Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts. 2021/07/18 11:43:51 parsed 1 programs 2021/07/18 11:43:52 executed programs: 0 syzkaller login: [ 41.236098][ T4385] cgroup: Unknown subsys name 'perf_event' [ 41.242987][ T4385] cgroup: Unknown subsys name 'net_cls' [ 44.161991][ T7] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 44.442745][ T7] usb 1-1: too many configurations: 38, using maximum allowed: 8 [ 45.242115][ T7] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 45.251221][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 45.259270][ T7] usb 1-1: Product: syz [ 45.263492][ T7] usb 1-1: Manufacturer: syz [ 45.268096][ T7] usb 1-1: SerialNumber: syz [ 45.313707][ T7] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 45.423685][ T7] [ 45.426074][ T7] ====================================================== [ 45.433275][ T7] WARNING: possible circular locking dependency detected [ 45.440486][ T7] 5.14.0-rc1-syzkaller #0 Not tainted [ 45.445952][ T7] ------------------------------------------------------ [ 45.453098][ T7] kworker/0:1/7 is trying to acquire lock: [ 45.458881][ T7] ffffffff87750940 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_acquire+0xf7/0x160 [ 45.467825][ T7] [ 45.467825][ T7] but task is already holding lock: [ 45.475247][ T7] ffff8881f684bee0 (lock#2){..-.}-{2:2}, at: __alloc_pages_bulk+0x406/0x1600 [ 45.484009][ T7] [ 45.484009][ T7] which lock already depends on the new lock. [ 45.484009][ T7] [ 45.495073][ T7] [ 45.495073][ T7] the existing dependency chain (in reverse order) is: [ 45.506846][ T7] [ 45.506846][ T7] -> #3 (lock#2){..-.}-{2:2}: [ 45.513782][ T7] get_page_from_freelist+0xc9b/0x28b0 [ 45.521660][ T7] __alloc_pages+0x1b2/0x4e0 [ 45.526748][ T7] alloc_pages+0x18c/0x2a0 [ 45.531690][ T7] allocate_slab+0x32b/0x4c0 [ 45.536789][ T7] ___slab_alloc+0x4ba/0x820 [ 45.541887][ T7] __slab_alloc+0x68/0x80 [ 45.546718][ T7] kmem_cache_alloc+0x339/0x360 [ 45.554846][ T7] anon_vma_clone+0xe0/0x5f0 [ 45.561065][ T7] anon_vma_fork+0x82/0x630 [ 45.566520][ T7] dup_mm+0x8a6/0x11e0 [ 45.571300][ T7] copy_process+0x5ec0/0x7040 [ 45.576682][ T7] kernel_clone+0xe7/0xa70 [ 45.581802][ T7] __do_sys_clone+0xc8/0x110 [ 45.589899][ T7] do_syscall_64+0x35/0xb0 [ 45.594832][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 45.601404][ T7] [ 45.601404][ T7] -> #2 (&anon_vma->rwsem){++++}-{3:3}: [ 45.609109][ T7] down_write+0x92/0x150 [ 45.613855][ T7] __vma_adjust+0x2f5/0x26b0 [ 45.619035][ T7] __split_vma+0x2b3/0x550 [ 45.624050][ T7] split_vma+0x95/0xd0 [ 45.628724][ T7] mprotect_fixup+0x6eb/0x8e0 [ 45.633995][ T7] do_mprotect_pkey+0x558/0x9a0 [ 45.640826][ T7] __x64_sys_mprotect+0x74/0xb0 [ 45.646195][ T7] do_syscall_64+0x35/0xb0 [ 45.651858][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 45.658569][ T7] [ 45.658569][ T7] -> #1 (&mapping->i_mmap_rwsem){+.+.