = ? [pid 5035] <... exit_group resumed>) = ? [pid 5038] +++ exited with 0 +++ [pid 5037] <... futex resumed>) = ? [pid 5036] +++ exited with 0 +++ [ 79.288594][ T5038] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5037] +++ exited with 0 +++ [pid 5035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5039 attached , child_tidptr=0x5555566615d0) = 5039 [pid 5039] set_robust_list(0x5555566615e0, 24) = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5039] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5040 attached , parent_tid=[5040], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5040 [pid 5040] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5040] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] <... futex resumed>) = 0 [pid 5040] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5039] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... openat resumed>) = 3 [pid 5040] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] <... futex resumed>) = 0 [pid 5039] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] ioctl(3, TIOCSETD, [21]) = 0 [pid 5040] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5040] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5040] ioctl(3, GSMIOC_SETCONF [pid 5039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5039] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5039] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5041], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5041 [pid 5039] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5041 attached [pid 5041] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5041] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5041] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5041] ioctl(4, GSMIOC_SETCONF [pid 5039] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... ioctl resumed>, 0x20000040) = 0 [pid 5040] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.591501][ T5041] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 79.619389][ T5041] CPU: 0 PID: 5041 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 79.629885][ T5041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 79.639978][ T5041] Call Trace: [ 79.643291][ T5041] [ 79.646261][ T5041] dump_stack_lvl+0x136/0x150 [ 79.651018][ T5041] sysfs_warn_dup+0x80/0xa0 [ 79.655603][ T5041] sysfs_create_dir_ns+0x237/0x290 [ 79.660784][ T5041] ? sysfs_create_mount_point+0xb0/0xb0 [ 79.666403][ T5041] ? spin_bug+0x1c0/0x1c0 [ 79.670801][ T5041] ? class_dir_child_ns_type+0xd/0x60 [ 79.676311][ T5041] kobject_add_internal+0x2c9/0x9c0 [ 79.681586][ T5041] kobject_add+0x158/0x230 [ 79.686057][ T5041] ? kset_create_and_add+0x1a0/0x1a0 [ 79.691395][ T5041] ? do_raw_spin_unlock+0x175/0x230 [ 79.696681][ T5041] ? kobject_put+0xbd/0x4d0 [ 79.701248][ T5041] device_add+0x37d/0x1a40 [ 79.705730][ T5041] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 79.712648][ T5041] ? __init_waitqueue_head+0xca/0x150 [ 79.718089][ T5041] tty_register_device_attr+0x38f/0x7d0 [ 79.723692][ T5041] ? lockdep_init_map_type+0x21e/0x810 [ 79.729214][ T5041] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 79.734811][ T5041] ? lockdep_init_map_type+0x21e/0x810 [ 79.740343][ T5041] ? __raw_spin_lock_init+0x3a/0x110 [ 79.745705][ T5041] ? tty_port_init+0x156/0x1b0 [ 79.750541][ T5041] gsmld_ioctl+0x97e/0x1850 [ 79.755116][ T5041] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 79.760727][ T5041] ? __ldsem_down_read_nested+0xcb/0x850 [ 79.766431][ T5041] ? __ldsem_down_read_nested+0xdc/0x850 [ 79.772140][ T5041] ? tomoyo_path_number_perm+0x166/0x570 [ 79.777827][ T5041] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 79.783263][ T5041] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 79.789183][ T5041] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 79.794750][ T5041] tty_ioctl+0x80b/0x16e0 [ 79.799095][ T5041] ? tty_release_struct+0xf0/0xf0 [ 79.804138][ T5041] ? find_held_lock+0x2d/0x110 [ 79.808923][ T5041] ? do_one_initcall+0x270/0x540 [ 79.813892][ T5041] ? __fget_files+0x26a/0x480 [ 79.818624][ T5041] ? bpf_lsm_file_ioctl+0x9/0x10 [ 79.823642][ T5041] ? tty_release_struct+0xf0/0xf0 [ 79.828696][ T5041] __x64_sys_ioctl+0x197/0x210 [ 79.833488][ T5041] do_syscall_64+0x39/0xb0 [ 79.837934][ T5041] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.843852][ T5041] RIP: 0033:0x7f3af41a8c49 [ 79.848276][ T5041] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 79.867909][ T5041] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 79.876359][ T5041] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 79.884355][ T5041] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [pid 5040] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5041] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5039] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5040] ioctl(4, GSMIOC_SETCONF [pid 5041] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] <... ioctl resumed>, 0x20000040) = 0 [pid 5039] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] exit_group(0 [pid 5041] <... futex resumed>) = ? [pid 5039] <... exit_group resumed>) = ? [pid 5041] +++ exited with 0 +++ [pid 5040] <... futex resumed>) = ? [ 79.892356][ T5041] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 79.900351][ T5041] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 79.908431][ T5041] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 79.916446][ T5041] [ 79.920136][ T5041] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5042 ./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x5555566615e0, 24) = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5042] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5043], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5043 [pid 5042] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5043 attached [pid 5043] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5043] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5043] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... futex resumed>) = 1 [pid 5043] ioctl(3, TIOCSETD, [21]) = 0 [pid 5043] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... futex resumed>) = 1 [pid 5043] ioctl(3, GSMIOC_SETCONF [pid 5042] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5042] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5042] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5044], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5044 [pid 5042] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5044 attached [pid 5044] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5044] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5044] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... futex resumed>) = 1 [ 80.202752][ T5044] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 80.211827][ T5044] CPU: 1 PID: 5044 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 80.222310][ T5044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 80.232426][ T5044] Call Trace: [ 80.235743][ T5044] [ 80.238707][ T5044] dump_stack_lvl+0x136/0x150 [ 80.243458][ T5044] sysfs_warn_dup+0x80/0xa0 [ 80.248025][ T5044] sysfs_create_dir_ns+0x237/0x290 [ 80.253208][ T5044] ? sysfs_create_mount_point+0xb0/0xb0 [ 80.258804][ T5044] ? spin_bug+0x1c0/0x1c0 [ 80.263175][ T5044] ? class_dir_child_ns_type+0xd/0x60 [ 80.268573][ T5044] kobject_add_internal+0x2c9/0x9c0 [ 80.273802][ T5044] kobject_add+0x158/0x230 [ 80.278243][ T5044] ? kset_create_and_add+0x1a0/0x1a0 [ 80.283554][ T5044] ? do_raw_spin_unlock+0x175/0x230 [ 80.288786][ T5044] ? kobject_put+0xbd/0x4d0 [ 80.293320][ T5044] device_add+0x37d/0x1a40 [ 80.297771][ T5044] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 80.304657][ T5044] ? __init_waitqueue_head+0xca/0x150 [ 80.310067][ T5044] tty_register_device_attr+0x38f/0x7d0 [ 80.315639][ T5044] ? lockdep_init_map_type+0x21e/0x810 [ 80.321127][ T5044] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 80.326696][ T5044] ? lockdep_init_map_type+0x21e/0x810 [ 80.332199][ T5044] ? __raw_spin_lock_init+0x3a/0x110 [ 80.337526][ T5044] ? tty_port_init+0x156/0x1b0 [ 80.342332][ T5044] gsmld_ioctl+0x97e/0x1850 [ 80.346887][ T5044] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 80.352466][ T5044] ? __ldsem_down_read_nested+0xcb/0x850 [ 80.358216][ T5044] ? __ldsem_down_read_nested+0xdc/0x850 [ 80.363884][ T5044] ? tomoyo_path_number_perm+0x166/0x570 [ 80.369539][ T5044] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 80.375051][ T5044] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 80.380977][ T5044] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 80.386552][ T5044] tty_ioctl+0x80b/0x16e0 [ 80.390903][ T5044] ? tty_release_struct+0xf0/0xf0 [ 80.395955][ T5044] ? find_held_lock+0x2d/0x110 [ 80.400754][ T5044] ? do_one_initcall+0x270/0x540 [ 80.405730][ T5044] ? __fget_files+0x26a/0x480 [ 80.410443][ T5044] ? bpf_lsm_file_ioctl+0x9/0x10 [ 80.415409][ T5044] ? tty_release_struct+0xf0/0xf0 [ 80.420455][ T5044] __x64_sys_ioctl+0x197/0x210 [ 80.425253][ T5044] do_syscall_64+0x39/0xb0 [ 80.429723][ T5044] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.435649][ T5044] RIP: 0033:0x7f3af41a8c49 [ 80.440082][ T5044] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.459713][ T5044] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.468148][ T5044] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 80.476133][ T5044] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 80.484118][ T5044] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 80.492104][ T5044] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [pid 5044] ioctl(4, GSMIOC_SETCONF [pid 5042] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5042] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5042] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5042] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5045], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5045 [pid 5042] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5045 attached [pid 5045] set_robust_list(0x7f3af41189e0, 24) = 0 [ 80.500107][ T5044] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 80.508126][ T5044] [ 80.521045][ T5045] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 80.530708][ T5045] CPU: 0 PID: 5045 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 80.541177][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 80.551266][ T5045] Call Trace: [pid 5045] ioctl(4, GSMIOC_SETCONF [pid 5042] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 80.554578][ T5045] [ 80.557549][ T5045] dump_stack_lvl+0x136/0x150 [ 80.562389][ T5045] sysfs_warn_dup+0x80/0xa0 [ 80.566970][ T5045] sysfs_create_dir_ns+0x237/0x290 [ 80.572155][ T5045] ? sysfs_create_mount_point+0xb0/0xb0 [ 80.577764][ T5045] ? spin_bug+0x1c0/0x1c0 [ 80.578638][ T5044] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [ 80.582127][ T5045] ? class_dir_child_ns_type+0xd/0x60 [pid 5044] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5044] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.601512][ T5045] kobject_add_internal+0x2c9/0x9c0 [ 80.606784][ T5045] kobject_add+0x158/0x230 [ 80.611255][ T5045] ? kset_create_and_add+0x1a0/0x1a0 [ 80.616598][ T5045] ? do_raw_spin_unlock+0x175/0x230 [ 80.621885][ T5045] ? kobject_put+0xbd/0x4d0 [ 80.626456][ T5045] device_add+0x37d/0x1a40 [ 80.630949][ T5045] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 80.637869][ T5045] ? __init_waitqueue_head+0xca/0x150 [ 80.643310][ T5045] tty_register_device_attr+0x38f/0x7d0 [ 80.648923][ T5045] ? lockdep_init_map_type+0x21e/0x810 [pid 5044] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... ioctl resumed>, 0x20000040) = 0 [pid 5043] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.654465][ T5045] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 80.660071][ T5045] ? lockdep_init_map_type+0x21e/0x810 [ 80.665618][ T5045] ? __raw_spin_lock_init+0x3a/0x110 [ 80.670975][ T5045] ? tty_port_init+0x156/0x1b0 [ 80.675806][ T5045] gsmld_ioctl+0x97e/0x1850 [ 80.680433][ T5045] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 80.686063][ T5045] ? __ldsem_down_read_nested+0xcb/0x850 [ 80.691763][ T5045] ? __ldsem_down_read_nested+0xdc/0x850 [ 80.697469][ T5045] ? tomoyo_path_number_perm+0x166/0x570 [ 80.703165][ T5045] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 80.708623][ T5045] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 80.714669][ T5045] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 80.720276][ T5045] tty_ioctl+0x80b/0x16e0 [ 80.724663][ T5045] ? tty_release_struct+0xf0/0xf0 [ 80.729749][ T5045] ? find_held_lock+0x2d/0x110 [ 80.734570][ T5045] ? do_one_initcall+0x270/0x540 [ 80.739551][ T5045] ? __fget_files+0x26a/0x480 [ 80.744277][ T5045] ? bpf_lsm_file_ioctl+0x9/0x10 [ 80.749684][ T5045] ? tty_release_struct+0xf0/0xf0 [ 80.754741][ T5045] __x64_sys_ioctl+0x197/0x210 [ 80.759550][ T5045] do_syscall_64+0x39/0xb0 [ 80.764013][ T5045] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.769944][ T5045] RIP: 0033:0x7f3af41a8c49 [ 80.774380][ T5045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.794013][ T5045] RSP: 