./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2833014510 <...> forked to background, child pid 3176 no interfaces have a carrier [ 22.100392][ T3177] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.113969][ T3177] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. execve("./syz-executor2833014510", ["./syz-executor2833014510"], 0x7fff6ffd6bd0 /* 10 vars */) = 0 brk(NULL) = 0x555555af6000 brk(0x555555af6c40) = 0x555555af6c40 arch_prctl(ARCH_SET_FS, 0x555555af6300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2833014510", 4096) = 28 brk(0x555555b17c40) = 0x555555b17c40 brk(0x555555b18000) = 0x555555b18000 mprotect(0x7f37f297d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/sync/sw_sync", O_RDONLY) = 3 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 openat(AT_FDCWD, "/sys/kernel/debug/sync/sw_sync", O_RDONLY) = 69 ioctl(69, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000100) = 0 openat(AT_FDCWD, "/sys/kernel/debug/sync/sw_sync", O_RDONLY) = 71 ioctl(71, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000100) = 0 ioctl(70, SYNC_IOC_MERGE, 0x200002c0) = 0 poll([{fd=73, events=0}], 1, 0) = 0 (Timeout) openat(AT_FDCWD, "/sys/kernel/debug/sync/info", O_RDONLY|O_NOFOLLOW) = 74 read(74, "objs:\n--", 8) = 8 exit_group(0) = ? syzkaller login: [ 38.616925][ C1] [ 38.619630][ C1] ================================ [ 38.625019][ C1] WARNING: inconsistent lock state [ 38.630094][ C1] 5.18.0-rc7-syzkaller-00048-gf993aed406ea #0 Not tainted [ 38.637171][ C1] -------------------------------- [ 38.642716][ C1] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ 38.649536][ C1] syz-executor283/3597 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 38.656368][ C1] ffffffff8c9371d8 (sync_timeline_list_lock){?.+.}-{2:2}, at: sync_timeline_debug_remove+0x25/0x190 [ 38.667163][ C1] {HARDIRQ-ON-W} state was registered at: [ 38.672852][ C1] lockdep_hardirqs_on_prepare+0x135/0x400 [ 38.678731][ C1] trace_hardirqs_on+0x5b/0x1c0 [ 38.683649][ C1] _raw_spin_unlock_irq+0x1f/0x40 [ 38.689087][ C1] sync_info_debugfs_show+0xeb/0x200 [ 38.694446][ C1] seq_read_iter+0x4f5/0x1280 [ 38.699194][ C1] seq_read+0x337/0x4b0 [ 38.703865][ C1] vfs_read+0x1ef/0x5d0 [ 38.708274][ C1] ksys_read+0x127/0x250 [ 38.712601][ C1] do_syscall_64+0x35/0xb0 [ 38.717460][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 38.723595][ C1] irq event stamp: 9064 [ 38.727724][ C1] hardirqs last enabled at (9063): [] _raw_spin_unlock_irq+0x1f/0x40 [ 38.737693][ C1] hardirqs last disabled at (9064): [] sysvec_irq_work+0xb/0xc0 [ 38.746888][ C1] softirqs last enabled at (8914): [] __irq_exit_rcu+0x123/0x180 [ 38.756244][ C1] softirqs last disabled at (8901): [] __irq_exit_rcu+0x123/0x180 [ 38.765695][ C1] [ 38.765695][ C1] other info that might help us debug this: [ 38.774253][ C1] Possible unsafe locking scenario: [ 38.774253][ C1] [ 38.781681][ C1] CPU0 [ 38.784983][ C1] ---- [ 38.788237][ C1] lock(sync_timeline_list_lock); [ 38.793329][ C1] [ 38.796757][ C1] lock(sync_timeline_list_lock); [ 38.802018][ C1] [ 38.802018][ C1] *** DEADLOCK *** [ 38.802018][ C1] [ 38.810136][ C1] no locks held by syz-executor283/3597. [ 38.815917][ C1] [ 38.815917][ C1] stack backtrace: [ 38.822055][ C1] CPU: 1 PID: 3597 Comm: syz-executor283 Not tainted 5.18.0-rc7-syzkaller-00048-gf993aed406ea #0 [ 38.832621][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.842674][ C1] Call Trace: [ 38.845937][ C1] [ 38.849167][ C1] dump_stack_lvl+0xcd/0x134 [ 38.854283][ C1] mark_lock.part.0.cold+0x18/0xd8 [ 38.859387][ C1] ? mark_lock.part.0+0xee/0x1910 [ 38.864407][ C1] ? lock_chain_count+0x20/0x20 [ 38.869245][ C1] ? find_held_lock+0x2d/0x110 [ 38.873993][ C1] ? lock_chain_count+0x20/0x20 [ 38.879023][ C1] ? debug_object_activate+0x287/0x3e0 [ 38.884821][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 38.889928][ C1] __lock_acquire+0x14ad/0x56c0 [ 38.894766][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 38.900729][ C1] ? do_raw_spin_unlock+0x171/0x230 [ 38.905925][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 38.911885][ C1] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 38.917683][ C1] lock_acquire+0x1ab/0x510 [ 38.922170][ C1] ? sync_timeline_debug_remove+0x25/0x190 [ 38.928225][ C1] ? lock_release+0x720/0x720 [ 38.932976][ C1] ? timeline_fence_release+0x1f2/0x340 [ 38.938503][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 38.943340][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 38.948522][ C1] ? sync_timeline_debug_remove+0x25/0x190 [ 38.954314][ C1] sync_timeline_debug_remove+0x25/0x190 [ 38.959929][ C1] timeline_fence_release+0x263/0x340 [ 38.965287][ C1] ? sw_sync_debugfs_release+0x240/0x240 [ 38.970901][ C1] dma_fence_release+0x2ee/0x590 [ 38.975838][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 38.980675][ C1] dma_fence_array_release+0x1f6/0x2d0 [ 38.986208][ C1] ? dma_fence_array_cb_func+0x190/0x190 [ 38.991978][ C1] dma_fence_release+0x2ee/0x590 [ 38.996907][ C1] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 39.002695][ C1] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 39.008920][ C1] irq_dma_fence_array_work+0xa5/0xd0 [ 39.014292][ C1] irq_work_single+0x120/0x270 [ 39.019040][ C1] irq_work_run_list+0x91/0xc0 [ 39.023788][ C1] irq_work_run+0x54/0xd0 [ 39.028100][ C1] __sysvec_irq_work+0x95/0x3d0 [ 39.033289][ C1] sysvec_irq_work+0x8e/0xc0 [ 39.037861][ C1] [ 39.040771][ C1] [ 39.043693][ C1] asm_sysvec_irq_work+0x12/0x20 [ 39.048617][ C1] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 [ 39.054411][ C1] Code: 0f 1f 44 00 00 55 48 8b 74 24 08 48 89 fd 48 83 c7 18 e8 be 48 ed f7 48 89 ef e8 06 c8 ed f7 e8 f1 25 0f f8 fb bf 01 00 00 00 36 e7 e0 f7 65 8b 05 3f 0c 92 76 85 c0 74 02 5d c3 e8 bb e1 8f [ 39.074033][ C1] RSP: 0018:ffffc9000331fd18 EFLAGS: 00000202 [ 39.080181][ C1] RAX: 0000000000002367 RBX: 00000000ffffffff RCX: 1ffffffff1b71f59 [ 39.088241][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 39.096193][ C1] RBP: ffff888015db2150 R08: 0000000000000001 R09: 0000000000000001 [ 39.104144][ C1] R10: ffffffff817f8998 R11: 0000000000000000 R12: ffff888015db2100 [ 39.112097][ C1] R13: dffffc0000000000 R14: ffff888015db2100 R15: ffff888015db2150 [ 39.120069][ C1] ? trace_hardirqs_on+0x38/0x1c0 [ 39.125089][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 39.130276][ C1] sw_sync_debugfs_release+0x160/0x240 [ 39.135731][ C1] __fput+0x277/0x9d0 [ 39.139697][ C1] ? sw_sync_debugfs_open+0x330/0x330 [ 39.145055][ C1] task_work_run+0xdd/0x1a0 [ 39.149545][ C1] do_exit+0xaff/0x2a00 [ 39.153697][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 39.158532][ C1] ? mm_update_next_owner+0x7a0/0x7a0 [ 39.163904][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 39.169089][ C1] do_group_exit+0xd2/0x2f0 [ 39.173579][ C1] __x64_sys_exit_group+0x3a/0x50 [ 39.178612][ C1] do_syscall_64+0x35/0xb0 [ 39.183017][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 39.188892][ C1] RIP: 0033:0x7f37f290f969 [ 39.193290][ C1] Code: Unable to access opcode bytes at RIP 0x7f37f290f93f. [ 39.200657][ C1] RSP: 002b:00007fffa8454238 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.209083][ C1] RAX: ffffffffffffffda RBX: 00007f37f29832b0 RCX: 00007f37f290f969 +++ exited with 0 +++ [ 39.217048][ C1] RDX: 00000