Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.118' (ECDSA) to the list of known hosts. 2021/07/20 11:36:09 fuzzer started 2021/07/20 11:36:10 connecting to host at 10.128.0.169:34173 2021/07/20 11:36:10 checking machine... 2021/07/20 11:36:10 checking revisions... 2021/07/20 11:36:10 testing simple program... syzkaller login: [ 70.126315][ T8466] chnl_net:caif_netlink_parms(): no params data found [ 70.176914][ T8466] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.185031][ T8466] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.193658][ T8466] device bridge_slave_0 entered promiscuous mode [ 70.203130][ T8466] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.210885][ T8466] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.219013][ T8466] device bridge_slave_1 entered promiscuous mode [ 70.240769][ T8466] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.252520][ T8466] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.274421][ T8466] team0: Port device team_slave_0 added [ 70.283707][ T8466] team0: Port device team_slave_1 added [ 70.301398][ T8466] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.308468][ T8466] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.334524][ T8466] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.347371][ T8466] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.354687][ T8466] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.383715][ T8466] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.411895][ T8466] device hsr_slave_0 entered promiscuous mode [ 70.419470][ T8466] device hsr_slave_1 entered promiscuous mode [ 70.527606][ T8466] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.538941][ T8466] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.550380][ T8466] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.559899][ T8466] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.587424][ T8466] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.594764][ T8466] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.603094][ T8466] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.610221][ T8466] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.654154][ T8466] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.668181][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.682059][ T2960] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.692254][ T2960] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.700946][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 70.715764][ T8466] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.727932][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.737328][ T8687] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.744445][ T8687] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.756287][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.764848][ T4834] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.772042][ T4834] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.792638][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.811164][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 70.819029][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.829041][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.837517][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.849001][ T8466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.870927][ T8466] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.878448][ T8686] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 70.886859][ T8686] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 70.911403][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 70.927843][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 70.937956][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 70.946498][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 70.958496][ T8466] device veth0_vlan entered promiscuous mode [ 70.972031][ T8466] device veth1_vlan entered promiscuous mode [ 70.993454][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.002048][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.011278][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.023036][ T8466] device veth0_macvtap entered promiscuous mode [ 71.035480][ T8466] device veth1_macvtap entered promiscuous mode [ 71.053818][ T8466] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.061536][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.074042][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.085604][ T8466] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.095974][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.106371][ T8466] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.116406][ T8466] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.125563][ T8466] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.134905][ T8466] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.229679][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.241462][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.263506][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 71.302318][ T962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.313071][ T962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.324798][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready executing program 2021/07/20 11:36:13 building call list... [ 72.173861][ T962] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.712392][ T8453] [ 73.714740][ T8453] ====================================================== [ 73.721778][ T8453] WARNING: possible circular locking dependency detected [ 73.728784][ T8453] 5.14.0-rc1-syzkaller #0 Not tainted [ 73.734248][ T8453] ------------------------------------------------------ [ 73.741248][ T8453] syz-fuzzer/8453 is trying to acquire lock: [ 73.747220][ T8453] ffffffff8ba9d240 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_acquire+0xf7/0x160 [ 73.756421][ T8453] [ 73.756421][ T8453] but task is already holding lock: [ 73.763758][ T8453] ffff8880b9d4d660 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 [ 73.772522][ T8453] [ 73.772522][ T8453] which lock already depends on the new lock. [ 73.772522][ T8453] [ 73.782996][ T8453] [ 73.782996][ T8453] the existing dependency chain (in reverse order) is: [ 73.792009][ T8453] [ 73.792009][ T8453] -> #2 (lock#2){-.-.}-{2:2}: [ 73.798876][ T8453] get_page_from_freelist+0x4aa/0x2f80 [ 73.804847][ T8453] __alloc_pages+0x1b2/0x500 [ 73.809939][ T8453] alloc_page_interleave+0x1e/0x200 [ 73.815644][ T8453] alloc_pages+0x238/0x2a0 [ 73.820624][ T8453] stack_depot_save+0x39d/0x4e0 [ 73.826332][ T8453] kasan_save_stack+0x32/0x40 [ 73.831513][ T8453] kasan_record_aux_stack+0xe5/0x110 [ 73.837301][ T8453] insert_work+0x48/0x370 [ 73.842135][ T8453] __queue_work+0x5c1/0xed0 [ 73.847402][ T8453] queue_work_on+0xee/0x110 [ 73.852430][ T8453] rpm_suspend+0x1062/0x1770 [ 