./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1814091279 <...> forked to background, child pid 3187 no interfaces have a carrier [ 27.027558][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.045103][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts. execve("./syz-executor1814091279", ["./syz-executor1814091279"], 0x7ffebabd7230 /* 10 vars */) = 0 brk(NULL) = 0x555556f6e000 brk(0x555556f6ec40) = 0x555556f6ec40 arch_prctl(ARCH_SET_FS, 0x555556f6e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556f6e5d0) = 3608 set_robust_list(0x555556f6e5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f03a29c77c0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f03a29c7e90}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f03a29c7860, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03a29c7e90}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1814091279", 4096) = 28 brk(0x555556f8fc40) = 0x555556f8fc40 brk(0x555556f90000) = 0x555556f90000 mprotect(0x7f03a2a89000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3609 attached , child_tidptr=0x555556f6e5d0) = 3609 [pid 3609] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3609] setpgid(0, 0) = 0 [pid 3609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3609] write(3, "1000", 4) = 4 [pid 3609] close(3) = 0 [pid 3609] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3609] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3609] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3610], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3610 [pid 3609] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3609] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3610 attached [pid 3610] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3610] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3610] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] <... futex resumed>) = 0 [pid 3609] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3609] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3610] <... futex resumed>) = 1 [pid 3610] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3610] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] <... futex resumed>) = 0 [pid 3609] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3609] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3610] <... futex resumed>) = 1 [pid 3610] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3610] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3609}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3610] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3609}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3610] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3609] <... futex resumed>) = 0 [pid 3610] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3609] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3610] <... openat resumed>) = 5 [pid 3609] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3610] write(5, "10", 2) = 2 [pid 3610] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3610] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3609] <... futex resumed>) = 0 [pid 3610] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3609] exit_group(0) = ? [pid 3610] <... futex resumed>) = ? [pid 3610] +++ exited with 0 +++ [pid 3609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3609, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3611 ./strace-static-x86_64: Process 3611 attached [pid 3611] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3611] setpgid(0, 0) = 0 [pid 3611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "1000", 4) = 4 [pid 3611] close(3) = 0 [pid 3611] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3611] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3611] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3612 attached , parent_tid=[3612], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3612 [pid 3612] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3612] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3611] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3612] <... futex resumed>) = 0 [pid 3611] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3612] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3612] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3612] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3611] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3612] <... futex resumed>) = 0 [pid 3612] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3612] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3612] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3611] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3611] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3612] <... futex resumed>) = 0 [pid 3611] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3612] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3612] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3611}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3612] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3611}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3612] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3611] <... futex resumed>) = 0 [pid 3612] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3611] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3612] <... openat resumed>) = 5 [pid 3611] <... futex resumed>) = 0 [pid 3611] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3612] write(5, "10", 2) = 2 [pid 3612] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 syzkaller login: [ 50.310506][ T3612] FAULT_INJECTION: forcing a failure. [ 50.310506][ T3612] name fail_futex, interval 1, probability 0, space 0, times 1 [ 50.323824][ T3612] CPU: 0 PID: 3612 Comm: syz-executor181 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 [ 50.333841][ T3612] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 50.343197][ T3612] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3612, name: syz-executor181 [ 50.352648][ T3612] preempt_count: 0, expected: 0 [ 50.357481][ T3612] RCU nest depth: 0, expected: 0 [ 50.362396][ T3612] no locks held by syz-executor181/3612. [ 50.368006][ T3612] irq event stamp: 1058 [ 50.372140][ T3612] hardirqs last enabled at (1057): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 50.382460][ T3612] hardirqs last disabled at (1058): [] dump_stack_lvl+0x2e/0x134 [ 50.391749][ T3612] softirqs last enabled at (1050): [] __irq_exit_rcu+0x123/0x180 [ 50.401110][ T3612] softirqs last disabled at (897): [] __irq_exit_rcu+0x123/0x180 [ 50.410381][ T3612] CPU: 0 PID: 3612 Comm: syz-executor181 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 [ 50.420286][ T3612] syz-executor181[3612] cmdline: ./syz-executor1814091279 [ 50.427390][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.437450][ T3612] Call Trace: [ 50.440728][ T3612] [ 50.443676][ T3612] dump_stack_lvl+0xcd/0x134 [ 50.448290][ T3612] __might_resched.cold+0x222/0x26b [ 50.453500][ T3612] down_read_killable+0x75/0x490 [ 50.458455][ T3612] ? down_read+0x450/0x450 [ 50.462892][ T3612] __access_remote_vm+0xac/0x6f0 [ 50.467847][ T3612] ? follow_phys+0x2c0/0x2c0 [ 50.472443][ T3612] ? do_raw_spin_lock+0x120/0x2a0 [ 50.477479][ T3612] ? rwlock_bug.part.0+0x90/0x90 [ 50.482427][ T3612] ? __up_console_sem+0x47/0xc0 [ 50.487293][ T3612] get_mm_cmdline.part.0+0x217/0x620 [ 50.492603][ T3612] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 50.498335][ T3612] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 50.504158][ T3612] get_task_cmdline_kernel+0x1d9/0x220 [ 50.509636][ T3612] dump_stack_print_cmdline.part.0+0x82/0x150 [ 50.515722][ T3612] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 50.521835][ T3612] ? dump_stack_print_info+0xc6/0x190 [ 50.527224][ T3612] dump_stack_print_info+0x185/0x190 [ 50.532540][ T3612] dump_stack_lvl+0xc1/0x134 [ 50.537151][ T3612] should_fail.cold+0x5/0xa [ 50.541677][ T3612] get_futex_key+0x5a8/0x1c30 [ 50.546377][ T3612] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.552372][ T3612] ? futex_setup_timer+0xf0/0xf0 [ 50.557339][ T3612] futex_wake+0xe4/0x490 [ 50.561601][ T3612] ? futex_wake_mark+0x1a0/0x1a0 [ 50.566554][ T3612] ? ptrace_stop.part.0+0x5ec/0xa80 [ 50.571763][ T3612] ? do_raw_spin_lock+0x120/0x2a0 [ 50.576811][ T3612] ? rwlock_bug.part.0+0x90/0x90 [ 50.581759][ T3612] ? _raw_spin_lock_irq+0x41/0x50 [ 50.586878][ T3612] do_futex+0x266/0x300 [ 50.591045][ T3612] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 50.596959][ T3612] ? find_held_lock+0x2d/0x110 [ 50.601734][ T3612] __x64_sys_futex+0x1b0/0x4a0 [ 50.606514][ T3612] ? do_futex+0x300/0x300 [ 50.610851][ T3612] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.616056][ T3612] ? lockdep_hardirqs_on+0x79/0x100 [ 50.621268][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.626472][ T3612] ? ptrace_notify+0xfa/0x140 [ 50.631186][ T3612] do_syscall_64+0x35/0xb0 [ 50.635613][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.641514][ T3612] RIP: 0033:0x7f03a2a066b9 [ 50.645933][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.665547][ T3612] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 50.673965][ T3612] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 50.681939][ T3612] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03a2a8f4cc [ 50.689924][ T3612] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 50.697983][ T3612] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f03a29b7300 [ 50.705953][ T3612] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 50.713939][ T3612] [ 50.716974][ T3612] syz-executor181[3612] cmdline: ./syz-executor1814091279 [ 50.724091][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.734171][ T3612] Call Trace: [ 50.737461][ T3612] [ 50.740405][ T3612] dump_stack_lvl+0xcd/0x134 [ 50.745045][ T3612] should_fail.cold+0x5/0xa [ 50.749588][ T3612] get_futex_key+0x5a8/0x1c30 [ 50.754307][ T3612] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.760322][ T3612] ? futex_setup_timer+0xf0/0xf0 [ 50.765284][ T3612] futex_wake+0xe4/0x490 [ 50.769544][ T3612] ? futex_wake_mark+0x1a0/0x1a0 [ 50.774513][ T3612] ? ptrace_stop.part.0+0x5ec/0xa80 [ 50.779723][ T3612] ? do_raw_spin_lock+0x120/0x2a0 [ 50.784767][ T3612] ? rwlock_bug.part.0+0x90/0x90 [ 50.789717][ T3612] ? _raw_spin_lock_irq+0x41/0x50 [ 50.794750][ T3612] do_futex+0x266/0x300 [ 50.798919][ T3612] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 50.804822][ T3612] ? find_held_lock+0x2d/0x110 [ 50.809601][ T3612] __x64_sys_futex+0x1b0/0x4a0 [ 50.814380][ T3612] ? do_futex+0x300/0x300 [ 50.818720][ T3612] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.823928][ T3612] ? lockdep_hardirqs_on+0x79/0x100 [ 50.829144][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.834345][ T3612] ? ptrace_notify+0xfa/0x140 [ 50.839049][ T3612] do_syscall_64+0x35/0xb0 [ 50.843479][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.849380][ T3612] RIP: 0033:0x7f03a2a066b9 [ 50.853799][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.873416][ T3612] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 50.881833][ T3612] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 50.889807][ T3612] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03a2a8f4cc [ 50.897781][ T3612] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [pid 3612] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = -1 EFAULT (Bad address) [pid 3611] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3612] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3611] exit_group(0 [pid 3612] <... futex resumed>) = ? [pid 3611] <... exit_group resumed>) = ? [pid 3612] +++ exited with 0 +++ [pid 3611] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3611, si_uid=0, si_status=0, si_utime=0, si_stime=62} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3613 ./strace-static-x86_64: Process 3613 attached [pid 3613] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3613] setpgid(0, 0) = 0 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3613] write(3, "1000", 4) = 4 [pid 3613] close(3) = 0 [pid 3613] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3613] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3613] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3614], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3614 [pid 3613] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3614 attached [pid 3614] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3614] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3614] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] <... futex resumed>) = 0 [pid 3613] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... futex resumed>) = 1 [pid 3614] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3614] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] <... futex resumed>) = 0 [pid 3613] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = 1 [pid 3613] <... futex resumed>) = 0 [pid 3613] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3614] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3613}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3614] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3613}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3614] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] <... futex resumed>) = 0 [pid 3613] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... futex resumed>) = 1 [pid 3614] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3614] write(5, "10", 2) = 2 [pid 3614] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3614] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] <... futex resumed>) = 0 [pid 3613] exit_group(0) = ? [pid 3614] <... futex resumed>) = ? [pid 3614] +++ exited with 0 +++ [pid 3613] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3613, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3615 ./strace-static-x86_64: Process 3615 attached [pid 3615] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3615] setpgid(0, 0) = 0 [pid 3615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1000", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3615] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3615] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3616], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3616 [pid 3615] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3616 attached [pid 3616] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3616] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3616] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] <... futex resumed>) = 0 [pid 3615] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 1 [pid 3616] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3616] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] <... futex resumed>) = 0 [pid 3615] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 1 [pid 3616] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3616] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3615}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3616] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3615}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [ 50.905753][ T3612] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f03a29b7300 [ 50.913746][ T3612] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 50.921736][ T3612] [pid 3616] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] <... futex resumed>) = 0 [pid 3615] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3616] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3615] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... openat resumed>) = 5 [pid 3616] write(5, "10", 2) = 2 [pid 3616] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3616] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] <... futex resumed>) = 0 [pid 3615] exit_group(0) = ? [pid 3616] +++ exited with 0 +++ [pid 3615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3615, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3617 ./strace-static-x86_64: Process 3617 attached [pid 3617] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3617] setpgid(0, 0) = 0 [pid 3617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3617] write(3, "1000", 4) = 4 [pid 3617] close(3) = 0 [pid 3617] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3617] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3617] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3618 attached [pid 3618] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3618] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3617] <... clone resumed>, parent_tid=[3618], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3618 [pid 3617] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3618] <... futex resumed>) = 0 [pid 3617] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3618] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3617] <... futex resumed>) = 0 [pid 3618] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3617] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3617] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] <... futex resumed>) = 0 [pid 3618] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3618] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3617] <... futex resumed>) = 0 [pid 3617] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3618] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3617}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3618] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3617}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3618] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3617] <... futex resumed>) = 0 [pid 3618] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3617] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] <... openat resumed>) = 5 [pid 3617] <... futex resumed>) = 0 [pid 3617] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] write(5, "10", 2) = 2 [pid 3618] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3618] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3618] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3617] <... futex resumed>) = 0 [pid 3617] exit_group(0) = ? [ 51.003377][ T3618] FAULT_INJECTION: forcing a failure. [ 51.003377][ T3618] name fail_futex, interval 1, probability 0, space 0, times 0 [ 51.016259][ T3618] CPU: 1 PID: 3618 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.027633][ T3618] syz-executor181[3618] cmdline: [ 51.032646][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.042796][ T3618] Call Trace: [ 51.046085][ T3618] [ 51.049006][ T3618] dump_stack_lvl+0xcd/0x134 [ 51.053613][ T3618] should_fail.cold+0x5/0xa [ 51.058112][ T3618] get_futex_key+0x5a8/0x1c30 [ 51.062792][ T3618] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.068801][ T3618] ? futex_setup_timer+0xf0/0xf0 [ 51.073745][ T3618] futex_wait_setup+0xa7/0x230 [ 51.078519][ T3618] ? futex_wait_multiple+0xc90/0xc90 [ 51.083827][ T3618] futex_wait+0x264/0x680 [ 51.088174][ T3618] ? futex_wait_setup+0x230/0x230 [ 51.093243][ T3618] ? do_raw_spin_lock+0x120/0x2a0 [ 51.098262][ T3618] ? rwlock_bug.part.0+0x90/0x90 [ 51.103193][ T3618] ? _raw_spin_lock_irq+0x41/0x50 [ 51.108211][ T3618] do_futex+0x1af/0x300 [ 51.112364][ T3618] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 51.118251][ T3618] ? find_held_lock+0x2d/0x110 [ 51.123024][ T3618] __x64_sys_futex+0x1b0/0x4a0 [ 51.127815][ T3618] ? do_futex+0x300/0x300 [ 51.132137][ T3618] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.137337][ T3618] ? lockdep_hardirqs_on+0x79/0x100 [ 51.142559][ T3618] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.147769][ T3618] ? ptrace_notify+0xfa/0x140 [ 51.152454][ T3618] do_syscall_64+0x35/0xb0 [ 51.156866][ T3618] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.162750][ T3618] RIP: 0033:0x7f03a2a066b9 [ 51.167154][ T3618] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.186781][ T3618] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 51.195187][ T3618] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3618] <... futex resumed>) = ? [pid 3618] +++ exited with 0 +++ [pid 3617] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3617, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3619 attached , child_tidptr=0x555556f6e5d0) = 3619 [pid 3619] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3619] setpgid(0, 0) = 0 [pid 3619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "1000", 4) = 4 [pid 3619] close(3) = 0 [pid 3619] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3619] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3619] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3620 attached , parent_tid=[3620], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3620 [pid 3619] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3619] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3620] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3620] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3620] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3619] <... futex resumed>) = 0 [pid 3620] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3619] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... socket resumed>) = 4 [pid 3619] <... futex resumed>) = 0 [pid 3620] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3619] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3620] <... futex resumed>) = 0 [pid 3619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3620] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3619] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3619] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3620] <... sendto resumed>) = 32 [pid 3620] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3619}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3620] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3619}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3620] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3619] <... futex resumed>) = 0 [pid 3620] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3619] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3619] <... futex resumed>) = 0 [pid 3620] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3619] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3620] <... openat resumed>) = 5 [pid 3620] write(5, "10", 2) = 2 [pid 3620] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3620] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3619] <... futex resumed>) = 0 [pid 3620] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3619] exit_group(0) = ? [ 51.203159][ T3618] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 51.211140][ T3618] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 51.219119][ T3618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 51.227116][ T3618] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 51.235180][ T3618] [ 51.267262][ T3620] FAULT_INJECTION: forcing a failure. [ 51.267262][ T3620] name fail_futex, interval 1, probability 0, space 0, times 0 [ 51.280516][ T3620] CPU: 1 PID: 3620 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.291950][ T3620] syz-executor181[3620] cmdline: [ 51.296980][ T3620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.307051][ T3620] Call Trace: [ 51.310324][ T3620] [ 51.313266][ T3620] dump_stack_lvl+0xcd/0x134 [ 51.317895][ T3620] should_fail.cold+0x5/0xa [ 51.322401][ T3620] get_futex_key+0x5a8/0x1c30 [ 51.327088][ T3620] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.333081][ T3620] ? futex_setup_timer+0xf0/0xf0 [ 51.338045][ T3620] futex_wait_setup+0xa7/0x230 [ 51.342847][ T3620] ? futex_wait_multiple+0xc90/0xc90 [ 51.348150][ T3620] futex_wait+0x264/0x680 [ 51.352529][ T3620] ? futex_wait_setup+0x230/0x230 [ 51.357601][ T3620] ? do_raw_spin_lock+0x120/0x2a0 [ 51.362672][ T3620] ? rwlock_bug.part.0+0x90/0x90 [ 51.367646][ T3620] ? _raw_spin_lock_irq+0x41/0x50 [ 51.372677][ T3620] do_futex+0x1af/0x300 [ 51.376840][ T3620] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 51.382732][ T3620] ? find_held_lock+0x2d/0x110 [ 51.387529][ T3620] __x64_sys_futex+0x1b0/0x4a0 [ 51.392323][ T3620] ? do_futex+0x300/0x300 [ 51.396652][ T3620] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.401860][ T3620] ? lockdep_hardirqs_on+0x79/0x100 [ 51.407101][ T3620] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.412305][ T3620] ? ptrace_notify+0xfa/0x140 [ 51.416985][ T3620] do_syscall_64+0x35/0xb0 [ 51.421412][ T3620] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.427321][ T3620] RIP: 0033:0x7f03a2a066b9 [ 51.431730][ T3620] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.451331][ T3620] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 51.459758][ T3620] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3620] <... futex resumed>) = ? [pid 3620] +++ exited with 0 +++ [pid 3619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3619, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3621 attached , child_tidptr=0x555556f6e5d0) = 3621 [pid 3621] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3621] setpgid(0, 0) = 0 [pid 3621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3621] write(3, "1000", 4) = 4 [pid 3621] close(3) = 0 [pid 3621] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3621] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3621] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3622 attached , parent_tid=[3622], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3622 [pid 3621] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3622] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3622] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3621] <... futex resumed>) = 0 [pid 3622] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3621] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3622] <... socket resumed>) = 4 [pid 3621] <... futex resumed>) = 0 [pid 3622] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... futex resumed>) = 0 [pid 3621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3622] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3621] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3622] <... sendto resumed>) = 32 [pid 3621] <... futex resumed>) = 0 [pid 3622] recvfrom(4, [pid 3621] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... recvfrom resumed>[{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3621}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3622] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3621}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3622] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3621] <... futex resumed>) = 0 [pid 3622] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3621] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3621] <... futex resumed>) = 0 [pid 3622] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3621] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... openat resumed>) = 5 [pid 3622] write(5, "10", 2) = 2 [pid 3622] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3622] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3621] <... futex resumed>) = 0 [ 51.467740][ T3620] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 51.475725][ T3620] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 51.483688][ T3620] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 51.491661][ T3620] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 51.499652][ T3620] [pid 3622] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3621] exit_group(0) = ? [ 51.531475][ T3622] FAULT_INJECTION: forcing a failure. [ 51.531475][ T3622] name fail_futex, interval 1, probability 0, space 0, times 0 [ 51.544859][ T3622] CPU: 0 PID: 3622 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.556261][ T3622] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 51.565613][ T3622] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3622, name: syz-executor181 [ 51.575068][ T3622] preempt_count: 0, expected: 0 [ 51.579921][ T3622] RCU nest depth: 0, expected: 0 [ 51.584852][ T3622] no locks held by syz-executor181/3622. [ 51.590497][ T3622] irq event stamp: 1034 [ 51.594646][ T3622] hardirqs last enabled at (1033): [] _raw_spin_unlock_irqrestore+0x50/0x70 [ 51.604977][ T3622] hardirqs last disabled at (1034): [] dump_stack_lvl+0x2e/0x134 [ 51.614290][ T3622] softirqs last enabled at (980): [] __irq_exit_rcu+0x123/0x180 [ 51.623591][ T3622] softirqs last disabled at (955): [] __irq_exit_rcu+0x123/0x180 [ 51.632895][ T3622] CPU: 0 PID: 3622 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.644345][ T3622] syz-executor181[3622] cmdline: [ 51.649355][ T3622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.659406][ T3622] Call Trace: [ 51.662687][ T3622] [ 51.665622][ T3622] dump_stack_lvl+0xcd/0x134 [ 51.670237][ T3622] __might_resched.cold+0x222/0x26b [ 51.675463][ T3622] down_read_killable+0x75/0x490 [ 51.680563][ T3622] ? down_read+0x450/0x450 [ 51.685030][ T3622] __access_remote_vm+0xac/0x6f0 [ 51.690008][ T3622] ? follow_phys+0x2c0/0x2c0 [ 51.694619][ T3622] ? do_raw_spin_lock+0x120/0x2a0 [ 51.699663][ T3622] ? rwlock_bug.part.0+0x90/0x90 [ 51.704617][ T3622] ? __up_console_sem+0x47/0xc0 [ 51.709484][ T3622] get_mm_cmdline.part.0+0x217/0x620 [ 51.714789][ T3622] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 51.720518][ T3622] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 51.726337][ T3622] get_task_cmdline_kernel+0x1d9/0x220 [ 51.731899][ T3622] dump_stack_print_cmdline.part.0+0x82/0x150 [ 51.737984][ T3622] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 51.744125][ T3622] ? dump_stack_print_info+0xc6/0x190 [ 51.749537][ T3622] dump_stack_print_info+0x185/0x190 [ 51.754856][ T3622] dump_stack_lvl+0xc1/0x134 [ 51.759490][ T3622] should_fail.cold+0x5/0xa [ 51.764032][ T3622] get_futex_key+0x5a8/0x1c30 [ 51.768737][ T3622] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.774749][ T3622] ? futex_setup_timer+0xf0/0xf0 [ 51.779729][ T3622] futex_wait_setup+0xa7/0x230 [ 51.784523][ T3622] ? futex_wait_multiple+0xc90/0xc90 [ 51.789833][ T3622] futex_wait+0x264/0x680 [ 51.794195][ T3622] ? futex_wait_setup+0x230/0x230 [ 51.799255][ T3622] ? do_raw_spin_lock+0x120/0x2a0 [ 51.804301][ T3622] ? rwlock_bug.part.0+0x90/0x90 [ 51.809256][ T3622] ? _raw_spin_lock_irq+0x41/0x50 [ 51.814294][ T3622] do_futex+0x1af/0x300 [ 51.818475][ T3622] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 51.824390][ T3622] ? find_held_lock+0x2d/0x110 [ 51.829169][ T3622] __x64_sys_futex+0x1b0/0x4a0 [ 51.833949][ T3622] ? do_futex+0x300/0x300 [ 51.838294][ T3622] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.843526][ T3622] ? lockdep_hardirqs_on+0x79/0x100 [ 51.848755][ T3622] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.853998][ T3622] ? ptrace_notify+0xfa/0x140 [ 51.858702][ T3622] do_syscall_64+0x35/0xb0 [ 51.863141][ T3622] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.869134][ T3622] RIP: 0033:0x7f03a2a066b9 [ 51.873572][ T3622] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.893202][ T3622] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 51.901624][ T3622] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 51.909600][ T3622] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 51.917574][ T3622] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 51.925549][ T3622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 51.933526][ T3622] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 51.941520][ T3622] [ 51.944587][ T3622] syz-executor181[3622] cmdline: [ 51.949606][ T3622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.959661][ T3622] Call Trace: [ 51.962960][ T3622] [ 51.965894][ T3622] dump_stack_lvl+0xcd/0x134 [ 51.970513][ T3622] should_fail.cold+0x5/0xa [ 51.975036][ T3622] get_futex_key+0x5a8/0x1c30 [ 51.979745][ T3622] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.985744][ T3622] ? futex_setup_timer+0xf0/0xf0 [ 51.990703][ T3622] futex_wait_setup+0xa7/0x230 [ 51.995487][ T3622] ? futex_wait_multiple+0xc90/0xc90 [ 52.000800][ T3622] futex_wait+0x264/0x680 [ 52.005159][ T3622] ? futex_wait_setup+0x230/0x230 [ 52.010234][ T3622] ? do_raw_spin_lock+0x120/0x2a0 [ 52.015288][ T3622] ? rwlock_bug.part.0+0x90/0x90 [ 52.020233][ T3622] ? _raw_spin_lock_irq+0x41/0x50 [ 52.025271][ T3622] do_futex+0x1af/0x300 [ 52.029442][ T3622] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 52.035352][ T3622] ? find_held_lock+0x2d/0x110 [ 52.040133][ T3622] __x64_sys_futex+0x1b0/0x4a0 [ 52.044913][ T3622] ? do_futex+0x300/0x300 [ 52.049252][ T3622] ? _raw_spin_unlock_irq+0x1f/0x40 [ 52.054462][ T3622] ? lockdep_hardirqs_on+0x79/0x100 [ 52.059678][ T3622] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.064882][ T3622] ? ptrace_notify+0xfa/0x140 [ 52.069573][ T3622] do_syscall_64+0x35/0xb0 [ 52.074006][ T3622] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.079913][ T3622] RIP: 0033:0x7f03a2a066b9 [ 52.084336][ T3622] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 52.103965][ T3622] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 52.112419][ T3622] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 52.120403][ T3622] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [pid 3622] <... futex resumed>) = ? [pid 3622] +++ exited with 0 +++ [pid 3621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3621, si_uid=0, si_status=0, si_utime=0, si_stime=64} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3623 ./strace-static-x86_64: Process 3623 attached [pid 3623] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3623] setpgid(0, 0) = 0 [pid 3623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3623] write(3, "1000", 4) = 4 [pid 3623] close(3) = 0 [pid 3623] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3623] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3623] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3624 attached , parent_tid=[3624], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3624 [pid 3623] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3623] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3624] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3624] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3623] <... futex resumed>) = 0 [pid 3623] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3623] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3624] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3623] <... futex resumed>) = 0 [pid 3623] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3623] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3624] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3623}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3624] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3623}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3624] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3623] <... futex resumed>) = 0 [pid 3624] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3623] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... openat resumed>) = 5 [pid 3623] <... futex resumed>) = 0 [pid 3624] write(5, "10", 2 [pid 3623] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] <... write resumed>) = 2 [pid 3624] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3624] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3623] <... futex resumed>) = 0 [pid 3624] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3623] exit_group(0 [pid 3624] <... futex resumed>) = ? [pid 3623] <... exit_group resumed>) = ? [pid 3624] +++ exited with 0 +++ [pid 3623] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3623, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 52.128399][ T3622] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 52.136372][ T3622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 52.144344][ T3622] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 52.152333][ T3622] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3625 ./strace-static-x86_64: Process 3625 attached [pid 3625] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3625] setpgid(0, 0) = 0 [pid 3625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3625] write(3, "1000", 4) = 4 [pid 3625] close(3) = 0 [pid 3625] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3625] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3625] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3626 attached , parent_tid=[3626], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3626 [pid 3625] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3626] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3625] <... futex resumed>) = 0 [pid 3626] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3625] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3626] <... socket resumed>) = 3 [pid 3626] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3625] <... futex resumed>) = 0 [pid 3626] <... futex resumed>) = 1 [pid 3625] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3626] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3625] <... futex resumed>) = 0 [pid 3625] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3626] <... socket resumed>) = 4 [pid 3626] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3625] <... futex resumed>) = 0 [pid 3625] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3626] <... futex resumed>) = 1 [pid 3626] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3626] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3625}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3626] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3625}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3626] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3625] <... futex resumed>) = 0 [pid 3626] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3625] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3626] <... openat resumed>) = 5 [pid 3625] <... futex resumed>) = 0 [pid 3625] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3626] write(5, "10", 2) = 2 [pid 3626] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [ 52.232486][ T3626] FAULT_INJECTION: forcing a failure. [ 52.232486][ T3626] name fail_futex, interval 1, probability 0, space 0, times 0 [ 52.245824][ T3626] CPU: 0 PID: 3626 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 52.257254][ T3626] syz-executor181[3626] cmdline: ./syz-executor1814091279 [ 52.264380][ T3626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 52.274456][ T3626] Call Trace: [ 52.277751][ T3626] [ 52.280689][ T3626] dump_stack_lvl+0xcd/0x134 [ 52.285312][ T3626] should_fail.cold+0x5/0xa [ 52.289882][ T3626] get_futex_key+0x5a8/0x1c30 [ 52.294567][ T3626] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 52.300562][ T3626] ? futex_setup_timer+0xf0/0xf0 [ 52.305533][ T3626] futex_wake+0xe4/0x490 [ 52.309778][ T3626] ? futex_wake_mark+0x1a0/0x1a0 [ 52.314744][ T3626] ? ptrace_stop.part.0+0x5ec/0xa80 [ 52.319964][ T3626] ? do_raw_spin_lock+0x120/0x2a0 [ 52.325005][ T3626] ? rwlock_bug.part.0+0x90/0x90 [ 52.329936][ T3626] ? _raw_spin_lock_irq+0x41/0x50 [ 52.334962][ T3626] do_futex+0x266/0x300 [ 52.339132][ T3626] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 52.345033][ T3626] ? find_held_lock+0x2d/0x110 [ 52.349816][ T3626] __x64_sys_futex+0x1b0/0x4a0 [ 52.354599][ T3626] ? do_futex+0x300/0x300 [ 52.358959][ T3626] ? _raw_spin_unlock_irq+0x1f/0x40 [ 52.364181][ T3626] ? lockdep_hardirqs_on+0x79/0x100 [ 52.369393][ T3626] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.374593][ T3626] ? ptrace_notify+0xfa/0x140 [ 52.379300][ T3626] do_syscall_64+0x35/0xb0 [ 52.383730][ T3626] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.389624][ T3626] RIP: 0033:0x7f03a2a066b9 [ 52.394037][ T3626] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 52.413646][ T3626] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 52.422059][ T3626] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3626] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3625] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3625] exit_group(0) = ? [pid 3626] <... futex resumed>) = ? [pid 3626] +++ exited with 0 +++ [pid 3625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3625, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3627 ./strace-static-x86_64: Process 3627 attached [pid 3627] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3627] setpgid(0, 0) = 0 [pid 3627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3627] write(3, "1000", 4) = 4 [pid 3627] close(3) = 0 [pid 3627] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3627] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3627] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3628], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3628 [pid 3627] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3628 attached [pid 3628] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3628] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3628] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] <... futex resumed>) = 1 [pid 3628] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3628] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] <... futex resumed>) = 1 [pid 3628] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3628] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3627}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3628] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3627}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3628] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3627] <... futex resumed>) = 0 [pid 3628] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3627] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3628] write(5, "10", 2) = 2 [pid 3628] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3628] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3627] <... futex resumed>) = 0 [pid 3627] exit_group(0) = ? [pid 3628] +++ exited with 0 +++ [pid 3627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3627, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3629 ./strace-static-x86_64: Process 3629 attached [pid 3629] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3629] setpgid(0, 0) = 0 [pid 3629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3629] write(3, "1000", 4) = 4 [pid 3629] close(3) = 0 [pid 3629] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [ 52.430034][ T3626] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03a2a8f4cc [ 52.438020][ T3626] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 52.445984][ T3626] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f03a29b7300 [ 52.453969][ T3626] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 52.462032][ T3626] [pid 3629] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3629] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3630], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3630 [pid 3629] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3630 attached [pid 3630] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3630] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3630] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... futex resumed>) = 0 [pid 3629] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3630] <... futex resumed>) = 1 [pid 3630] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3630] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... futex resumed>) = 0 [pid 3629] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3630] <... futex resumed>) = 1 [pid 3630] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3630] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3629}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3630] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3629}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3630] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... futex resumed>) = 0 [pid 3629] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3630] <... futex resumed>) = 1 [pid 3630] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3630] write(5, "10", 2) = 2 [pid 3630] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3630] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3629] <... futex resumed>) = 0 [pid 3630] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3629] exit_group(0) = ? [ 52.527528][ T3630] FAULT_INJECTION: forcing a failure. [ 52.527528][ T3630] name fail_futex, interval 1, probability 0, space 0, times 0 [ 52.540562][ T3630] CPU: 1 PID: 3630 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 52.551970][ T3630] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 52.561379][ T3630] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3630, name: syz-executor181 [ 52.570855][ T3630] preempt_count: 0, expected: 0 [ 52.575696][ T3630] RCU nest depth: 0, expected: 0 [ 52.580646][ T3630] no locks held by syz-executor181/3630. [ 52.586291][ T3630] irq event stamp: 932 [ 52.590365][ T3630] hardirqs last enabled at (931): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 52.600620][ T3630] hardirqs last disabled at (932): [] dump_stack_lvl+0x2e/0x134 [ 52.609837][ T3630] softirqs last enabled at (924): [] __irq_exit_rcu+0x123/0x180 [ 52.619148][ T3630] softirqs last disabled at (829): [] __irq_exit_rcu+0x123/0x180 [ 52.628468][ T3630] CPU: 1 PID: 3630 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 52.639870][ T3630] syz-executor181[3630] cmdline: [ 52.644909][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 52.654983][ T3630] Call Trace: [ 52.658271][ T3630] [ 52.661233][ T3630] dump_stack_lvl+0xcd/0x134 [ 52.665863][ T3630] __might_resched.cold+0x222/0x26b [ 52.671077][ T3630] down_read_killable+0x75/0x490 [ 52.676042][ T3630] ? down_read+0x450/0x450 [ 52.680501][ T3630] __access_remote_vm+0xac/0x6f0 [ 52.685461][ T3630] ? follow_phys+0x2c0/0x2c0 [ 52.690325][ T3630] ? do_raw_spin_lock+0x120/0x2a0 [ 52.695380][ T3630] ? rwlock_bug.part.0+0x90/0x90 [ 52.700334][ T3630] ? __up_console_sem+0x47/0xc0 [ 52.705200][ T3630] get_mm_cmdline.part.0+0x217/0x620 [ 52.710503][ T3630] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 52.716247][ T3630] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 52.722074][ T3630] get_task_cmdline_kernel+0x1d9/0x220 [ 52.727559][ T3630] dump_stack_print_cmdline.part.0+0x82/0x150 [ 52.733649][ T3630] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 52.739763][ T3630] ? dump_stack_print_info+0xc6/0x190 [ 52.745166][ T3630] dump_stack_print_info+0x185/0x190 [ 52.750473][ T3630] dump_stack_lvl+0xc1/0x134 [ 52.755101][ T3630] should_fail.cold+0x5/0xa [ 52.759624][ T3630] get_futex_key+0x5a8/0x1c30 [ 52.764315][ T3630] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 52.770362][ T3630] ? futex_setup_timer+0xf0/0xf0 [ 52.775350][ T3630] futex_wait_setup+0xa7/0x230 [ 52.780168][ T3630] ? futex_wait_multiple+0xc90/0xc90 [ 52.785494][ T3630] futex_wait+0x264/0x680 [ 52.789866][ T3630] ? futex_wait_setup+0x230/0x230 [ 52.794930][ T3630] ? do_raw_spin_lock+0x120/0x2a0 [ 