Starting OpenBSD Secure Shell server... Starting getty on tty2-tty6 if dbus and logind are not available... Starting Permit User Sessions... Starting System Logging Service... [ OK ] Started Regular background program processing daemon. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ 59.096347][ T8215] sshd (8215) used greatest stack depth: 22496 bytes left [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. Starting Load/Save RF Kill Switch Status... [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.195' (ECDSA) to the list of known hosts. 2021/07/06 20:31:38 fuzzer started 2021/07/06 20:31:38 connecting to host at 10.128.0.169:34725 2021/07/06 20:31:38 checking machine... 2021/07/06 20:31:38 checking revisions... 2021/07/06 20:31:38 testing simple program... syzkaller login: [ 73.362348][ T8447] chnl_net:caif_netlink_parms(): no params data found [ 73.417863][ T8447] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.427223][ T8447] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.436810][ T8447] device bridge_slave_0 entered promiscuous mode [ 73.447171][ T8447] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.455999][ T8447] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.464627][ T8447] device bridge_slave_1 entered promiscuous mode [ 73.485688][ T8447] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.498650][ T8447] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.523910][ T8447] team0: Port device team_slave_0 added [ 73.532539][ T8447] team0: Port device team_slave_1 added [ 73.551430][ T8447] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.558964][ T8447] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.589601][ T8447] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.604471][ T8447] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.612334][ T8447] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.641716][ T8447] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.670259][ T8447] device hsr_slave_0 entered promiscuous mode [ 73.677615][ T8447] device hsr_slave_1 entered promiscuous mode [ 73.784158][ T8447] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.796842][ T8447] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.808498][ T8447] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.819065][ T8447] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.845975][ T8447] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.853598][ T8447] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.861709][ T8447] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.869219][ T8447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.914818][ T8447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.930094][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.942345][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.952819][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.962479][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 73.980234][ T8447] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.994389][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.003340][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.010470][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.024503][ T8666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.033924][ T8666] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.041613][ T8666] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.065992][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.075882][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.085913][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.099075][ T8666] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.113377][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.124705][ T8447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.145226][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.153521][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.169074][ T8447] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.189092][ T8666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.210618][ T8666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.219681][ T8666] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.228512][ T8666] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.240435][ T8447] device veth0_vlan entered promiscuous mode [ 74.254904][ T8447] device veth1_vlan entered promiscuous mode [ 74.278992][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.288363][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.298997][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.312706][ T8447] device veth0_macvtap entered promiscuous mode [ 74.326473][ T8447] device veth1_macvtap entered promiscuous mode [ 74.345631][ T8447] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.357030][ T4891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.368649][ T4891] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.382507][ T8447] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.396175][ T8666] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.408364][ T8666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.420358][ T8447] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.430876][ T8447] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.441624][ T8447] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.451357][ T8447] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 74.555977][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.570481][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.599130][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.620976][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.631428][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.642166][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/07/06 20:31:41 building call list... [ 75.476106][ T10] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.088457][ T8441] [ 77.091403][ T8441] ====================================================== [ 77.098860][ T8441] WARNING: possible circular locking dependency detected [ 77.106046][ T8441] 5.13.0-next-20210706-syzkaller #0 Not tainted [ 77.112443][ T8441] ------------------------------------------------------ [ 77.119913][ T8441] syz-fuzzer/8441 is trying to acquire lock: [ 77.126152][ T8441] ffffffff8ba9f5c0 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_acquire+0xf7/0x160 [ 77.135131][ T8441] [ 77.135131][ T8441] but task is already holding lock: [ 77.143026][ T8441] ffff8880b9d4d660 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 [ 77.152983][ T8441] [ 77.152983][ T8441] which lock already depends on the new lock. [ 77.152983][ T8441] [ 77.163746][ T8441] [ 77.163746][ T8441] the existing dependency chain (in reverse order) is: [ 77.173437][ T8441] [ 77.173437][ T8441] -> #2 (lock#2){-.