73.857550][ T8453] rpm_idle+0x555/0x8b0 [ 73.862218][ T8453] __pm_runtime_idle+0xbb/0x2d0 [ 73.867593][ T8453] link_peers_report+0x25b/0x7a0 [ 73.873044][ T8453] usb_hub_create_port_device+0xb06/0xd50 [ 73.879281][ T8453] hub_probe.cold+0x247d/0x2a77 [ 73.884668][ T8453] usb_probe_interface+0x315/0x7f0 [ 73.890297][ T8453] really_probe+0x23c/0xcd0 [ 73.895322][ T8453] __driver_probe_device+0x338/0x4d0 [ 73.901124][ T8453] driver_probe_device+0x4c/0x1a0 [ 73.906659][ T8453] __device_attach_driver+0x20b/0x2f0 [ 73.912730][ T8453] bus_for_each_drv+0x15f/0x1e0 [ 73.918089][ T8453] __device_attach+0x228/0x4a0 [ 73.923357][ T8453] bus_probe_device+0x1e4/0x290 [ 73.928822][ T8453] device_add+0xc2f/0x2180 [ 73.933751][ T8453] usb_set_configuration+0x113f/0x1910 [ 73.940005][ T8453] usb_generic_driver_probe+0xba/0x100 [ 73.945971][ T8453] usb_probe_device+0xd9/0x2c0 [ 73.951272][ T8453] really_probe+0x23c/0xcd0 [ 73.956275][ T8453] __driver_probe_device+0x338/0x4d0 [ 73.962148][ T8453] driver_probe_device+0x4c/0x1a0 [ 73.967674][ T8453] __device_attach_driver+0x20b/0x2f0 [ 73.973549][ T8453] bus_for_each_drv+0x15f/0x1e0 [ 73.979591][ T8453] __device_attach+0x228/0x4a0 [ 73.984987][ T8453] bus_probe_device+0x1e4/0x290 [ 73.990348][ T8453] device_add+0xc2f/0x2180 [ 73.995460][ T8453] usb_new_device.cold+0x63f/0x108e [ 74.001164][ T8453] usb_add_hcd.cold+0x140c/0x1813 [ 74.006713][ T8453] vhci_hcd_probe+0x1c9/0x3a0 [ 74.011896][ T8453] platform_probe+0xfc/0x1f0 [ 74.017074][ T8453] really_probe+0x23c/0xcd0 [ 74.022080][ T8453] __driver_probe_device+0x338/0x4d0 [ 74.027864][ T8453] driver_probe_device+0x4c/0x1a0 [ 74.033475][ T8453] __device_attach_driver+0x20b/0x2f0 [ 74.039382][ T8453] bus_for_each_drv+0x15f/0x1e0 [ 74.044743][ T8453] __device_attach+0x228/0x4a0 [ 74.050105][ T8453] bus_probe_device+0x1e4/0x290 [ 74.055460][ T8453] device_add+0xc2f/0x2180 [ 74.060470][ T8453] platform_device_add+0x363/0x820 [ 74.066089][ T8453] vhci_hcd_init+0x341/0x485 [ 74.071206][ T8453] do_one_initcall+0x103/0x650 [ 74.076485][ T8453] kernel_init_freeable+0x6b8/0x741 [ 74.082188][ T8453] kernel_init+0x1a/0x1d0 [ 74.087034][ T8453] ret_from_fork+0x1f/0x30 [ 74.091954][ T8453] [ 74.091954][ T8453] -> #1 (&pool->lock){-.-.}-{2:2}: [ 74.099510][ T8453] _raw_spin_lock+0x2a/0x40 [ 74.104554][ T8453] __queue_work+0x366/0xed0 [ 74.109579][ T8453] queue_work_on+0xee/0x110 [ 74.114601][ T8453] vfree_atomic+0xac/0xe0 [ 74.119449][ T8453] put_task_stack+0x2e0/0x4e0 [ 74.124734][ T8453] finish_task_switch.isra.0+0x77f/0xa50 [ 74.130877][ T8453] __schedule+0x942/0x26f0 [ 74.135818][ T8453] preempt_schedule_irq+0x4e/0x90 [ 74.141352][ T8453] irqentry_exit+0x31/0x80 [ 74.146279][ T8453] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 74.152792][ T8453] lock_acquire+0x1ef/0x510 [ 74.157902][ T8453] fs_reclaim_acquire+0x117/0x160 [ 74.163524][ T8453] kmem_cache_alloc+0x3e/0x3a0 [ 74.168889][ T8453] dup_fd+0x89/0xca0 [ 74.173287][ T8453] copy_process+0x213e/0x74d0 [ 74.178466][ T8453] kernel_clone+0xe7/0xac0 [ 74.183386][ T8453] kernel_thread+0xb5/0xf0 [ 74.188316][ T8453] call_usermodehelper_exec_work+0xcc/0x180 [ 74.194732][ T8453] process_one_work+0x98d/0x1630 [ 74.200178][ T8453] worker_thread+0x658/0x11f0 [ 74.205548][ T8453] kthread+0x3e5/0x4d0 [ 74.210553][ T8453] ret_from_fork+0x1f/0x30 [ 74.215831][ T8453] [ 74.215831][ T8453] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 74.223390][ T8453] __lock_acquire+0x2a07/0x54a0 [ 74.228917][ T8453] lock_acquire+0x1ab/0x510 [ 74.233930][ T8453] fs_reclaim_acquire+0x117/0x160 [ 74.239575][ T8453] prepare_alloc_pages+0x15c/0x580 [ 74.246081][ T8453] __alloc_pages+0x12f/0x500 [ 74.251539][ T8453] alloc_pages+0x18c/0x2a0 [ 74.256478][ T8453] stack_depot_save+0x39d/0x4e0 [ 74.261845][ T8453] save_stack+0x15e/0x1e0 [ 74.266713][ T8453] __set_page_owner+0x50/0x290 [ 74.272121][ T8453] __alloc_pages_bulk+0x8b9/0x1870 [ 74.277869][ T8453] __vmalloc_node_range+0x39d/0x960 [ 74.283595][ T8453] vzalloc+0x67/0x80 [ 74.288013][ T8453] n_tty_open+0x16/0x170 [ 74.293013][ T8453] tty_ldisc_open+0x9b/0x110 [ 74.298223][ T8453] tty_ldisc_setup+0x43/0x100 [ 74.303413][ T8453] tty_init_dev.part.0+0x1f4/0x610 [ 74.309219][ T8453] tty_open+0xb16/0x1000 [ 74.313988][ T8453] chrdev_open+0x266/0x770 [ 74.318915][ T8453] do_dentry_open+0x4c8/0x11d0 [ 74.324467][ T8453] path_openat+0x1c23/0x27f0 [ 74.329901][ T8453] do_filp_open+0x1aa/0x400 [ 74.334921][ T8453] do_sys_openat2+0x16d/0x420 [ 74.340202][ T8453] __x64_sys_openat+0x13f/0x1f0 [ 74.345921][ T8453] do_syscall_64+0x35/0xb0 [ 74.350897][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.357395][ T8453] [ 74.357395][ T8453] other info that might help us debug this: [ 74.357395][ T8453] [ 74.367722][ T8453] Chain exists of: [ 74.367722][ T8453] fs_reclaim --> &pool->lock --> lock#2 [ 74.367722][ T8453] [ 74.379187][ T8453] Possible unsafe locking scenario: [ 74.379187][ T8453] [ 74.386627][ T8453] CPU0 CPU1 [ 74.392068][ T8453] ---- ---- [ 74.397673][ T8453] lock(lock#2); [ 74.401299][ T8453] lock(&pool->lock); [ 74.407870][ T8453] lock(lock#2); [ 74.414019][ T8453] lock(fs_reclaim); [ 74.418073][ T8453] [ 74.418073][ T8453] *** DEADLOCK *** [ 74.418073][ T8453] [ 74.426283][ T8453] 4 locks held by syz-fuzzer/8453: [ 74.431528][ T8453] #0: ffffffff8c378fc8 (tty_mutex){+.+.}-{3:3}, at: tty_open+0x55e/0x1000 [ 74.440324][ T8453] #1: ffff88803007f1c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 [ 74.449728][ T8453] #2: ffff88803007f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x61/0xb0 [ 74.459283][ T8453] #3: ffff8880b9d4d660 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 [ 74.468522][ T8453] [ 74.468522][ T8453] stack backtrace: [ 74.474589][ T8453] CPU: 1 PID: 8453 Comm: syz-fuzzer Not tainted 5.14.0-rc1-syzkaller #0 [ 74.483170][ T8453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.493437][ T8453] Call Trace: [ 74.496847][ T8453] dump_stack_lvl+0xcd/0x134 [ 74.501536][ T8453] check_noncircular+0x25f/0x2e0 [ 74.506475][ T8453] ? print_circular_bug+0x1e0/0x1e0 [ 74.511668][ T8453] ? __kernel_text_address+0x9/0x30 [ 74.517330][ T8453] ? unwind_get_return_address+0x51/0x90 [ 74.523479][ T8453] ? lockdep_lock+0xc6/0x200 [ 74.528946][ T8453] ? call_rcu_zapped+0xb0/0xb0 [ 74.533874][ T8453] __lock_acquire+0x2a07/0x54a0 [ 74.538714][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.544776][ T8453] ? register_early_stack+0xb0/0xb0 [ 74.549974][ T8453] lock_acquire+0x1ab/0x510 [ 74.554634][ T8453] ? fs_reclaim_acquire+0xf7/0x160 [ 74.559831][ T8453] ? lock_release+0x720/0x720 [ 74.564498][ T8453] ? lock_chain_count+0x20/0x20 [ 74.569328][ T8453] ? mark_lock+0xef/0x17b0 [ 74.573746][ T8453] ? deref_stack_reg+0xee/0x150 [ 74.578599][ T8453] fs_reclaim_acquire+0x117/0x160 [ 74.583797][ T8453] ? fs_reclaim_acquire+0xf7/0x160 [ 74.588892][ T8453] prepare_alloc_pages+0x15c/0x580 [ 74.594177][ T8453] ? do_syscall_64+0x35/0xb0 [ 74.599100][ T8453] __alloc_pages+0x12f/0x500 [ 74.603699][ T8453] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 74.610714][ T8453] ? __unwind_start+0x51b/0x800 [ 74.615650][ T8453] ? __kernel_text_address+0x9/0x30 [ 74.620918][ T8453] alloc_pages+0x18c/0x2a0 [ 74.625751][ T8453] stack_depot_save+0x39d/0x4e0 [ 74.631034][ T8453] save_stack+0x15e/0x1e0 [ 74.635447][ T8453] ? register_early_stack+0xb0/0xb0 [ 74.640943][ T8453] ? __alloc_pages_bulk+0x8b9/0x1870 [ 74.646221][ T8453] ? __vmalloc_node_range+0x39d/0x960 [ 74.651787][ T8453] ? vzalloc+0x67/0x80 [ 74.655940][ T8453] ? n_tty_open+0x16/0x170 [ 74.660346][ T8453] ? tty_ldisc_open+0x9b/0x110 [ 74.665091][ T8453] ? tty_ldisc_setup+0x43/0x100 [ 74.670184][ T8453] ? tty_init_dev.part.0+0x1f4/0x610 [ 74.675724][ T8453] ? tty_open+0xb16/0x1000 [ 74.680248][ T8453] ? chrdev_open+0x266/0x770 [ 74.684819][ T8453] ? do_dentry_open+0x4c8/0x11d0 [ 74.689753][ T8453] ? path_openat+0x1c23/0x27f0 [ 74.694510][ T8453] ? do_filp_open+0x1aa/0x400 [ 74.699179][ T8453] ? do_sys_openat2+0x16d/0x420 [ 74.704201][ T8453] ? __x64_sys_openat+0x13f/0x1f0 [ 74.709247][ T8453] ? do_syscall_64+0x35/0xb0 [ 74.713829][ T8453] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.720165][ T8453] ? preempt_count_add+0x74/0x140 [ 74.725810][ T8453] __set_page_owner+0x50/0x290 [ 74.730593][ T8453] ? post_alloc_hook+0x145/0x1e0 [ 74.735643][ T8453] __alloc_pages_bulk+0x8b9/0x1870 [ 74.741012][ T8453] ? __alloc_pages+0x500/0x500 [ 74.746047][ T8453] ? rcu_read_lock_sched_held+0x3a/0x70 [ 74.751936][ T8453] ? trace_kmalloc_node+0x32/0x100 [ 74.758703][ T8453] __vmalloc_node_range+0x39d/0x960 [ 74.763943][ T8453] ? vfree_atomic+0xe0/0xe0 [ 74.768560][ T8453] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 74.774571][ T8453] ? __ldsem_down_read_nested+0x850/0x850 [ 74.780410][ T8453] ? __wake_up_common+0x650/0x650 [ 74.785773][ T8453] ? n_tty_open+0x16/0x170 [ 74.790364][ T8453] vzalloc+0x67/0x80 [ 74.794705][ T8453] ? n_tty_open+0x16/0x170 [ 74.799120][ T8453] n_tty_open+0x16/0x170 [ 74.803358][ T8453] ? n_tty_set_termios+0x1010/0x1010 [ 74.808661][ T8453] tty_ldisc_open+0x9b/0x110 [ 74.813262][ T8453] tty_ldisc_setup+0x43/0x100 [ 74.818130][ T8453] tty_init_dev.part.0+0x1f4/0x610 [ 74.823426][ T8453] tty_open+0xb16/0x1000 [ 74.828331][ T8453] ? tty_init_dev+0x80/0x80 [ 74.832915][ T8453] ? rwlock_bug.part.0+0x90/0x90 [ 74.838470][ T8453] ? tty_init_dev+0x80/0x80 [ 74.843298][ T8453] chrdev_open+0x266/0x770 [ 74.848014][ T8453] ? cdev_device_add+0x210/0x210 [ 74.853263][ T8453] ? security_file_open+0x205/0x4f0 [ 74.858846][ T8453] do_dentry_open+0x4c8/0x11d0 [ 74.863702][ T8453] ? cdev_device_add+0x210/0x210 [ 74.868844][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.875359][ T8453] ? may_open+0x1f6/0x420 [ 74.879883][ T8453] path_openat+0x1c23/0x27f0 [ 74.884709][ T8453] ? path_lookupat+0x860/0x860 [ 74.889476][ T8453] ? mark_lock+0xef/0x17b0 [ 74.893992][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.899968][ T8453] do_filp_open+0x1aa/0x400 [ 74.904465][ T8453] ? may_open_dev+0xf0/0xf0 [ 74.908966][ T8453] ? rwlock_bug.part.0+0x90/0x90 [ 74.914237][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.920647][ T8453] ? _find_next_bit+0x1e3/0x260 [ 74.925625][ T8453] ? _raw_spin_unlock+0x24/0x40 [ 74.930921][ T8453] ? alloc_fd+0x2f0/0x670 [ 74.935337][ T8453] do_sys_openat2+0x16d/0x420 [ 74.940819][ T8453] ? build_open_flags+0x6f0/0x6f0 [ 74.946101][ T8453] ? __context_tracking_exit+0xb8/0xe0 [ 74.951666][ T8453] ? lock_downgrade+0x6e0/0x6e0 [ 74.956525][ T8453] __x64_sys_openat+0x13f/0x1f0 [ 74.961407][ T8453] ? __ia32_sys_open+0x1c0/0x1c0 [ 74.966734][ T8453] ? syscall_enter_from_user_mode+0x21/0x70 [ 74.972828][ T8453] do_syscall_64+0x35/0xb0 [ 74.977591][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.983675][ T8453] RIP: 0033:0x4af20a [ 74.988030][ T8453] Code: e8 3b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 75.008919][ T8453] RSP: 002b:000000c0004333f8 EFLAGS: 00000216 ORIG_RAX: 0000000000000101 [ 75.017696][ T8453] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af20a [ 75.025775][ T8453] RDX: 0000000000000000 RSI: 000000c000097830 RDI: ffffffffffffff9c [ 75.034044][ T8453] RBP: 000000c000433470 R08: 0000000000000000 R09: 0000000000000000 [ 75.042703][ T8453] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000184 [ 75.051295][ T8453] R13: 0000000000000183 R14: 0000000000000200 R15: 000000c00021dcc0 [ 75.059385][ T8453] BUG: sleeping function called from invalid context at mm/page_alloc.c:5167 [ 75.068470][ T8453] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 8453, name: syz-fuzzer [ 75.077482][ T8453] INFO: lockdep is turned off. [ 75.082542][ T8453] irq event stamp: 136898 [ 75.087015][ T8453] hardirqs last enabled at (136897): [] _raw_spin_unlock_irqrestore+0x50/0x70 [ 75.098078][ T8453] hardirqs last disabled at (136898): [] __alloc_pages_bulk+0x1017/0x1870 [ 75.108502][ T8453] softirqs last enabled at (135410): [] __irq_exit_rcu+0x16e/0x1c0 [ 75.118132][ T8453] softirqs last disabled at (135397): [] __irq_exit_rcu+0x16e/0x1c0 [ 75.127942][ T8453] CPU: 1 PID: 8453 Comm: syz-fuzzer Not tainted 5.14.0-rc1-syzkaller #0 [ 75.136617][ T8453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.146760][ T8453] Call Trace: [ 75.150042][ T8453] dump_stack_lvl+0xcd/0x134 [ 75.154657][ T8453] ___might_sleep.cold+0x1f1/0x237 [ 75.160733][ T8453] prepare_alloc_pages+0x3da/0x580 [ 75.165855][ T8453] ? do_syscall_64+0x35/0xb0 [ 75.170604][ T8453] __alloc_pages+0x12f/0x500 [ 75.175357][ T8453] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 75.182100][ T8453] ? __unwind_start+0x51b/0x800 [ 75.186943][ T8453] ? __kernel_text_address+0x9/0x30 [ 75.192321][ T8453] alloc_pages+0x18c/0x2a0 [ 75.196721][ T8453] stack_depot_save+0x39d/0x4e0 [ 75.201562][ T8453] save_stack+0x15e/0x1e0 [ 75.205964][ T8453] ? register_early_stack+0xb0/0xb0 [ 75.211331][ T8453] ? __alloc_pages_bulk+0x8b9/0x1870 [ 75.216594][ T8453] ? __vmalloc_node_range+0x39d/0x960 [ 75.222089][ T8453] ? vzalloc+0x67/0x80 [ 75.226179][ T8453] ? n_tty_open+0x16/0x170 [ 75.230588][ T8453] ? tty_ldisc_open+0x9b/0x110 [ 75.235336][ T8453] ? tty_ldisc_setup+0x43/0x100 [ 75.240241][ T8453] ? tty_init_dev.part.0+0x1f4/0x610 [ 75.245710][ T8453] ? tty_open+0xb16/0x1000 [ 75.250125][ T8453] ? chrdev_open+0x266/0x770 [ 75.254802][ T8453] ? do_dentry_open+0x4c8/0x11d0 [ 75.259725][ T8453] ? path_openat+0x1c23/0x27f0 [ 75.264777][ T8453] ? do_filp_open+0x1aa/0x400 [ 75.269559][ T8453] ? do_sys_openat2+0x16d/0x420 [ 75.274563][ T8453] ? __x64_sys_openat+0x13f/0x1f0 [ 75.279847][ T8453] ? do_syscall_64+0x35/0xb0 [ 75.284419][ T8453] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.290471][ T8453] ? preempt_count_add+0x74/0x140 [ 75.295494][ T8453] __set_page_owner+0x50/0x290 [ 75.300243][ T8453] ? post_alloc_hook+0x145/0x1e0 [ 75.305185][ T8453] __alloc_pages_bulk+0x8b9/0x1870 [ 75.310279][ T8453] ? __alloc_pages+0x500/0x500 [ 75.315025][ T8453] ? rcu_read_lock_sched_held+0x3a/0x70 [ 75.320717][ T8453] ? trace_kmalloc_node+0x32/0x100 [ 75.326014][ T8453] __vmalloc_node_range+0x39d/0x960 [ 75.331300][ T8453] ? vfree_atomic+0xe0/0xe0 [ 75.335853][ T8453] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 75.342177][ T8453] ? __ldsem_down_read_nested+0x850/0x850 [ 75.347923][ T8453] ? __wake_up_common+0x650/0x650 [ 75.352957][ T8453] ? n_tty_open+0x16/0x170 [ 75.357373][ T8453] vzalloc+0x67/0x80 [ 75.361276][ T8453] ? n_tty_open+0x16/0x170 [ 75.365684][ T8453] n_tty_open+0x16/0x170 [ 75.369949][ T8453] ? n_tty_set_termios+0x1010/0x1010 [ 75.375375][ T8453] tty_ldisc_open+0x9b/0x110 [ 75.380205][ T8453] tty_ldisc_setup+0x43/0x100 [ 75.384976][ T8453] tty_init_dev.part.0+0x1f4/0x610 [ 75.390297][ T8453] tty_open+0xb16/0x1000 [ 75.394574][ T8453] ? tty_init_dev+0x80/0x80 [ 75.399097][ T8453] ? rwlock_bug.part.0+0x90/0x90 [ 75.404373][ T8453] ? tty_init_dev+0x80/0x80 [ 75.408870][ T8453] chrdev_open+0x266/0x770 [ 75.413281][ T8453] ? cdev_device_add+0x210/0x210 [ 75.419961][ T8453] ? security_file_open+0x205/0x4f0 [ 75.425963][ T8453] do_dentry_open+0x4c8/0x11d0 [ 75.430868][ T8453] ? cdev_device_add+0x210/0x210 [ 75.435983][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.442342][ T8453] ? may_open+0x1f6/0x420 [ 75.446934][ T8453] path_openat+0x1c23/0x27f0 [ 75.451548][ T8453] ? path_lookupat+0x860/0x860 [ 75.456303][ T8453] ? mark_lock+0xef/0x17b0 [ 75.460712][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 75.466967][ T8453] do_filp_open+0x1aa/0x400 [ 75.471822][ T8453] ? may_open_dev+0xf0/0xf0 [ 75.477018][ T8453] ? rwlock_bug.part.0+0x90/0x90 [ 75.481951][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.488436][ T8453] ? _find_next_bit+0x1e3/0x260 [ 75.493269][ T8453] ? _raw_spin_unlock+0x24/0x40 [ 75.498195][ T8453] ? alloc_fd+0x2f0/0x670 [ 75.502511][ T8453] do_sys_openat2+0x16d/0x420 [ 75.507261][ T8453] ? build_open_flags+0x6f0/0x6f0 [ 75.512561][ T8453] ? __context_tracking_exit+0xb8/0xe0 [ 75.518012][ T8453] ? lock_downgrade+0x6e0/0x6e0 [ 75.522907][ T8453] __x64_sys_openat+0x13f/0x1f0 [ 75.527758][ T8453] ? __ia32_sys_open+0x1c0/0x1c0 [ 75.532688][ T8453] ? syscall_enter_from_user_mode+0x21/0x70 [ 75.538684][ T8453] do_syscall_64+0x35/0xb0 [ 75.543181][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.549271][ T8453] RIP: 0033:0x4af20a [ 75.553491][ T8453] Code: e8 3b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 75.574099][ T8453] RSP: 002b:000000c0004333f8 EFLAGS: 00000216 ORIG_RAX: 0000000000000101 [ 75.582699][ T8453] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af20a [ 75.591042][ T8453] RDX: 0000000000000000 RSI: 000000c000097830 RDI: ffffffffffffff9c [ 75.599258][ T8453] RBP: 000000c000433470 R08: 0000000000000000 R09: 0000000000000000 [ 75.607511][ T8453] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000184 executing program [ 75.615829][ T8453] R13: 0000000000000183 R14: 0000000000000200 R15: 000000c00021dcc0 [ 75.708240][ T8453] can: request_module (can-proto-0) failed. [ 75.719271][ T8453] can: request_module (can-proto-0) failed. [ 75.730649][ T8453] can: request_module (can-proto-0) failed. [ 75.899250][ T8453] base_sock_release(ffff888039b10000) sk=ffff888022d0b000