52.799985][ T3630] ? rwlock_bug.part.0+0x90/0x90 [ 52.804948][ T3630] ? _raw_spin_lock_irq+0x41/0x50 [ 52.810012][ T3630] do_futex+0x1af/0x300 [ 52.814229][ T3630] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 52.820147][ T3630] ? find_held_lock+0x2d/0x110 [ 52.824956][ T3630] __x64_sys_futex+0x1b0/0x4a0 [ 52.830009][ T3630] ? do_futex+0x300/0x300 [ 52.834358][ T3630] ? _raw_spin_unlock_irq+0x1f/0x40 [ 52.839585][ T3630] ? lockdep_hardirqs_on+0x79/0x100 [ 52.844801][ T3630] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.850006][ T3630] ? ptrace_notify+0xfa/0x140 [ 52.854723][ T3630] do_syscall_64+0x35/0xb0 [ 52.859179][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.865208][ T3630] RIP: 0033:0x7f03a2a066b9 [ 52.869637][ T3630] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 52.889252][ T3630] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 52.897672][ T3630] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 52.905647][ T3630] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 52.913620][ T3630] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 52.921596][ T3630] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 52.929586][ T3630] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 52.937579][ T3630] [ 52.940611][ T3630] syz-executor181[3630] cmdline: [ 52.945630][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 52.955685][ T3630] Call Trace: [ 52.958984][ T3630] [ 52.961917][ T3630] dump_stack_lvl+0xcd/0x134 [ 52.966620][ T3630] should_fail.cold+0x5/0xa [ 52.971145][ T3630] get_futex_key+0x5a8/0x1c30 [ 52.975833][ T3630] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 52.981919][ T3630] ? futex_setup_timer+0xf0/0xf0 [ 52.986882][ T3630] futex_wait_setup+0xa7/0x230 [ 52.991679][ T3630] ? futex_wait_multiple+0xc90/0xc90 [ 52.997003][ T3630] futex_wait+0x264/0x680 [ 53.001370][ T3630] ? futex_wait_setup+0x230/0x230 [ 53.006435][ T3630] ? do_raw_spin_lock+0x120/0x2a0 [ 53.011473][ T3630] ? rwlock_bug.part.0+0x90/0x90 [ 53.016422][ T3630] ? _raw_spin_lock_irq+0x41/0x50 [ 53.021459][ T3630] do_futex+0x1af/0x300 [ 53.025652][ T3630] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 53.031564][ T3630] ? find_held_lock+0x2d/0x110 [ 53.036343][ T3630] __x64_sys_futex+0x1b0/0x4a0 [ 53.041126][ T3630] ? do_futex+0x300/0x300 [ 53.045468][ T3630] ? _raw_spin_unlock_irq+0x1f/0x40 [ 53.050675][ T3630] ? lockdep_hardirqs_on+0x79/0x100 [ 53.055909][ T3630] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.061118][ T3630] ? ptrace_notify+0xfa/0x140 [ 53.065809][ T3630] do_syscall_64+0x35/0xb0 [ 53.070240][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.076142][ T3630] RIP: 0033:0x7f03a2a066b9 [ 53.080564][ T3630] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 53.100194][ T3630] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 53.108615][ T3630] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 53.116606][ T3630] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [pid 3630] <... futex resumed>) = ? [pid 3630] +++ exited with 0 +++ [pid 3629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3629, si_uid=0, si_status=0, si_utime=0, si_stime=63} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3631 ./strace-static-x86_64: Process 3631 attached [pid 3631] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setpgid(0, 0) = 0 [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1000", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3631] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3632 attached , parent_tid=[3632], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3632 [pid 3631] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3631] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3632] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3632] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3632] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3632] <... futex resumed>) = 0 [pid 3631] <... futex resumed>) = 1 [pid 3632] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3631] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3632] <... socket resumed>) = 4 [pid 3632] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3632] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3632] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3631}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3632] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3631}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3632] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3632] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3632] <... futex resumed>) = 0 [pid 3631] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3632] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3632] write(5, "10", 2) = 2 [pid 3632] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [ 53.124593][ T3630] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 53.132567][ T3630] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 53.140545][ T3630] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 53.148541][ T3630] [pid 3632] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3631] <... futex resumed>) = 0 [pid 3632] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] exit_group(0) = ? [ 53.189531][ T3632] FAULT_INJECTION: forcing a failure. [ 53.189531][ T3632] name fail_futex, interval 1, probability 0, space 0, times 0 [ 53.203212][ T3632] CPU: 0 PID: 3632 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 53.214597][ T3632] syz-executor181[3632] cmdline: [ 53.219606][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 53.229650][ T3632] Call Trace: [ 53.232934][ T3632] [ 53.235858][ T3632] dump_stack_lvl+0xcd/0x134 [ 53.240450][ T3632] should_fail.cold+0x5/0xa [ 53.244951][ T3632] get_futex_key+0x5a8/0x1c30 [ 53.249621][ T3632] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 53.255600][ T3632] ? futex_setup_timer+0xf0/0xf0 [ 53.260534][ T3632] futex_wait_setup+0xa7/0x230 [ 53.265316][ T3632] ? futex_wait_multiple+0xc90/0xc90 [ 53.270608][ T3632] futex_wait+0x264/0x680 [ 53.274934][ T3632] ? futex_wait_setup+0x230/0x230 [ 53.279970][ T3632] ? do_raw_spin_lock+0x120/0x2a0 [ 53.284989][ T3632] ? rwlock_bug.part.0+0x90/0x90 [ 53.289920][ T3632] ? _raw_spin_lock_irq+0x41/0x50 [ 53.294940][ T3632] do_futex+0x1af/0x300 [ 53.299090][ T3632] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 53.304989][ T3632] ? find_held_lock+0x2d/0x110 [ 53.309754][ T3632] __x64_sys_futex+0x1b0/0x4a0 [ 53.314513][ T3632] ? do_futex+0x300/0x300 [ 53.318835][ T3632] ? _raw_spin_unlock_irq+0x1f/0x40 [ 53.324042][ T3632] ? lockdep_hardirqs_on+0x79/0x100 [ 53.329238][ T3632] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.334427][ T3632] ? ptrace_notify+0xfa/0x140 [ 53.339098][ T3632] do_syscall_64+0x35/0xb0 [ 53.343507][ T3632] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.349407][ T3632] RIP: 0033:0x7f03a2a066b9 [ 53.353812][ T3632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 53.373425][ T3632] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 53.381826][ T3632] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3632] <... futex resumed>) = ? [pid 3632] +++ exited with 0 +++ [pid 3631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3631, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3633 ./strace-static-x86_64: Process 3633 attached [pid 3633] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3633] setpgid(0, 0) = 0 [pid 3633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3633] write(3, "1000", 4) = 4 [pid 3633] close(3) = 0 [pid 3633] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3633] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3633] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3634], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3634 [pid 3633] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3634 attached [pid 3634] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3634] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3634] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3634] <... futex resumed>) = 1 [pid 3634] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3634] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3634] <... futex resumed>) = 1 [pid 3634] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3634] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3633}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3634] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3633}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3634] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3634] <... futex resumed>) = 1 [pid 3634] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3634] write(5, "10", 2) = 2 [pid 3634] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3634] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] <... futex resumed>) = 0 [pid 3634] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3633] exit_group(0 [pid 3634] <... futex resumed>) = ? [pid 3633] <... exit_group resumed>) = ? [pid 3634] +++ exited with 0 +++ [pid 3633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3633, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3635 ./strace-static-x86_64: Process 3635 attached [pid 3635] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3635] setpgid(0, 0) = 0 [pid 3635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3635] write(3, "1000", 4) = 4 [pid 3635] close(3) = 0 [pid 3635] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3635] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3635] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3636], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3636 [pid 3635] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3636 attached [pid 3636] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3636] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3636] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... futex resumed>) = 1 [pid 3636] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3636] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... futex resumed>) = 1 [pid 3636] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [ 53.389800][ T3632] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 53.397764][ T3632] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 53.405726][ T3632] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 53.413686][ T3632] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 53.421654][ T3632] [pid 3636] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3635}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3636] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3635}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3636] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... futex resumed>) = 1 [pid 3636] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3636] write(5, "10", 2) = 2 [pid 3636] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3636] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] <... futex resumed>) = 0 [pid 3635] exit_group(0) = ? [pid 3636] <... futex resumed>) = ? [pid 3636] +++ exited with 0 +++ [pid 3635] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3635, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3637 ./strace-static-x86_64: Process 3637 attached [pid 3637] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3637] close(3) = 0 [pid 3637] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3637] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3637] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3638 attached , parent_tid=[3638], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3638 [pid 3638] set_robust_list(0x7f03a29b79e0, 24 [pid 3637] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] <... set_robust_list resumed>) = 0 [pid 3637] <... futex resumed>) = 0 [pid 3638] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3637] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... socket resumed>) = 3 [pid 3638] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3638] <... futex resumed>) = 1 [pid 3637] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... socket resumed>) = 4 [pid 3638] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3638] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3637] <... futex resumed>) = 0 [pid 3638] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3637] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... sendto resumed>) = 32 [pid 3638] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3637}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3638] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3637}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3638] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3638] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3637] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] <... openat resumed>) = 5 [pid 3637] <... futex resumed>) = 0 [pid 3638] write(5, "10", 2 [pid 3637] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... write resumed>) = 2 [pid 3638] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3638] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3638] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] exit_group(0 [pid 3638] <... futex resumed>) = ? [pid 3637] <... exit_group resumed>) = ? [pid 3638] +++ exited with 0 +++ [pid 3637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3639 ./strace-static-x86_64: Process 3639 attached [pid 3639] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4) = 4 [pid 3639] close(3) = 0 [pid 3639] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3639] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3639] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3640], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3640 [pid 3639] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3640 attached ) = 0 [pid 3639] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3640] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3640] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 1 [pid 3640] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3640] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 1 [pid 3640] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3640] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3639}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3640] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3639}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3640] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 1 [pid 3640] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3640] write(5, "10", 2) = 2 [pid 3640] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3640] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] exit_group(0) = ? [pid 3640] <... futex resumed>) = ? [pid 3640] +++ exited with 0 +++ [pid 3639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3639, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3641 ./strace-static-x86_64: Process 3641 attached [pid 3641] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3641] setpgid(0, 0) = 0 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3641] write(3, "1000", 4) = 4 [pid 3641] close(3) = 0 [pid 3641] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3641] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3641] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3642 attached , parent_tid=[3642], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3642 [pid 3642] set_robust_list(0x7f03a29b79e0, 24 [pid 3641] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... set_robust_list resumed>) = 0 [pid 3641] <... futex resumed>) = 0 [pid 3642] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3641] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3642] <... socket resumed>) = 3 [pid 3642] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3641] <... futex resumed>) = 0 [pid 3642] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3641] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... socket resumed>) = 4 [pid 3641] <... futex resumed>) = 0 [pid 3641] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3642] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3642] <... futex resumed>) = 0 [pid 3641] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3641] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3642] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3642] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3641}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3642] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3641}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3642] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3641] <... futex resumed>) = 0 [pid 3641] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3641] <... futex resumed>) = 0 [pid 3641] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3642] <... openat resumed>) = 5 [pid 3642] write(5, "10", 2) = 2 [pid 3642] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3642] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3641] <... futex resumed>) = 0 [pid 3642] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3641] exit_group(0) = ? [ 53.541035][ T3642] FAULT_INJECTION: forcing a failure. [ 53.541035][ T3642] name fail_futex, interval 1, probability 0, space 0, times 0 [ 53.554032][ T3642] CPU: 1 PID: 3642 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 53.565444][ T3642] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 53.574846][ T3642] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3642, name: syz-executor181 [ 53.584296][ T3642] preempt_count: 0, expected: 0 [ 53.589132][ T3642] RCU nest depth: 0, expected: 0 [ 53.594064][ T3642] no locks held by syz-executor181/3642. [ 53.599680][ T3642] irq event stamp: 918 [ 53.603734][ T3642] hardirqs last enabled at (917): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 53.613989][ T3642] hardirqs last disabled at (918): [] dump_stack_lvl+0x2e/0x134 [ 53.623200][ T3642] softirqs last enabled at (910): [] __irq_exit_rcu+0x123/0x180 [ 53.632500][ T3642] softirqs last disabled at (897): [] __irq_exit_rcu+0x123/0x180 [ 53.641789][ T3642] CPU: 1 PID: 3642 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 53.653182][ T3642] syz-executor181[3642] cmdline: [ 53.658219][ T3642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 53.668293][ T3642] Call Trace: [ 53.671597][ T3642] [ 53.674538][ T3642] dump_stack_lvl+0xcd/0x134 [ 53.679174][ T3642] __might_resched.cold+0x222/0x26b [ 53.684395][ T3642] down_read_killable+0x75/0x490 [ 53.689383][ T3642] ? down_read+0x450/0x450 [ 53.693838][ T3642] __access_remote_vm+0xac/0x6f0 [ 53.698806][ T3642] ? follow_phys+0x2c0/0x2c0 [ 53.703411][ T3642] ? do_raw_spin_lock+0x120/0x2a0 [ 53.708450][ T3642] ? rwlock_bug.part.0+0x90/0x90 [ 53.713402][ T3642] ? __up_console_sem+0x47/0xc0 [ 53.718268][ T3642] get_mm_cmdline.part.0+0x217/0x620 [ 53.723577][ T3642] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 53.729448][ T3642] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 53.735298][ T3642] get_task_cmdline_kernel+0x1d9/0x220 [ 53.740815][ T3642] dump_stack_print_cmdline.part.0+0x82/0x150 [ 53.746911][ T3642] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 53.753033][ T3642] ? dump_stack_print_info+0xc6/0x190 [ 53.758430][ T3642] dump_stack_print_info+0x185/0x190 [ 53.764174][ T3642] dump_stack_lvl+0xc1/0x134 [ 53.768797][ T3642] should_fail.cold+0x5/0xa [ 53.773336][ T3642] get_futex_key+0x5a8/0x1c30 [ 53.778025][ T3642] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 53.784021][ T3642] ? futex_setup_timer+0xf0/0xf0 [ 53.788983][ T3642] futex_wait_setup+0xa7/0x230 [ 53.793765][ T3642] ? futex_wait_multiple+0xc90/0xc90 [ 53.799086][ T3642] futex_wait+0x264/0x680 [ 53.803434][ T3642] ? futex_wait_setup+0x230/0x230 [ 53.808495][ T3642] ? do_raw_spin_lock+0x120/0x2a0 [ 53.813534][ T3642] ? rwlock_bug.part.0+0x90/0x90 [ 53.818500][ T3642] ? _raw_spin_lock_irq+0x41/0x50 [ 53.823537][ T3642] do_futex+0x1af/0x300 [ 53.827707][ T3642] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 53.833612][ T3642] ? find_held_lock+0x2d/0x110 [ 53.838391][ T3642] __x64_sys_futex+0x1b0/0x4a0 [ 53.843182][ T3642] ? do_futex+0x300/0x300 [ 53.847523][ T3642] ? _raw_spin_unlock_irq+0x1f/0x40 [ 53.852747][ T3642] ? lockdep_hardirqs_on+0x79/0x100 [ 53.857968][ T3642] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.863451][ T3642] ? ptrace_notify+0xfa/0x140 [ 53.868160][ T3642] do_syscall_64+0x35/0xb0 [ 53.872598][ T3642] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.878504][ T3642] RIP: 0033:0x7f03a2a066b9 [ 53.882925][ T3642] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 53.902575][ T3642] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 53.910999][ T3642] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 53.918995][ T3642] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 53.926974][ T3642] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 53.934949][ T3642] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 53.942937][ T3642] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 53.950927][ T3642] [ 53.953959][ T3642] syz-executor181[3642] cmdline: [ 53.958995][ T3642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 53.969064][ T3642] Call Trace: [ 53.972359][ T3642] [ 53.975298][ T3642] dump_stack_lvl+0xcd/0x134 [ 53.979918][ T3642] should_fail.cold+0x5/0xa [ 53.984450][ T3642] get_futex_key+0x5a8/0x1c30 [ 53.989153][ T3642] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 53.995157][ T3642] ? futex_setup_timer+0xf0/0xf0 [ 54.000118][ T3642] futex_wait_setup+0xa7/0x230 [ 54.004901][ T3642] ? futex_wait_multiple+0xc90/0xc90 [ 54.010211][ T3642] futex_wait+0x264/0x680 [ 54.014560][ T3642] ? futex_wait_setup+0x230/0x230 [ 54.019623][ T3642] ? do_raw_spin_lock+0x120/0x2a0 [ 54.024660][ T3642] ? rwlock_bug.part.0+0x90/0x90 [ 54.029607][ T3642] ? _raw_spin_lock_irq+0x41/0x50 [ 54.034663][ T3642] do_futex+0x1af/0x300 [ 54.038833][ T3642] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 54.044738][ T3642] ? find_held_lock+0x2d/0x110 [ 54.049521][ T3642] __x64_sys_futex+0x1b0/0x4a0 [ 54.054301][ T3642] ? do_futex+0x300/0x300 [ 54.058642][ T3642] ? _raw_spin_unlock_irq+0x1f/0x40 [ 54.063869][ T3642] ? lockdep_hardirqs_on+0x79/0x100 [ 54.069087][ T3642] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.074302][ T3642] ? ptrace_notify+0xfa/0x140 [ 54.078994][ T3642] do_syscall_64+0x35/0xb0 [ 54.083441][ T3642] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.089367][ T3642] RIP: 0033:0x7f03a2a066b9 [ 54.093796][ T3642] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.113411][ T3642] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 54.121848][ T3642] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 54.129839][ T3642] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [pid 3642] <... futex resumed>) = ? [pid 3642] +++ exited with 0 +++ [pid 3641] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3641, si_uid=0, si_status=0, si_utime=0, si_stime=63} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3643 ./strace-static-x86_64: Process 3643 attached [pid 3643] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3643] setpgid(0, 0) = 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3643] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3643] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3644 attached , parent_tid=[3644], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3644 [pid 3644] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3644] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3644] <... futex resumed>) = 0 [pid 3644] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3644] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3644] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3643] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3644] <... futex resumed>) = 0 [pid 3644] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3644] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3644] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3643] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3644] <... futex resumed>) = 0 [pid 3643] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3644] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3643}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3644] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3643}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3644] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3644] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] <... futex resumed>) = 0 [pid 3643] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3644] <... futex resumed>) = 0 [pid 3643] <... futex resumed>) = 1 [pid 3644] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3643] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] write(5, "10", 2) = 2 [pid 3644] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3644] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3643] <... futex resumed>) = 0 [pid 3644] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] exit_group(0) = ? [pid 3644] <... futex resumed>) = ? [ 54.137818][ T3642] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 54.145797][ T3642] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 54.153771][ T3642] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 54.161768][ T3642] [pid 3644] +++ exited with 0 +++ [pid 3643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3645] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3646], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3646 [pid 3645] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3646 attached [pid 3646] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3646] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3646] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... futex resumed>) = 1 [pid 3646] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3646] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... futex resumed>) = 1 [pid 3646] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3646] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3645}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3646] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3645}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3646] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... futex resumed>) = 1 [pid 3646] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3646] write(5, "10", 2) = 2 [pid 3646] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3646] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] exit_group(0) = ? [pid 3646] <... futex resumed>) = ? [pid 3646] +++ exited with 0 +++ [pid 3645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3647 ./strace-static-x86_64: Process 3647 attached [pid 3647] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3647] setpgid(0, 0) = 0 [pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3647] write(3, "1000", 4) = 4 [pid 3647] close(3) = 0 [pid 3647] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3647] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3647] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3648], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3648 [pid 3647] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3648 attached [pid 3648] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3648] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3648] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 0 [pid 3647] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3648] <... futex resumed>) = 1 [pid 3648] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3648] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 0 [pid 3647] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3648] <... futex resumed>) = 1 [pid 3648] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3648] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3647}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3648] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3647}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3648] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 0 [pid 3647] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3648] <... futex resumed>) = 1 [pid 3648] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3648] write(5, "10", 2) = 2 [pid 3648] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3648] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 0 [pid 3647] exit_group(0) = ? [pid 3648] <... futex resumed>) = ? [pid 3648] +++ exited with 0 +++ [pid 3647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3647, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3649 ./strace-static-x86_64: Process 3649 attached [pid 3649] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3649] setpgid(0, 0) = 0 [pid 3649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3649] write(3, "1000", 4) = 4 [pid 3649] close(3) = 0 [pid 3649] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3649] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3649] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3650], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3650 [pid 3649] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3650 attached [pid 3650] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3650] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3650] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3649] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... futex resumed>) = 1 [pid 3650] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3650] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3649] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... futex resumed>) = 1 [pid 3650] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3650] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3649}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3650] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3649}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3650] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3649] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... futex resumed>) = 1 [pid 3650] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3650] write(5, "10", 2) = 2 [pid 3650] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3650] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3649] exit_group(0) = ? [pid 3650] <... futex resumed>) = ? [pid 3650] +++ exited with 0 +++ [pid 3649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3649, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3651 ./strace-static-x86_64: Process 3651 attached [pid 3651] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3651] setpgid(0, 0) = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3651] write(3, "1000", 4) = 4 [pid 3651] close(3) = 0 [pid 3651] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3651] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3652], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3652 [pid 3651] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3652 attached [pid 3652] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3652] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3652] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 1 [pid 3652] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3652] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 1 [pid 3652] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3652] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3651}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3652] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3651}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3652] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 1 [pid 3652] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3652] write(5, "10", 2) = 2 [pid 3652] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3652] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] exit_group(0) = ? [pid 3652] <... futex resumed>) = ? [pid 3652] +++ exited with 0 +++ [pid 3651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3653 ./strace-static-x86_64: Process 3653 attached [pid 3653] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3653] setpgid(0, 0) = 0 [pid 3653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3653] write(3, "1000", 4) = 4 [pid 3653] close(3) = 0 [pid 3653] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3653] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3653] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3654], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3654 [pid 3653] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3653] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3654 attached [pid 3654] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3654] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3654] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3653] <... futex resumed>) = 0 [pid 3653] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3653] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3654] <... futex resumed>) = 1 [pid 3654] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3654] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3653] <... futex resumed>) = 0 [pid 3653] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3653] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3654] <... futex resumed>) = 1 [pid 3654] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3654] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3653}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3654] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3653}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3654] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3653] <... futex resumed>) = 0 [pid 3653] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3653] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3654] <... futex resumed>) = 1 [pid 3654] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3654] write(5, "10", 2) = 2 [pid 3654] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [ 54.311363][ T3654] FAULT_INJECTION: forcing a failure. [ 54.311363][ T3654] name fail_futex, interval 1, probability 0, space 0, times 0 [ 54.324385][ T3654] CPU: 1 PID: 3654 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 54.335771][ T3654] syz-executor181[3654] cmdline: ./syz-executor1814091279 [ 54.342892][ T3654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 54.352944][ T3654] Call Trace: [ 54.356226][ T3654] [ 54.359162][ T3654] dump_stack_lvl+0xcd/0x134 [ 54.363760][ T3654] should_fail.cold+0x5/0xa [ 54.368269][ T3654] get_futex_key+0x5a8/0x1c30 [ 54.372958][ T3654] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 54.378983][ T3654] ? futex_setup_timer+0xf0/0xf0 [ 54.383963][ T3654] futex_wake+0xe4/0x490 [ 54.388228][ T3654] ? futex_wake_mark+0x1a0/0x1a0 [ 54.393178][ T3654] ? ptrace_stop.part.0+0x5ec/0xa80 [ 54.398401][ T3654] ? do_raw_spin_lock+0x120/0x2a0 [ 54.403423][ T3654] ? rwlock_bug.part.0+0x90/0x90 [ 54.408354][ T3654] ? _raw_spin_lock_irq+0x41/0x50 [ 54.413376][ T3654] do_futex+0x266/0x300 [ 54.417536][ T3654] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 54.423424][ T3654] ? find_held_lock+0x2d/0x110 [ 54.428207][ T3654] __x64_sys_futex+0x1b0/0x4a0 [ 54.432984][ T3654] ? do_futex+0x300/0x300 [ 54.437348][ T3654] ? _raw_spin_unlock_irq+0x1f/0x40 [ 54.442569][ T3654] ? lockdep_hardirqs_on+0x79/0x100 [ 54.447775][ T3654] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.452978][ T3654] ? ptrace_notify+0xfa/0x140 [ 54.457676][ T3654] do_syscall_64+0x35/0xb0 [ 54.462093][ T3654] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.467989][ T3654] RIP: 0033:0x7f03a2a066b9 [ 54.472403][ T3654] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.492098][ T3654] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 54.500529][ T3654] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3654] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = -1 EFAULT (Bad address) [pid 3653] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3654] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3653] exit_group(0 [pid 3654] <... futex resumed>) = ? [pid 3653] <... exit_group resumed>) = ? [pid 3654] +++ exited with 0 +++ [pid 3653] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3653, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3655 attached [pid 3655] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3655] setpgid(0, 0) = 0 [pid 3655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3655] write(3, "1000", 4) = 4 [pid 3655] close(3) = 0 [pid 3655] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3655] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3655] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3656], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3656 [pid 3655] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3656 attached [pid 3656] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3656] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3656] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 0 [pid 3655] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3656] <... futex resumed>) = 1 [pid 3656] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3656] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 0 [pid 3655] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3656] <... futex resumed>) = 1 [pid 3656] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3608] <... clone resumed>, child_tidptr=0x555556f6e5d0) = 3655 [pid 3656] <... sendto resumed>) = 32 [pid 3656] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3655}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3656] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3655}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3656] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3656] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3655] <... futex resumed>) = 0 [pid 3656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3655] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3656] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3655] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3656] <... openat resumed>) = 5 [pid 3656] write(5, "10", 2) = 2 [pid 3656] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [ 54.508518][ T3654] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03a2a8f4cc [ 54.516487][ T3654] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 54.524489][ T3654] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f03a29b7300 [ 54.532485][ T3654] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 54.540488][ T3654] [ 54.569464][ T3656] FAULT_INJECTION: forcing a failure. [ 54.569464][ T3656] name fail_futex, interval 1, probability 0, space 0, times 0 [ 54.582745][ T3656] CPU: 0 PID: 3656 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 54.594136][ T3656] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 54.603512][ T3656] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3656, name: syz-executor181 [ 54.612957][ T3656] preempt_count: 0, expected: 0 [ 54.617801][ T3656] RCU nest depth: 0, expected: 0 [ 54.622738][ T3656] no locks held by syz-executor181/3656. [ 54.628358][ T3656] irq event stamp: 1060 [ 54.632515][ T3656] hardirqs last enabled at (1059): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 54.642856][ T3656] hardirqs last disabled at (1060): [] dump_stack_lvl+0x2e/0x134 [ 54.652153][ T3656] softirqs last enabled at (1052): [] __irq_exit_rcu+0x123/0x180 [ 54.661567][ T3656] softirqs last disabled at (1029): [] __irq_exit_rcu+0x123/0x180 [ 54.670940][ T3656] CPU: 0 PID: 3656 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 54.682314][ T3656] syz-executor181[3656] cmdline: ./syz-executor1814091279 [ 54.689425][ T3656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 54.699480][ T3656] Call Trace: [ 54.702769][ T3656] [ 54.705703][ T3656] dump_stack_lvl+0xcd/0x134 [ 54.710322][ T3656] __might_resched.cold+0x222/0x26b [ 54.715531][ T3656] down_read_killable+0x75/0x490 [ 54.720491][ T3656] ? down_read+0x450/0x450 [ 54.724931][ T3656] __access_remote_vm+0xac/0x6f0 [ 54.729886][ T3656] ? follow_phys+0x2c0/0x2c0 [ 54.734486][ T3656] ? do_raw_spin_lock+0x120/0x2a0 [ 54.739531][ T3656] ? rwlock_bug.part.0+0x90/0x90 [ 54.744478][ T3656] ? __up_console_sem+0x47/0xc0 [ 54.749430][ T3656] get_mm_cmdline.part.0+0x217/0x620 [ 54.754758][ T3656] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 54.760517][ T3656] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 54.766359][ T3656] get_task_cmdline_kernel+0x1d9/0x220 [ 54.771849][ T3656] dump_stack_print_cmdline.part.0+0x82/0x150 [ 54.777937][ T3656] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 54.784049][ T3656] ? dump_stack_print_info+0xc6/0x190 [ 54.789440][ T3656] dump_stack_print_info+0x185/0x190 [ 54.794747][ T3656] dump_stack_lvl+0xc1/0x134 [ 54.799362][ T3656] should_fail.cold+0x5/0xa [ 54.803896][ T3656] get_futex_key+0x5a8/0x1c30 [ 54.808586][ T3656] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 54.814581][ T3656] ? futex_setup_timer+0xf0/0xf0 [ 54.819537][ T3656] futex_wake+0xe4/0x490 [ 54.823816][ T3656] ? futex_wake_mark+0x1a0/0x1a0 [ 54.828773][ T3656] ? ptrace_stop.part.0+0x5ec/0xa80 [ 54.833986][ T3656] ? do_raw_spin_lock+0x120/0x2a0 [ 54.839024][ T3656] ? rwlock_bug.part.0+0x90/0x90 [ 54.843978][ T3656] ? _raw_spin_lock_irq+0x41/0x50 [ 54.849029][ T3656] do_futex+0x266/0x300 [ 54.853214][ T3656] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 54.859121][ T3656] ? find_held_lock+0x2d/0x110 [ 54.863915][ T3656] __x64_sys_futex+0x1b0/0x4a0 [ 54.868717][ T3656] ? do_futex+0x300/0x300 [ 54.873055][ T3656] ? _raw_spin_unlock_irq+0x1f/0x40 [ 54.878278][ T3656] ? lockdep_hardirqs_on+0x79/0x100 [ 54.883497][ T3656] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.888720][ T3656] ? ptrace_notify+0xfa/0x140 [ 54.893412][ T3656] do_syscall_64+0x35/0xb0 [ 54.897849][ T3656] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.903753][ T3656] RIP: 0033:0x7f03a2a066b9 [ 54.908179][ T3656] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.928000][ T3656] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 54.936419][ T3656] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 54.944393][ T3656] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03a2a8f4cc [ 54.952367][ T3656] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 54.960343][ T3656] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f03a29b7300 [ 54.968322][ T3656] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 54.976309][ T3656] [ 54.979349][ T3656] syz-executor181[3656] cmdline: ./syz-executor1814091279 [ 54.986453][ T3656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 54.996596][ T3656] Call Trace: [ 54.999878][ T3656] [ 55.002818][ T3656] dump_stack_lvl+0xcd/0x134 [ 55.007436][ T3656] should_fail.cold+0x5/0xa [ 55.011960][ T3656] get_futex_key+0x5a8/0x1c30 [ 55.016650][ T3656] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 55.022643][ T3656] ? futex_setup_timer+0xf0/0xf0 [ 55.027600][ T3656] futex_wake+0xe4/0x490 [ 55.031861][ T3656] ? futex_wake_mark+0x1a0/0x1a0 [ 55.036818][ T3656] ? ptrace_stop.part.0+0x5ec/0xa80 [ 55.042029][ T3656] ? do_raw_spin_lock+0x120/0x2a0 [ 55.047068][ T3656] ? rwlock_bug.part.0+0x90/0x90 [ 55.052014][ T3656] ? _raw_spin_lock_irq+0x41/0x50 [ 55.057049][ T3656] do_futex+0x266/0x300 [ 55.061223][ T3656] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 55.067126][ T3656] ? find_held_lock+0x2d/0x110 [ 55.071905][ T3656] __x64_sys_futex+0x1b0/0x4a0 [ 55.076862][ T3656] ? do_futex+0x300/0x300 [ 55.081201][ T3656] ? _raw_spin_unlock_irq+0x1f/0x40 [ 55.086423][ T3656] ? lockdep_hardirqs_on+0x79/0x100 [ 55.091640][ T3656] ? _raw_spin_unlock_irq+0x2a/0x40 [ 55.096846][ T3656] ? ptrace_notify+0xfa/0x140 [ 55.101538][ T3656] do_syscall_64+0x35/0xb0 [ 55.105972][ T3656] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.111875][ T3656] RIP: 0033:0x7f03a2a066b9 [ 55.116296][ T3656] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.135911][ T3656] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 55.144331][ T3656] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 55.152305][ T3656] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03a2a8f4cc [ 55.160280][ T3656] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [pid 3656] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = -1 EFAULT (Bad address) [pid 3655] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3656] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3655] exit_group(0 [pid 3656] <... futex resumed>) = ? [pid 3655] <... exit_group resumed>) = ? [pid 3656] +++ exited with 0 +++ [pid 3655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3655, si_uid=0, si_status=0, si_utime=0, si_stime=64} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3657 attached [pid 3657] set_robust_list(0x555556f6e5e0, 24 [pid 3608] <... clone resumed>, child_tidptr=0x555556f6e5d0) = 3657 [pid 3657] <... set_robust_list resumed>) = 0 [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3657] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3658 attached , parent_tid=[3658], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3658 [pid 3657] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3658] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3658] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3658] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3658] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3657}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3658] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3657}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3658] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3658] write(5, "10", 2) = 2 [pid 3658] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3658] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] exit_group(0 [pid 3658] <... futex resumed>) = ? [pid 3657] <... exit_group resumed>) = ? [pid 3658] +++ exited with 0 +++ [pid 3657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3659 ./strace-static-x86_64: Process 3659 attached [pid 3659] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3659] setpgid(0, 0) = 0 [pid 3659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3659] write(3, "1000", 4) = 4 [pid 3659] close(3) = 0 [pid 3659] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.168273][ T3656] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f03a29b7300 [ 55.176264][ T3656] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 55.184255][ T3656] [pid 3659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3659] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3659] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3660], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3660 [pid 