}-{3:3}: [ 45.666927][ T7] down_write+0x92/0x150 [ 45.671854][ T7] dma_resv_lockdep+0x348/0x540 [ 45.677564][ T7] do_one_initcall+0x103/0x5d0 [ 45.682847][ T7] kernel_init_freeable+0x6ae/0x737 [ 45.688556][ T7] kernel_init+0x1a/0x1d0 [ 45.693394][ T7] ret_from_fork+0x1f/0x30 [ 45.698414][ T7] [ 45.698414][ T7] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 45.706485][ T7] __lock_acquire+0x2a07/0x54a0 [ 45.712051][ T7] lock_acquire+0x19d/0x4d0 [ 45.717264][ T7] fs_reclaim_acquire+0x117/0x160 [ 45.722811][ T7] prepare_alloc_pages+0x155/0x4f0 [ 45.728645][ T7] __alloc_pages+0x12f/0x4e0 [ 45.733768][ T7] alloc_pages+0x18c/0x2a0 [ 45.738875][ T7] stack_depot_save+0x39d/0x4e0 [ 45.744351][ T7] save_stack+0x102/0x1d0 [ 45.749320][ T7] __set_page_owner+0x50/0x290 [ 45.754734][ T7] __alloc_pages_bulk+0x7ed/0x1600 [ 45.760591][ T7] __vmalloc_node_range+0x39d/0x960 [ 45.766546][ T7] vmalloc+0x67/0x80 [ 45.771007][ T7] kernel_read_file+0x6b4/0x790 [ 45.776499][ T7] kernel_read_file_from_path_initns+0x1b6/0x240 [ 45.783355][ T7] _request_firmware+0x8a7/0x1420 [ 45.788877][ T7] request_firmware_work_func+0xdd/0x230 [ 45.795017][ T7] process_one_work+0x98d/0x15b0 [ 45.800464][ T7] worker_thread+0x658/0x11f0 [ 45.805645][ T7] kthread+0x3c0/0x4a0 [ 45.810469][ T7] ret_from_fork+0x1f/0x30 [ 45.815416][ T7] [ 45.815416][ T7] other info that might help us debug this: [ 45.815416][ T7] [ 45.826058][ T7] Chain exists of: [ 45.826058][ T7] fs_reclaim --> &anon_vma->rwsem --> lock#2 [ 45.826058][ T7] [ 45.838085][ T7] Possible unsafe locking scenario: [ 45.838085][ T7] [ 45.845710][ T7] CPU0 CPU1 [ 45.851060][ T7] ---- ---- [ 45.856487][ T7] lock(lock#2); [ 45.860234][ T7] lock(&anon_vma->rwsem); [ 45.867242][ T7] lock(lock#2); [ 45.873405][ T7] lock(fs_reclaim); [ 45.877377][ T7] [ 45.877377][ T7] *** DEADLOCK *** [ 45.877377][ T7] [ 45.885524][ T7] 3 locks held by kworker/0:1/7: [ 45.890794][ T7] #0: ffff888100064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x15b0 [ 45.901124][ T7] #1: ffffc9000007fdb0 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x15b0 [ 45.913279][ T7] #2: ffff8881f684bee0 (lock#2){..-.}-{2:2}, at: __alloc_pages_bulk+0x406/0x1600 [ 45.922573][ T7] [ 45.922573][ T7] stack backtrace: [ 45.928436][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.14.0-rc1-syzkaller #0 [ 45.936802][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.946835][ T7] Workqueue: events request_firmware_work_func [ 45.953072][ T7] Call Trace: [ 45.956336][ T7] dump_stack_lvl+0xcd/0x134 [ 45.960952][ T7] check_noncircular+0x25f/0x2e0 [ 45.966654][ T7] ? print_circular_bug+0x1e0/0x1e0 [ 45.972026][ T7] ? find_held_lock+0x2d/0x110 [ 45.977037][ T7] ? lockdep_lock+0xba/0x200 [ 45.981634][ T7] ? call_rcu_zapped+0xb0/0xb0 [ 45.986580][ T7] ? deref_stack_reg+0xee/0x150 [ 45.991437][ T7] __lock_acquire+0x2a07/0x54a0 [ 45.996763][ T7] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 46.002738][ T7] ? __unwind_start+0x51b/0x800 [ 46.007700][ T7] ? create_prof_cpu_mask+0x20/0x20 [ 46.012895][ T7] lock_acquire+0x19d/0x4d0 [ 46.019293][ T7] ? fs_reclaim_acquire+0xf7/0x160 [ 46.025551][ T7] ? lock_release+0x6e0/0x6e0 [ 46.030211][ T7] ? stack_trace_save+0x8c/0xc0 [ 46.035130][ T7] ? mark_lock+0xef/0x17b0 [ 46.039624][ T7] ? deref_stack_reg+0xee/0x150 [ 46.044544][ T7] fs_reclaim_acquire+0x117/0x160 [ 46.049563][ T7] ? fs_reclaim_acquire+0xf7/0x160 [ 46.054806][ T7] prepare_alloc_pages+0x155/0x4f0 [ 46.059919][ T7] ? ret_from_fork+0x1f/0x30 [ 46.064583][ T7] __alloc_pages+0x12f/0x4e0 [ 46.069162][ T7] ? __alloc_pages_slowpath.constprop.0+0x20e0/0x20e0 [ 46.075905][ T7] ? __unwind_start+0x51b/0x800 [ 46.080739][ T7] alloc_pages+0x18c/0x2a0 [ 46.085240][ T7] stack_depot_save+0x39d/0x4e0 [ 46.090084][ T7] save_stack+0x102/0x1d0 [ 46.094456][ T7] ? register_early_stack+0xb0/0xb0 [ 46.099732][ T7] ? __alloc_pages_bulk+0x7ed/0x1600 [ 46.105744][ T7] ? __vmalloc_node_range+0x39d/0x960 [ 46.111101][ T7] ? vmalloc+0x67/0x80 [ 46.115160][ T7] ? kernel_read_file+0x6b4/0x790 [ 46.120187][ T7] ? kernel_read_file_from_path_initns+0x1b6/0x240 [ 46.126753][ T7] ? _request_firmware+0x8a7/0x1420 [ 46.132017][ T7] ? request_firmware_work_func+0xdd/0x230 [ 46.137801][ T7] ? process_one_work+0x98d/0x15b0 [ 46.143066][ T7] ? worker_thread+0x658/0x11f0 [ 46.147910][ T7] ? kthread+0x3c0/0x4a0 [ 46.152129][ T7] ? ret_from_fork+0x1f/0x30 [ 46.156897][ T7] ? lock_release+0x6e0/0x6e0 [ 46.161553][ T7] __set_page_owner+0x50/0x290 [ 46.166560][ T7] ? post_alloc_hook+0x145/0x1e0 [ 46.171578][ T7] __alloc_pages_bulk+0x7ed/0x1600 [ 46.176679][ T7] ? __alloc_pages+0x4e0/0x4e0 [ 46.181979][ T7] ? rcu_read_lock_sched_held+0x3a/0x70 [ 46.187521][ T7] ? trace_kmalloc_node+0x32/0xe0 [ 46.192534][ T7] __vmalloc_node_range+0x39d/0x960 [ 46.198070][ T7] ? vfree_atomic+0xe0/0xe0 [ 46.202761][ T7] ? kernel_read_file+0x6b4/0x790 [ 46.207771][ T7] vmalloc+0x67/0x80 [ 46.211650][ T7] ? kernel_read_file+0x6b4/0x790 [ 46.216754][ T7] kernel_read_file+0x6b4/0x790 [ 46.221594][ T7] ? __ia32_sys_fsconfig+0x150/0x150 [ 46.227819][ T7] ? dput+0x1ae/0xbd0 [ 46.231882][ T7] kernel_read_file_from_path_initns+0x1b6/0x240 [ 46.238524][ T7] ? kernel_read_file_from_path+0x100/0x100 [ 46.244415][ T7] ? rcu_read_lock_sched_held+0x3a/0x70 [ 46.249979][ T7] _request_firmware+0x8a7/0x1420 [ 46.254998][ T7] ? assign_fw+0x5d0/0x5d0 [ 46.259393][ T7] ? process_one_work+0x8a5/0x15b0 [ 46.264922][ T7] request_firmware_work_func+0xdd/0x230 [ 46.270532][ T7] ? request_partial_firmware_into_buf+0xa0/0xa0 [ 46.277045][ T7] process_one_work+0x98d/0x15b0 [ 46.282065][ T7] ? pwq_dec_nr_in_flight+0x320/0x320 [ 46.287509][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 46.292536][ T7] worker_thread+0x658/0x11f0 [ 46.297231][ T7] ? __kthread_parkme+0x126/0x1f0 [ 46.302345][ T7] ? process_one_work+0x15b0/0x15b0 [ 46.307632][ T7] kthread+0x3c0/0x4a0 [ 46.311793][ T7] ? _raw_spin_unlock_irq+0x1f/0x30 [ 46.317430][ T7] ? set_kthread_struct+0x130/0x130 [ 46.322751][ T7] ret_from_fork+0x1f/0x30 [ 46.327168][ T7] BUG: sleeping function called from invalid context at mm/page_alloc.c:5167 [ 46.335988][ T7] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 7, name: kworker/0:1 [ 46.344823][ T7] INFO: lockdep is turned off. [ 46.349697][ T7] irq event stamp: 296334 [ 46.354002][ T7] hardirqs last enabled at (296333): [] _raw_spin_unlock_irqrestore+0x42/0x50 [ 46.364613][ T7] hardirqs last disabled at (296334): [] __alloc_pages_bulk+0xebb/0x1600 [ 46.374927][ T7] softirqs last enabled at (295344): [] __irq_exit_rcu+0x117/0x160 [ 46.384645][ T7] softirqs last disabled at (295333): [] __irq_exit_rcu+0x117/0x160 [ 46.394609][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.14.0-rc1-syzkaller #0 [ 46.402840][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.412977][ T7] Workqueue: events request_firmware_work_func [ 46.419127][ T7] Call Trace: [ 46.422387][ T7] dump_stack_lvl+0xcd/0x134 [ 46.427137][ T7] ___might_sleep.cold+0x141/0x16f [ 46.432229][ T7] prepare_alloc_pages+0x32d/0x4f0 [ 46.438133][ T7] ? ret_from_fork+0x1f/0x30 [ 46.442716][ T7] __alloc_pages+0x12f/0x4e0 [ 46.447580][ T7] ? __alloc_pages_slowpath.constprop.0+0x20e0/0x20e0 [ 46.454330][ T7] ? __unwind_start+0x51b/0x800 [ 46.459335][ T7] alloc_pages+0x18c/0x2a0 [ 46.463733][ T7] stack_depot_save+0x39d/0x4e0 [ 46.468567][ T7] save_stack+0x102/0x1d0 [ 46.472874][ T7] ? register_early_stack+0xb0/0xb0 [ 46.478146][ T7] ? __alloc_pages_bulk+0x7ed/0x1600 [ 46.483406][ T7] ? __vmalloc_node_range+0x39d/0x960 [ 46.488758][ T7] ? vmalloc+0x67/0x80 [ 46.492815][ T7] ? kernel_read_file+0x6b4/0x790 [ 46.497936][ T7] ? kernel_read_file_from_path_initns+0x1b6/0x240 [ 46.504425][ T7] ? _request_firmware+0x8a7/0x1420 [ 46.510046][ T7] ? request_firmware_work_func+0xdd/0x230 [ 46.515918][ T7] ? process_one_work+0x98d/0x15b0 [ 46.521280][ T7] ? worker_thread+0x658/0x11f0 [ 46.526113][ T7] ? kthread+0x3c0/0x4a0 [ 46.530330][ T7] ? ret_from_fork+0x1f/0x30 [ 46.534897][ T7] ? lock_release+0x6e0/0x6e0 [ 46.540074][ T7] __set_page_owner+0x50/0x290 [ 46.544836][ T7] ? post_alloc_hook+0x145/0x1e0 [ 46.549775][ T7] __alloc_pages_bulk+0x7ed/0x1600 [ 46.554904][ T7] ? __alloc_pages+0x4e0/0x4e0 [ 46.559835][ T7] ? rcu_read_lock_sched_held+0x3a/0x70 [ 46.565368][ T7] ? trace_kmalloc_node+0x32/0xe0 [ 46.570483][ T7] __vmalloc_node_range+0x39d/0x960 [ 46.575673][ T7] ? vfree_atomic+0xe0/0xe0 [ 46.580164][ T7] ? kernel_read_file+0x6b4/0x790 [ 46.585175][ T7] vmalloc+0x67/0x80 [ 46.589054][ T7] ? kernel_read_file+0x6b4/0x790 [ 46.594055][ T7] kernel_read_file+0x6b4/0x790 [ 46.598883][ T7] ? __ia32_sys_fsconfig+0x150/0x150 [ 46.604235][ T7] ? dput+0x1ae/0xbd0 [ 46.608286][ T7] kernel_read_file_from_path_initns+0x1b6/0x240 [ 46.614766][ T7] ? kernel_read_file_from_path+0x100/0x100 [ 46.620644][ T7] ? rcu_read_lock_sched_held+0x3a/0x70 [ 46.626342][ T7] _request_firmware+0x8a7/0x1420 [ 46.631346][ T7] ? assign_fw+0x5d0/0x5d0 [ 46.635758][ T7] ? process_one_work+0x8a5/0x15b0 [ 46.641062][ T7] request_firmware_work_func+0xdd/0x230 [ 46.646798][ T7] ? request_partial_firmware_into_buf+0xa0/0xa0 [ 46.653207][ T7] process_one_work+0x98d/0x15b0 [ 46.658132][ T7] ? pwq_dec_nr_in_flight+0x320/0x320 [ 46.663899][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 46.669176][ T7] worker_thread+0x658/0x11f0 [ 46.673950][ T7] ? __kthread_parkme+0x126/0x1f0 [ 46.678983][ T7] ? process_one_work+0x15b0/0x15b0 [ 46.684523][ T7] kthread+0x3c0/0x4a0 [ 46.688767][ T7] ? _raw_spin_unlock_irq+0x1f/0x30 [ 46.693948][ T7] ? set_kthread_struct+0x130/0x130 [ 46.699162][ T7] ret_from_fork+0x1f/0x30 2021/07/18 11:43:57 executed programs: 1 [ 46.876200][ T24] usb 1-1: USB disconnect, device number 2 [ 46.887739][ T4385] syz-executor.0 (4385) used greatest stack depth: 23256 bytes left [ 46.891966][ T7] usb 1-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed [ 46.905013][ T24] usb 1-1: ath9k_htc: USB layer deinitialized