-.}-{2:2}: [ 77.180978][ T8441] get_page_from_freelist+0x4aa/0x2f80 [ 77.187458][ T8441] __alloc_pages+0x1b2/0x500 [ 77.193180][ T8441] alloc_page_interleave+0x1e/0x200 [ 77.199156][ T8441] alloc_pages+0x238/0x2a0 [ 77.204525][ T8441] stack_depot_save+0x39d/0x4e0 [ 77.210350][ T8441] kasan_save_stack+0x32/0x40 [ 77.216251][ T8441] kasan_record_aux_stack+0xe5/0x110 [ 77.222546][ T8441] insert_work+0x48/0x370 [ 77.227594][ T8441] __queue_work+0x5c1/0xed0 [ 77.232910][ T8441] __queue_delayed_work+0x1c8/0x270 [ 77.238809][ T8441] mod_delayed_work_on+0xdd/0x220 [ 77.244567][ T8441] kblockd_mod_delayed_work_on+0x26/0x30 [ 77.250901][ T8441] __blk_mq_delay_run_hw_queue+0x38d/0x640 [ 77.257761][ T8441] blk_mq_run_hw_queue+0x16c/0x2f0 [ 77.263600][ T8441] blk_mq_sched_insert_request+0x368/0x450 [ 77.270111][ T8441] blk_mq_submit_bio+0xe5f/0x1860 [ 77.275923][ T8441] submit_bio_noacct+0xad2/0xf20 [ 77.281808][ T8441] submit_bio+0x1ea/0x470 [ 77.286821][ T8441] submit_bh_wbc+0x5eb/0x7f0 [ 77.292369][ T8441] ext4_read_bh+0x152/0x300 [ 77.297387][ T8441] ext4_read_bh_lock+0x82/0x180 [ 77.303133][ T8441] __ext4_sb_bread_gfp.isra.0+0xf3/0x1b0 [ 77.309633][ T8441] ext4_fill_super+0x233d/0xe3f0 [ 77.315488][ T8441] mount_bdev+0x34d/0x410 [ 77.320336][ T8441] legacy_get_tree+0x105/0x220 [ 77.325882][ T8441] vfs_get_tree+0x89/0x2f0 [ 77.330913][ T8441] path_mount+0x132a/0x1fa0 [ 77.336092][ T8441] init_mount+0xaa/0xf4 [ 77.341086][ T8441] do_mount_root+0x9c/0x25b [ 77.346117][ T8441] mount_block_root+0x32e/0x4dd [ 77.351873][ T8441] mount_root+0x1af/0x1f5 [ 77.356939][ T8441] prepare_namespace+0x1ff/0x234 [ 77.362860][ T8441] kernel_init_freeable+0x729/0x741 [ 77.369094][ T8441] kernel_init+0x1a/0x1d0 [ 77.373937][ T8441] ret_from_fork+0x1f/0x30 [ 77.378955][ T8441] [ 77.378955][ T8441] -> #1 (&pool->lock){-.-.}-{2:2}: [ 77.386328][ T8441] _raw_spin_lock+0x2a/0x40 [ 77.391346][ T8441] __queue_work+0x366/0xed0 [ 77.396557][ T8441] queue_work_on+0xee/0x110 [ 77.401588][ T8441] vfree_atomic+0xac/0xe0 [ 77.406513][ T8441] put_task_stack+0x2e0/0x4e0 [ 77.412027][ T8441] finish_task_switch.isra.0+0x75a/0xa20 [ 77.418278][ T8441] __schedule+0x942/0x26f0 [ 77.423250][ T8441] preempt_schedule_irq+0x4e/0x90 [ 77.429225][ T8441] irqentry_exit+0x31/0x80 [ 77.434268][ T8441] asm_sysvec_reschedule_ipi+0x12/0x20 [ 77.440498][ T8441] lock_acquire+0x1ef/0x510 [ 77.445689][ T8441] fs_reclaim_acquire+0x117/0x160 [ 77.451486][ T8441] kmem_cache_alloc+0x3e/0x3a0 [ 77.456760][ T8441] __kernfs_new_node+0xd4/0x8b0 [ 77.462391][ T8441] kernfs_new_node+0x93/0x120 [ 77.467607][ T8441] __kernfs_create_file+0x51/0x350 [ 77.473506][ T8441] sysfs_add_file_mode_ns+0x226/0x540 [ 77.479976][ T8441] internal_create_group+0x328/0xb20 [ 77.485967][ T8441] param_sysfs_init+0x39a/0x498 [ 77.491515][ T8441] do_one_initcall+0x103/0x650 [ 77.496989][ T8441] kernel_init_freeable+0x6b8/0x741 [ 77.502944][ T8441] kernel_init+0x1a/0x1d0 [ 77.508177][ T8441] ret_from_fork+0x1f/0x30 [ 77.513607][ T8441] [ 77.513607][ T8441] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 77.521591][ T8441] __lock_acquire+0x2a07/0x54a0 [ 77.527185][ T8441] lock_acquire+0x1ab/0x510 [ 77.532303][ T8441] fs_reclaim_acquire+0x117/0x160 [ 77.537931][ T8441] prepare_alloc_pages+0x15c/0x580 [ 77.543848][ T8441] __alloc_pages+0x12f/0x500 [ 77.549228][ T8441] alloc_pages+0x18c/0x2a0 [ 