3659] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3659] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3660 attached [pid 3660] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3660] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3660] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3659] <... futex resumed>) = 0 [pid 3660] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3659] <... futex resumed>) = 0 [pid 3660] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3659] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3660] <... socket resumed>) = 4 [pid 3660] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3659] <... futex resumed>) = 0 [pid 3659] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3659] <... futex resumed>) = 0 [pid 3660] <... sendto resumed>) = 32 [pid 3659] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3660] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3659}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3660] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3659}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3660] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3659] <... futex resumed>) = 0 [pid 3660] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3659] <... futex resumed>) = 0 [pid 3660] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3659] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3660] <... openat resumed>) = 5 [pid 3660] write(5, "10", 2) = 2 [pid 3660] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3660] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3659] <... futex resumed>) = 0 [pid 3660] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] exit_group(0) = ? [ 55.258244][ T3660] FAULT_INJECTION: forcing a failure. [ 55.258244][ T3660] name fail_futex, interval 1, probability 0, space 0, times 0 [ 55.271156][ T3660] CPU: 1 PID: 3660 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 55.282532][ T3660] syz-executor181[3660] cmdline: [ 55.287549][ T3660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 55.297600][ T3660] Call Trace: [ 55.300885][ T3660] [ 55.303825][ T3660] dump_stack_lvl+0xcd/0x134 [ 55.308424][ T3660] should_fail.cold+0x5/0xa [ 55.312929][ T3660] get_futex_key+0x5a8/0x1c30 [ 55.317611][ T3660] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 55.323626][ T3660] ? futex_setup_timer+0xf0/0xf0 [ 55.328589][ T3660] futex_wait_setup+0xa7/0x230 [ 55.333378][ T3660] ? futex_wait_multiple+0xc90/0xc90 [ 55.338718][ T3660] futex_wait+0x264/0x680 [ 55.343049][ T3660] ? futex_wait_setup+0x230/0x230 [ 55.348086][ T3660] ? do_raw_spin_lock+0x120/0x2a0 [ 55.353109][ T3660] ? rwlock_bug.part.0+0x90/0x90 [ 55.358063][ T3660] ? _raw_spin_lock_irq+0x41/0x50 [ 55.363099][ T3660] do_futex+0x1af/0x300 [ 55.367280][ T3660] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 55.373187][ T3660] ? find_held_lock+0x2d/0x110 [ 55.377969][ T3660] __x64_sys_futex+0x1b0/0x4a0 [ 55.382732][ T3660] ? do_futex+0x300/0x300 [ 55.387059][ T3660] ? _raw_spin_unlock_irq+0x1f/0x40 [ 55.392253][ T3660] ? lockdep_hardirqs_on+0x79/0x100 [ 55.397483][ T3660] ? _raw_spin_unlock_irq+0x2a/0x40 [ 55.402695][ T3660] ? ptrace_notify+0xfa/0x140 [ 55.407387][ T3660] do_syscall_64+0x35/0xb0 [ 55.411828][ T3660] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.417718][ T3660] RIP: 0033:0x7f03a2a066b9 [ 55.422128][ T3660] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.441742][ T3660] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 55.450174][ T3660] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3660] <... futex resumed>) = ? [pid 3660] +++ exited with 0 +++ [pid 3659] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3659, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3661 attached , child_tidptr=0x555556f6e5d0) = 3661 [pid 3661] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3661] setpgid(0, 0) = 0 [pid 3661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3661] write(3, "1000", 4) = 4 [pid 3661] close(3) = 0 [pid 3661] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3661] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3661] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3662 attached , parent_tid=[3662], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3662 [pid 3662] set_robust_list(0x7f03a29b79e0, 24 [pid 3661] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] <... set_robust_list resumed>) = 0 [pid 3662] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3662] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3661] <... futex resumed>) = 0 [pid 3662] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3661] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... socket resumed>) = 4 [pid 3661] <... futex resumed>) = 0 [pid 3662] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] <... futex resumed>) = 0 [pid 3661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3662] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3661] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] <... sendto resumed>) = 32 [pid 3662] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3661}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3662] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3661}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3662] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3661] <... futex resumed>) = 0 [pid 3662] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3661] <... futex resumed>) = 0 [pid 3662] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3661] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] <... openat resumed>) = 5 [pid 3662] write(5, "10", 2) = 2 [pid 3662] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3662] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3661] <... futex resumed>) = 0 [ 55.458158][ T3660] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 55.466124][ T3660] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 55.474087][ T3660] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 55.482076][ T3660] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 55.490084][ T3660] [pid 3662] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] exit_group(0) = ? [ 55.522564][ T3662] FAULT_INJECTION: forcing a failure. [ 55.522564][ T3662] name fail_futex, interval 1, probability 0, space 0, times 0 [ 55.535516][ T3662] CPU: 1 PID: 3662 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 55.546903][ T3662] syz-executor181[3662] cmdline: [ 55.551931][ T3662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 55.562057][ T3662] Call Trace: [ 55.565343][ T3662] [ 55.568329][ T3662] dump_stack_lvl+0xcd/0x134 [ 55.572925][ T3662] should_fail.cold+0x5/0xa [ 55.577440][ T3662] get_futex_key+0x5a8/0x1c30 [ 55.582144][ T3662] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 55.588151][ T3662] ? futex_setup_timer+0xf0/0xf0 [ 55.593099][ T3662] futex_wait_setup+0xa7/0x230 [ 55.597885][ T3662] ? futex_wait_multiple+0xc90/0xc90 [ 55.603210][ T3662] futex_wait+0x264/0x680 [ 55.607565][ T3662] ? futex_wait_setup+0x230/0x230 [ 55.612649][ T3662] ? do_raw_spin_lock+0x120/0x2a0 [ 55.617692][ T3662] ? rwlock_bug.part.0+0x90/0x90 [ 55.622645][ T3662] ? _raw_spin_lock_irq+0x41/0x50 [ 55.627684][ T3662] do_futex+0x1af/0x300 [ 55.631858][ T3662] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 55.637764][ T3662] ? find_held_lock+0x2d/0x110 [ 55.642542][ T3662] __x64_sys_futex+0x1b0/0x4a0 [ 55.647323][ T3662] ? do_futex+0x300/0x300 [ 55.651662][ T3662] ? _raw_spin_unlock_irq+0x1f/0x40 [ 55.656873][ T3662] ? lockdep_hardirqs_on+0x79/0x100 [ 55.662088][ T3662] ? _raw_spin_unlock_irq+0x2a/0x40 [ 55.667295][ T3662] ? ptrace_notify+0xfa/0x140 [ 55.672010][ T3662] do_syscall_64+0x35/0xb0 [ 55.676440][ T3662] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.682358][ T3662] RIP: 0033:0x7f03a2a066b9 [ 55.686780][ T3662] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.706392][ T3662] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 55.714843][ T3662] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3662] <... futex resumed>) = ? [pid 3662] +++ exited with 0 +++ [pid 3661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3661, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3663 attached , child_tidptr=0x555556f6e5d0) = 3663 [pid 3663] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3663] setpgid(0, 0) = 0 [pid 3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3663] write(3, "1000", 4) = 4 [pid 3663] close(3) = 0 [pid 3663] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3663] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3663] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3664], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3664 [pid 3663] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3664 attached [pid 3664] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3664] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3664] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 1 [pid 3664] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3664] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 1 [pid 3664] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3664] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3663}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3664] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3663}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3664] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3664] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3663] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... openat resumed>) = 5 [pid 3663] <... futex resumed>) = 0 [pid 3664] write(5, "10", 2 [pid 3663] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... write resumed>) = 2 [pid 3664] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3664] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3664] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] exit_group(0 [pid 3664] <... futex resumed>) = ? [pid 3663] <... exit_group resumed>) = ? [pid 3664] +++ exited with 0 +++ [pid 3663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3663, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3665 ./strace-static-x86_64: Process 3665 attached [pid 3665] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3665] setpgid(0, 0) = 0 [pid 3665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3665] write(3, "1000", 4) = 4 [pid 3665] close(3) = 0 [pid 3665] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3665] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3665] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3666], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3666 [pid 3665] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3666 attached [pid 3666] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3666] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3666] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3665] <... futex resumed>) = 0 [pid 3666] <... futex resumed>) = 1 [pid 3665] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3665] <... futex resumed>) = 0 [pid 3665] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3666] <... socket resumed>) = 4 [ 55.722857][ T3662] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 55.730845][ T3662] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 55.738824][ T3662] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 55.746801][ T3662] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 55.754794][ T3662] [pid 3666] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3665] <... futex resumed>) = 0 [pid 3665] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3665] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3666] <... sendto resumed>) = 32 [pid 3666] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3665}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3666] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3665}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3666] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3665] <... futex resumed>) = 0 [pid 3666] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3665] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3666] <... openat resumed>) = 5 [pid 3666] write(5, "10", 2) = 2 [pid 3666] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3666] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3665] <... futex resumed>) = 0 [pid 3666] <... futex resumed>) = 1 [pid 3665] exit_group(0) = ? [pid 3666] +++ exited with 0 +++ [pid 3665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3665, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3667 attached , child_tidptr=0x555556f6e5d0) = 3667 [pid 3667] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3667] setpgid(0, 0) = 0 [pid 3667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3667] write(3, "1000", 4) = 4 [pid 3667] close(3) = 0 [pid 3667] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3667] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3667] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3668], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3668 [pid 3667] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3668 attached [pid 3668] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3668] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3668] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3667] <... futex resumed>) = 0 [pid 3667] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3668] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3667] <... futex resumed>) = 0 [pid 3667] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3668] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3667}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3668] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3667}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3668] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3667] <... futex resumed>) = 0 [pid 3667] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3668] write(5, "10", 2) = 2 [pid 3668] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [ 55.842009][ T3668] FAULT_INJECTION: forcing a failure. [ 55.842009][ T3668] name fail_futex, interval 1, probability 0, space 0, times 0 [ 55.855158][ T3668] CPU: 1 PID: 3668 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 55.866573][ T3668] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 55.875963][ T3668] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3668, name: syz-executor181 [ 55.885435][ T3668] preempt_count: 0, expected: 0 [ 55.890283][ T3668] RCU nest depth: 0, expected: 0 [ 55.895231][ T3668] no locks held by syz-executor181/3668. [ 55.900855][ T3668] irq event stamp: 1404 [ 55.905010][ T3668] hardirqs last enabled at (1403): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 55.915393][ T3668] hardirqs last disabled at (1404): [] dump_stack_lvl+0x2e/0x134 [ 55.924689][ T3668] softirqs last enabled at (1396): [] __irq_exit_rcu+0x123/0x180 [ 55.934089][ T3668] softirqs last disabled at (1251): [] __irq_exit_rcu+0x123/0x180 [ 55.943476][ T3668] CPU: 1 PID: 3668 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 55.954895][ T3668] syz-executor181[3668] cmdline: ./syz-executor1814091279 [ 55.962021][ T3668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 55.972087][ T3668] Call Trace: [ 55.975359][ T3668] [ 55.978282][ T3668] dump_stack_lvl+0xcd/0x134 [ 55.982900][ T3668] __might_resched.cold+0x222/0x26b [ 55.988190][ T3668] down_read_killable+0x75/0x490 [ 55.993144][ T3668] ? down_read+0x450/0x450 [ 55.997617][ T3668] __access_remote_vm+0xac/0x6f0 [ 56.002578][ T3668] ? follow_phys+0x2c0/0x2c0 [ 56.007188][ T3668] ? do_raw_spin_lock+0x120/0x2a0 [ 56.012233][ T3668] ? rwlock_bug.part.0+0x90/0x90 [ 56.017176][ T3668] ? __up_console_sem+0x47/0xc0 [ 56.022049][ T3668] get_mm_cmdline.part.0+0x217/0x620 [ 56.027346][ T3668] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 56.033098][ T3668] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 56.038932][ T3668] get_task_cmdline_kernel+0x1d9/0x220 [ 56.044407][ T3668] dump_stack_print_cmdline.part.0+0x82/0x150 [ 56.050503][ T3668] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 56.056599][ T3668] ? dump_stack_print_info+0xc6/0x190 [ 56.061998][ T3668] dump_stack_print_info+0x185/0x190 [ 56.067322][ T3668] dump_stack_lvl+0xc1/0x134 [ 56.071931][ T3668] should_fail.cold+0x5/0xa [ 56.076468][ T3668] get_futex_key+0x5a8/0x1c30 [ 56.081163][ T3668] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.087164][ T3668] ? futex_setup_timer+0xf0/0xf0 [ 56.092121][ T3668] futex_wake+0xe4/0x490 [ 56.096497][ T3668] ? futex_wake_mark+0x1a0/0x1a0 [ 56.101464][ T3668] ? ptrace_stop.part.0+0x5ec/0xa80 [ 56.106679][ T3668] ? do_raw_spin_lock+0x120/0x2a0 [ 56.111704][ T3668] ? rwlock_bug.part.0+0x90/0x90 [ 56.116641][ T3668] ? _raw_spin_lock_irq+0x41/0x50 [ 56.121672][ T3668] do_futex+0x266/0x300 [ 56.125827][ T3668] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 56.131726][ T3668] ? find_held_lock+0x2d/0x110 [ 56.136511][ T3668] __x64_sys_futex+0x1b0/0x4a0 [ 56.141295][ T3668] ? do_futex+0x300/0x300 [ 56.145623][ T3668] ? _raw_spin_unlock_irq+0x1f/0x40 [ 56.150836][ T3668] ? lockdep_hardirqs_on+0x79/0x100 [ 56.156054][ T3668] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.161268][ T3668] ? ptrace_notify+0xfa/0x140 [ 56.165960][ T3668] do_syscall_64+0x35/0xb0 [ 56.170412][ T3668] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.176325][ T3668] RIP: 0033:0x7f03a2a066b9 [ 56.180737][ T3668] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.200355][ T3668] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 56.208781][ T3668] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 56.216774][ T3668] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03a2a8f4cc [ 56.224744][ T3668] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 56.232720][ T3668] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f03a29b7300 [ 56.240689][ T3668] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 56.248691][ T3668] [ 56.251752][ T3668] syz-executor181[3668] cmdline: ./syz-executor1814091279 [ 56.258875][ T3668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 56.268947][ T3668] Call Trace: [ 56.272248][ T3668] [ 56.275203][ T3668] dump_stack_lvl+0xcd/0x134 [ 56.279803][ T3668] should_fail.cold+0x5/0xa [ 56.284325][ T3668] get_futex_key+0x5a8/0x1c30 [ 56.289013][ T3668] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.295014][ T3668] ? futex_setup_timer+0xf0/0xf0 [ 56.299956][ T3668] futex_wake+0xe4/0x490 [ 56.304200][ T3668] ? futex_wake_mark+0x1a0/0x1a0 [ 56.309153][ T3668] ? ptrace_stop.part.0+0x5ec/0xa80 [ 56.314359][ T3668] ? do_raw_spin_lock+0x120/0x2a0 [ 56.319404][ T3668] ? rwlock_bug.part.0+0x90/0x90 [ 56.324345][ T3668] ? _raw_spin_lock_irq+0x41/0x50 [ 56.329388][ T3668] do_futex+0x266/0x300 [ 56.333541][ T3668] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 56.339449][ T3668] ? find_held_lock+0x2d/0x110 [ 56.344212][ T3668] __x64_sys_futex+0x1b0/0x4a0 [ 56.348982][ T3668] ? do_futex+0x300/0x300 [ 56.353309][ T3668] ? _raw_spin_unlock_irq+0x1f/0x40 [ 56.358530][ T3668] ? lockdep_hardirqs_on+0x79/0x100 [ 56.363789][ T3668] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.368991][ T3668] ? ptrace_notify+0xfa/0x140 [ 56.373673][ T3668] do_syscall_64+0x35/0xb0 [ 56.378107][ T3668] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.383996][ T3668] RIP: 0033:0x7f03a2a066b9 [ 56.388405][ T3668] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.408030][ T3668] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 56.416438][ T3668] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 56.424416][ T3668] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03a2a8f4cc [ 56.432401][ T3668] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [pid 3668] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = -1 EFAULT (Bad address) [pid 3667] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3668] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3667] exit_group(0 [pid 3668] <... futex resumed>) = ? [pid 3667] <... exit_group resumed>) = ? [pid 3668] +++ exited with 0 +++ [pid 3667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3667, si_uid=0, si_status=0, si_utime=0, si_stime=62} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3669 ./strace-static-x86_64: Process 3669 attached [pid 3669] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3669] setpgid(0, 0) = 0 [pid 3669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3669] write(3, "1000", 4) = 4 [pid 3669] close(3) = 0 [pid 3669] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3669] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3669] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3670], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3670 [pid 3669] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3670 attached [pid 3670] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3670] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3670] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3669] <... futex resumed>) = 0 [pid 3669] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 1 [pid 3670] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3670] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3669] <... futex resumed>) = 0 [pid 3669] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 1 [pid 3670] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3670] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3669}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3670] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3669}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3670] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3670] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3669] <... futex resumed>) = 0 [pid 3670] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3669] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... openat resumed>) = 5 [pid 3670] write(5, "10", 2) = 2 [pid 3670] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3670] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3670] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] exit_group(0 [pid 3670] <... futex resumed>) = ? [pid 3669] <... exit_group resumed>) = ? [pid 3670] +++ exited with 0 +++ [pid 3669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3669, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3671 ./strace-static-x86_64: Process 3671 attached [pid 3671] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3671] setpgid(0, 0) = 0 [pid 3671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3671] write(3, "1000", 4) = 4 [pid 3671] close(3) = 0 [pid 3671] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3671] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3671] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3672 attached [pid 3672] set_robust_list(0x7f03a29b79e0, 24 [pid 3671] <... clone resumed>, parent_tid=[3672], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3672 [pid 3672] <... set_robust_list resumed>) = 0 [pid 3671] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3671] <... futex resumed>) = 0 [pid 3671] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] <... socket resumed>) = 3 [pid 3672] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3672] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] <... futex resumed>) = 0 [pid 