002b:00007f3af4118318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.802551][ T5045] RAX: ffffffffffffffda RBX: 00007f3af42304e8 RCX: 00007f3af41a8c49 [ 80.810541][ T5045] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 80.818533][ T5045] RBP: 00007f3af42304e0 R08: 00007f3af4118700 R09: 0000000000000000 [ 80.826524][ T5045] R10: 00007f3af4118700 R11: 0000000000000246 R12: 00007f3af41fe07c [ 80.834600][ T5045] R13: 00007ffd74d0e68f R14: 00007f3af4118400 R15: 0000000000022000 [ 80.842604][ T5045] [pid 5043] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5045] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] exit_group(0) = ? [pid 5044] <... futex resumed>) = ? [pid 5043] <... futex resumed>) = ? [pid 5045] <... futex resumed>) = ? [pid 5045] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ [ 80.853607][ T5045] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5043] +++ exited with 0 +++ [pid 5042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5046 ./strace-static-x86_64: Process 5046 attached [pid 5046] set_robust_list(0x5555566615e0, 24) = 0 [pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5046] setpgid(0, 0) = 0 [pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5046] write(3, "1000", 4) = 4 [pid 5046] close(3) = 0 [pid 5046] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5046] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5046] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5047], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5047 [pid 5046] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5047 attached [pid 5047] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5047] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5047] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... futex resumed>) = 1 [pid 5047] ioctl(3, TIOCSETD, [21]) = 0 [pid 5047] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... futex resumed>) = 1 [pid 5047] ioctl(3, GSMIOC_SETCONF [pid 5046] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5046] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5046] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5046] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5046] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5048], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5048 [pid 5046] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5048 attached [pid 5048] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5048] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5048] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... futex resumed>) = 1 [ 81.141893][ T5048] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 81.174099][ T5048] CPU: 0 PID: 5048 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 81.184577][ T5048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 81.194650][ T5048] Call Trace: [ 81.197937][ T5048] [ 81.200879][ T5048] dump_stack_lvl+0x136/0x150 [ 81.205603][ T5048] sysfs_warn_dup+0x80/0xa0 [ 81.210158][ T5048] sysfs_create_dir_ns+0x237/0x290 [ 81.215318][ T5048] ? sysfs_create_mount_point+0xb0/0xb0 [ 81.220902][ T5048] ? spin_bug+0x1c0/0x1c0 [ 81.225617][ T5048] ? class_dir_child_ns_type+0xd/0x60 [ 81.231012][ T5048] kobject_add_internal+0x2c9/0x9c0 [ 81.236235][ T5048] kobject_add+0x158/0x230 [ 81.240669][ T5048] ? kset_create_and_add+0x1a0/0x1a0 [ 81.245982][ T5048] ? do_raw_spin_unlock+0x175/0x230 [ 81.251304][ T5048] ? kobject_put+0xbd/0x4d0 [ 81.255848][ T5048] device_add+0x37d/0x1a40 [ 81.260297][ T5048] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 81.267185][ T5048] ? __init_waitqueue_head+0xca/0x150 [ 81.272595][ T5048] tty_register_device_attr+0x38f/0x7d0 [ 81.278164][ T5048] ? lockdep_init_map_type+0x21e/0x810 [ 81.283670][ T5048] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 81.289235][ T5048] ? lockdep_init_map_type+0x21e/0x810 [ 81.294734][ T5048] ? __raw_spin_lock_init+0x3a/0x110 [ 81.300057][ T5048] ? tty_port_init+0x156/0x1b0 [ 81.304859][ T5048] gsmld_ioctl+0x97e/0x1850 [ 81.309397][ T5048] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 81.314976][ T5048] ? __ldsem_down_read_nested+0xcb/0x850 [ 81.320659][ T5048] ? __ldsem_down_read_nested+0xdc/0x850 [ 81.326360][ T5048] ? tomoyo_path_number_perm+0x166/0x570 [ 81.332128][ T5048] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 81.337736][ T5048] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 81.343679][ T5048] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 81.349265][ T5048] tty_ioctl+0x80b/0x16e0 [ 81.353628][ T5048] ? tty_release_struct+0xf0/0xf0 [ 81.358683][ T5048] ? find_held_lock+0x2d/0x110 [ 81.363485][ T5048] ? do_one_initcall+0x270/0x540 [ 81.368474][ T5048] ? __fget_files+0x26a/0x480 [ 81.373187][ T5048] ? bpf_lsm_file_ioctl+0x9/0x10 [ 81.378176][ T5048] ? tty_release_struct+0xf0/0xf0 [ 81.383234][ T5048] __x64_sys_ioctl+0x197/0x210 [ 81.388051][ T5048] do_syscall_64+0x39/0xb0 [ 81.392525][ T5048] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.398470][ T5048] RIP: 0033:0x7f3af41a8c49 [ 81.402909][ T5048] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 81.422633][ T5048] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 81.431076][ T5048] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [pid 5048] ioctl(4, GSMIOC_SETCONF [pid 5046] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5046] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... ioctl resumed>, 0x20000040) = 0 [pid 5046] <... futex resumed>) = 0 [pid 5047] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5047] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... mmap resumed>) = 0x7f3af40f8000 [pid 5046] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5046] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5049 attached [pid 5049] set_robust_list(0x7f3af41189e0, 24 [pid 5046] <... clone resumed>, parent_tid=[5049], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5049 [pid 5049] <... set_robust_list resumed>) = 0 [pid 5049] ioctl(4, GSMIOC_SETCONF [pid 5046] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... ioctl resumed>, 0x20000040) = 0 [pid 5049] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5049] <... futex resumed>) = 1 [ 81.439065][ T5048] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 81.447056][ T5048] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 81.455046][ T5048] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 81.463031][ T5048] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 81.471030][ T5048] [pid 5049] futex(0x7f3af42304e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5048] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] exit_group(0 [pid 5049] <... futex resumed>) = ? [pid 5048] <... futex resumed>) = ? [pid 5046] <... exit_group resumed>) = ? [pid 5047] <... futex resumed>) = ? [pid 5049] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ [ 81.571826][ T5048] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5048] +++ exited with 0 +++ [pid 5046] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5046, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5050 ./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x5555566615e0, 24) = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5050] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5051 attached , parent_tid=[5051], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5051 [pid 5051] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5051] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5051] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5050] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... openat resumed>) = 3 [pid 5051] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5051] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5050] <... futex resumed>) = 0 [pid 5051] ioctl(3, TIOCSETD, [21]) = 0 [pid 5050] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5050] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] <... futex resumed>) = 0 [pid 5051] ioctl(3, GSMIOC_SETCONF [pid 5050] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5050] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5050] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5052], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5052 [pid 5050] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5052 attached [pid 5052] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5052] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5052] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 81.835330][ T5052] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 81.848828][ T5052] CPU: 0 PID: 5052 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 81.859413][ T5052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 81.869517][ T5052] Call Trace: [ 81.872833][ T5052] [ 81.875830][ T5052] dump_stack_lvl+0x136/0x150 [ 81.880587][ T5052] sysfs_warn_dup+0x80/0xa0 [ 81.885180][ T5052] sysfs_create_dir_ns+0x237/0x290 [ 81.890384][ T5052] ? sysfs_create_mount_point+0xb0/0xb0 [ 81.895997][ T5052] ? spin_bug+0x1c0/0x1c0 [ 81.900397][ T5052] ? class_dir_child_ns_type+0xd/0x60 [ 81.905826][ T5052] kobject_add_internal+0x2c9/0x9c0 [ 81.911087][ T5052] kobject_add+0x158/0x230 [ 81.915556][ T5052] ? kset_create_and_add+0x1a0/0x1a0 [ 81.920913][ T5052] ? do_raw_spin_unlock+0x175/0x230 [ 81.926196][ T5052] ? kobject_put+0xbd/0x4d0 [ 81.930759][ T5052] device_add+0x37d/0x1a40 [pid 5052] ioctl(4, GSMIOC_SETCONF [pid 5050] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5050] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5050] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5053], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5053 [pid 5050] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 81.935248][ T5052] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 81.942172][ T5052] ? __init_waitqueue_head+0xca/0x150 [ 81.947614][ T5052] tty_register_device_attr+0x38f/0x7d0 [ 81.953215][ T5052] ? lockdep_init_map_type+0x21e/0x810 [ 81.958748][ T5052] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 81.964349][ T5052] ? lockdep_init_map_type+0x21e/0x810 [ 81.969965][ T5052] ? __raw_spin_lock_init+0x3a/0x110 [ 81.975333][ T5052] ? tty_port_init+0x156/0x1b0 [ 81.980163][ T5052] gsmld_ioctl+0x97e/0x1850 [ 81.984746][ T5052] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 81.990362][ T5052] ? __ldsem_down_read_nested+0xcb/0x850 [ 81.996067][ T5052] ? __ldsem_down_read_nested+0xdc/0x850 [ 82.001793][ T5052] ? tomoyo_path_number_perm+0x166/0x570 [ 82.007480][ T5052] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 82.012943][ T5052] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 82.018900][ T5052] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 82.024513][ T5052] tty_ioctl+0x80b/0x16e0 [ 82.028893][ T5052] ? tty_release_struct+0xf0/0xf0 [ 82.033957][ T5052] ? find_held_lock+0x2d/0x110 [ 82.038779][ T5052] ? do_one_initcall+0x270/0x540 [ 82.043859][ T5052] ? __fget_files+0x26a/0x480 [ 82.048589][ T5052] ? bpf_lsm_file_ioctl+0x9/0x10 [ 82.053593][ T5052] ? tty_release_struct+0xf0/0xf0 [ 82.058669][ T5052] __x64_sys_ioctl+0x197/0x210 [ 82.063489][ T5052] do_syscall_64+0x39/0xb0 [ 82.067940][ T5052] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.073888][ T5052] RIP: 0033:0x7f3af41a8c49 [pid 5050] exit_group(0) = ? [ 82.078309][ T5052] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 82.098031][ T5052] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.106469][ T5052] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 82.114471][ T5052] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 82.122452][ T5052] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 ./strace-static-x86_64: Process 5053 attached [pid 5052] <... ioctl resumed> ) = ? [pid 5051] <... ioctl resumed> ) = ? [pid 5053] +++ exited with 0 +++ [pid 5051] +++ exited with 0 +++ [ 82.130431][ T5052] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 82.138431][ T5052] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 82.146433][ T5052] [ 82.153274][ T5052] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5052] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5054 ./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x5555566615e0, 24) = 0 [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4) = 4 [pid 5054] close(3) = 0 [pid 5054] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5054] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5055 attached , parent_tid=[5055], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5055 [pid 5054] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] set_robust_list(0x7f3af415a9e0, 24 [pid 5054] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... set_robust_list resumed>) = 0 [pid 5055] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5055] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] ioctl(3, TIOCSETD, [21]) = 0 [pid 5055] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... futex resumed>) = 1 [pid 5055] ioctl(3, GSMIOC_SETCONF [pid 