77.554453][ T8441] stack_depot_save+0x39d/0x4e0 [ 77.560086][ T8441] save_stack+0x15e/0x1e0 [ 77.564940][ T8441] __set_page_owner+0x50/0x290 [ 77.570382][ T8441] __alloc_pages_bulk+0x8b9/0x1870 [ 77.576120][ T8441] __vmalloc_node_range+0x39d/0x960 [ 77.582012][ T8441] vzalloc+0x67/0x80 [ 77.586505][ T8441] n_tty_open+0x16/0x170 [ 77.591611][ T8441] tty_ldisc_open+0x9b/0x110 [ 77.596835][ T8441] tty_ldisc_setup+0x43/0x100 [ 77.602019][ T8441] tty_init_dev.part.0+0x1f4/0x610 [ 77.607987][ T8441] tty_open+0xb16/0x1000 [ 77.613158][ T8441] chrdev_open+0x266/0x770 [ 77.618086][ T8441] do_dentry_open+0x4c8/0x11d0 [ 77.623462][ T8441] path_openat+0x1c23/0x27f0 [ 77.628966][ T8441] do_filp_open+0x1aa/0x400 [ 77.634446][ T8441] do_sys_openat2+0x16d/0x420 [ 77.639638][ T8441] __x64_sys_openat+0x13f/0x1f0 [ 77.645268][ T8441] do_syscall_64+0x35/0xb0 [ 77.650579][ T8441] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.657289][ T8441] [ 77.657289][ T8441] other info that might help us debug this: [ 77.657289][ T8441] [ 77.668028][ T8441] Chain exists of: [ 77.668028][ T8441] fs_reclaim --> &pool->lock --> lock#2 [ 77.668028][ T8441] [ 77.680271][ T8441] Possible unsafe locking scenario: [ 77.680271][ T8441] [ 77.688160][ T8441] CPU0 CPU1 [ 77.693887][ T8441] ---- ---- [ 77.699353][ T8441] lock(lock#2); [ 77.702979][ T8441] lock(&pool->lock); [ 77.709674][ T8441] lock(lock#2); [ 77.716344][ T8441] lock(fs_reclaim); [ 77.720766][ T8441] [ 77.720766][ T8441] *** DEADLOCK *** [ 77.720766][ T8441] [ 77.729067][ T8441] 4 locks held by syz-fuzzer/8441: [ 77.734353][ T8441] #0: ffffffff8c37b7c8 (tty_mutex){+.+.}-{3:3}, at: tty_open+0x55e/0x1000 [ 77.743153][ T8441] #1: ffff8880301c01c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 [ 77.752534][ T8441] #2: ffff8880301c0098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x61/0xb0 [ 77.762629][ T8441] #3: ffff8880b9d4d660 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 [ 77.772355][ T8441] [ 77.772355][ T8441] stack backtrace: [ 77.778618][ T8441] CPU: 1 PID: 8441 Comm: syz-fuzzer Not tainted 5.13.0-next-20210706-syzkaller #0 [ 77.788409][ T8441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.798887][ T8441] Call Trace: [ 77.802161][ T8441] dump_stack_lvl+0xcd/0x134 [ 77.806753][ T8441] check_noncircular+0x25f/0x2e0 [ 77.811799][ T8441] ? print_circular_bug+0x1e0/0x1e0 [ 77.817182][ T8441] ? mark_lock+0xef/0x17b0 [ 77.821791][ T8441] ? __lock_acquire+0xbc2/0x54a0 [ 77.827186][ T8441] ? lockdep_lock+0xc6/0x200 [ 77.831965][ T8441] ? call_rcu_zapped+0xb0/0xb0 [ 77.837083][ T8441] __lock_acquire+0x2a07/0x54a0 [ 77.842196][ T8441] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 77.848441][ T8441] lock_acquire+0x1ab/0x510 [ 77.853161][ T8441] ? fs_reclaim_acquire+0xf7/0x160 [ 77.858450][ T8441] ? lock_release+0x720/0x720 [ 77.863402][ T8441] ? lock_chain_count+0x20/0x20 [ 77.868453][ T8441] ? mark_lock+0xef/0x17b0 [ 77.873657][ T8441] ? deref_stack_reg+0xee/0x150 [ 77.878858][ T8441] fs_reclaim_acquire+0x117/0x160 [ 77.884054][ T8441] ? fs_reclaim_acquire+0xf7/0x160 [ 77.889264][ T8441] prepare_alloc_pages+0x15c/0x580 [ 77.894459][ T8441] ? do_syscall_64+0x35/0xb0 [ 77.899046][ T8441] __alloc_pages+0x12f/0x500 [ 77.903804][ T8441] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 77.910685][ T8441] ? __unwind_start+0x51b/0x800 [ 77.915707][ T8441] ? __kernel_text_address+0x9/0x30 [ 77.920990][ T8441] alloc_pages+0x18c/0x2a0 [ 77.925403][ T8441] stack_depot_save+0x39d/0x4e0 [ 77.930268][ T8441] save_stack+0x15e/0x1e0 [ 77.934595][ T8441] ? register_early_stack+0xb0/0xb0 [ 77.940160][ T8441] ? __alloc_pages_bulk+0x8b9/0x1870 [ 77.945535][ T8441] ? __vmalloc_node_range+0x39d/0x960 [ 77.950999][ T8441] ? vzalloc+0x67/0x80 [ 77.955253][ T8441] ? n_tty_open+0x16/0x170 [ 77.959919][ T8441] ? tty_ldisc_open+0x9b/0x110 [ 77.966003][ T8441] ? tty_ldisc_setup+0x43/0x100 [ 77.971293][ T8441] ? tty_init_dev.part.0+0x1f4/0x610 [ 77.976836][ T8441] ? tty_open+0xb16/0x1000 [ 77.981371][ T8441] ? chrdev_open+0x266/0x770 [ 77.985983][ T8441] ? do_dentry_open+0x4c8/0x11d0 [ 77.991090][ T8441] ? path_openat+0x1c23/0x27f0 [ 77.995845][ T8441] ? do_filp_open+0x1aa/0x400 [ 78.000719][ T8441] ? do_sys_openat2+0x16d/0x420 [ 78.005770][ T8441] ? __x64_sys_openat+0x13f/0x1f0 [ 78.010918][ T8441] ? do_syscall_64+0x35/0xb0 [ 78.015939][ T8441] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 78.022218][ T8441] __set_page_owner+0x50/0x290 [ 78.027001][ T8441] ? kasan_unpoison+0x3c/0x60 [ 78.031746][ T8441] ? post_alloc_hook+0x1c7/0x230 [ 78.036778][ T8441] __alloc_pages_bulk+0x8b9/0x1870 [ 78.041910][ T8441] ? __alloc_pages+0x500/0x500 [ 78.046852][ T8441] ? rcu_read_lock_sched_held+0x3a/0x70 [ 78.052600][ T8441] ? trace_kmalloc_node+0x32/0x100 [ 78.058099][ T8441] __vmalloc_node_range+0x39d/0x960 [ 78.063503][ T8441] ? vfree_atomic+0xe0/0xe0 [ 78.068490][ T8441] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 78.074389][ T8441] ? __ldsem_down_read_nested+0x850/0x850 [ 78.080191][ T8441] ? __wake_up_common+0x650/0x650 [ 78.085293][ T8441] ? n_tty_open+0x16/0x170 [ 78.090141][ T8441] vzalloc+0x67/0x80 [ 78.094301][ T8441] ? n_tty_open+0x16/0x170 [ 78.098819][ T8441] n_tty_open+0x16/0x170 [ 78.103251][ T8441] ? n_tty_set_termios+0x1010/0x1010 [ 78.108532][ T8441] tty_ldisc_open+0x9b/0x110 [ 78.113861][ T8441] tty_ldisc_setup+0x43/0x100 [ 78.118618][ T8441] tty_init_dev.part.0+0x1f4/0x610 [ 78.123812][ T8441] tty_open+0xb16/0x1000 [ 78.128163][ T8441] ? tty_init_dev+0x80/0x80 [ 78.132683][ T8441] ? rwlock_bug.part.0+0x90/0x90 [ 78.137628][ T8441] ? tty_init_dev+0x80/0x80 [ 78.143342][ T8441] chrdev_open+0x266/0x770 [ 78.147753][ T8441] ? cdev_device_add+0x210/0x210 [ 78.153156][ T8441] ? security_file_open+0x205/0x4f0 [ 78.158557][ T8441] do_dentry_open+0x4c8/0x11d0 [ 78.163588][ T8441] ? cdev_device_add+0x210/0x210 [ 78.168884][ T8441] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.175646][ T8441] ? may_open+0x1f6/0x420 [ 78.180071][ T8441] path_openat+0x1c23/0x27f0 [ 78.184862][ T8441] ? path_lookupat+0x860/0x860 [ 78.189617][ T8441] ? mark_lock+0xef/0x17b0 [ 78.194121][ T8441] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 78.200354][ T8441] do_filp_open+0x1aa/0x400 [ 78.204950][ T8441] ? may_open_dev+0xf0/0xf0 [ 78.209473][ T8441] ? rwlock_bug.part.0+0x90/0x90 [ 78.215023][ T8441] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 78.221465][ T8441] ? _find_next_bit+0x1e3/0x260 [ 78.226610][ T8441] ? _raw_spin_unlock+0x24/0x40 [ 78.231979][ T8441] ? alloc_fd+0x2f0/0x670 [ 78.236396][ T8441] do_sys_openat2+0x16d/0x420 [ 78.241444][ T8441] ? build_open_flags+0x6f0/0x6f0 [ 78.247166][ T8441] ? __context_tracking_exit+0xb8/0xe0 [ 78.252730][ T8441] ? lock_downgrade+0x6e0/0x6e0 [ 78.257664][ T8441] __x64_sys_openat+0x13f/0x1f0 [ 78.262914][ T8441] ? __ia32_sys_open+0x1c0/0x1c0 [ 78.268032][ T8441] ? syscall_enter_from_user_mode+0x21/0x70 [ 78.275366][ T8441] do_syscall_64+0x35/0xb0 [ 78.280393][ T8441] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 78.286719][ T8441] RIP: 0033:0x4af20a [ 78.290831][ T8441] Code: e8 3b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 78.312203][ T8441] RSP: 002b:000000c00036f3f8 EFLAGS: 00000216 ORIG_RAX: 0000000000000101 [ 78.320879][ T8441] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af20a [ 78.329310][ T8441] RDX: 0000000000000000 RSI: 000000c000167a70 RDI: ffffffffffffff9c [ 78.338089][ T8441] RBP: 000000c00036f470 R08: 0000000000000000 R09: 0000000000000000 [ 78.346697][ T8441] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000000001a8 [ 78.355312][ T8441] R13: 00000000000001a7 R14: 0000000000000200 R15: 000000c0004a9180 [ 78.363721][ T8441] BUG: sleeping function called from invalid context at mm/page_alloc.c:5178 [ 78.373091][ T8441] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 8441, name: syz-fuzzer [ 78.382497][ T8441] INFO: lockdep is turned off. [ 78.387240][ T8441] irq event stamp: 100212 [ 78.391812][ T8441] hardirqs last enabled at (100211): [] _raw_spin_unlock_irqrestore+0x50/0x70 [ 78.402425][ T8441] hardirqs last disabled at (100212): [] __alloc_pages_bulk+0x1017/0x1870 [ 78.413300][ T8441] softirqs last enabled at (96960): [] __irq_exit_rcu+0x16e/0x1c0 [ 78.423287][ T8441] softirqs last disabled at (96847): [] __irq_exit_rcu+0x16e/0x1c0 [ 78.432917][ T8441] CPU: 1 PID: 8441 Comm: syz-fuzzer Not tainted 5.13.0-next-20210706-syzkaller #0 [ 78.442309][ T8441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.452460][ T8441] Call Trace: [ 78.455759][ T8441] dump_stack_lvl+0xcd/0x134 [ 78.460353][ T8441] ___might_sleep.cold+0x1f1/0x237 [ 78.465470][ T8441] prepare_alloc_pages+0x3da/0x580 [ 78.470607][ T8441] ? do_syscall_64+0x35/0xb0 [ 78.475570][ T8441] __alloc_pages+0x12f/0x500 [ 78.480240][ T8441] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 78.487251][ T8441] ? __unwind_start+0x51b/0x800 [ 78.492123][ T8441] ? __kernel_text_address+0x9/0x30 [ 78.497491][ T8441] alloc_pages+0x18c/0x2a0 [ 78.502013][ T8441] stack_depot_save+0x39d/0x4e0 [ 78.506878][ T8441] save_stack+0x15e/0x1e0 [ 78.511307][ T8441] ? register_early_stack+0xb0/0xb0 [ 78.516543][ T8441] ? __alloc_pages_bulk+0x8b9/0x1870 [ 78.522034][ T8441] ? __vmalloc_node_range+0x39d/0x960 [ 78.527659][ T8441] ? vzalloc+0x67/0x80 [ 78.531718][ T8441] ? n_tty_open+0x16/0x170 [ 78.536126][ T8441] ? tty_ldisc_open+0x9b/0x110 [ 78.540974][ T8441] ? tty_ldisc_setup+0x43/0x100 [ 78.545898][ T8441] ? tty_init_dev.part.0+0x1f4/0x610 [ 78.551301][ T8441] ? tty_open+0xb16/0x1000 [ 78.555739][ T8441] ? chrdev_open+0x266/0x770 [ 78.560408][ T8441] ? do_dentry_open+0x4c8/0x11d0 [ 78.565442][ T8441] ? path_openat+0x1c23/0x27f0 [ 78.570478][ T8441] ? do_filp_open+0x1aa/0x400 [ 78.575235][ T8441] ? do_sys_openat2+0x16d/0x420 [ 78.580553][ T8441] ? __x64_sys_openat+0x13f/0x1f0 [ 78.585744][ T8441] ? do_syscall_64+0x35/0xb0 [ 78.590344][ T8441] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 78.596605][ T8441] __set_page_owner+0x50/0x290 [ 78.601537][ T8441] ? kasan_unpoison+0x3c/0x60 [ 78.606207][ T8441] ? post_alloc_hook+0x1c7/0x230 [ 78.611316][ T8441] __alloc_pages_bulk+0x8b9/0x1870 [ 78.616594][ T8441] ? __alloc_pages+0x500/0x500 [ 78.621372][ T8441] ? rcu_read_lock_sched_held+0x3a/0x70 [ 78.627002][ T8441] ? trace_kmalloc_node+0x32/0x100 [ 78.632651][ T8441] __vmalloc_node_range+0x39d/0x960 [ 78.638115][ T8441] ? vfree_atomic+0xe0/0xe0 [ 78.642608][ T8441] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 78.648500][ T8441] ? __ldsem_down_read_nested+0x850/0x850 [ 78.654211][ T8441] ? __wake_up_common+0x650/0x650 [ 78.659407][ T8441] ? n_tty_open+0x16/0x170 [ 78.663828][ T8441] vzalloc+0x67/0x80 [ 78.667739][ T8441] ? n_tty_open+0x16/0x170 [ 78.672165][ T8441] n_tty_open+0x16/0x170 [ 78.676519][ T8441] ? n_tty_set_termios+0x1010/0x1010 [ 78.681831][ T8441] tty_ldisc_open+0x9b/0x110 [ 78.686431][ T8441] tty_ldisc_setup+0x43/0x100 [ 78.691380][ T8441] tty_init_dev.part.0+0x1f4/0x610 [ 78.696486][ T8441] tty_open+0xb16/0x1000 [ 78.700722][ T8441] ? tty_init_dev+0x80/0x80 [ 78.705218][ T8441] ? rwlock_bug.part.0+0x90/0x90 [ 78.710236][ T8441] ? tty_init_dev+0x80/0x80 [ 78.714730][ T8441] chrdev_open+0x266/0x770 [ 78.719228][ T8441] ? cdev_device_add+0x210/0x210 [ 78.724435][ T8441] ? security_file_open+0x205/0x4f0 [ 78.729632][ T8441] do_dentry_open+0x4c8/0x11d0 [ 78.734496][ T8441] ? cdev_device_add+0x210/0x210 [ 78.739510][ T8441] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.746051][ T8441] ? may_open+0x1f6/0x420 [ 78.750419][ T8441] path_openat+0x1c23/0x27f0 [ 78.755018][ T8441] ? path_lookupat+0x860/0x860 [ 78.760026][ T8441] ? mark_lock+0xef/0x17b0 [ 78.764439][ T8441] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 78.770419][ T8441] do_filp_open+0x1aa/0x400 [ 78.774943][ T8441] ? may_open_dev+0xf0/0xf0 [ 78.779445][ T8441] ? rwlock_bug.part.0+0x90/0x90 [ 78.784470][ T8441] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 78.790851][ T8441] ? _find_next_bit+0x1e3/0x260 [ 78.795805][ T8441] ? _raw_spin_unlock+0x24/0x40 [ 78.800650][ T8441] ? alloc_fd+0x2f0/0x670 [ 78.804993][ T8441] do_sys_openat2+0x16d/0x420 [ 78.809752][ T8441] ? build_open_flags+0x6f0/0x6f0 [ 78.814796][ T8441] ? __context_tracking_exit+0xb8/0xe0 [ 78.820264][ T8441] ? lock_downgrade+0x6e0/0x6e0 [ 78.825219][ T8441] __x64_sys_openat+0x13f/0x1f0 [ 78.830135][ T8441] ? __ia32_sys_open+0x1c0/0x1c0 [ 78.835431][ T8441] ? syscall_enter_from_user_mode+0x21/0x70 [ 78.841317][ T8441] do_syscall_64+0x35/0xb0 [ 78.845726][ T8441] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 78.851869][ T8441] RIP: 0033:0x4af20a [ 78.855762][ T8441] Code: e8 3b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 78.876172][ T8441] RSP: 002b:000000c00036f3f8 EFLAGS: 00000216 ORIG_RAX: 0000000000000101 [ 78.884989][ T8441] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af20a executing program [ 78.892988][ T8441] RDX: 0000000000000000 RSI: 000000c000167a70 RDI: ffffffffffffff9c [ 78.901037][ T8441] RBP: 000000c00036f470 R08: 0000000000000000 R09: 0000000000000000 [ 78.908996][ T8441] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000000001a8 [ 78.917118][ T8441] R13: 00000000000001a7 R14: 0000000000000200 R15: 000000c0004a9180 [ 79.055337][ T8441] can: request_module (can-proto-0) failed. [ 79.066831][ T8441] can: request_module (can-proto-0) failed. [ 79.077801][ T8441] can: request_module (can-proto-0) failed. [ 79.259202][ T10] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.269098][ T8441] base_sock_release(ffff8880223a5a00) sk=ffff888022d04000