./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2532283262 <...> forked to background, child pid 3179 no interfaces have a carrier [ 27.193415][ T3180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.207935][ T3180] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. execve("./syz-executor2532283262", ["./syz-executor2532283262"], 0x7ffe8dfd0cf0 /* 10 vars */) = 0 brk(NULL) = 0x555556df4000 brk(0x555556df4c40) = 0x555556df4c40 arch_prctl(ARCH_SET_FS, 0x555556df4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556df45d0) = 3600 set_robust_list(0x555556df45e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f3f7711b990, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3f7711c060}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f3f7711ba30, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3f7711c060}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2532283262", 4096) = 28 brk(0x555556e15c40) = 0x555556e15c40 brk(0x555556e16000) = 0x555556e16000 mprotect(0x7f3f771dd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3601 attached , child_tidptr=0x555556df45d0) = 3601 [pid 3601] set_robust_list(0x555556df45e0, 24) = 0 [pid 3601] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3601] setsid() = 1 [pid 3601] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3601] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3601] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3601] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3601] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3601] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3601] unshare(CLONE_NEWNS) = 0 [pid 3601] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3601] unshare(CLONE_NEWIPC) = 0 [pid 3601] unshare(CLONE_NEWCGROUP) = 0 [pid 3601] unshare(CLONE_NEWUTS) = 0 [pid 3601] unshare(CLONE_SYSVSEM) = 0 [pid 3601] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3601] write(3, "16777216", 8) = 8 [pid 3601] close(3) = 0 [pid 3601] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3601] write(3, "536870912", 9) = 9 [pid 3601] close(3) = 0 [pid 3601] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3601] write(3, "1024", 4) = 4 [pid 3601] close(3) = 0 [pid 3601] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3601] write(3, "8192", 4) = 4 [pid 3601] close(3) = 0 [pid 3601] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3601] write(3, "1024", 4) = 4 [pid 3601] close(3) = 0 [pid 3601] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3601] write(3, "1024", 4) = 4 [pid 3601] close(3) = 0 [pid 3601] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3601] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3601] close(3) = 0 [pid 3601] getpid() = 1 [pid 3601] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3616] set_robust_list(0x7f3f771089e0, 24) = 0 [pid 3616] socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6) = 3 [pid 3616] futex(0x7f3f771e350c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3601] <... futex resumed>) = 0 [pid 3616] openat(AT_FDCWD, "/sys/kernel/debug/sync/sw_sync", O_RDONLY [pid 3601] futex(0x7f3f771e3508, FUTEX_WAKE_PRIVATE, 1000000 [pid 3616] <... openat resumed>) = 4 [pid 3601] <... futex resumed>) = 0 [pid 3616] futex(0x7f3f771e350c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3601] futex(0x7f3f771e350c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 0 [pid 3601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3616] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x200001c0 [pid 3601] futex(0x7f3f771e3508, FUTEX_WAKE_PRIVATE, 1000000 [pid 3616] <... ioctl resumed>) = 0 [pid 3601] <... futex resumed>) = 0 [pid 3616] futex(0x7f3f771e350c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3601] futex(0x7f3f771e350c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3601] futex(0x7f3f771e3508, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3601] futex(0x7f3f771e350c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 1 [pid 3601] <... futex resumed>) = 0 [pid 3616] openat(AT_FDCWD, "/sys/kernel/debug/sync/sw_sync", O_RDONLY [pid 3601] futex(0x7f3f771e350c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... openat resumed>) = 6 [pid 3616] futex(0x7f3f771e350c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3601] <... futex resumed>) = 0 [pid 3616] ioctl(6, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x200001c0 [pid 3601] futex(0x7f3f771e3508, FUTEX_WAKE_PRIVATE, 1000000 [pid 3616] <... ioctl resumed>) = 0 [pid 3601] <... futex resumed>) = 0 [pid 