5054] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5054] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5054] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5056], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5056 [pid 5054] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5056 attached [pid 5056] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5056] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5056] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 82.424325][ T5056] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 82.436493][ T5056] CPU: 1 PID: 5056 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 82.446968][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 82.457058][ T5056] Call Trace: [ 82.460389][ T5056] [ 82.463358][ T5056] dump_stack_lvl+0x136/0x150 [ 82.468108][ T5056] sysfs_warn_dup+0x80/0xa0 [ 82.472680][ T5056] sysfs_create_dir_ns+0x237/0x290 [ 82.477871][ T5056] ? sysfs_create_mount_point+0xb0/0xb0 [ 82.483471][ T5056] ? spin_bug+0x1c0/0x1c0 [ 82.487840][ T5056] ? class_dir_child_ns_type+0xd/0x60 [ 82.493239][ T5056] kobject_add_internal+0x2c9/0x9c0 [ 82.498472][ T5056] kobject_add+0x158/0x230 [ 82.502923][ T5056] ? kset_create_and_add+0x1a0/0x1a0 [ 82.508235][ T5056] ? do_raw_spin_unlock+0x175/0x230 [ 82.513491][ T5056] ? kobject_put+0xbd/0x4d0 [ 82.518036][ T5056] device_add+0x37d/0x1a40 [ 82.522934][ T5056] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 82.529818][ T5056] ? __init_waitqueue_head+0xca/0x150 [ 82.535229][ T5056] tty_register_device_attr+0x38f/0x7d0 [ 82.540839][ T5056] ? lockdep_init_map_type+0x21e/0x810 [ 82.546346][ T5056] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 82.551939][ T5056] ? lockdep_init_map_type+0x21e/0x810 [ 82.557455][ T5056] ? __raw_spin_lock_init+0x3a/0x110 [ 82.562790][ T5056] ? tty_port_init+0x156/0x1b0 [ 82.567594][ T5056] gsmld_ioctl+0x97e/0x1850 [ 82.572140][ T5056] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 82.577727][ T5056] ? __ldsem_down_read_nested+0xcb/0x850 [ 82.583402][ T5056] ? __ldsem_down_read_nested+0xdc/0x850 [ 82.589093][ T5056] ? tomoyo_path_number_perm+0x166/0x570 [ 82.594752][ T5056] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 82.600180][ T5056] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 82.606107][ T5056] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 82.611681][ T5056] tty_ioctl+0x80b/0x16e0 [ 82.616037][ T5056] ? tty_release_struct+0xf0/0xf0 [ 82.621090][ T5056] ? find_held_lock+0x2d/0x110 [ 82.626318][ T5056] ? do_one_initcall+0x270/0x540 [ 82.631309][ T5056] ? __fget_files+0x26a/0x480 [ 82.636037][ T5056] ? bpf_lsm_file_ioctl+0x9/0x10 [ 82.641003][ T5056] ? tty_release_struct+0xf0/0xf0 [ 82.646048][ T5056] __x64_sys_ioctl+0x197/0x210 [ 82.650841][ T5056] do_syscall_64+0x39/0xb0 [ 82.655295][ T5056] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.661228][ T5056] RIP: 0033:0x7f3af41a8c49 [ 82.665666][ T5056] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 82.685378][ T5056] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.693813][ T5056] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 82.701805][ T5056] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 82.709793][ T5056] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 82.717785][ T5056] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [pid 5056] ioctl(4, GSMIOC_SETCONF [pid 5054] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5054] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5054] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5054] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5057], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5057 [pid 5054] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5057 attached [pid 5057] set_robust_list(0x7f3af41189e0, 24) = 0 [ 82.725795][ T5056] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 82.733798][ T5056] [ 82.744280][ T5057] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 82.757983][ T5057] CPU: 0 PID: 5057 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 82.768466][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 82.778558][ T5057] Call Trace: [ 82.781874][ T5057] [ 82.784842][ T5057] dump_stack_lvl+0x136/0x150 [ 82.789615][ T5057] sysfs_warn_dup+0x80/0xa0 [ 82.794196][ T5057] sysfs_create_dir_ns+0x237/0x290 [ 82.799381][ T5057] ? sysfs_create_mount_point+0xb0/0xb0 [ 82.804995][ T5057] ? spin_bug+0x1c0/0x1c0 [ 82.809395][ T5057] ? class_dir_child_ns_type+0xd/0x60 [ 82.814828][ T5057] kobject_add_internal+0x2c9/0x9c0 [ 82.820086][ T5057] kobject_add+0x158/0x230 [ 82.824575][ T5057] ? kset_create_and_add+0x1a0/0x1a0 [ 82.829927][ T5057] ? do_raw_spin_unlock+0x175/0x230 [ 82.835193][ T5057] ? kobject_put+0xbd/0x4d0 [ 82.839766][ T5057] device_add+0x37d/0x1a40 [ 82.844253][ T5057] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 82.851257][ T5057] ? __init_waitqueue_head+0xca/0x150 [ 82.856702][ T5057] tty_register_device_attr+0x38f/0x7d0 [ 82.862314][ T5057] ? lockdep_init_map_type+0x21e/0x810 [ 82.867837][ T5057] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 82.873428][ T5057] ? lockdep_init_map_type+0x21e/0x810 [ 82.878954][ T5057] ? __raw_spin_lock_init+0x3a/0x110 [ 82.884317][ T5057] ? tty_port_init+0x156/0x1b0 [ 82.888529][ T5056] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [ 82.889123][ T5057] gsmld_ioctl+0x97e/0x1850 [ 82.907529][ T5057] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 82.913097][ T5057] ? __ldsem_down_read_nested+0xcb/0x850 [ 82.918772][ T5057] ? __ldsem_down_read_nested+0xdc/0x850 [ 82.924709][ T5057] ? tomoyo_path_number_perm+0x166/0x570 [ 82.930371][ T5057] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 82.935797][ T5057] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 82.941727][ T5057] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 82.947309][ T5057] tty_ioctl+0x80b/0x16e0 [ 82.951661][ T5057] ? tty_release_struct+0xf0/0xf0 [ 82.956712][ T5057] ? find_held_lock+0x2d/0x110 [ 82.961511][ T5057] ? do_one_initcall+0x270/0x540 [ 82.966486][ T5057] ? __fget_files+0x26a/0x480 [ 82.971200][ T5057] ? bpf_lsm_file_ioctl+0x9/0x10 [ 82.976170][ T5057] ? tty_release_struct+0xf0/0xf0 [ 82.981216][ T5057] __x64_sys_ioctl+0x197/0x210 [ 82.986016][ T5057] do_syscall_64+0x39/0xb0 [ 82.990470][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.996399][ T5057] RIP: 0033:0x7f3af41a8c49 [ 83.000842][ T5057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5057] ioctl(4, GSMIOC_SETCONF [pid 5056] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5056] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 83.020467][ T5057] RSP: 002b:00007f3af4118318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.028915][ T5057] RAX: ffffffffffffffda RBX: 00007f3af42304e8 RCX: 00007f3af41a8c49 [ 83.036904][ T5057] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 83.044895][ T5057] RBP: 00007f3af42304e0 R08: 00007f3af4118700 R09: 0000000000000000 [ 83.052881][ T5057] R10: 00007f3af4118700 R11: 0000000000000246 R12: 00007f3af41fe07c [ 83.060887][ T5057] R13: 00007ffd74d0e68f R14: 00007f3af4118400 R15: 0000000000022000 [ 83.068891][ T5057] [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5057] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] futex(0x7f3af42304e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... ioctl resumed>, 0x20000040) = 0 [pid 5055] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] exit_group(0 [pid 5056] <... futex resumed>) = ? [pid 5055] <... futex resumed>) = ? [pid 5054] <... exit_group resumed>) = ? [pid 5056] +++ exited with 0 +++ [pid 5055] +++ exited with 0 +++ [pid 5057] <... futex resumed>) = ? [ 83.076638][ T5057] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5057] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5058 ./strace-static-x86_64: Process 5058 attached [pid 5058] set_robust_list(0x5555566615e0, 24) = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5058] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5059 attached , parent_tid=[5059], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5059 [pid 5059] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5059] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5058] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... openat resumed>) = 3 [pid 5059] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] ioctl(3, TIOCSETD, [21] [pid 5058] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... ioctl resumed>) = 0 [pid 5059] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] ioctl(3, GSMIOC_SETCONF [pid 5058] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5058] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5058] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5060 attached [pid 5060] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5058] <... clone resumed>, parent_tid=[5060], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5060 [pid 5060] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5060] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5058] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... openat resumed>) = 4 [pid 5060] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 1 [ 83.359879][ T5060] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 83.369308][ T5060] CPU: 1 PID: 5060 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 83.379776][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 83.389877][ T5060] Call Trace: [ 83.393191][ T5060] [ 83.396166][ T5060] dump_stack_lvl+0x136/0x150 [ 83.400925][ T5060] sysfs_warn_dup+0x80/0xa0 [ 83.405506][ T5060] sysfs_create_dir_ns+0x237/0x290 [ 83.410694][ T5060] ? sysfs_create_mount_point+0xb0/0xb0 [ 83.416320][ T5060] ? spin_bug+0x1c0/0x1c0 [ 83.420725][ T5060] ? class_dir_child_ns_type+0xd/0x60 [ 83.426168][ T5060] kobject_add_internal+0x2c9/0x9c0 [ 83.431524][ T5060] kobject_add+0x158/0x230 [ 83.435994][ T5060] ? kset_create_and_add+0x1a0/0x1a0 [ 83.441354][ T5060] ? do_raw_spin_unlock+0x175/0x230 [ 83.446636][ T5060] ? kobject_put+0xbd/0x4d0 [ 83.451666][ T5060] device_add+0x37d/0x1a40 [ 83.456152][ T5060] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 83.463073][ T5060] ? __init_waitqueue_head+0xca/0x150 [ 83.468507][ T5060] tty_register_device_attr+0x38f/0x7d0 [ 83.474107][ T5060] ? lockdep_init_map_type+0x21e/0x810 [ 83.479629][ T5060] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 83.485231][ T5060] ? lockdep_init_map_type+0x21e/0x810 [ 83.490759][ T5060] ? __raw_spin_lock_init+0x3a/0x110 [ 83.496115][ T5060] ? tty_port_init+0x156/0x1b0 [ 83.500953][ T5060] gsmld_ioctl+0x97e/0x1850 [ 83.505517][ T5060] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 83.511129][ T5060] ? __ldsem_down_read_nested+0xcb/0x850 [ 83.516833][ T5060] ? __ldsem_down_read_nested+0xdc/0x850 [ 83.522799][ T5060] ? tomoyo_path_number_perm+0x166/0x570 [ 83.528498][ T5060] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 83.533951][ T5060] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 83.539909][ T5060] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 83.545514][ T5060] tty_ioctl+0x80b/0x16e0 [ 83.549895][ T5060] ? tty_release_struct+0xf0/0xf0 [ 83.554984][ T5060] ? find_held_lock+0x2d/0x110 [pid 5060] ioctl(4, GSMIOC_SETCONF [pid 5059] <... ioctl resumed>, 0x20000040) = 0 [pid 5059] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.559813][ T5060] ? do_one_initcall+0x270/0x540 [ 83.564825][ T5060] ? __fget_files+0x26a/0x480 [ 83.569576][ T5060] ? bpf_lsm_file_ioctl+0x9/0x10 [ 83.574667][ T5060] ? tty_release_struct+0xf0/0xf0 [ 83.579752][ T5060] __x64_sys_ioctl+0x197/0x210 [ 83.584590][ T5060] do_syscall_64+0x39/0xb0 [ 83.589085][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.595045][ T5060] RIP: 0033:0x7f3af41a8c49 [ 83.599497][ T5060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 83.619143][ T5060] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.627588][ T5060] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 83.635589][ T5060] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 83.643578][ T5060] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 83.651557][ T5060] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [pid 5059] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5058] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5058] <... futex resumed>) = 1 [pid 5059] ioctl(4, GSMIOC_SETCONF [pid 5058] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... ioctl resumed>, 0x20000040) = 0 [pid 5059] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5060] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] exit_group(0 [pid 5060] <... futex resumed>) = ? [pid 5059] <... futex resumed>) = ? [pid 5058] <... exit_group resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ [ 83.659539][ T5060] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 83.667539][ T5060] [ 83.677750][ T5060] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5058] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached , child_tidptr=0x5555566615d0) = 5061 [pid 5061] set_robust_list(0x5555566615e0, 24) = 0 [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setpgid(0, 0) = 0 [pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1000", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5061] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5061] <... clone resumed>, parent_tid=[5062], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5062 [pid 5062] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5061] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... openat resumed>) = 3 [pid 5062] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] ioctl(3, TIOCSETD, [21] [pid 5061] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... ioctl resumed>) = 0 [pid 5062] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] ioctl(3, GSMIOC_SETCONF [pid 5061] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5061] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5061] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5063], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5063 [pid 5061] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5063] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5063] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5061] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 83.965104][ T5063] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 83.975829][ T5063] CPU: 1 PID: 5063 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 83.986307][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 83.996486][ T5063] Call Trace: [ 83.999797][ T5063] [ 84.002766][ T5063] dump_stack_lvl+0x136/0x150 [ 84.007523][ T5063] sysfs_warn_dup+0x80/0xa0 [ 84.012106][ T5063] sysfs_create_dir_ns+0x237/0x290 [ 84.017298][ T5063] ? sysfs_create_mount_point+0xb0/0xb0 [ 84.022922][ T5063] ? spin_bug+0x1c0/0x1c0 [ 84.027323][ T5063] ? class_dir_child_ns_type+0xd/0x60 [ 84.032752][ T5063] kobject_add_internal+0x2c9/0x9c0 [ 84.038022][ T5063] kobject_add+0x158/0x230 [ 84.042493][ T5063] ? kset_create_and_add+0x1a0/0x1a0 [ 84.047835][ T5063] ? do_raw_spin_unlock+0x175/0x230 [ 84.053102][ T5063] ? kobject_put+0xbd/0x4d0 [ 84.057674][ T5063] device_add+0x37d/0x1a40 [pid 5063] ioctl(4, GSMIOC_SETCONF [pid 5061] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5061] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5061] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5064], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5064 [pid 5061] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 84.062157][ T5063] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 84.069086][ T5063] ? __init_waitqueue_head+0xca/0x150 [ 84.074535][ T5063] tty_register_device_attr+0x38f/0x7d0 [ 84.080137][ T5063] ? lockdep_init_map_type+0x21e/0x810 [ 84.085691][ T5063] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 84.091279][ T5063] ? lockdep_init_map_type+0x21e/0x810 [ 84.096784][ T5063] ? __raw_spin_lock_init+0x3a/0x110 [ 84.102135][ T5063] ? tty_port_init+0x156/0x1b0 [ 84.106980][ T5063] gsmld_ioctl+0x97e/0x1850 [pid 5061] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5062] <... ioctl resumed>, 0x20000040) = 0 [ 84.111549][ T5063] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 84.117157][ T5063] ? __ldsem_down_read_nested+0xcb/0x850 [ 84.122860][ T5063] ? __ldsem_down_read_nested+0xdc/0x850 [ 84.128561][ T5063] ? tomoyo_path_number_perm+0x166/0x570 [ 84.134242][ T5063] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 84.139694][ T5063] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 84.145660][ T5063] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 84.151270][ T5063] tty_ioctl+0x80b/0x16e0 [ 84.155660][ T5063] ? tty_release_struct+0xf0/0xf0 [ 84.160744][ T5063] ? find_held_lock+0x2d/0x110 [ 84.165570][ T5063] ? do_one_initcall+0x270/0x540 [ 84.170579][ T5063] ? __fget_files+0x26a/0x480 [ 84.175326][ T5063] ? bpf_lsm_file_ioctl+0x9/0x10 [ 84.180330][ T5063] ? tty_release_struct+0xf0/0xf0 [ 84.185408][ T5063] __x64_sys_ioctl+0x197/0x210 [ 84.190245][ T5063] do_syscall_64+0x39/0xb0 [ 84.194736][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.200697][ T5063] RIP: 0033:0x7f3af41a8c49 [ 84.205168][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 84.225092][ T5063] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.233548][ T5063] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 84.241534][ T5063] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 84.249544][ T5063] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 84.257540][ T5063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3af41fe07c [pid 5062] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x7f3af41189e0, 24) = 0 [pid 5064] ioctl(4, GSMIOC_SETCONF, 0x20000040) = 0 [pid 5064] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f3af42304e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5063] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] exit_group(0 [pid 5064] <... futex resumed>) = ? [pid 5062] <... futex resumed>) = ? [pid 5061] <... exit_group resumed>) = ? [pid 5064] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ [pid 5063] <... futex resumed>) = ? [ 84.265535][ T5063] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 84.273554][ T5063] [ 84.278228][ T5063] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5063] +++ exited with 0 +++ [pid 5061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5061, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5065 ./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x5555566615e0, 24) = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5065] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5066], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5066 [pid 5065] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5066] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5066] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... futex resumed>) = 1 [pid 5066] ioctl(3, TIOCSETD, [21]) = 0 [pid 5066] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... futex resumed>) = 1 [pid 5066] ioctl(3, GSMIOC_SETCONF [pid 5065] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5065] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5065] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5065] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5067], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5067 [pid 5065] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5067] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5067] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 84.545611][ T5067] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 84.557964][ T5067] CPU: 1 PID: 5067 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 84.568463][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 84.578576][ T5067] Call Trace: [ 84.581893][ T5067] [ 84.584859][ T5067] dump_stack_lvl+0x136/0x150 [ 84.589619][ T5067] sysfs_warn_dup+0x80/0xa0 [pid 5067] ioctl(4, GSMIOC_SETCONF [pid 5065] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5065] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5065] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5065] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5065] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5068], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5068 [pid 5065] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x7f3af41189e0, 24) = 0 [ 84.594220][ T5067] sysfs_create_dir_ns+0x237/0x290 [ 84.599410][ T5067] ? sysfs_create_mount_point+0xb0/0xb0 [ 84.604374][ T5068] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 84.605006][ T5067] ? spin_bug+0x1c0/0x1c0 [ 84.617791][ T5067] ? class_dir_child_ns_type+0xd/0x60 [ 84.623203][ T5067] kobject_add_internal+0x2c9/0x9c0 [ 84.628451][ T5067] kobject_add+0x158/0x230 [ 84.632900][ T5067] ? kset_create_and_add+0x1a0/0x1a0 [ 84.638225][ T5067] ? do_raw_spin_unlock+0x175/0x230 [pid 5068] ioctl(4, GSMIOC_SETCONF [pid 5065] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 84.643474][ T5067] ? kobject_put+0xbd/0x4d0 [ 84.648030][ T5067] device_add+0x37d/0x1a40 [ 84.652512][ T5067] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 84.659421][ T5067] ? __init_waitqueue_head+0xca/0x150 [ 84.664857][ T5067] tty_register_device_attr+0x38f/0x7d0 [ 84.670450][ T5067] ? lockdep_init_map_type+0x21e/0x810 [ 84.675951][ T5067] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 84.681527][ T5067] ? lockdep_init_map_type+0x21e/0x810 [ 84.687054][ T5067] ? __raw_spin_lock_init+0x3a/0x110 [ 84.692385][ T5067] ? tty_port_init+0x156/0x1b0 [ 84.697204][ T5067] gsmld_ioctl+0x97e/0x1850 [ 84.701762][ T5067] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 84.707365][ T5067] ? __ldsem_down_read_nested+0xcb/0x850 [ 84.713144][ T5067] ? __ldsem_down_read_nested+0xdc/0x850 [ 84.718823][ T5067] ? tomoyo_path_number_perm+0x166/0x570 [ 84.724492][ T5067] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 84.729919][ T5067] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 84.735871][ T5067] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 84.741476][ T5067] tty_ioctl+0x80b/0x16e0 [pid 5065] exit_group(0) = ? [ 84.745877][ T5067] ? tty_release_struct+0xf0/0xf0 [ 84.750940][ T5067] ? find_held_lock+0x2d/0x110 [ 84.755745][ T5067] ? do_one_initcall+0x270/0x540 [ 84.760737][ T5067] ? __fget_files+0x26a/0x480 [ 84.765479][ T5067] ? bpf_lsm_file_ioctl+0x9/0x10 [ 84.770455][ T5067] ? tty_release_struct+0xf0/0xf0 [ 84.775514][ T5067] __x64_sys_ioctl+0x197/0x210 [ 84.780341][ T5067] do_syscall_64+0x39/0xb0 [ 84.784814][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.790764][ T5067] RIP: 0033:0x7f3af41a8c49 [ 84.795200][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 84.814834][ T5067] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.823274][ T5067] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 84.831268][ T5067] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 84.839260][ T5067] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 84.847254][ T5067] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 84.855256][ T5067] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 84.863293][ T5067] [ 84.881004][ T5067] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [ 84.886930][ T5068] CPU: 0 PID: 5068 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 84.905380][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 84.915480][ T5068] Call Trace: [ 84.918795][ T5068] [ 84.921750][ T5068] dump_stack_lvl+0x136/0x150 [ 84.926463][ T5068] sysfs_warn_dup+0x80/0xa0 [ 84.930997][ T5068] sysfs_create_dir_ns+0x237/0x290 [ 84.936162][ T5068] ? sysfs_create_mount_point+0xb0/0xb0 [ 84.941772][ T5068] ? spin_bug+0x1c0/0x1c0 [ 84.946138][ T5068] ? class_dir_child_ns_type+0xd/0x60 [ 84.951527][ T5068] kobject_add_internal+0x2c9/0x9c0 [ 84.956744][ T5068] kobject_add+0x158/0x230 [ 84.961170][ T5068] ? kset_create_and_add+0x1a0/0x1a0 [ 84.966470][ T5068] ? do_raw_spin_unlock+0x175/0x230 [ 84.971691][ T5068] ? kobject_put+0xbd/0x4d0 [ 84.976236][ T5068] device_add+0x37d/0x1a40 [ 84.980675][ T5068] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 84.987548][ T5068] ? __init_waitqueue_head+0xca/0x150 [ 84.992935][ T5068] tty_register_device_attr+0x38f/0x7d0 [ 84.998506][ T5068] ? lockdep_init_map_type+0x21e/0x810 [ 85.004013][ T5068] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 85.009672][ T5068] ? lockdep_init_map_type+0x21e/0x810 [ 85.015170][ T5068] ? __raw_spin_lock_init+0x3a/0x110 [ 85.020488][ T5068] ? tty_port_init+0x156/0x1b0 [ 85.025297][ T5068] gsmld_ioctl+0x97e/0x1850 [ 85.029833][ T5068] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 85.035416][ T5068] ? __ldsem_down_read_nested+0xcb/0x850 [ 85.041088][ T5068] ? __ldsem_down_read_nested+0xdc/0x850 [ 85.046774][ T5068] ? tomoyo_path_number_perm+0x166/0x570 [ 85.052520][ T5068] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 85.057957][ T5068] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 85.063883][ T5068] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 85.069456][ T5068] tty_ioctl+0x80b/0x16e0 [ 85.073813][ T5068] ? tty_release_struct+0xf0/0xf0 [ 85.078865][ T5068] ? find_held_lock+0x2d/0x110 [ 85.083659][ T5068] ? do_one_initcall+0x270/0x540 [ 85.088640][ T5068] ? __fget_files+0x26a/0x480 [ 85.093358][ T5068] ? bpf_lsm_file_ioctl+0x9/0x10 [ 85.098329][ T5068] ? tty_release_struct+0xf0/0xf0 [ 85.103385][ T5068] __x64_sys_ioctl+0x197/0x210 [ 85.108188][ T5068] do_syscall_64+0x39/0xb0 [ 85.112644][ T5068] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.118583][ T5068] RIP: 0033:0x7f3af41a8c49 [ 85.123024][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5067] <... ioctl resumed> ) = ? [pid 5067] +++ exited with 0 +++ [ 85.142650][ T5068] RSP: 002b:00007f3af4118318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.151085][ T5068] RAX: ffffffffffffffda RBX: 00007f3af42304e8 RCX: 00007f3af41a8c49 [ 85.159070][ T5068] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 85.167065][ T5068] RBP: 00007f3af42304e0 R08: 00007f3af4118700 R09: 0000000000000000 [ 85.175059][ T5068] R10: 00007f3af4118700 R11: 0000000000000246 R12: 00007f3af41fe07c [ 85.183048][ T5068] R13: 00007ffd74d0e68f R14: 00007f3af4118400 R15: 0000000000022000 [ 85.191051][ T5068] [pid 