./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor636426932 <...> forked to background, child pid 3187 [ 24.862797][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.877804][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: [ 25.209462][ T3278] sshd (3278) used greatest stack depth: 19616 bytes left OK syzkaller Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. execve("./syz-executor636426932", ["./syz-executor636426932"], 0x7ffe0ccac6d0 /* 10 vars */) = 0 brk(NULL) = 0x555557314000 brk(0x555557314c40) = 0x555557314c40 arch_prctl(ARCH_SET_FS, 0x555557314300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor636426932", 4096) = 27 brk(0x555557335c40) = 0x555557335c40 brk(0x555557336000) = 0x555557336000 mprotect(0x7f81bb9e4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/sync/sw_sync", O_RDONLY) = 3 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000080) = 0 openat(AT_FDCWD, "/sys/kernel/debug/sync/sw_sync", O_RDONLY) = 69 ioctl(69, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000100) = 0 openat(AT_FDCWD, "/sys/kernel/debug/sync/sw_sync", O_RDONLY) = 71 ioctl(71, _IOC(_IOC_READ|_IOC_WRITE, 0x57, 0, 0x28), 0x20000100) = 0 ioctl(70, SYNC_IOC_MERGE, 0x200002c0) = 0 poll([{fd=73, events=0}], 1, 0) = 0 (Timeout) openat(AT_FDCWD, "/sys/kernel/debug/sync/info", O_RDONLY|O_NOFOLLOW) = 74 read(74, "objs:\n--", 8) = 8 exit_group(0) = ? syzkaller login: [ 47.978217][ C1] [ 47.980559][ C1] ================================ [ 47.985643][ C1] WARNING: inconsistent lock state [ 47.990727][ C1] 5.19.0-rc4-syzkaller-00208-g69cb6c6556ad #0 Not tainted [ 47.997816][ C1] -------------------------------- [ 48.002905][ C1] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ 48.009726][ C1] syz-executor636/3615 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 48.016480][ C1] ffffffff8d313c98 (sync_timeline_list_lock){?.+.}-{2:2}, at: sync_timeline_debug_remove+0x28/0x140 [ 48.027258][ C1] {HARDIRQ-ON-W} state was registered at: [ 48.032954][ C1] trace_hardirqs_on+0x34/0x40 [ 48.037796][ C1] _raw_spin_unlock_irq+0x1f/0x40 [ 48.042965][ C1] sync_info_debugfs_show+0x17e/0x510 [ 48.048420][ C1] seq_read_iter+0x43a/0xd30 [ 48.053084][ C1] seq_read+0x3d4/0x500 [ 48.057316][ C1] vfs_read+0x2ea/0xd10 [ 48.061551][ C1] ksys_read+0x19b/0x2c0 [ 48.065911][ C1] do_syscall_64+0x2b/0x70 [ 48.070398][ C1] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 48.076359][ C1] irq event stamp: 9674 [ 48.080501][ C1] hardirqs last enabled at (9673): [] _raw_spin_unlock_irq+0x1f/0x40 [ 48.090204][ C1] hardirqs last disabled at (9674): [] sysvec_irq_work+0xa/0xb0 [ 48.099382][ C1] softirqs last enabled at (9088): [] __irq_exit_rcu+0xec/0x170 [ 48.108642][ C1] softirqs last disabled at (9063): [] __irq_exit_rcu+0xec/0x170 [ 48.117907][ C1] [ 48.117907][ C1] other info that might help us debug this: [ 48.125953][ C1] Possible unsafe locking scenario: [ 48.125953][ C1] [ 48.133379][ C1] CPU0 [ 48.136636][ C1] ---- [ 48.139893][ C1] lock(sync_timeline_list_lock); [ 48.145057][ C1] [ 48.148500][ C1] lock(sync_timeline_list_lock); [ 48.153766][ C1] [ 48.153766][ C1] *** DEADLOCK *** [ 48.153766][ C1] [ 48.161885][ C1] no locks held by syz-executor636/3615. [ 48.167497][ C1] [ 48.167497][ C1] stack backtrace: [ 48.173369][ C1] CPU: 1 PID: 3615 Comm: syz-executor636 Not tainted 5.19.0-rc4-syzkaller-00208-g69cb6c6556ad #0 [ 48.183844][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 48.193886][ C1] Call Trace: [ 48.197166][ C1] [ 48.199992][ C1] dump_stack_lvl+0x1e3/0x2cb [ 48.204656][ C1] ? bfq_pos_tree_add_move+0x436/0x436 [ 48.210108][ C1] ? lockdep_print_held_locks+0x6b/0x1b0 [ 48.215723][ C1] ? print_usage_bug+0x627/0x8a0 [ 48.220637][ C1] ? unwind_get_return_address+0x48/0x80 [ 48.226248][ C1] ? arch_stack_walk+0xf8/0x140 [ 48.231077][ C1] mark_lock_irq+0xb20/0xf00 [ 48.235662][ C1] ? save_trace+0xba0/0xba0 [ 48.240154][ C1] ? stack_trace_snprint+0xf0/0xf0 [ 48.245244][ C1] ? __mod_timer+0x980/0xd10 [ 48.249811][ C1] ? do_raw_spin_unlock+0x134/0x8a0 [ 48.254992][ C1] ? save_trace+0x5a/0xba0 [ 48.259383][ C1] ? do_raw_spin_unlock+0x134/0x8a0 [ 48.264559][ C1] mark_lock+0x21c/0x350 [ 48.268779][ C1] __lock_acquire+0xb43/0x1f80 [ 48.273523][ C1] lock_acquire+0x1a7/0x400 [ 48.278007][ C1] ? sync_timeline_debug_remove+0x28/0x140 [ 48.283790][ C1] ? trace_lock_release+0x7a/0x190 [ 48.288896][ C1] ? read_lock_is_recursive+0x10/0x10 [ 48.294258][ C1] ? read_lock_is_recursive+0x10/0x10 [ 48.299621][ C1] ? timeline_fence_release+0x1ca/0x250 [ 48.305142][ C1] ? do_raw_spin_lock+0x148/0x360 [ 48.310155][ C1] ? __lock_acquire+0x1f80/0x1f80 [ 48.315158][ C1] ? do_raw_spin_unlock+0x134/0x8a0 [ 48.320344][ C1] _raw_spin_lock_irqsave+0xd1/0x120 [ 48.325607][ C1] ? sync_timeline_debug_remove+0x28/0x140 [ 48.331386][ C1] ? _raw_spin_lock+0x40/0x40 [ 48.336051][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 48.341924][ C1] ? _raw_spin_unlock+0x40/0x40 [ 48.346751][ C1] sync_timeline_debug_remove+0x28/0x140 [ 48.352360][ C1] timeline_fence_release+0x200/0x250 [ 48.357710][ C1] dma_fence_array_release+0x134/0x240 [ 48.363148][ C1] irq_work_single+0xd3/0x230 [ 48.367804][ C1] irq_work_run+0x189/0x350 [ 48.372296][ C1] ? irq_work_single+0x230/0x230 [ 48.377212][ C1] ? __irq_exit_rcu+0xf8/0x170 [ 48.381951][ C1] ? irq_exit_rcu+0x20/0x20 [ 48.386428][ C1] __sysvec_irq_work+0x62/0x70 [ 48.391170][ C1] sysvec_irq_work+0x8c/0xb0 [ 48.395737][ C1] [ 48.398647][ C1] [ 48.401557][ C1] asm_sysvec_irq_work+0x1b/0x20 [ 48.406486][ C1] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 [ 48.412268][ C1] Code: f1 10 f7 ff 90 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 2e ab 33 f7 48 89 df e8 36 1c 35 f7 e8 e1 f1 59 f7 fb bf 01 00 00 00 46 cd 27 f7 65 8b 05 47 37 ce 75 85 c0 74 02 5b c3 e8 ec 20 cc [ 48.431849][ C1] RSP: 0018:ffffc90002fffca0 EFLAGS: 00000286 [ 48.437893][ C1] RAX: 53c048338110e800 RBX: ffff888012bf7550 RCX: ffffffff91540e03 [ 48.445845][ C1] RDX: dffffc0000000000 RSI: ffffffff8a8d22c0 RDI: 0000000000000001 [ 48.453796][ C1] RBP: ffff88807459343c R08: dffffc0000000000 R09: ffffed100257eeab [ 48.461745][ C1] R10: ffffed100257eeab R11: 1ffff1100257eeaa R12: ffff888012bf7540 [ 48.469694][ C1] R13: ffff888074593400 R14: dffffc0000000000 R15: ffff888012bf7500 [ 48.477652][ C1] sw_sync_debugfs_release+0x14d/0x1d0 [ 48.483093][ C1] ? sw_sync_debugfs_open+0x240/0x240 [ 48.488438][ C1] __fput+0x3b9/0x820 [ 48.492415][ C1] task_work_run+0x146/0x1c0 [ 48.496986][ C1] do_exit+0x547/0x1ed0 [ 48.501120][ C1] ? _raw_spin_unlock_irq+0x2a/0x40 [ 48.506297][ C1] ? mm_update_next_owner+0x6d0/0x6d0 [ 48.511659][ C1] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 48.517633][ C1] ? print_irqtrace_events+0x220/0x220 [ 48.523068][ C1] ? vtime_user_exit+0x2b2/0x3e0 [ 48.527981][ C1] ? vtime_user_enter+0x1ea/0x2d0 [ 48.532981][ C1] do_group_exit+0x23b/0x2f0 [ 48.537548][ C1] __x64_sys_exit_group+0x3b/0x40 [ 48.542547][ C1] do_syscall_64+0x2b/0x70 [ 48.546945][ C1] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 48.552814][ C1] RIP: 0033:0x7f81bb976969 [ 48.557216][ C1] Code: Unable to access opcode bytes at RIP 0x7f81bb97693f. [ 48.564554][ C1] RSP: 002b:00007ffe03958588 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 48.572944][ C1] RAX: ffffffffffffffda RBX: 00007f81bb9ea2b0 RCX: 00007f81bb976969 +++ exited with 0 +++