3671] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3672] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3672] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] <... futex resumed>) = 0 [pid 3672] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [ 56.440377][ T3668] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f03a29b7300 [ 56.448362][ T3668] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 56.456339][ T3668] [pid 3671] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] <... sendto resumed>) = 32 [pid 3672] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3671}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3672] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3671}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3672] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3672] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] <... futex resumed>) = 0 [pid 3672] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3671] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] <... openat resumed>) = 5 [pid 3672] write(5, "10", 2) = 2 [pid 3672] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3672] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3672] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] exit_group(0) = ? [ 56.514161][ T3672] FAULT_INJECTION: forcing a failure. [ 56.514161][ T3672] name fail_futex, interval 1, probability 0, space 0, times 0 [ 56.527200][ T3672] CPU: 1 PID: 3672 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 56.538611][ T3672] syz-executor181[3672] cmdline: [ 56.543658][ T3672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 56.553734][ T3672] Call Trace: [ 56.557017][ T3672] [ 56.559959][ T3672] dump_stack_lvl+0xcd/0x134 [ 56.564558][ T3672] should_fail.cold+0x5/0xa [ 56.569071][ T3672] get_futex_key+0x5a8/0x1c30 [ 56.573855][ T3672] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.579859][ T3672] ? futex_setup_timer+0xf0/0xf0 [ 56.584805][ T3672] futex_wait_setup+0xa7/0x230 [ 56.589587][ T3672] ? futex_wait_multiple+0xc90/0xc90 [ 56.594935][ T3672] futex_wait+0x264/0x680 [ 56.599302][ T3672] ? futex_wait_setup+0x230/0x230 [ 56.604366][ T3672] ? do_raw_spin_lock+0x120/0x2a0 [ 56.609396][ T3672] ? rwlock_bug.part.0+0x90/0x90 [ 56.614352][ T3672] ? _raw_spin_lock_irq+0x41/0x50 [ 56.619387][ T3672] do_futex+0x1af/0x300 [ 56.623583][ T3672] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 56.629497][ T3672] ? find_held_lock+0x2d/0x110 [ 56.634273][ T3672] __x64_sys_futex+0x1b0/0x4a0 [ 56.639053][ T3672] ? do_futex+0x300/0x300 [ 56.643414][ T3672] ? _raw_spin_unlock_irq+0x1f/0x40 [ 56.648628][ T3672] ? lockdep_hardirqs_on+0x79/0x100 [ 56.653826][ T3672] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.659025][ T3672] ? ptrace_notify+0xfa/0x140 [ 56.663723][ T3672] do_syscall_64+0x35/0xb0 [ 56.668139][ T3672] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.674031][ T3672] RIP: 0033:0x7f03a2a066b9 [ 56.678437][ T3672] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.698044][ T3672] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 56.706469][ T3672] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3672] <... futex resumed>) = ? [pid 3672] +++ exited with 0 +++ [pid 3671] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3671, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3673 attached [pid 3673] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3673] setpgid(0, 0) = 0 [pid 3673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3673] write(3, "1000", 4) = 4 [pid 3673] close(3) = 0 [pid 3673] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3673] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3673] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3674], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3674 [pid 3673] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] <... clone resumed>, child_tidptr=0x555556f6e5d0) = 3673 [pid 3673] <... futex resumed>) = 0 [pid 3673] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3674 attached [pid 3674] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3674] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3674] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 0 [pid 3673] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3674] <... futex resumed>) = 1 [pid 3674] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3674] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 0 [pid 3673] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3674] <... futex resumed>) = 1 [pid 3674] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3674] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3673}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3674] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3673}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3674] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 0 [pid 3674] <... futex resumed>) = 1 [pid 3674] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3673] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3674] <... openat resumed>) = 5 [pid 3674] write(5, "10", 2) = 2 [pid 3674] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3674] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3673] <... futex resumed>) = 0 [pid 3674] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 56.714448][ T3672] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 56.722433][ T3672] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 56.730404][ T3672] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 56.738465][ T3672] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 56.746473][ T3672] [pid 3673] exit_group(0) = ? [ 56.783741][ T3674] FAULT_INJECTION: forcing a failure. [ 56.783741][ T3674] name fail_futex, interval 1, probability 0, space 0, times 0 [ 56.797084][ T3674] CPU: 1 PID: 3674 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 56.808470][ T3674] syz-executor181[3674] cmdline: [ 56.813523][ T3674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 56.823596][ T3674] Call Trace: [ 56.826888][ T3674] [ 56.829813][ T3674] dump_stack_lvl+0xcd/0x134 [ 56.834420][ T3674] should_fail.cold+0x5/0xa [ 56.838929][ T3674] get_futex_key+0x5a8/0x1c30 [ 56.843626][ T3674] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.849632][ T3674] ? futex_setup_timer+0xf0/0xf0 [ 56.854584][ T3674] futex_wait_setup+0xa7/0x230 [ 56.859396][ T3674] ? futex_wait_multiple+0xc90/0xc90 [ 56.864729][ T3674] futex_wait+0x264/0x680 [ 56.869079][ T3674] ? futex_wait_setup+0x230/0x230 [ 56.874142][ T3674] ? do_raw_spin_lock+0x120/0x2a0 [ 56.879179][ T3674] ? rwlock_bug.part.0+0x90/0x90 [ 56.884127][ T3674] ? _raw_spin_lock_irq+0x41/0x50 [ 56.889180][ T3674] do_futex+0x1af/0x300 [ 56.893350][ T3674] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 56.899272][ T3674] ? find_held_lock+0x2d/0x110 [ 56.904054][ T3674] __x64_sys_futex+0x1b0/0x4a0 [ 56.908836][ T3674] ? do_futex+0x300/0x300 [ 56.913182][ T3674] ? _raw_spin_unlock_irq+0x1f/0x40 [ 56.918389][ T3674] ? lockdep_hardirqs_on+0x79/0x100 [ 56.923608][ T3674] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.928813][ T3674] ? ptrace_notify+0xfa/0x140 [ 56.933505][ T3674] do_syscall_64+0x35/0xb0 [ 56.937937][ T3674] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.943843][ T3674] RIP: 0033:0x7f03a2a066b9 [ 56.948262][ T3674] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.967892][ T3674] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 56.976325][ T3674] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3674] <... futex resumed>) = ? [pid 3674] +++ exited with 0 +++ [pid 3673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3673, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3675 ./strace-static-x86_64: Process 3675 attached [pid 3675] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3675] setpgid(0, 0) = 0 [pid 3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3675] write(3, "1000", 4) = 4 [pid 3675] close(3) = 0 [pid 3675] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3675] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3675] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3676], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3676 ./strace-static-x86_64: Process 3676 attached [pid 3676] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3676] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3675] <... futex resumed>) = 0 [pid 3676] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3675] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... socket resumed>) = 3 [pid 3676] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3675] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3676] <... futex resumed>) = 0 [pid 3675] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3676] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3676] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3675] <... futex resumed>) = 0 [pid 3676] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3675] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... sendto resumed>) = 32 [pid 3676] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3675}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3676] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3675}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3676] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3676] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3675] <... futex resumed>) = 0 [pid 3676] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3675] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... openat resumed>) = 5 [pid 3676] write(5, "10", 2) = 2 [pid 3676] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3676] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3676] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] exit_group(0) = ? [pid 3676] <... futex resumed>) = ? [pid 3676] +++ exited with 0 +++ [pid 3675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3675, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3677 ./strace-static-x86_64: Process 3677 attached [pid 3677] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3677] setpgid(0, 0) = 0 [pid 3677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3677] write(3, "1000", 4) = 4 [pid 3677] close(3) = 0 [pid 3677] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3677] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3677] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3678 attached , parent_tid=[3678], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3678 [pid 3677] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3678] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3678] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3678] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3677] <... futex resumed>) = 0 [pid 3677] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3677] <... futex resumed>) = 0 [pid 3677] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3678] <... socket resumed>) = 4 [ 56.984300][ T3674] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 56.992273][ T3674] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 57.000248][ T3674] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 57.008308][ T3674] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 57.016302][ T3674] [pid 3678] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3677] <... futex resumed>) = 0 [pid 3677] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3678] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3678] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3677}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3678] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3677}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3678] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3677] <... futex resumed>) = 0 [pid 3678] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3677] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3677] <... futex resumed>) = 0 [pid 3678] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3677] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3678] <... openat resumed>) = 5 [pid 3678] write(5, "10", 2) = 2 [pid 3678] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3678] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3677] <... futex resumed>) = 0 [pid 3678] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3677] exit_group(0) = ? [ 57.073823][ T3678] FAULT_INJECTION: forcing a failure. [ 57.073823][ T3678] name fail_futex, interval 1, probability 0, space 0, times 0 [ 57.087378][ T3678] CPU: 0 PID: 3678 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 57.098787][ T3678] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 57.108149][ T3678] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3678, name: syz-executor181 [ 57.117613][ T3678] preempt_count: 0, expected: 0 [ 57.122476][ T3678] RCU nest depth: 0, expected: 0 [ 57.127422][ T3678] no locks held by syz-executor181/3678. [ 57.133046][ T3678] irq event stamp: 1230 [ 57.137201][ T3678] hardirqs last enabled at (1229): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 57.147556][ T3678] hardirqs last disabled at (1230): [] dump_stack_lvl+0x2e/0x134 [ 57.156863][ T3678] softirqs last enabled at (1222): [] __irq_exit_rcu+0x123/0x180 [ 57.166270][ T3678] softirqs last disabled at (1061): [] __irq_exit_rcu+0x123/0x180 [ 57.175654][ T3678] CPU: 0 PID: 3678 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 57.187054][ T3678] syz-executor181[3678] cmdline: [ 57.192080][ T3678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 57.202139][ T3678] Call Trace: [ 57.205427][ T3678] [ 57.208361][ T3678] dump_stack_lvl+0xcd/0x134 [ 57.213005][ T3678] __might_resched.cold+0x222/0x26b [ 57.218214][ T3678] down_read_killable+0x75/0x490 [ 57.223177][ T3678] ? down_read+0x450/0x450 [ 57.227626][ T3678] __access_remote_vm+0xac/0x6f0 [ 57.232581][ T3678] ? follow_phys+0x2c0/0x2c0 [ 57.237196][ T3678] ? do_raw_spin_lock+0x120/0x2a0 [ 57.242233][ T3678] ? rwlock_bug.part.0+0x90/0x90 [ 57.247182][ T3678] ? __up_console_sem+0x47/0xc0 [ 57.252046][ T3678] get_mm_cmdline.part.0+0x217/0x620 [ 57.257349][ T3678] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 57.263082][ T3678] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 57.268905][ T3678] get_task_cmdline_kernel+0x1d9/0x220 [ 57.274382][ T3678] dump_stack_print_cmdline.part.0+0x82/0x150 [ 57.280473][ T3678] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 57.286587][ T3678] ? dump_stack_print_info+0xc6/0x190 [ 57.291977][ T3678] dump_stack_print_info+0x185/0x190 [ 57.297287][ T3678] dump_stack_lvl+0xc1/0x134 [ 57.301898][ T3678] should_fail.cold+0x5/0xa [ 57.306428][ T3678] get_futex_key+0x5a8/0x1c30 [ 57.311119][ T3678] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.317113][ T3678] ? futex_setup_timer+0xf0/0xf0 [ 57.322072][ T3678] futex_wait_setup+0xa7/0x230 [ 57.326854][ T3678] ? futex_wait_multiple+0xc90/0xc90 [ 57.332162][ T3678] futex_wait+0x264/0x680 [ 57.336512][ T3678] ? futex_wait_setup+0x230/0x230 [ 57.341658][ T3678] ? do_raw_spin_lock+0x120/0x2a0 [ 57.346695][ T3678] ? rwlock_bug.part.0+0x90/0x90 [ 57.351644][ T3678] ? _raw_spin_lock_irq+0x41/0x50 [ 57.356682][ T3678] do_futex+0x1af/0x300 [ 57.360859][ T3678] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 57.366764][ T3678] ? find_held_lock+0x2d/0x110 [ 57.371564][ T3678] __x64_sys_futex+0x1b0/0x4a0 [ 57.376346][ T3678] ? do_futex+0x300/0x300 [ 57.380685][ T3678] ? _raw_spin_unlock_irq+0x1f/0x40 [ 57.385894][ T3678] ? lockdep_hardirqs_on+0x79/0x100 [ 57.391110][ T3678] ? _raw_spin_unlock_irq+0x2a/0x40 [ 57.396315][ T3678] ? ptrace_notify+0xfa/0x140 [ 57.401014][ T3678] do_syscall_64+0x35/0xb0 [ 57.405459][ T3678] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.411364][ T3678] RIP: 0033:0x7f03a2a066b9 [ 57.415787][ T3678] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.435398][ T3678] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 57.443848][ T3678] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 57.451838][ T3678] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 57.459815][ T3678] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 57.467876][ T3678] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 57.475850][ T3678] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 57.483842][ T3678] [ 57.486870][ T3678] syz-executor181[3678] cmdline: [ 57.491890][ T3678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 57.501948][ T3678] Call Trace: [ 57.505250][ T3678] [ 57.508181][ T3678] dump_stack_lvl+0xcd/0x134 [ 57.512813][ T3678] should_fail.cold+0x5/0xa [ 57.517334][ T3678] get_futex_key+0x5a8/0x1c30 [ 57.522025][ T3678] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.528023][ T3678] ? futex_setup_timer+0xf0/0xf0 [ 57.532986][ T3678] futex_wait_setup+0xa7/0x230 [ 57.537777][ T3678] ? futex_wait_multiple+0xc90/0xc90 [ 57.543085][ T3678] futex_wait+0x264/0x680 [ 57.547432][ T3678] ? futex_wait_setup+0x230/0x230 [ 57.552492][ T3678] ? do_raw_spin_lock+0x120/0x2a0 [ 57.557529][ T3678] ? rwlock_bug.part.0+0x90/0x90 [ 57.562480][ T3678] ? _raw_spin_lock_irq+0x41/0x50 [ 57.567535][ T3678] do_futex+0x1af/0x300 [ 57.571727][ T3678] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 57.577742][ T3678] ? find_held_lock+0x2d/0x110 [ 57.582537][ T3678] __x64_sys_futex+0x1b0/0x4a0 [ 57.587352][ T3678] ? do_futex+0x300/0x300 [ 57.591705][ T3678] ? _raw_spin_unlock_irq+0x1f/0x40 [ 57.596924][ T3678] ? lockdep_hardirqs_on+0x79/0x100 [ 57.602151][ T3678] ? _raw_spin_unlock_irq+0x2a/0x40 [ 57.607388][ T3678] ? ptrace_notify+0xfa/0x140 [ 57.612093][ T3678] do_syscall_64+0x35/0xb0 [ 57.616537][ T3678] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.622443][ T3678] RIP: 0033:0x7f03a2a066b9 [ 57.626862][ T3678] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.646479][ T3678] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 57.654904][ T3678] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 57.662883][ T3678] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [pid 3678] <... futex resumed>) = ? [pid 3678] +++ exited with 0 +++ [pid 3677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3677, si_uid=0, si_status=0, si_utime=0, si_stime=64} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3679 attached , child_tidptr=0x555556f6e5d0) = 3679 [pid 3679] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3679] setpgid(0, 0) = 0 [pid 3679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3679] write(3, "1000", 4) = 4 [pid 3679] close(3) = 0 [pid 3679] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3679] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3679] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3680 attached [pid 3680] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3680] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3679] <... clone resumed>, parent_tid=[3680], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3680 [pid 3679] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3680] <... futex resumed>) = 0 [pid 3680] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3680] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3680] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3679] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3679] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3680] <... futex resumed>) = 0 [pid 3679] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3680] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3680] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3679] <... futex resumed>) = 0 [pid 3679] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3679] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] <... futex resumed>) = 0 [pid 3680] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3680] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3679}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3680] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3679}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3680] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3679] <... futex resumed>) = 0 [pid 3680] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3679] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3680] <... openat resumed>) = 5 [pid 3679] <... futex resumed>) = 0 [pid 3680] write(5, "10", 2 [pid 3679] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] <... write resumed>) = 2 [pid 3680] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [ 57.670869][ T3678] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 57.678847][ T3678] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 57.686822][ T3678] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 57.694812][ T3678] [pid 3680] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 57.735189][ T3680] FAULT_INJECTION: forcing a failure. [ 57.735189][ T3680] name fail_futex, interval 1, probability 0, space 0, times 0 [ 57.748270][ T3680] CPU: 1 PID: 3680 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 57.759792][ T3680] syz-executor181[3680] cmdline: ./syz-executor1814091279 [ 57.766986][ T3680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 57.777040][ T3680] Call Trace: [ 57.780341][ T3680] [pid 3679] exit_group(0) = ? [ 57.783307][ T3680] dump_stack_lvl+0xcd/0x134 [ 57.787944][ T3680] should_fail.cold+0x5/0xa [ 57.792457][ T3680] get_futex_key+0x5a8/0x1c30 [ 57.797147][ T3680] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.803162][ T3680] ? futex_setup_timer+0xf0/0xf0 [ 57.808125][ T3680] futex_wake+0xe4/0x490 [ 57.812367][ T3680] ? futex_wake_mark+0x1a0/0x1a0 [ 57.817311][ T3680] ? ptrace_stop.part.0+0x5ec/0xa80 [ 57.822552][ T3680] ? do_raw_spin_lock+0x120/0x2a0 [ 57.827583][ T3680] ? rwlock_bug.part.0+0x90/0x90 [ 57.832780][ T3680] ? _raw_spin_lock_irq+0x41/0x50 [ 57.837805][ T3680] do_futex+0x266/0x300 [ 57.841958][ T3680] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 57.847846][ T3680] ? find_held_lock+0x2d/0x110 [ 57.852607][ T3680] __x64_sys_futex+0x1b0/0x4a0 [ 57.857383][ T3680] ? do_futex+0x300/0x300 [ 57.861739][ T3680] ? _raw_spin_unlock_irq+0x1f/0x40 [ 57.866951][ T3680] ? lockdep_hardirqs_on+0x79/0x100 [ 57.872148][ T3680] ? _raw_spin_unlock_irq+0x2a/0x40 [ 57.877348][ T3680] ? ptrace_notify+0xfa/0x140 [ 57.882046][ T3680] do_syscall_64+0x35/0xb0 [ 57.886459][ T3680] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.892348][ T3680] RIP: 0033:0x7f03a2a066b9 [ 57.896757][ T3680] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.916357][ T3680] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 57.924764][ T3680] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3680] <... futex resumed>) = ? [pid 3680] +++ exited with 0 +++ [pid 3679] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3679, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3681 attached , child_tidptr=0x555556f6e5d0) = 3681 [pid 3681] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3681] setpgid(0, 0) = 0 [pid 3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3681] write(3, "1000", 4) = 4 [pid 3681] close(3) = 0 [pid 3681] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3681] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3681] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3682], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3682 [pid 3681] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3682 attached [pid 