5068] <... ioctl resumed> ) = ? [pid 5068] +++ exited with 0 +++ [pid 5066] <... ioctl resumed> ) = ? [ 85.196685][ T5068] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5066] +++ exited with 0 +++ [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5069 ./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x5555566615e0, 24) = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5069] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5070 attached , parent_tid=[5070], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5070 [pid 5070] set_robust_list(0x7f3af415a9e0, 24 [pid 5069] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... set_robust_list resumed>) = 0 [pid 5069] <... futex resumed>) = 0 [pid 5070] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5069] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... openat resumed>) = 3 [pid 5070] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5070] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] ioctl(3, TIOCSETD, [21]) = 0 [pid 5070] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5070] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] ioctl(3, GSMIOC_SETCONF [pid 5069] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5069] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5069] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5071], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5071 [pid 5069] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5071] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5071] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5071] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] ioctl(4, GSMIOC_SETCONF [pid 5069] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5069] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 85.531362][ T5071] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 85.553358][ T5071] CPU: 0 PID: 5071 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 85.563856][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 85.573953][ T5071] Call Trace: [ 85.577251][ T5071] [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5069] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5072], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5072 [pid 5069] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x7f3af41189e0, 24) = 0 [ 85.580203][ T5071] dump_stack_lvl+0x136/0x150 [ 85.584975][ T5071] sysfs_warn_dup+0x80/0xa0 [ 85.589560][ T5071] sysfs_create_dir_ns+0x237/0x290 [ 85.594732][ T5071] ? sysfs_create_mount_point+0xb0/0xb0 [ 85.600309][ T5071] ? spin_bug+0x1c0/0x1c0 [ 85.604680][ T5071] ? class_dir_child_ns_type+0xd/0x60 [ 85.610087][ T5071] kobject_add_internal+0x2c9/0x9c0 [ 85.615344][ T5071] kobject_add+0x158/0x230 [ 85.619868][ T5071] ? kset_create_and_add+0x1a0/0x1a0 [ 85.625199][ T5071] ? do_raw_spin_unlock+0x175/0x230 [pid 5072] ioctl(4, GSMIOC_SETCONF [pid 5069] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 85.630515][ T5071] ? kobject_put+0xbd/0x4d0 [ 85.635074][ T5071] device_add+0x37d/0x1a40 [ 85.639532][ T5071] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 85.646440][ T5071] ? __init_waitqueue_head+0xca/0x150 [ 85.651861][ T5071] tty_register_device_attr+0x38f/0x7d0 [ 85.657428][ T5071] ? lockdep_init_map_type+0x21e/0x810 [ 85.663038][ T5071] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 85.668645][ T5071] ? lockdep_init_map_type+0x21e/0x810 [ 85.674160][ T5071] ? __raw_spin_lock_init+0x3a/0x110 [ 85.679487][ T5071] ? tty_port_init+0x156/0x1b0 [ 85.684318][ T5071] gsmld_ioctl+0x97e/0x1850 [ 85.688880][ T5071] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 85.694469][ T5071] ? __ldsem_down_read_nested+0xcb/0x850 [ 85.700171][ T5071] ? __ldsem_down_read_nested+0xdc/0x850 [ 85.705863][ T5071] ? tomoyo_path_number_perm+0x166/0x570 [ 85.711523][ T5071] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 85.716964][ T5071] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 85.722916][ T5071] ? gsm_dlci_config.part.0+0xe20/0xe20 [pid 5069] exit_group(0) = ? [ 85.728533][ T5071] tty_ioctl+0x80b/0x16e0 [ 85.732918][ T5071] ? tty_release_struct+0xf0/0xf0 [ 85.737989][ T5071] ? find_held_lock+0x2d/0x110 [ 85.742779][ T5071] ? do_one_initcall+0x270/0x540 [ 85.747760][ T5071] ? __fget_files+0x26a/0x480 [ 85.752507][ T5071] ? bpf_lsm_file_ioctl+0x9/0x10 [ 85.757490][ T5071] ? tty_release_struct+0xf0/0xf0 [ 85.762548][ T5071] __x64_sys_ioctl+0x197/0x210 [ 85.767365][ T5071] do_syscall_64+0x39/0xb0 [ 85.771851][ T5071] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.777816][ T5071] RIP: 0033:0x7f3af41a8c49 [ 85.782271][ T5071] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 85.801915][ T5071] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.810351][ T5071] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 85.818346][ T5071] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 85.826346][ T5071] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 85.834351][ T5071] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3af41fe07c [ 85.842432][ T5071] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 85.848500][ T5072] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 85.850426][ T5071] [ 85.872404][ T5071] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [ 85.891026][ T5072] CPU: 0 PID: 5072 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 85.901534][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 85.911667][ T5072] Call Trace: [ 85.914982][ T5072] [ 85.917957][ T5072] dump_stack_lvl+0x136/0x150 [ 85.922717][ T5072] sysfs_warn_dup+0x80/0xa0 [ 85.927289][ T5072] sysfs_create_dir_ns+0x237/0x290 [pid 5071] <... ioctl resumed> ) = ? [pid 5071] +++ exited with 0 +++ [ 85.932488][ T5072] ? sysfs_create_mount_point+0xb0/0xb0 [ 85.938113][ T5072] ? spin_bug+0x1c0/0x1c0 [ 85.942471][ T5072] ? class_dir_child_ns_type+0xd/0x60 [ 85.947952][ T5072] kobject_add_internal+0x2c9/0x9c0 [ 85.953177][ T5072] kobject_add+0x158/0x230 [ 85.957615][ T5072] ? kset_create_and_add+0x1a0/0x1a0 [ 85.962921][ T5072] ? do_raw_spin_unlock+0x175/0x230 [ 85.968156][ T5072] ? kobject_put+0xbd/0x4d0 [ 85.972684][ T5072] device_add+0x37d/0x1a40 [pid 5070] <... ioctl resumed> ) = ? [pid 5070] +++ exited with 0 +++ [ 85.977130][ T5072] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 85.984021][ T5072] ? __init_waitqueue_head+0xca/0x150 [ 85.989452][ T5072] tty_register_device_attr+0x38f/0x7d0 [ 85.995038][ T5072] ? lockdep_init_map_type+0x21e/0x810 [ 86.000561][ T5072] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 86.006162][ T5072] ? lockdep_init_map_type+0x21e/0x810 [ 86.011693][ T5072] ? __raw_spin_lock_init+0x3a/0x110 [ 86.017055][ T5072] ? tty_port_init+0x156/0x1b0 [ 86.021887][ T5072] gsmld_ioctl+0x97e/0x1850 [ 86.026462][ T5072] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 86.032079][ T5072] ? __ldsem_down_read_nested+0xcb/0x850 [ 86.037787][ T5072] ? __ldsem_down_read_nested+0xdc/0x850 [ 86.043493][ T5072] ? tomoyo_path_number_perm+0x166/0x570 [ 86.049194][ T5072] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 86.054647][ T5072] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 86.060608][ T5072] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 86.066209][ T5072] tty_ioctl+0x80b/0x16e0 [ 86.070598][ T5072] ? tty_release_struct+0xf0/0xf0 [ 86.075680][ T5072] ? find_held_lock+0x2d/0x110 [ 86.080514][ T5072] ? do_one_initcall+0x270/0x540 [ 86.085514][ T5072] ? __fget_files+0x26a/0x480 [ 86.090259][ T5072] ? bpf_lsm_file_ioctl+0x9/0x10 [ 86.095224][ T5072] ? tty_release_struct+0xf0/0xf0 [ 86.100287][ T5072] __x64_sys_ioctl+0x197/0x210 [ 86.105108][ T5072] do_syscall_64+0x39/0xb0 [ 86.109557][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.115479][ T5072] RIP: 0033:0x7f3af41a8c49 [ 86.119907][ T5072] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 86.139532][ T5072] RSP: 002b:00007f3af4118318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.147963][ T5072] RAX: ffffffffffffffda RBX: 00007f3af42304e8 RCX: 00007f3af41a8c49 [ 86.155944][ T5072] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 86.163923][ T5072] RBP: 00007f3af42304e0 R08: 00007f3af4118700 R09: 0000000000000000 [ 86.171929][ T5072] R10: 00007f3af4118700 R11: 0000000000000246 R12: 00007f3af41fe07c [pid 5072] <... ioctl resumed> ) = ? [ 86.179932][ T5072] R13: 00007ffd74d0e68f R14: 00007f3af4118400 R15: 0000000000022000 [ 86.187976][ T5072] [ 86.195148][ T5072] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5072] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached , child_tidptr=0x5555566615d0) = 5073 [pid 5073] set_robust_list(0x5555566615e0, 24) = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5073] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5074 attached , parent_tid=[5074], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5074 [pid 5074] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5074] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5073] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5074] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] ioctl(3, TIOCSETD, [21] [pid 5073] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... ioctl resumed>) = 0 [pid 5074] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5073] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] ioctl(3, GSMIOC_SETCONF [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5073] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5073] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5073] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5075], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5075 [pid 5073] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5075] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5075] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 86.472293][ T5075] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 86.486274][ T5075] CPU: 1 PID: 5075 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 86.496746][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 86.506839][ T5075] Call Trace: [ 86.510163][ T5075] [ 86.513139][ T5075] dump_stack_lvl+0x136/0x150 [ 86.517888][ T5075] sysfs_warn_dup+0x80/0xa0 [ 86.522469][ T5075] sysfs_create_dir_ns+0x237/0x290 [ 86.527669][ T5075] ? sysfs_create_mount_point+0xb0/0xb0 [ 86.533282][ T5075] ? spin_bug+0x1c0/0x1c0 [ 86.537657][ T5075] ? class_dir_child_ns_type+0xd/0x60 [ 86.543059][ T5075] kobject_add_internal+0x2c9/0x9c0 [ 86.548299][ T5075] kobject_add+0x158/0x230 [ 86.552742][ T5075] ? kset_create_and_add+0x1a0/0x1a0 [ 86.558061][ T5075] ? do_raw_spin_unlock+0x175/0x230 [ 86.563305][ T5075] ? kobject_put+0xbd/0x4d0 [ 86.567849][ T5075] device_add+0x37d/0x1a40 [ 86.572304][ T5075] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 86.579208][ T5075] ? __init_waitqueue_head+0xca/0x150 [ 86.584628][ T5075] tty_register_device_attr+0x38f/0x7d0 [ 86.590209][ T5075] ? lockdep_init_map_type+0x21e/0x810 [ 86.595724][ T5075] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 86.601298][ T5075] ? lockdep_init_map_type+0x21e/0x810 [ 86.606795][ T5075] ? __raw_spin_lock_init+0x3a/0x110 [ 86.612117][ T5075] ? tty_port_init+0x156/0x1b0 [ 86.616918][ T5075] gsmld_ioctl+0x97e/0x1850 [ 86.621497][ T5075] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 86.627088][ T5075] ? __ldsem_down_read_nested+0xcb/0x850 [ 86.632849][ T5075] ? __ldsem_down_read_nested+0xdc/0x850 [ 86.638524][ T5075] ? tomoyo_path_number_perm+0x166/0x570 [ 86.644185][ T5075] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 86.649603][ T5075] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 86.655540][ T5075] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 86.661117][ T5075] tty_ioctl+0x80b/0x16e0 [ 86.665472][ T5075] ? tty_release_struct+0xf0/0xf0 [ 86.670531][ T5075] ? find_held_lock+0x2d/0x110 [ 86.675325][ T5075] ? do_one_initcall+0x270/0x540 [ 86.680301][ T5075] ? __fget_files+0x26a/0x480 [ 86.685032][ T5075] ? bpf_lsm_file_ioctl+0x9/0x10 [ 86.690002][ T5075] ? tty_release_struct+0xf0/0xf0 [ 86.695063][ T5075] __x64_sys_ioctl+0x197/0x210 [ 86.699866][ T5075] do_syscall_64+0x39/0xb0 [ 86.704323][ T5075] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.710263][ T5075] RIP: 0033:0x7f3af41a8c49 [ 86.714700][ T5075] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 86.734330][ T5075] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.742770][ T5075] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 86.750759][ T5075] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 86.758745][ T5075] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [pid 5075] ioctl(4, GSMIOC_SETCONF [pid 5073] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5073] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5073] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5076], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5076 [pid 5073] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5075] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.766730][ T5075] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 86.774718][ T5075] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 86.782730][ T5075] [ 86.795063][ T5075] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5075] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x7f3af41189e0, 24) = 0 [pid 5076] ioctl(4, GSMIOC_SETCONF [pid 5073] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5074] <... ioctl resumed>, 0x20000040) = 0 [pid 5074] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.859435][ T5076] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 86.895211][ T5076] CPU: 0 PID: 5076 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 86.905717][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 86.915802][ T5076] Call Trace: [ 86.919194][ T5076] [ 86.922158][ T5076] dump_stack_lvl+0x136/0x150 [ 86.926898][ T5076] sysfs_warn_dup+0x80/0xa0 [ 86.931476][ T5076] sysfs_create_dir_ns+0x237/0x290 [ 86.936656][ T5076] ? sysfs_create_mount_point+0xb0/0xb0 [ 86.942344][ T5076] ? spin_bug+0x1c0/0x1c0 [ 86.946731][ T5076] ? class_dir_child_ns_type+0xd/0x60 [ 86.952141][ T5076] kobject_add_internal+0x2c9/0x9c0 [ 86.957486][ T5076] kobject_add+0x158/0x230 [ 86.961956][ T5076] ? kset_create_and_add+0x1a0/0x1a0 [ 86.967303][ T5076] ? do_raw_spin_unlock+0x175/0x230 [ 86.972574][ T5076] ? kobject_put+0xbd/0x4d0 [ 86.977161][ T5076] device_add+0x37d/0x1a40 [ 86.981644][ T5076] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 86.988569][ T5076] ? __init_waitqueue_head+0xca/0x150 [ 86.994021][ T5076] tty_register_device_attr+0x38f/0x7d0 [ 86.999626][ T5076] ? lockdep_init_map_type+0x21e/0x810 [ 87.005155][ T5076] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 87.010767][ T5076] ? lockdep_init_map_type+0x21e/0x810 [ 87.016320][ T5076] ? __raw_spin_lock_init+0x3a/0x110 [ 87.021678][ T5076] ? tty_port_init+0x156/0x1b0 [ 87.026520][ T5076] gsmld_ioctl+0x97e/0x1850 [ 87.031090][ T5076] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 87.036701][ T5076] ? __ldsem_down_read_nested+0xcb/0x850 [ 87.042392][ T5076] ? __ldsem_down_read_nested+0xdc/0x850 [ 87.048106][ T5076] ? tomoyo_path_number_perm+0x166/0x570 [ 87.053790][ T5076] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 87.059236][ T5076] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 87.065187][ T5076] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 87.070801][ T5076] tty_ioctl+0x80b/0x16e0 [ 87.075191][ T5076] ? tty_release_struct+0xf0/0xf0 [ 87.080267][ T5076] ? find_held_lock+0x2d/0x110 [ 87.085082][ T5076] ? do_one_initcall+0x270/0x540 [ 87.090083][ T5076] ? __fget_files+0x26a/0x480 [ 87.094832][ T5076] ? bpf_lsm_file_ioctl+0x9/0x10 [ 87.099830][ T5076] ? tty_release_struct+0xf0/0xf0 [ 87.104906][ T5076] __x64_sys_ioctl+0x197/0x210 [ 87.109748][ T5076] do_syscall_64+0x39/0xb0 [ 87.114241][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 87.120191][ T5076] RIP: 0033:0x7f3af41a8c49 [ 87.124645][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 87.144292][ T5076] RSP: 002b:00007f3af4118318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.152745][ T5076] RAX: ffffffffffffffda RBX: 00007f3af42304e8 RCX: 00007f3af41a8c49 [ 87.160758][ T5076] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 87.168761][ T5076] RBP: 00007f3af42304e0 R08: 00007f3af4118700 R09: 0000000000000000 [ 87.176770][ T5076] R10: 00007f3af4118700 R11: 0000000000000246 R12: 00007f3af41fe07c [ 87.184777][ T5076] R13: 00007ffd74d0e68f R14: 00007f3af4118400 R15: 0000000000022000 [ 87.192809][ T5076] [pid 5074] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5076] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] exit_group(0 [pid 5074] <... futex resumed>) = ? [pid 5073] <... exit_group resumed>) = ? [pid 5074] +++ exited with 0 +++ [pid 5075] <... futex resumed>) = ? [pid 5076] <... futex resumed>) = ? [pid 5076] +++ exited with 0 +++ [ 87.199313][ T5076] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5075] +++ exited with 0 +++ [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5077 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x5555566615e0, 24) = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5077] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5078], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5078 [pid 5077] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5078] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5078] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 1 [pid 5078] ioctl(3, TIOCSETD, [21]) = 0 [pid 5078] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 1 [pid 5078] ioctl(3, GSMIOC_SETCONF [pid 5077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5077] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5077] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5079], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5079 [pid 5077] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5079] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5079] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 87.542534][ T5079] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 87.573058][ T5079] CPU: 1 PID: 5079 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [pid 5079] ioctl(4, GSMIOC_SETCONF [pid 5077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5077] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5077] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5080], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5080 [pid 5077] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 87.583558][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 87.593655][ T5079] Call Trace: [ 87.596971][ T5079] [ 87.599942][ T5079] dump_stack_lvl+0x136/0x150 [ 87.604692][ T5079] sysfs_warn_dup+0x80/0xa0 [ 87.609268][ T5079] sysfs_create_dir_ns+0x237/0x290 [ 87.614460][ T5079] ? sysfs_create_mount_point+0xb0/0xb0 [ 87.620083][ T5079] ? spin_bug+0x1c0/0x1c0 [ 87.624490][ T5079] ? class_dir_child_ns_type+0xd/0x60 [ 87.629917][ T5079] kobject_add_internal+0x2c9/0x9c0 [ 87.635181][ T5079] kobject_add+0x158/0x230 [pid 5077] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 87.639651][ T5079] ? kset_create_and_add+0x1a0/0x1a0 [ 87.644995][ T5079] ? do_raw_spin_unlock+0x175/0x230 [ 87.650262][ T5079] ? kobject_put+0xbd/0x4d0 [ 87.654825][ T5079] device_add+0x37d/0x1a40 [ 87.659307][ T5079] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 87.666234][ T5079] ? __init_waitqueue_head+0xca/0x150 [ 87.671653][ T5079] tty_register_device_attr+0x38f/0x7d0 [ 87.677233][ T5079] ? lockdep_init_map_type+0x21e/0x810 [ 87.682736][ T5079] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 87.688310][ T5079] ? lockdep_init_map_type+0x21e/0x810 [ 87.693813][ T5079] ? __raw_spin_lock_init+0x3a/0x110 [ 87.699154][ T5079] ? tty_port_init+0x156/0x1b0 [ 87.703967][ T5079] gsmld_ioctl+0x97e/0x1850 [ 87.708521][ T5079] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 87.714108][ T5079] ? __ldsem_down_read_nested+0xcb/0x850 [ 87.719780][ T5079] ? __ldsem_down_read_nested+0xdc/0x850 [ 87.725456][ T5079] ? tomoyo_path_number_perm+0x166/0x570 [ 87.731294][ T5079] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 87.736719][ T5079] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 87.742654][ T5079] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 87.748234][ T5079] tty_ioctl+0x80b/0x16e0 [ 87.752591][ T5079] ? tty_release_struct+0xf0/0xf0 [ 87.757643][ T5079] ? find_held_lock+0x2d/0x110 [ 87.762441][ T5079] ? do_one_initcall+0x270/0x540 [ 87.767433][ T5079] ? __fget_files+0x26a/0x480 [ 87.772154][ T5079] ? bpf_lsm_file_ioctl+0x9/0x10 [ 87.777150][ T5079] ? tty_release_struct+0xf0/0xf0 [ 87.782204][ T5079] __x64_sys_ioctl+0x197/0x210 [ 87.787009][ T5079] do_syscall_64+0x39/0xb0 [ 87.791475][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 87.797415][ T5079] RIP: 0033:0x7f3af41a8c49 [ 87.801850][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 87.821491][ T5079] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.829930][ T5079] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [pid 5078] <... ioctl resumed>, 0x20000040) = 0 [pid 5078] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x7f3af41189e0, 24) = 0 [pid 5080] ioctl(4, GSMIOC_SETCONF, 0x20000040) = 0 [pid 5080] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 87.837920][ T5079] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 87.845906][ T5079] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 87.853905][ T5079] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 87.861895][ T5079] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 87.869908][ T5079] [pid 5080] futex(0x7f3af42304e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5079] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] exit_group(0 [pid 5078] <... futex resumed>) = ? [pid 5077] <... exit_group resumed>) = ? [pid 5080] <... futex resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ [pid 5079] <... futex resumed>) = ? [ 88.013679][ T5079] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5079] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5081 ./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x5555566615e0, 24) = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5081] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5082], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5082 [pid 5081] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5082] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5082] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] ioctl(3, TIOCSETD, [21]) = 0 [pid 5082] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] ioctl(3, GSMIOC_SETCONF [pid 5081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5081] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5081] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5081] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5083], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5083 [pid 5081] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5083] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5083] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [ 88.279960][ T5083] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 88.295134][ T5083] CPU: 0 PID: 5083 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 88.305616][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 88.315707][ T5083] Call Trace: [ 88.319019][ T5083] [ 88.322006][ T5083] dump_stack_lvl+0x136/0x150 [ 88.326760][ T5083] sysfs_warn_dup+0x80/0xa0 [ 88.331335][ T5083] sysfs_create_dir_ns+0x237/0x290 [ 88.336521][ T5083] ? sysfs_create_mount_point+0xb0/0xb0 [ 88.342137][ T5083] ? spin_bug+0x1c0/0x1c0 [ 88.346539][ T5083] ? class_dir_child_ns_type+0xd/0x60 [ 88.352048][ T5083] kobject_add_internal+0x2c9/0x9c0 [ 88.357303][ T5083] kobject_add+0x158/0x230 [ 88.361773][ T5083] ? kset_create_and_add+0x1a0/0x1a0 [ 88.367123][ T5083] ? do_raw_spin_unlock+0x175/0x230 [ 88.372389][ T5083] ? kobject_put+0xbd/0x4d0 [ 88.376962][ T5083] device_add+0x37d/0x1a40 [ 88.381446][ T5083] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 88.388375][ T5083] ? __init_waitqueue_head+0xca/0x150 [ 88.393816][ T5083] tty_register_device_attr+0x38f/0x7d0 [ 88.399422][ T5083] ? lockdep_init_map_type+0x21e/0x810 [ 88.404948][ T5083] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 88.410549][ T5083] ? lockdep_init_map_type+0x21e/0x810 [ 88.416078][ T5083] ? __raw_spin_lock_init+0x3a/0x110 [ 88.421438][ T5083] ? tty_port_init+0x156/0x1b0 [ 88.426272][ T5083] gsmld_ioctl+0x97e/0x1850 [ 88.430855][ T5083] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 88.436467][ T5083] ? __ldsem_down_read_nested+0xcb/0x850 [ 88.442172][ T5083] ? __ldsem_down_read_nested+0xdc/0x850 [ 88.447884][ T5083] ? tomoyo_path_number_perm+0x166/0x570 [ 88.453572][ T5083] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 88.459041][ T5083] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 88.465017][ T5083] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 88.470625][ T5083] tty_ioctl+0x80b/0x16e0 [ 88.475008][ T5083] ? tty_release_struct+0xf0/0xf0 [ 88.480162][ T5083] ? find_held_lock+0x2d/0x110 [ 88.484947][ T5083] ? do_one_initcall+0x270/0x540 [ 88.489914][ T5083] ? __fget_files+0x26a/0x480 [ 88.494622][ T5083] ? bpf_lsm_file_ioctl+0x9/0x10 [ 88.499582][ T5083] ? tty_release_struct+0xf0/0xf0 [ 88.504626][ T5083] __x64_sys_ioctl+0x197/0x210 [ 88.509418][ T5083] do_syscall_64+0x39/0xb0 [ 88.513857][ T5083] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 88.519775][ T5083] RIP: 0033:0x7f3af41a8c49 [pid 5083] ioctl(4, GSMIOC_SETCONF [pid 5082] <... ioctl resumed>, 0x20000040) = 0 [pid 5082] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.524201][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 88.543815][ T5083] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 88.552249][ T5083] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 88.560268][ T5083] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 88.568280][ T5083] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [pid 5082] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5082] ioctl(4, GSMIOC_SETCONF, 0x20000040) = 0 [pid 5081] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5083] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] exit_group(0 [pid 5083] exit_group(0 [pid 5082] <... futex resumed>) = ? [pid 5081] <... exit_group resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ [ 88.576283][ T5083] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 88.584385][ T5083] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 88.592406][ T5083] [ 88.601990][ T5083] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x5555566615e0, 24) = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5084] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5085], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5085 [pid 5084] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5085] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5085] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] ioctl(3, TIOCSETD, [21]) = 0 [pid 5085] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] ioctl(3, GSMIOC_SETCONF [pid 5084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5084] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5086], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5086 [pid 5084] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5086] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5086] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [ 88.880175][ T5086] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 88.894396][ T5086] CPU: 0 PID: 5086 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 88.904892][ T5086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 88.914994][ T5086] Call Trace: [ 88.918313][ T5086] [ 88.921312][ T5086] dump_stack_lvl+0x136/0x150 [ 88.926077][ T5086] sysfs_warn_dup+0x80/0xa0 [ 88.930669][ T5086] sysfs_create_dir_ns+0x237/0x290 [ 88.935856][ T5086] ? sysfs_create_mount_point+0xb0/0xb0 [ 88.941477][ T5086] ? spin_bug+0x1c0/0x1c0 [ 88.945877][ T5086] ? class_dir_child_ns_type+0xd/0x60 [ 88.951301][ T5086] kobject_add_internal+0x2c9/0x9c0 [ 88.956566][ T5086] kobject_add+0x158/0x230 [ 88.961039][ T5086] ? kset_create_and_add+0x1a0/0x1a0 [ 88.966381][ T5086] ? do_raw_spin_unlock+0x175/0x230 [ 88.971646][ T5086] ? kobject_put+0xbd/0x4d0 [ 88.976214][ T5086] device_add+0x37d/0x1a40 [ 88.980703][ T5086] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 88.987618][ T5086] ? __init_waitqueue_head+0xca/0x150 [ 88.993057][ T5086] tty_register_device_attr+0x38f/0x7d0 [ 88.998661][ T5086] ? lockdep_init_map_type+0x21e/0x810 [ 89.004188][ T5086] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 89.009786][ T5086] ? lockdep_init_map_type+0x21e/0x810 [ 89.015319][ T5086] ? __raw_spin_lock_init+0x3a/0x110 [ 89.020697][ T5086] ? tty_port_init+0x156/0x1b0 [ 89.025527][ T5086] gsmld_ioctl+0x97e/0x1850 [ 89.030096][ T5086] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 89.035709][ T5086] ? __ldsem_down_read_nested+0xcb/0x850 [ 89.041414][ T5086] ? __ldsem_down_read_nested+0xdc/0x850 [ 89.047115][ T5086] ? tomoyo_path_number_perm+0x166/0x570 [ 89.052798][ T5086] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 89.058243][ T5086] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 89.064200][ T5086] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 89.069797][ T5086] tty_ioctl+0x80b/0x16e0 [ 89.074144][ T5086] ? tty_release_struct+0xf0/0xf0 [pid 5086] ioctl(4, GSMIOC_SETCONF [pid 5085] <... ioctl resumed>, 0x20000040) = 0 [pid 5085] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 89.079184][ T5086] ? find_held_lock+0x2d/0x110 [ 89.083968][ T5086] ? do_one_initcall+0x270/0x540 [ 89.088954][ T5086] ? __fget_files+0x26a/0x480 [ 89.093657][ T5086] ? bpf_lsm_file_ioctl+0x9/0x10 [ 89.098611][ T5086] ? tty_release_struct+0xf0/0xf0 [ 89.103647][ T5086] __x64_sys_ioctl+0x197/0x210 [ 89.108453][ T5086] do_syscall_64+0x39/0xb0 [ 89.112939][ T5086] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 89.118901][ T5086] RIP: 0033:0x7f3af41a8c49 [ 89.123353][ T5086] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.142995][ T5086] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 89.151437][ T5086] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 89.159439][ T5086] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 89.167425][ T5086] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [pid 5085] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5085] ioctl(4, GSMIOC_SETCONF, 0x20000040) = 0 [pid 5084] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5086] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] exit_group(0 [pid 5086] <... futex resumed>) = ? [pid 5084] <... exit_group resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5085] <... futex resumed>) = ? [ 89.175403][ T5086] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 89.183384][ T5086] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 89.191400][ T5086] [ 89.200839][ T5086] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5087 ./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x5555566615e0, 24) = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5087] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5088] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... clone resumed>, parent_tid=[5088], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5088 [pid 5087] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5087] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5088] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] ioctl(3, TIOCSETD, [21]) = 0 [pid 5088] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] ioctl(3, GSMIOC_SETCONF [pid 5087] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5087] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5087] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5089], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5089 [pid 5087] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5089] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5089] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 89.478366][ T5089] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 89.489861][ T5089] CPU: 1 PID: 5089 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 89.500348][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 89.510446][ T5089] Call Trace: [ 89.513765][ T5089] [ 89.516828][ T5089] dump_stack_lvl+0x136/0x150 [ 89.521586][ T5089] sysfs_warn_dup+0x80/0xa0 [ 89.526160][ T5089] sysfs_create_dir_ns+0x237/0x290 [ 89.531340][ T5089] ? sysfs_create_mount_point+0xb0/0xb0 [ 89.536949][ T5089] ? spin_bug+0x1c0/0x1c0 [ 89.541347][ T5089] ? class_dir_child_ns_type+0xd/0x60 [ 89.546779][ T5089] kobject_add_internal+0x2c9/0x9c0 [ 89.552049][ T5089] kobject_add+0x158/0x230 [ 89.556512][ T5089] ? kset_create_and_add+0x1a0/0x1a0 [ 89.561876][ T5089] ? do_raw_spin_unlock+0x175/0x230 [ 89.567145][ T5089] ? kobject_put+0xbd/0x4d0 [ 89.571722][ T5089] device_add+0x37d/0x1a40 [pid 5089] ioctl(4, GSMIOC_SETCONF [pid 5087] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5087] futex(0x7f3af42304ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af40f8000 [pid 5087] mprotect(0x7f3af40f9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] clone(child_stack=0x7f3af41183f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5090], tls=0x7f3af4118700, child_tidptr=0x7f3af41189d0) = 5090 [pid 5087] futex(0x7f3af42304e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... ioctl resumed>, 0x20000040) = 0 [pid 5088] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5087] futex(0x7f3af42304ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 89.576203][ T5089] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 89.583224][ T5089] ? __init_waitqueue_head+0xca/0x150 [ 89.588667][ T5089] tty_register_device_attr+0x38f/0x7d0 [ 89.594330][ T5089] ? lockdep_init_map_type+0x21e/0x810 [ 89.599855][ T5089] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 89.605455][ T5089] ? lockdep_init_map_type+0x21e/0x810 [ 89.610980][ T5089] ? __raw_spin_lock_init+0x3a/0x110 [ 89.616353][ T5089] ? tty_port_init+0x156/0x1b0 [ 89.621189][ T5089] gsmld_ioctl+0x97e/0x1850 [ 89.625801][ T5089] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 89.631408][ T5089] ? __ldsem_down_read_nested+0xcb/0x850 [ 89.637106][ T5089] ? __ldsem_down_read_nested+0xdc/0x850 [ 89.642803][ T5089] ? tomoyo_path_number_perm+0x166/0x570 [ 89.648489][ T5089] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 89.653942][ T5089] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 89.659903][ T5089] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 89.665509][ T5089] tty_ioctl+0x80b/0x16e0 [ 89.669891][ T5089] ? tty_release_struct+0xf0/0xf0 [ 89.674976][ T5089] ? find_held_lock+0x2d/0x110 [ 89.679802][ T5089] ? do_one_initcall+0x270/0x540 [ 89.684809][ T5089] ? __fget_files+0x26a/0x480 [ 89.689559][ T5089] ? bpf_lsm_file_ioctl+0x9/0x10 [ 89.694563][ T5089] ? tty_release_struct+0xf0/0xf0 [ 89.699691][ T5089] __x64_sys_ioctl+0x197/0x210 [ 89.704530][ T5089] do_syscall_64+0x39/0xb0 [ 89.709197][ T5089] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 89.715169][ T5089] RIP: 0033:0x7f3af41a8c49 [pid 5087] exit_group(0 [pid 5088] <... futex resumed>) = ? [pid 5087] <... exit_group resumed>) = ? [pid 5088] +++ exited with 0 +++ ./strace-static-x86_64: Process 5090 attached [pid 5090] +++ exited with 0 +++ [ 89.719645][ T5089] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.739307][ T5089] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 89.747775][ T5089] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 89.755760][ T5089] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 89.763749][ T5089] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 89.771737][ T5089] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [pid 5089] <... ioctl resumed> ) = ? [ 89.779716][ T5089] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 89.787717][ T5089] [ 89.794357][ T5089] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5089] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5091 ./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x5555566615e0, 24) = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5091] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5092], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5092 [pid 5091] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5092] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5092] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5091] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] ioctl(3, TIOCSETD, [21]) = 0 [pid 5092] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5091] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] ioctl(3, GSMIOC_SETCONF [pid 5091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5091] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5091] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5093], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5093 [pid 5091] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5093] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5093] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] ioctl(4, GSMIOC_SETCONF [pid 5091] <... futex resumed>) = 0 [ 90.151681][ T5093] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 90.175909][ T5093] CPU: 1 PID: 5093 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 90.186405][ T5093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 90.196601][ T5093] Call Trace: [ 90.199913][ T5093] [ 90.202875][ T5093] dump_stack_lvl+0x136/0x150 [ 90.207629][ T5093] sysfs_warn_dup+0x80/0xa0 [ 90.212220][ T5093] sysfs_create_dir_ns+0x237/0x290 [ 90.217412][ T5093] ? sysfs_create_mount_point+0xb0/0xb0 [ 90.223032][ T5093] ? spin_bug+0x1c0/0x1c0 [ 90.227429][ T5093] ? class_dir_child_ns_type+0xd/0x60 [ 90.232830][ T5093] kobject_add_internal+0x2c9/0x9c0 [ 90.238065][ T5093] kobject_add+0x158/0x230 [ 90.242506][ T5093] ? kset_create_and_add+0x1a0/0x1a0 [ 90.247835][ T5093] ? do_raw_spin_unlock+0x175/0x230 [ 90.253074][ T5093] ? kobject_put+0xbd/0x4d0 [ 90.257611][ T5093] device_add+0x37d/0x1a40 [ 90.262072][ T5093] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 90.268957][ T5093] ? __init_waitqueue_head+0xca/0x150 [ 90.274369][ T5093] tty_register_device_attr+0x38f/0x7d0 [ 90.279943][ T5093] ? lockdep_init_map_type+0x21e/0x810 [ 90.285442][ T5093] ? hung_up_tty_compat_ioctl+0x40/0x40 [ 90.291023][ T5093] ? lockdep_init_map_type+0x21e/0x810 [ 90.296605][ T5093] ? __raw_spin_lock_init+0x3a/0x110 [ 90.301927][ T5093] ? tty_port_init+0x156/0x1b0 [ 90.306734][ T5093] gsmld_ioctl+0x97e/0x1850 [ 90.311279][ T5093] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 90.316860][ T5093] ? __ldsem_down_read_nested+0xcb/0x850 [ 90.322527][ T5093] ? __ldsem_down_read_nested+0xdc/0x850 [ 90.328197][ T5093] ? tomoyo_path_number_perm+0x166/0x570 [ 90.333944][ T5093] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 90.339382][ T5093] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 90.345312][ T5093] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 90.350884][ T5093] tty_ioctl+0x80b/0x16e0 [ 90.355336][ T5093] ? tty_release_struct+0xf0/0xf0 [ 90.360392][ T5093] ? find_held_lock+0x2d/0x110 [ 90.365188][ T5093] ? do_one_initcall+0x270/0x540 [ 90.370164][ T5093] ? __fget_files+0x26a/0x480 [ 90.374887][ T5093] ? bpf_lsm_file_ioctl+0x9/0x10 [ 90.379859][ T5093] ? tty_release_struct+0xf0/0xf0 [ 90.384913][ T5093] __x64_sys_ioctl+0x197/0x210 [ 90.389721][ T5093] do_syscall_64+0x39/0xb0 [ 90.394290][ T5093] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 90.400220][ T5093] RIP: 0033:0x7f3af41a8c49 [ 90.404659][ T5093] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 90.424290][ T5093] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 90.432728][ T5093] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 90.440737][ T5093] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [pid 5091] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... ioctl resumed>, 0x20000040) = 0 [pid 5092] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5091] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5092] ioctl(4, GSMIOC_SETCONF, 0x20000040) = 0 [pid 5092] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5093] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] exit_group(0 [pid 5093] <... futex resumed>) = 0 [pid 5091] <... exit_group resumed>) = ? [pid 5092] <... futex resumed>) = ? [pid 5092] +++ exited with 0 +++ [ 90.448727][ T5093] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 90.456715][ T5093] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3af41fe07c [ 90.464794][ T5093] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 90.472799][ T5093] [ 90.485956][ T5093] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5093] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566615d0) = 5094 ./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x5555566615e0, 24) = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af413a000 [pid 5094] mprotect(0x7f3af413b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7f3af415a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5095], tls=0x7f3af415a700, child_tidptr=0x7f3af415a9d0) = 5095 [pid 5094] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x7f3af415a9e0, 24) = 0 [pid 5095] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5095] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] ioctl(3, TIOCSETD, [21]) = 0 [pid 5095] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] ioctl(3, GSMIOC_SETCONF [pid 5094] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3af4119000 [pid 5094] mprotect(0x7f3af411a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7f3af41393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5096], tls=0x7f3af4139700, child_tidptr=0x7f3af41399d0) = 5096 [pid 5094] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... ioctl resumed>, 0x20000040) = 0 [pid 5095] futex(0x7f3af42304cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f3af42304c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x7f3af41399e0, 24) = 0 [pid 5096] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5096] futex(0x7f3af42304dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f3af42304c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] futex(0x7f3af42304d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... futex resumed>) = 1 [pid 5094] futex(0x7f3af42304cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 0 [pid 5095] ioctl(4, GSMIOC_SETCONF [pid 5094] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7f3af42304d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5096] ioctl(4, GSMIOC_SETCONF [pid 5094] futex(0x7f3af42304dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5094] exit_group(0) = ? [ 91.073669][ T5096] ================================================================== [ 91.081796][ T5096] BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x799/0x810 [ 91.089547][ T5096] Read of size 4 at addr ffff88807cdd400c by task syz-executor427/5096 [ 91.097818][ T5096] [ 91.100164][ T5096] CPU: 0 PID: 5096 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 91.110614][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 91.120706][ T5096] Call Trace: [ 91.123997][ T5096] [ 91.126936][ T5096] dump_stack_lvl+0xd9/0x150 [ 91.131571][ T5096] print_address_description.constprop.0+0x2c/0x3c0 [ 91.138195][ T5096] ? gsm_cleanup_mux+0x799/0x810 [ 91.143154][ T5096] kasan_report+0x11c/0x130 [ 91.147700][ T5096] ? gsm_cleanup_mux+0x799/0x810 [ 91.152662][ T5096] gsm_cleanup_mux+0x799/0x810 [ 91.157450][ T5096] ? lock_downgrade+0x690/0x690 [ 91.162326][ T5096] ? gsm_dlci_begin_close+0x230/0x230 [ 91.167745][ T5096] gsmld_ioctl+0x4cd/0x1850 [ 91.172275][ T5096] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 91.177849][ T5096] ? __ldsem_down_read_nested+0xcb/0x850 [ 91.183516][ T5096] ? __ldsem_down_read_nested+0xdc/0x850 [ 91.189180][ T5096] ? tomoyo_path_number_perm+0x166/0x570 [ 91.194833][ T5096] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 91.200250][ T5096] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 91.206177][ T5096] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 91.211746][ T5096] tty_ioctl+0x80b/0x16e0 [ 91.216096][ T5096] ? tty_release_struct+0xf0/0xf0 [ 91.221157][ T5096] ? find_held_lock+0x2d/0x110 [ 91.225949][ T5096] ? do_one_initcall+0x270/0x540 [ 91.230916][ T5096] ? __fget_files+0x26a/0x480 [ 91.235626][ T5096] ? bpf_lsm_file_ioctl+0x9/0x10 [ 91.240593][ T5096] ? tty_release_struct+0xf0/0xf0 [ 91.245634][ T5096] __x64_sys_ioctl+0x197/0x210 [ 91.250429][ T5096] do_syscall_64+0x39/0xb0 [ 91.254883][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.260822][ T5096] RIP: 0033:0x7f3af41a8c49 [ 91.265252][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 91.284872][ T5096] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 91.293314][ T5096] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 91.301300][ T5096] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 91.309285][ T5096] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 91.317268][ T5096] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3af41fe07c [ 91.325250][ T5096] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 91.333241][ T5096] [ 91.336264][ T5096] [ 91.338598][ T5096] Allocated by task 5095: [ 91.342926][ T5096] kasan_save_stack+0x22/0x40 [ 91.347639][ T5096] kasan_set_track+0x25/0x30 [ 91.352261][ T5096] __kasan_kmalloc+0xa2/0xb0 [ 91.356877][ T5096] gsm_dlci_alloc+0x46/0x7d0 [ 91.361483][ T5096] gsmld_ioctl+0x846/0x1850 [ 91.366009][ T5096] tty_ioctl+0x80b/0x16e0 [ 91.370356][ T5096] __x64_sys_ioctl+0x197/0x210 [ 91.375150][ T5096] do_syscall_64+0x39/0xb0 [ 91.379597][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.385518][ T5096] [ 91.387843][ T5096] Freed by task 5095: [ 91.391827][ T5096] kasan_save_stack+0x22/0x40 [ 91.396548][ T5096] kasan_set_track+0x25/0x30 [ 91.401190][ T5096] kasan_save_free_info+0x2e/0x40 [ 91.406233][ T5096] ____kasan_slab_free+0x160/0x1c0 [ 91.411375][ T5096] slab_free_freelist_hook+0x8b/0x1c0 [ 91.416789][ T5096] __kmem_cache_free+0xaf/0x2d0 [ 91.421665][ T5096] tty_port_put+0x15c/0x1c0 [ 91.426215][ T5096] gsm_cleanup_mux+0x30a/0x810 [ 91.430999][ T5096] gsmld_ioctl+0x4cd/0x1850 [ 91.435532][ T5096] tty_ioctl+0x80b/0x16e0 [ 91.439878][ T5096] __x64_sys_ioctl+0x197/0x210 [ 91.444681][ T5096] do_syscall_64+0x39/0xb0 [ 91.449130][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.455052][ T5096] [ 91.457378][ T5096] The buggy address belongs to the object at ffff88807cdd4000 [ 91.457378][ T5096] which belongs to the cache kmalloc-2k of size 2048 [ 91.471438][ T5096] The buggy address is located 12 bytes inside of [ 91.471438][ T5096] freed 2048-byte region [ffff88807cdd4000, ffff88807cdd4800) [ 91.485245][ T5096] [ 91.487574][ T5096] The buggy address belongs to the physical page: [ 91.493988][ T5096] page:ffffea0001f37400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7cdd0 [ 91.504156][ T5096] head:ffffea0001f37400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 91.513272][ T5096] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 91.521259][ T5096] page_type: 0xffffffff() [ 91.525601][ T5096] raw: 00fff00000010200 ffff888012442000 dead000000000122 0000000000000000 [ 91.534199][ T5096] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 91.542788][ T5096] page dumped because: kasan: bad access detected [ 91.549201][ T5096] page_owner tracks the page as allocated [ 91.554919][ T5096] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5093, tgid 5091 (syz-executor427), ts 90151581802, free_ts 90148267618 [ 91.576565][ T5096] post_alloc_hook+0x2db/0x350 [ 91.581368][ T5096] get_page_from_freelist+0xf41/0x2c00 [ 91.586945][ T5096] __alloc_pages+0x1cb/0x4a0 [ 91.591583][ T5096] alloc_pages+0x1aa/0x270 [ 91.596037][ T5096] allocate_slab+0x25f/0x390 [ 91.600657][ T5096] ___slab_alloc+0xa91/0x1400 [ 91.605363][ T5096] __slab_alloc.constprop.0+0x56/0xa0 [ 91.610757][ T5096] __kmem_cache_alloc_node+0x136/0x320 [ 91.616242][ T5096] kmalloc_trace+0x26/0xe0 [ 91.620694][ T5096] tty_register_device_attr+0x220/0x7d0 [ 91.626256][ T5096] gsmld_ioctl+0x97e/0x1850 [ 91.630776][ T5096] tty_ioctl+0x80b/0x16e0 [ 91.635133][ T5096] __x64_sys_ioctl+0x197/0x210 [ 91.639925][ T5096] do_syscall_64+0x39/0xb0 [ 91.644369][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.650291][ T5096] page last free stack trace: [ 91.654972][ T5096] free_unref_page_prepare+0x62e/0xcb0 [ 91.660468][ T5096] free_unref_page+0x33/0x370 [ 91.665183][ T5096] __folio_put+0x109/0x140 [ 91.669683][ T5096] put_page+0x21b/0x280 [ 91.673880][ T5096] page_to_skb+0x816/0xa10 [ 91.678327][ T5096] receive_buf+0x11b7/0x61b0 [ 91.682948][ T5096] virtnet_poll+0x742/0x14b0 [ 91.687573][ T5096] __napi_poll+0xb7/0x6f0 [ 91.691937][ T5096] net_rx_action+0x8a9/0xcb0 [ 91.696812][ T5096] __do_softirq+0x1d4/0x905 [ 91.701356][ T5096] [ 91.703685][ T5096] Memory state around the buggy address: [ 91.709329][ T5096] ffff88807cdd3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.717406][ T5096] ffff88807cdd3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.725483][ T5096] >ffff88807cdd4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.733560][ T5096] ^ [ 91.737896][ T5096] ffff88807cdd4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.745968][ T5096] ffff88807cdd4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.754034][ T5096] ================================================================== [ 91.794593][ T5096] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 91.801821][ T5096] CPU: 1 PID: 5096 Comm: syz-executor427 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0 [ 91.812258][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 91.822340][ T5096] Call Trace: [ 91.825645][ T5096] [ 91.828600][ T5096] dump_stack_lvl+0xd9/0x150 [ 91.833257][ T5096] panic+0x686/0x730 [ 91.837217][ T5096] ? panic_smp_self_stop+0xa0/0xa0 [ 91.842386][ T5096] ? preempt_schedule_thunk+0x1a/0x20 [ 91.847816][ T5096] ? preempt_schedule_common+0x45/0xb0 [ 91.853321][ T5096] check_panic_on_warn+0xb1/0xc0 [ 91.858312][ T5096] end_report+0xe9/0x120 [ 91.862606][ T5096] ? gsm_cleanup_mux+0x799/0x810 [ 91.867589][ T5096] kasan_report+0xf9/0x130 [ 91.872065][ T5096] ? gsm_cleanup_mux+0x799/0x810 [ 91.877051][ T5096] gsm_cleanup_mux+0x799/0x810 [ 91.881863][ T5096] ? lock_downgrade+0x690/0x690 [ 91.886763][ T5096] ? gsm_dlci_begin_close+0x230/0x230 [ 91.892199][ T5096] gsmld_ioctl+0x4cd/0x1850 [ 91.896760][ T5096] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 91.902442][ T5096] ? __ldsem_down_read_nested+0xcb/0x850 [ 91.908135][ T5096] ? __ldsem_down_read_nested+0xdc/0x850 [ 91.913831][ T5096] ? tomoyo_path_number_perm+0x166/0x570 [ 91.919510][ T5096] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 91.924951][ T5096] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 91.930920][ T5096] ? gsm_dlci_config.part.0+0xe20/0xe20 [ 91.936519][ T5096] tty_ioctl+0x80b/0x16e0 [ 91.940889][ T5096] ? tty_release_struct+0xf0/0xf0 [ 91.945963][ T5096] ? find_held_lock+0x2d/0x110 [ 91.950773][ T5096] ? do_one_initcall+0x270/0x540 [ 91.955769][ T5096] ? __fget_files+0x26a/0x480 [ 91.960516][ T5096] ? bpf_lsm_file_ioctl+0x9/0x10 [ 91.965500][ T5096] ? tty_release_struct+0xf0/0xf0 [ 91.970568][ T5096] __x64_sys_ioctl+0x197/0x210 [ 91.975392][ T5096] do_syscall_64+0x39/0xb0 [ 91.979863][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.985811][ T5096] RIP: 0033:0x7f3af41a8c49 [pid 5095] <... ioctl resumed> ) = ? [pid 5095] +++ exited with 0 +++ [ 91.990257][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 92.009900][ T5096] RSP: 002b:00007f3af4139318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 92.018353][ T5096] RAX: ffffffffffffffda RBX: 00007f3af42304d8 RCX: 00007f3af41a8c49 [ 92.026361][ T5096] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000004 [ 92.034359][ T5096] RBP: 00007f3af42304d0 R08: 0000000000000000 R09: 0000000000000000 [ 92.042350][ T5096] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3af41fe07c [ 92.050326][ T5096] R13: 00007ffd74d0e68f R14: 00007f3af4139400 R15: 0000000000022000 [ 92.058319][ T5096] [ 92.061507][ T5096] Kernel Offset: disabled [ 92.065841][ T5096] Rebooting in 86400 seconds..