3616] futex(0x7f3f771e350c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3601] futex(0x7f3f771e350c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 0 [pid 3601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3616] ioctl(7, SYNC_IOC_MERGE [pid 3601] futex(0x7f3f771e3508, FUTEX_WAKE_PRIVATE, 1000000 [pid 3616] <... ioctl resumed>, 0x20000040) = 0 [pid 3601] <... futex resumed>) = 0 [pid 3616] futex(0x7f3f771e350c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3601] futex(0x7f3f771e350c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 0 [pid 3601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3616] ioctl(7, SYNC_IOC_MERGE [pid 3601] futex(0x7f3f771e3508, FUTEX_WAKE_PRIVATE, 1000000 [pid 3616] <... ioctl resumed>, 0x20000080) = 0 [pid 3601] <... futex resumed>) = 0 [pid 3616] futex(0x7f3f771e350c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3601] futex(0x7f3f771e350c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 0 [pid 3601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3616] ppoll([{fd=8, events=0}, {fd=9, events=0}], 2, NULL, NULL, 0 [pid 3601] futex(0x7f3f771e3508, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3601] futex(0x7f3f771e350c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3601] futex(0x7f3f771e351c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3f770c7000 [pid 3601] mprotect(0x7f3f770c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3601] clone(child_stack=0x7f3f770e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3617 attached , parent_tid=[3], tls=0x7f3f770e7700, child_tidptr=0x7f3f770e79d0) = 3 [pid 3617] set_robust_list(0x7f3f770e79e0, 24 [pid 3601] futex(0x7f3f771e3518, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... set_robust_list resumed>) = 0 [pid 3601] <... futex resumed>) = 0 [pid 3617] close_range(3, 4294967295, 0 [pid 3601] futex(0x7f3f771e351c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3601] futex(0x7f3f771e351c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3601] futex(0x7f3f771e352c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3f770a6000 [pid 3601] mprotect(0x7f3f770a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3601] clone(child_stack=0x7f3f770c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4], tls=0x7f3f770c6700, child_tidptr=0x7f3f770c69d0) = 4 ./strace-static-x86_64: Process 3618 attached [pid 3601] futex(0x7f3f771e3528, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3601] futex(0x7f3f771e352c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] set_robust_list(0x7f3f770c69e0, 24) = 0 [pid 3618] openat(AT_FDCWD, "/sys/kernel/debug/sync/info", O_RDONLY) = 3 [pid 3618] futex(0x7f3f771e352c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3601] <... futex resumed>) = 0 [pid 3601] futex(0x7f3f771e3528, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3601] futex(0x7f3f771e352c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] <... futex resumed>) = 1 [pid 3618] read(3, "objs:\n--------------\nsyz-executor253: 0\n fence active: 2147483647 / 0\n\nsyz-executor253: 0\n fence a"..., 8224) = 146 [pid 3618] futex(0x7f3f771e352c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3601] <... futex resumed>) = 0 [pid 3618] <... futex resumed>) = 1 [pid 3618] futex(0x7f3f771e3528, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3601] exit_group(1 [pid 3618] <... futex resumed>) = ? [pid 3618] +++ exited with 1 +++ [pid 3616] <... ppoll resumed> ) = ? [pid 3616] +++ exited with 1 +++ [pid 3601] <... exit_group resumed>) = ? [ 55.374099][ C1] [ 55.376448][ C1] ================================ [ 55.381532][ C1] WARNING: inconsistent lock state [ 55.386622][ C1] 5.19.0-rc4-next-20220628-syzkaller #0 Not tainted [ 55.393204][ C1] -------------------------------- [ 55.398299][ C1] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ 55.405129][ C1] syz-executor253/3617 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 55.411901][ C1] ffffffff8c963df8 (sync_timeline_list_lock){?.+.}-{2:2}, at: sync_timeline_debug_remove+0x25/0x190 [ 55.422718][ C1] {HARDIRQ-ON-W} state was registered at: [ 55.428432][ C1] lockdep_hardirqs_on_prepare+0x135/0x400 [ 55.434326][ C1] trace_hardirqs_on+0x2d/0x120 [ 55.439265][ C1] _raw_spin_unlock_irq+0x1f/0x40 [ 55.444387][ C1] sync_info_debugfs_show+0xeb/0x200 [ 55.449762][ C1] seq_read_iter+0x4f5/0x1280 [ 55.454526][ C1] seq_read+0x2c7/0x420 [ 55.458768][ C1] vfs_read+0x1ef/0x5d0 [ 55.462999][ C1] ksys_read+0x127/0x250 [ 55.467318][ C1] do_syscall_64+0x35/0xb0 [ 55.471816][ C1] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 55.477788][ C1] irq event stamp: 4996 [ 55.481941][ C1] hardirqs last enabled at (4995): [] _raw_spin_unlock_irq+0x1f/0x40 [ 55.491672][ C1] hardirqs last disabled at (4996): [] sysvec_irq_work+0xb/0xc0 [ 55.500895][ C1] softirqs last enabled at (4862): [] __tun_set_ebpf+0xf6/0x1c0 [ 55.510183][ C1] softirqs last disabled at (4860): [] __tun_set_ebpf+0xa3/0x1c0 [ 55.519470][ C1] [ 55.519470][ C1] other info that might help us debug this: [ 55.527519][ C1] Possible unsafe locking scenario: [ 55.527519][ C1] [ 55.534958][ C1] CPU0 [ 55.538227][ C1] ---- [ 55.541493][ C1] lock(sync_timeline_list_lock); [ 55.546596][ C1] [ 55.550036][ C1] lock(sync_timeline_list_lock); [ 55.555308][ C1] [ 55.555308][ C1] *** DEADLOCK *** [ 55.555308][ C1] [ 55.563439][ C1] no locks held by syz-executor253/3617. [ 55.569052][ C1] [ 55.569052][ C1] stack backtrace: [ 55.574925][ C1] CPU: 1 PID: 3617 Comm: syz-executor253 Not tainted 5.19.0-rc4-next-20220628-syzkaller #0 [ 55.584890][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.594932][ C1] Call Trace: [ 55.598201][ C1] [ 55.601039][ C1] dump_stack_lvl+0xcd/0x134 [ 55.605635][ C1] mark_lock.part.0.cold+0x18/0xd8 [ 55.610748][ C1] ? mark_lock.part.0+0xee/0x1910 [ 55.615768][ C1] ? lock_chain_count+0x20/0x20 [ 55.620610][ C1] ? lock_chain_count+0x20/0x20 [ 55.625462][ C1] __lock_acquire+0x14ad/0x5660 [ 55.630309][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 55.636282][ C1] ? __sysvec_irq_work+0x95/0x3d0 [ 55.641305][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 55.647306][ C1] ? task_work_run+0xdd/0x1a0 [ 55.652000][ C1] lock_acquire+0x1ab/0x570 [ 55.656495][ C1] ? sync_timeline_debug_remove+0x25/0x190 [ 55.662301][ C1] ? lock_release+0x780/0x780 [ 55.666975][ C1] ? timeline_fence_release+0x1f2/0x340 [ 55.672521][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 55.677365][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 55.682564][ C1] ? sync_timeline_debug_remove+0x25/0x190 [ 55.688374][ C1] sync_timeline_debug_remove+0x25/0x190 [ 55.694018][ C1] timeline_fence_release+0x263/0x340 [ 55.699388][ C1] ? sw_sync_debugfs_release+0x240/0x240 [ 55.705020][ C1] dma_fence_release+0x2e9/0x590 [ 55.709965][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 55.714821][ C1] dma_fence_array_release+0x1f6/0x2d0 [ 55.720289][ C1] ? dma_fence_array_cb_func+0x190/0x190 [ 55.725922][ C1] dma_fence_release+0x2e9/0x590 [ 55.730859][ C1] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 55.736683][ C1] irq_dma_fence_array_work+0xa5/0xd0 [ 55.742069][ C1] irq_work_single+0x120/0x250 [ 55.746856][ C1] irq_work_run_list+0x91/0xc0 [ 55.751624][ C1] irq_work_run+0x54/0xd0 [ 55.755953][ C1] __sysvec_irq_work+0x95/0x3d0 [ 55.760803][ C1] sysvec_irq_work+0x8e/0xc0 [ 55.765395][ C1] [ 55.768381][ C1] [ 55.771395][ C1] asm_sysvec_irq_work+0x1b/0x20 [ 55.776329][ C1] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 [ 55.782144][ C1] Code: 0f 1f 44 00 00 55 48 8b 74 24 08 48 89 fd 48 83 c7 18 e8 ee 3b e2 f7 48 89 ef e8 f6 bc e2 f7 e8 f1 b9 04 f8 fb bf 01 00 00 00 e6 da d5 f7 65 8b 05 1f 23 86 76 85 c0 74 02 5d c3 e8 5b f9 83 [ 55.801754][ C1] RSP: 0018:ffffc900030bfdf0 EFLAGS: 00000202 [ 55.807837][ C1] RAX: 0000000000001383 RBX: 00000000ffffffff RCX: 1ffffffff1b798f1 [ 55.815822][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 55.823796][ C1] RBP: ffff88801b07b950 R08: 0000000000000001 R09: 0000000000000001 [ 55.831776][ C1] R10: ffffed100360f72a R11: 0000000000000001 R12: ffff88801b07b900 [ 55.839744][ C1] R13: dffffc0000000000 R14: ffff88801b07b900 R15: ffff88801b07b950 [ 55.847727][ C1] sw_sync_debugfs_release+0x160/0x240 [ 55.853196][ C1] __fput+0x277/0x9d0 [ 55.857183][ C1] ? sw_sync_debugfs_open+0x330/0x330 [ 55.862567][ C1] task_work_run+0xdd/0x1a0 [ 55.867081][ C1] ptrace_notify+0x114/0x140 [ 55.871673][ C1] syscall_exit_to_user_mode_prepare+0x129/0x280 [ 55.878004][ C1] syscall_exit_to_user_mode+0x9/0x50 [ 55.883381][ C1] do_syscall_64+0x42/0xb0 [ 55.887795][ C1] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 55.893709][ C1] RIP: 0033:0x7f3f7715a7e9 [ 55.898129][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.917741][ C1] RSP: 002b:00007f3f770e72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [pid 3617] <... close_range resumed>) = ? [pid 3617] +++ exited with 1 +++ [pid 3601] +++ exited with 1 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3601, si_uid=0, si_status=1, si_utime=0, si_stime=85} --- exit_group(0) = ? +++ exited with 0 +++ [ 55.926