3682] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3682] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3682] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... futex resumed>) = 1 [pid 3682] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3682] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... futex resumed>) = 1 [pid 3682] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3682] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3681}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3682] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3681}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3682] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3682] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3681] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... openat resumed>) = 5 [pid 3681] <... futex resumed>) = 0 [pid 3682] write(5, "10", 2 [pid 3681] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... write resumed>) = 2 [pid 3682] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3682] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3682] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] exit_group(0) = ? [ 57.932729][ T3680] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03a2a8f4cc [ 57.940714][ T3680] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 57.948695][ T3680] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f03a29b7300 [ 57.956694][ T3680] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 57.964674][ T3680] [ 57.996585][ T3682] FAULT_INJECTION: forcing a failure. [ 57.996585][ T3682] name fail_futex, interval 1, probability 0, space 0, times 0 [ 58.009492][ T3682] CPU: 1 PID: 3682 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 58.020894][ T3682] syz-executor181[3682] cmdline: [ 58.025944][ T3682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 58.036011][ T3682] Call Trace: [ 58.039282][ T3682] [ 58.042205][ T3682] dump_stack_lvl+0xcd/0x134 [ 58.046825][ T3682] should_fail.cold+0x5/0xa [ 58.051352][ T3682] get_futex_key+0x5a8/0x1c30 [ 58.056044][ T3682] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 58.062023][ T3682] ? futex_setup_timer+0xf0/0xf0 [ 58.066983][ T3682] futex_wait_setup+0xa7/0x230 [ 58.071765][ T3682] ? futex_wait_multiple+0xc90/0xc90 [ 58.077055][ T3682] futex_wait+0x264/0x680 [ 58.081395][ T3682] ? futex_wait_setup+0x230/0x230 [ 58.086471][ T3682] ? do_raw_spin_lock+0x120/0x2a0 [ 58.091516][ T3682] ? rwlock_bug.part.0+0x90/0x90 [ 58.096465][ T3682] ? _raw_spin_lock_irq+0x41/0x50 [ 58.101508][ T3682] do_futex+0x1af/0x300 [ 58.105669][ T3682] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 58.111561][ T3682] ? find_held_lock+0x2d/0x110 [ 58.116337][ T3682] __x64_sys_futex+0x1b0/0x4a0 [ 58.121126][ T3682] ? do_futex+0x300/0x300 [ 58.125468][ T3682] ? _raw_spin_unlock_irq+0x1f/0x40 [ 58.130671][ T3682] ? lockdep_hardirqs_on+0x79/0x100 [ 58.135908][ T3682] ? _raw_spin_unlock_irq+0x2a/0x40 [ 58.141122][ T3682] ? ptrace_notify+0xfa/0x140 [ 58.145815][ T3682] do_syscall_64+0x35/0xb0 [ 58.150235][ T3682] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.156158][ T3682] RIP: 0033:0x7f03a2a066b9 [ 58.160590][ T3682] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.180222][ T3682] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 58.188749][ T3682] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3682] <... futex resumed>) = ? [pid 3682] +++ exited with 0 +++ [pid 3681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3681, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3683 ./strace-static-x86_64: Process 3683 attached [pid 3683] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3683] setpgid(0, 0) = 0 [pid 3683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3683] write(3, "1000", 4) = 4 [pid 3683] close(3) = 0 [pid 3683] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3683] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3683] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3684], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3684 ./strace-static-x86_64: Process 3684 attached [pid 3684] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3684] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3683] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3684] <... futex resumed>) = 0 [pid 3684] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3684] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3683] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3683] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3684] <... futex resumed>) = 0 [pid 3684] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3684] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3683] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3683] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3684] <... futex resumed>) = 0 [pid 3683] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3684] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3684] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3683}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3684] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3683}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3684] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 58.196734][ T3682] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 58.204714][ T3682] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 58.214602][ T3682] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 58.224376][ T3682] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 58.232390][ T3682] [pid 3684] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3683] <... futex resumed>) = 0 [pid 3683] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3683] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3684] <... futex resumed>) = 0 [pid 3684] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3684] write(5, "10", 2) = 2 [pid 3684] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3684] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3683] <... futex resumed>) = 0 [pid 3684] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3683] exit_group(0) = ? [ 58.281434][ T3684] FAULT_INJECTION: forcing a failure. [ 58.281434][ T3684] name fail_futex, interval 1, probability 0, space 0, times 0 [ 58.294379][ T3684] CPU: 1 PID: 3684 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 58.305752][ T3684] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 58.315110][ T3684] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3684, name: syz-executor181 [ 58.324576][ T3684] preempt_count: 0, expected: 0 [ 58.329442][ T3684] RCU nest depth: 0, expected: 0 [ 58.334382][ T3684] no locks held by syz-executor181/3684. [ 58.340017][ T3684] irq event stamp: 906 [ 58.344067][ T3684] hardirqs last enabled at (905): [] __schedule+0x353e/0x52b0 [ 58.353193][ T3684] hardirqs last disabled at (906): [] dump_stack_lvl+0x2e/0x134 [ 58.362400][ T3684] softirqs last enabled at (898): [] __irq_exit_rcu+0x123/0x180 [ 58.371700][ T3684] softirqs last disabled at (891): [] __irq_exit_rcu+0x123/0x180 [ 58.380986][ T3684] CPU: 1 PID: 3684 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 58.392352][ T3684] syz-executor181[3684] cmdline: [ 58.397383][ T3684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 58.407429][ T3684] Call Trace: [ 58.410714][ T3684] [ 58.413643][ T3684] dump_stack_lvl+0xcd/0x134 [ 58.418241][ T3684] __might_resched.cold+0x222/0x26b [ 58.423452][ T3684] down_read_killable+0x75/0x490 [ 58.428421][ T3684] ? down_read+0x450/0x450 [ 58.432843][ T3684] __access_remote_vm+0xac/0x6f0 [ 58.437785][ T3684] ? follow_phys+0x2c0/0x2c0 [ 58.442375][ T3684] ? do_raw_spin_lock+0x120/0x2a0 [ 58.447408][ T3684] ? rwlock_bug.part.0+0x90/0x90 [ 58.452376][ T3684] ? __up_console_sem+0x47/0xc0 [ 58.457240][ T3684] get_mm_cmdline.part.0+0x217/0x620 [ 58.462554][ T3684] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 58.468274][ T3684] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 58.474114][ T3684] get_task_cmdline_kernel+0x1d9/0x220 [ 58.479599][ T3684] dump_stack_print_cmdline.part.0+0x82/0x150 [ 58.485686][ T3684] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 58.491772][ T3684] ? dump_stack_print_info+0xc6/0x190 [ 58.497148][ T3684] dump_stack_print_info+0x185/0x190 [ 58.502438][ T3684] dump_stack_lvl+0xc1/0x134 [ 58.507032][ T3684] should_fail.cold+0x5/0xa [ 58.511559][ T3684] get_futex_key+0x5a8/0x1c30 [ 58.516243][ T3684] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 58.522245][ T3684] ? futex_setup_timer+0xf0/0xf0 [ 58.527183][ T3684] futex_wait_setup+0xa7/0x230 [ 58.531979][ T3684] ? futex_wait_multiple+0xc90/0xc90 [ 58.537305][ T3684] futex_wait+0x264/0x680 [ 58.541647][ T3684] ? futex_wait_setup+0x230/0x230 [ 58.546692][ T3684] ? do_raw_spin_lock+0x120/0x2a0 [ 58.551719][ T3684] ? rwlock_bug.part.0+0x90/0x90 [ 58.556657][ T3684] ? _raw_spin_lock_irq+0x41/0x50 [ 58.561745][ T3684] do_futex+0x1af/0x300 [ 58.565916][ T3684] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 58.571813][ T3684] ? find_held_lock+0x2d/0x110 [ 58.576592][ T3684] __x64_sys_futex+0x1b0/0x4a0 [ 58.581393][ T3684] ? do_futex+0x300/0x300 [ 58.585735][ T3684] ? _raw_spin_unlock_irq+0x1f/0x40 [ 58.590944][ T3684] ? lockdep_hardirqs_on+0x79/0x100 [ 58.596167][ T3684] ? _raw_spin_unlock_irq+0x2a/0x40 [ 58.601466][ T3684] ? ptrace_notify+0xfa/0x140 [ 58.606179][ T3684] do_syscall_64+0x35/0xb0 [ 58.610599][ T3684] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.616519][ T3684] RIP: 0033:0x7f03a2a066b9 [ 58.620959][ T3684] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.640600][ T3684] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 58.649032][ T3684] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 58.657010][ T3684] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 58.664987][ T3684] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 58.672983][ T3684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 58.681002][ T3684] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 58.689007][ T3684] [ 58.692031][ T3684] syz-executor181[3684] cmdline: [ 58.697057][ T3684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 58.707155][ T3684] Call Trace: [ 58.710443][ T3684] [ 58.713393][ T3684] dump_stack_lvl+0xcd/0x134 [ 58.718066][ T3684] should_fail.cold+0x5/0xa [ 58.722584][ T3684] get_futex_key+0x5a8/0x1c30 [ 58.727266][ T3684] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 58.733263][ T3684] ? futex_setup_timer+0xf0/0xf0 [ 58.738229][ T3684] futex_wait_setup+0xa7/0x230 [ 58.742994][ T3684] ? futex_wait_multiple+0xc90/0xc90 [ 58.748312][ T3684] futex_wait+0x264/0x680 [ 58.752653][ T3684] ? futex_wait_setup+0x230/0x230 [ 58.757712][ T3684] ? do_raw_spin_lock+0x120/0x2a0 [ 58.762757][ T3684] ? rwlock_bug.part.0+0x90/0x90 [ 58.767721][ T3684] ? _raw_spin_lock_irq+0x41/0x50 [ 58.772787][ T3684] do_futex+0x1af/0x300 [ 58.776970][ T3684] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 58.782859][ T3684] ? find_held_lock+0x2d/0x110 [ 58.787638][ T3684] __x64_sys_futex+0x1b0/0x4a0 [ 58.792427][ T3684] ? do_futex+0x300/0x300 [ 58.796752][ T3684] ? _raw_spin_unlock_irq+0x1f/0x40 [ 58.801957][ T3684] ? lockdep_hardirqs_on+0x79/0x100 [ 58.807182][ T3684] ? _raw_spin_unlock_irq+0x2a/0x40 [ 58.812379][ T3684] ? ptrace_notify+0xfa/0x140 [ 58.817054][ T3684] do_syscall_64+0x35/0xb0 [ 58.821473][ T3684] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.827380][ T3684] RIP: 0033:0x7f03a2a066b9 [ 58.831817][ T3684] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.851451][ T3684] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 58.859881][ T3684] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 58.867866][ T3684] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 58.875845][ T3684] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [pid 3684] <... futex resumed>) = ? [pid 3684] +++ exited with 0 +++ [pid 3683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3683, si_uid=0, si_status=0, si_utime=0, si_stime=63} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3685 attached [pid 3685] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3685] setpgid(0, 0) = 0 [pid 3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3685] write(3, "1000", 4) = 4 [pid 3685] close(3) = 0 [pid 3685] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3685] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3685] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3686], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3686 [pid 3685] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3686 attached [pid 3686] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3686] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3686] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... futex resumed>) = 1 [pid 3686] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3686] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... futex resumed>) = 1 [pid 3686] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3608] <... clone resumed>, child_tidptr=0x555556f6e5d0) = 3685 [pid 3686] <... sendto resumed>) = 32 [pid 3686] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3685}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3686] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3685}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3686] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... openat resumed>) = 5 [pid 3686] write(5, "10", 2) = 2 [pid 3686] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3686] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3685] exit_group(0) = ? [pid 3686] +++ exited with 0 +++ [pid 3685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3685, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3687 ./strace-static-x86_64: Process 3687 attached [pid 3687] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3687] setpgid(0, 0) = 0 [pid 3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3687] write(3, "1000", 4) = 4 [pid 3687] close(3) = 0 [pid 3687] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3687] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3687] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3688], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3688 [pid 3687] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3688 attached [pid 3688] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3688] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3688] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... futex resumed>) = 1 [pid 3688] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3688] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... futex resumed>) = 1 [ 58.883847][ T3684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 58.891821][ T3684] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 58.899827][ T3684] [pid 3688] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3688] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3687}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3688] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3687}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3688] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3687] <... futex resumed>) = 0 [pid 3688] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3687] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... openat resumed>) = 5 [pid 3688] write(5, "10", 2) = 2 [pid 3688] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3688] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3687] <... futex resumed>) = 0 [pid 3688] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3687] exit_group(0 [pid 3688] <... futex resumed>) = ? [pid 3687] <... exit_group resumed>) = ? [pid 3688] +++ exited with 0 +++ [pid 3687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3687, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3689 ./strace-static-x86_64: Process 3689 attached [pid 3689] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3689] setpgid(0, 0) = 0 [pid 3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3689] write(3, "1000", 4) = 4 [pid 3689] close(3) = 0 [pid 3689] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3689] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3689] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3690 attached , parent_tid=[3690], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3690 [pid 3690] set_robust_list(0x7f03a29b79e0, 24 [pid 3689] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] <... set_robust_list resumed>) = 0 [pid 3689] <... futex resumed>) = 0 [pid 3690] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3689] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3690] <... socket resumed>) = 3 [pid 3690] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3689] <... futex resumed>) = 0 [pid 3689] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3689] <... futex resumed>) = 0 [pid 3689] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3690] <... socket resumed>) = 4 [pid 3690] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3689] <... futex resumed>) = 0 [pid 3690] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3689] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3689] <... futex resumed>) = 0 [pid 3689] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3690] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3690] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3689}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3690] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3689}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3690] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3689] <... futex resumed>) = 0 [pid 3689] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3689] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3690] <... openat resumed>) = 5 [pid 3690] write(5, "10", 2) = 2 [pid 3690] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3690] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3689] <... futex resumed>) = 0 [pid 3690] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3689] exit_group(0) = ? [pid 3690] <... futex resumed>) = ? [pid 3690] +++ exited with 0 +++ [pid 3689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3691 ./strace-static-x86_64: Process 3691 attached [pid 3691] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3691] setpgid(0, 0) = 0 [pid 3691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3691] write(3, "1000", 4) = 4 [pid 3691] close(3) = 0 [pid 3691] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3691] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3691] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3692], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3692 [pid 3691] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3692 attached [pid 3692] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3692] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3692] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... futex resumed>) = 1 [pid 3692] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3692] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... futex resumed>) = 1 [pid 3692] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3692] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3691}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3692] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3691}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3692] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3692] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... openat resumed>) = 5 [pid 3692] write(5, "10", 2) = 2 [pid 3692] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3692] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] <... futex resumed>) = 0 [pid 3691] exit_group(0 [pid 3692] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3691] <... exit_group resumed>) = ? [pid 3692] <... futex resumed>) = ? [pid 3692] +++ exited with 0 +++ [pid 3691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3691, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3693 ./strace-static-x86_64: Process 3693 attached [pid 3693] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3693] setpgid(0, 0) = 0 [pid 3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3693] write(3, "1000", 4) = 4 [pid 3693] close(3) = 0 [pid 3693] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3693] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3693] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3694 attached , parent_tid=[3694], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3694 [pid 3694] set_robust_list(0x7f03a29b79e0, 24 [pid 3693] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... set_robust_list resumed>) = 0 [pid 3693] <... futex resumed>) = 0 [pid 3694] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3693] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... socket resumed>) = 3 [pid 3694] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] <... futex resumed>) = 0 [pid 3694] <... futex resumed>) = 1 [pid 3693] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3693] <... futex resumed>) = 0 [pid 3693] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... socket resumed>) = 4 [pid 3694] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] <... futex resumed>) = 0 [pid 3694] <... futex resumed>) = 1 [pid 3693] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3694] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3693}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3694] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3693}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3694] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3693] <... futex resumed>) = 0 [pid 3694] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3693] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... openat resumed>) = 5 [pid 3693] <... futex resumed>) = 0 [pid 3694] write(5, "10", 2 [pid 3693] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... write resumed>) = 2 [pid 3694] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3694] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3693] exit_group(0) = ? [ 59.016223][ T3694] FAULT_INJECTION: forcing a failure. [ 59.016223][ T3694] name fail_futex, interval 1, probability 0, space 0, times 0 [ 59.029535][ T3694] CPU: 0 PID: 3694 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 59.040948][ T3694] syz-executor181[3694] cmdline: ./syz-executor1814091279 [ 59.048042][ T3694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 59.058100][ T3694] Call Trace: [ 59.061391][ T3694] [ 59.064321][ T3694] dump_stack_lvl+0xcd/0x134 [ 59.068929][ T3694] should_fail.cold+0x5/0xa [ 59.073460][ T3694] get_futex_key+0x5a8/0x1c30 [ 59.078151][ T3694] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 59.084162][ T3694] ? futex_setup_timer+0xf0/0xf0 [ 59.089208][ T3694] futex_wake+0xe4/0x490 [ 59.093468][ T3694] ? futex_wake_mark+0x1a0/0x1a0 [ 59.098420][ T3694] ? ptrace_stop.part.0+0x5ec/0xa80 [ 59.103650][ T3694] ? do_raw_spin_lock+0x120/0x2a0 [ 59.108690][ T3694] ? rwlock_bug.part.0+0x90/0x90 [ 59.113637][ T3694] ? _raw_spin_lock_irq+0x41/0x50 [ 59.118672][ T3694] do_futex+0x266/0x300 [ 59.122847][ T3694] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 59.128753][ T3694] ? find_held_lock+0x2d/0x110 [ 59.133535][ T3694] __x64_sys_futex+0x1b0/0x4a0 [ 59.138317][ T3694] ? do_futex+0x300/0x300 [ 59.142656][ T3694] ? _raw_spin_unlock_irq+0x1f/0x40 [ 59.147864][ T3694] ? lockdep_hardirqs_on+0x79/0x100 [ 59.153081][ T3694] ? _raw_spin_unlock_irq+0x2a/0x40 [ 59.158287][ T3694] ? ptrace_notify+0xfa/0x140 [ 59.162979][ T3694] do_syscall_64+0x35/0xb0 [ 59.167412][ T3694] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.173317][ T3694] RIP: 0033:0x7f03a2a066b9 [ 59.177738][ T3694] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.197367][ T3694] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 59.205787][ T3694] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [pid 3694] <... futex resumed>) = ? [pid 3694] +++ exited with 0 +++ [pid 3693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3693, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3695 attached , child_tidptr=0x555556f6e5d0) = 3695 [pid 3695] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3695] setpgid(0, 0) = 0 [pid 3695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3695] write(3, "1000", 4) = 4 [pid 3695] close(3) = 0 [pid 3695] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3695] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3695] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3696], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3696 [pid 3695] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3696 attached [pid 3696] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3696] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3696] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3695] <... futex resumed>) = 0 [pid 3695] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3696] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3696] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3695] <... futex resumed>) = 0 [pid 3696] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3695] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3695] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3696] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3696] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3695}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3696] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3695}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3696] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3695] <... futex resumed>) = 0 [pid 3696] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3695] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3696] <... openat resumed>) = 5 [pid 3696] write(5, "10", 2) = 2 [pid 3696] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3696] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3695] <... futex resumed>) = 0 [pid 3696] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3695] exit_group(0 [pid 3696] <... futex resumed>) = ? [pid 3695] <... exit_group resumed>) = ? [pid 3696] +++ exited with 0 +++ [pid 3695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3695, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3697 ./strace-static-x86_64: Process 3697 attached [pid 3697] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3697] setpgid(0, 0) = 0 [pid 3697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3697] write(3, "1000", 4) = 4 [pid 3697] close(3) = 0 [pid 3697] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3697] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3697] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3698], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3698 [pid 3697] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3698 attached [pid 3698] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3698] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3698] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3697] <... futex resumed>) = 0 [pid 3697] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.213780][ T3694] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03a2a8f4cc [ 59.221759][ T3694] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 59.229746][ T3694] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f03a29b7300 [ 59.237721][ T3694] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 59.245726][ T3694] [pid 3697] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3698] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3698] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3697] <... futex resumed>) = 0 [pid 3697] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3698] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3698] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3697}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3698] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3697}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3698] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3697] <... futex resumed>) = 0 [pid 3697] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3698] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3698] write(5, "10", 2) = 2 [pid 3698] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3698] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3697] <... futex resumed>) = 0 [pid 3697] exit_group(0) = ? [pid 3698] +++ exited with 0 +++ [pid 3697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3697, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3699 ./strace-static-x86_64: Process 3699 attached [pid 3699] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3699] setpgid(0, 0) = 0 [pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3699] write(3, "1000", 4) = 4 [pid 3699] close(3) = 0 [pid 3699] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3699] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3699] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3700 attached , parent_tid=[3700], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3700 [pid 3700] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3699] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3700] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... socket resumed>) = 3 [pid 3700] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3699] <... futex resumed>) = 0 [pid 3700] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3699] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3700] <... socket resumed>) = 4 [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3700] <... futex resumed>) = 0 [pid 3699] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3699] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... sendto resumed>) = 32 [pid 3700] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3699}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3700] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3699}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3700] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3700] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... openat resumed>) = 5 [pid 3700] write(5, "10", 2) = 2 [pid 3700] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3700] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3699] <... futex resumed>) = 0 [pid 3700] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3699] exit_group(0) = ? [ 59.352679][ T3700] FAULT_INJECTION: forcing a failure. [ 59.352679][ T3700] name fail_futex, interval 1, probability 0, space 0, times 0 [ 59.365738][ T3700] CPU: 0 PID: 3700 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 59.377156][ T3700] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 59.386524][ T3700] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3700, name: syz-executor181 [ 59.395993][ T3700] preempt_count: 0, expected: 0 [ 59.400831][ T3700] RCU nest depth: 0, expected: 0 [ 59.405753][ T3700] no locks held by syz-executor181/3700. [ 59.411397][ T3700] irq event stamp: 984 [ 59.415470][ T3700] hardirqs last enabled at (983): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 59.425707][ T3700] hardirqs last disabled at (984): [] dump_stack_lvl+0x2e/0x134 [ 59.434906][ T3700] softirqs last enabled at (976): [] __irq_exit_rcu+0x123/0x180 [ 59.444187][ T3700] softirqs last disabled at (933): [] __irq_exit_rcu+0x123/0x180 [ 59.453468][ T3700] CPU: 0 PID: 3700 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 59.464836][ T3700] syz-executor181[3700] cmdline: [ 59.469865][ T3700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 59.479923][ T3700] Call Trace: [ 59.483207][ T3700] [ 59.486140][ T3700] dump_stack_lvl+0xcd/0x134 [ 59.490764][ T3700] __might_resched.cold+0x222/0x26b [ 59.495980][ T3700] down_read_killable+0x75/0x490 [ 59.500952][ T3700] ? down_read+0x450/0x450 [ 59.505401][ T3700] __access_remote_vm+0xac/0x6f0 [ 59.510356][ T3700] ? follow_phys+0x2c0/0x2c0 [ 59.514953][ T3700] ? do_raw_spin_lock+0x120/0x2a0 [ 59.520006][ T3700] ? rwlock_bug.part.0+0x90/0x90 [ 59.524974][ T3700] ? __up_console_sem+0x47/0xc0 [ 59.529839][ T3700] get_mm_cmdline.part.0+0x217/0x620 [ 59.535140][ T3700] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 59.540897][ T3700] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 59.546720][ T3700] get_task_cmdline_kernel+0x1d9/0x220 [ 59.552197][ T3700] dump_stack_print_cmdline.part.0+0x82/0x150 [ 59.558305][ T3700] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 59.564436][ T3700] ? dump_stack_print_info+0xc6/0x190 [ 59.569840][ T3700] dump_stack_print_info+0x185/0x190 [ 59.575165][ T3700] dump_stack_lvl+0xc1/0x134 [ 59.579780][ T3700] should_fail.cold+0x5/0xa [ 59.584307][ T3700] get_futex_key+0x5a8/0x1c30 [ 59.589013][ T3700] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 59.595011][ T3700] ? futex_setup_timer+0xf0/0xf0 [ 59.599987][ T3700] futex_wait_setup+0xa7/0x230 [ 59.604771][ T3700] ? futex_wait_multiple+0xc90/0xc90 [ 59.610080][ T3700] futex_wait+0x264/0x680 [ 59.614430][ T3700] ? futex_wait_setup+0x230/0x230 [ 59.619575][ T3700] ? do_raw_spin_lock+0x120/0x2a0 [ 59.624616][ T3700] ? rwlock_bug.part.0+0x90/0x90 [ 59.629563][ T3700] ? _raw_spin_lock_irq+0x41/0x50 [ 59.634646][ T3700] do_futex+0x1af/0x300 [ 59.638823][ T3700] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 59.644727][ T3700] ? find_held_lock+0x2d/0x110 [ 59.649507][ T3700] __x64_sys_futex+0x1b0/0x4a0 [ 59.654290][ T3700] ? do_futex+0x300/0x300 [ 59.658629][ T3700] ? _raw_spin_unlock_irq+0x1f/0x40 [ 59.663847][ T3700] ? lockdep_hardirqs_on+0x79/0x100 [ 59.669080][ T3700] ? _raw_spin_unlock_irq+0x2a/0x40 [ 59.674287][ T3700] ? ptrace_notify+0xfa/0x140 [ 59.678988][ T3700] do_syscall_64+0x35/0xb0 [ 59.683418][ T3700] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.689323][ T3700] RIP: 0033:0x7f03a2a066b9 [ 59.693760][ T3700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.713372][ T3700] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 59.721792][ T3700] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 59.729767][ T3700] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [ 59.737738][ T3700] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 59.745732][ T3700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 59.753726][ T3700] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 59.761738][ T3700] [ 59.764771][ T3700] syz-executor181[3700] cmdline: [ 59.769791][ T3700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 59.779848][ T3700] Call Trace: [ 59.783129][ T3700] [ 59.786085][ T3700] dump_stack_lvl+0xcd/0x134 [ 59.790703][ T3700] should_fail.cold+0x5/0xa [ 59.795231][ T3700] get_futex_key+0x5a8/0x1c30 [ 59.799919][ T3700] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 59.805913][ T3700] ? futex_setup_timer+0xf0/0xf0 [ 59.810876][ T3700] futex_wait_setup+0xa7/0x230 [ 59.815658][ T3700] ? futex_wait_multiple+0xc90/0xc90 [ 59.820967][ T3700] futex_wait+0x264/0x680 [ 59.825315][ T3700] ? futex_wait_setup+0x230/0x230 [ 59.830380][ T3700] ? do_raw_spin_lock+0x120/0x2a0 [ 59.835417][ T3700] ? rwlock_bug.part.0+0x90/0x90 [ 59.840363][ T3700] ? _raw_spin_lock_irq+0x41/0x50 [ 59.845406][ T3700] do_futex+0x1af/0x300 [ 59.849577][ T3700] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 59.855498][ T3700] ? find_held_lock+0x2d/0x110 [ 59.860275][ T3700] __x64_sys_futex+0x1b0/0x4a0 [ 59.865065][ T3700] ? do_futex+0x300/0x300 [ 59.869424][ T3700] ? _raw_spin_unlock_irq+0x1f/0x40 [ 59.874635][ T3700] ? lockdep_hardirqs_on+0x79/0x100 [ 59.879880][ T3700] ? _raw_spin_unlock_irq+0x2a/0x40 [ 59.885085][ T3700] ? ptrace_notify+0xfa/0x140 [ 59.889778][ T3700] do_syscall_64+0x35/0xb0 [ 59.894213][ T3700] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.900116][ T3700] RIP: 0033:0x7f03a2a066b9 [ 59.904536][ T3700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.924163][ T3700] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 59.932590][ T3700] RAX: ffffffffffffffda RBX: 00007f03a2a8f4c8 RCX: 00007f03a2a066b9 [ 59.940584][ T3700] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03a2a8f4c8 [pid 3700] <... futex resumed>) = ? [pid 3700] +++ exited with 0 +++ [pid 3699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3699, si_uid=0, si_status=0, si_utime=0, si_stime=62} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3701 ./strace-static-x86_64: Process 3701 attached [pid 3701] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3701] setpgid(0, 0) = 0 [pid 3701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3701] write(3, "1000", 4) = 4 [pid 3701] close(3) = 0 [pid 3701] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3701] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3701] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3702], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3702 [pid 3701] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3702 attached [pid 3702] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3702] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3702] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = 0 [pid 3701] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3702] <... futex resumed>) = 1 [pid 3702] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3702] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = 0 [pid 3701] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3702] <... futex resumed>) = 1 [pid 3702] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3702] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3701}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3702] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3701}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3702] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = 0 [pid 3701] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3702] <... futex resumed>) = 1 [ 59.948574][ T3700] RBP: 00007f03a2a8f4c0 R08: 0000000000003031 R09: 0000000000003031 [ 59.956551][ T3700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03a29b7300 [ 59.964529][ T3700] R13: 0000000000000002 R14: 00007f03a29b7400 R15: 0000000000022000 [ 59.972532][ T3700] [pid 3702] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3702] write(5, "10", 2) = 2 [pid 3702] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3702] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = 0 [pid 3701] exit_group(0) = ? [pid 3702] <... futex resumed>) = ? [pid 3702] +++ exited with 0 +++ [pid 3701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3701, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3703 ./strace-static-x86_64: Process 3703 attached [pid 3703] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3703] setpgid(0, 0) = 0 [pid 3703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3703] write(3, "1000", 4) = 4 [pid 3703] close(3) = 0 [pid 3703] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3703] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3703] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3704 attached , parent_tid=[3704], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3704 [pid 3703] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3704] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3704] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3703] <... futex resumed>) = 0 [pid 3703] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3704] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3703] <... futex resumed>) = 0 [pid 3703] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3704] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3703}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3704] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3703}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3704] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3703] <... futex resumed>) = 0 [pid 3703] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3704] write(5, "10", 2) = 2 [pid 3704] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3704] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... futex resumed>) = 0 [pid 3703] exit_group(0) = ? [pid 3704] <... futex resumed>) = ? [pid 3704] +++ exited with 0 +++ [pid 3703] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3703, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3705 ./strace-static-x86_64: Process 3705 attached [pid 3705] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3705] setpgid(0, 0) = 0 [pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3705] write(3, "1000", 4) = 4 [pid 3705] close(3) = 0 [pid 3705] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3705] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3705] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3706 attached , parent_tid=[3706], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3706 [pid 3705] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3706] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3706] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3706] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] <... socket resumed>) = 4 [pid 3706] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3706] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3705}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3706] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3705}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3706] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3706] write(5, "10", 2) = 2 [pid 3706] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3706] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3705] <... futex resumed>) = 0 [pid 3706] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3705] exit_group(0 [pid 3706] <... futex resumed>) = ? [pid 3705] <... exit_group resumed>) = ? [pid 3706] +++ exited with 0 +++ [pid 3705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f6e5d0) = 3707 ./strace-static-x86_64: Process 3707 attached [pid 3707] set_robust_list(0x555556f6e5e0, 24) = 0 [pid 3707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3707] setpgid(0, 0) = 0 [pid 3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3707] write(3, "1000", 4) = 4 [pid 3707] close(3) = 0 [pid 3707] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03a2997000 [pid 3707] mprotect(0x7f03a2998000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3707] clone(child_stack=0x7f03a29b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3708 attached [pid 3708] set_robust_list(0x7f03a29b79e0, 24) = 0 [pid 3708] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] <... clone resumed>, parent_tid=[3708], tls=0x7f03a29b7700, child_tidptr=0x7f03a29b79d0) = 3708 [pid 3707] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3708] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3708] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3707] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3708] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 3708] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3707] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3708] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 3707] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3708] <... sendto resumed>) = 32 [pid 3708] recvfrom(4, [{nlmsg_len=196, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3707}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x4e\x45\x54\x5f\x44\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x02\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x17\x00\x00\x00\x68\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 196 [pid 3708] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3707}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3708] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3707] <... futex resumed>) = 0 [pid 3708] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3707] futex(0x7f03a2a8f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] <... openat resumed>) = 5 [pid 3707] <... futex resumed>) = 0 [pid 3707] futex(0x7f03a2a8f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3708] write(5, "10", 2) = 2 [pid 3708] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x2a\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR) = 20 [pid 3708] futex(0x7f03a2a8f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3707] <... futex resumed>) = 0 [pid 3708] futex(0x7f03a2a8f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] exit_group(0) = ? [pid 3708] <... futex resumed>) = ? [ 60.104503][ T3708] FAULT_INJECTION: forcing a failure. [ 60.104503][ T3708] name fail_futex, interval 1, probability 0, space 0, times 0 [ 60.117479][ T3708] CPU: 1 PID: 3708 Comm: syz-executor181 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 60.128879][ T3708] syz-executor181[3708] cmdline: ./syz-executor1814091279 [ 60.136002][ T3708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 60.146051][ T3708] Call Trace: [ 60.149336][ T3708] [ 60.152283][ T3708] dump_stack_lvl+0xcd/0x134 [ 60.156881][ T3708] should_fail.cold+0x5/0xa [ 60.161395][ T3708] get_futex_key+0x5a8/0x1c30 [ 60.166112][ T3708] ? __lock_acquire+0x166e/0x56d0 [ 60.171189][ T3708] ? futex_setup_timer+0xf0/0xf0 [ 60.176153][ T3708] futex_wake+0xe4/0x490 [ 60.180433][ T3708] ? futex_wake_mark+0x1a0/0x1a0 [ 60.185398][ T3708] ? find_held_lock+0x2d/0x110 [ 60.190159][ T3708] do_futex+0x266/0x300 [ 60.194313][ T3708] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 60.200210][ T3708] mm_release+0x235/0x2c0 [ 60.204553][ T3708] do_exit+0xa04/0x2b60 [ 60.208724][ T3708] ? get_signal+0x93b/0x2610 [ 60.213328][ T3708] ? mm_update_next_owner+0x7a0/0x7a0 [ 60.218719][ T3708] do_group_exit+0xd0/0x2a0 [ 60.223236][ T3708] get_signal+0x238c/0x2610 [ 60.227758][ T3708] ? map_id_up+0x178/0x2f0 [ 60.232212][ T3708] ? exit_signals+0x8b0/0x8b0 [ 60.236902][ T3708] ? __task_pid_nr_ns+0x168/0x4b0 [ 60.241946][ T3708] ? lock_downgrade+0x6e0/0x6e0 [ 60.246811][ T3708] arch_do_signal_or_restart+0x82/0x2300 [ 60.252487][ T3708] ? find_held_lock+0x2d/0x110 [ 60.257849][ T3708] ? get_sigframe_size+0x10/0x10 [ 60.265616][ T3708] ? ptrace_notify+0xfa/0x140 [ 60.270747][ T3708] ? lock_downgrade+0x6e0/0x6e0 [ 60.275616][ T3708] ? send_sig+0xfe/0x160 [ 60.279874][ T3708] ? send_sig_info+0x140/0x140 [ 60.284650][ T3708] ? _raw_spin_unlock_irq+0x1f/0x40 [ 60.289875][ T3708] ? exit_to_user_mode_prepare+0x137/0x250 [ 60.295699][ T3708] exit_to_user_mode_prepare+0x15f/0x250 [ 60.301346][ T3708] syscall_exit_to_user_mode+0x19/0x50 [ 60.306828][ T3708] do_syscall_64+0x42/0xb0 [ 60.311295][ T3708] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.317372][ T3708] RIP: 0033:0x7f03a2a066b9 [ 60.321798][ T3708] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.341412][ T3708] RSP: 002b:00007f03a29b72f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca