./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2270675373 <...> Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. execve("./syz-executor2270675373", ["./syz-executor2270675373"], 0x7ffee0b54ee0 /* 10 vars */) = 0 brk(NULL) = 0x555555822000 brk(0x555555822d40) = 0x555555822d40 arch_prctl(ARCH_SET_FS, 0x5555558223c0) = 0 set_tid_address(0x555555822690) = 5070 set_robust_list(0x5555558226a0, 24) = 0 rseq(0x555555822ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2270675373", 4096) = 28 getrandom("\x4a\xc8\x35\x9a\x0b\xec\x65\xd4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555822d40 brk(0x555555843d40) = 0x555555843d40 brk(0x555555844000) = 0x555555844000 mprotect(0x7efe98096000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached , child_tidptr=0x555555822690) = 5071 [pid 5071] set_robust_list(0x5555558226a0, 24) = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5071] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5072 attached [pid 5072] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5071] <... clone3 resumed> => {parent_tid=[5072]}, 88) = 5072 [pid 5072] set_robust_list(0x7efe97fd29a0, 24) = 0 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5072] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5071] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5071] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3 [pid 5072] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5072] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5071] <... futex resumed>) = 1 [pid 5072] <... openat resumed>) = 4 [pid 5071] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... futex resumed>) = 0 [pid 5072] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5071] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... ioctl resumed>, 0x200001c0) = 0 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... futex resumed>) = 0 [pid 5071] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5071] <... futex resumed>) = 0 [pid 5072] <... ioctl resumed>, 0x200003c0) = 0 [pid 5071] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5072] <... futex resumed>) = 1 [pid 5071] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5071] <... futex resumed>) = 0 [pid 5072] <... ioctl resumed>, 0x20000440) = 0 [pid 5071] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... openat resumed>) = 5 [pid 5072] write(5, "11", 2) = 2 [ 55.654672][ T5072] FAULT_INJECTION: forcing a failure. [ 55.654672][ T5072] name failslab, interval 1, probability 0, space 0, times 1 [ 55.667362][ T5072] CPU: 1 PID: 5072 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 55.677807][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 55.687860][ T5072] Call Trace: [ 55.691128][ T5072] [ 55.694047][ T5072] dump_stack_lvl+0x125/0x1b0 [ 55.698733][ T5072] should_fail_ex+0x496/0x5b0 [ 55.703402][ T5072] should_failslab+0x9/0x20 [ 55.707891][ T5072] kmem_cache_alloc+0x69/0x2f0 [ 55.712649][ T5072] security_inode_alloc+0x38/0x180 [ 55.717751][ T5072] inode_init_always+0xc2f/0xf50 [ 55.722694][ T5072] alloc_inode+0x7a/0x220 [ 55.727012][ T5072] new_inode+0x22/0x260 [ 55.731157][ T5072] shmem_get_inode+0x194/0xe80 [ 55.735907][ T5072] __shmem_file_setup+0x16c/0x300 [ 55.740948][ T5072] drm_gem_object_init+0x38/0xa0 [ 55.745876][ T5072] __drm_gem_shmem_create+0x104/0x410 [ 55.751238][ T5072] drm_gem_shmem_dumb_create+0x1e3/0x310 [ 55.756861][ T5072] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 55.762574][ T5072] drm_ioctl_kernel+0x28c/0x4d0 [ 55.767407][ T5072] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 55.772769][ T5072] ? drm_setversion+0x870/0x870 [ 55.777644][ T5072] drm_ioctl+0x5cb/0xbf0 [ 55.781873][ T5072] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 55.787234][ T5072] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 55.792243][ T5072] ? reacquire_held_locks+0x4c0/0x4c0 [ 55.797614][ T5072] ? bpf_lsm_file_ioctl+0x9/0x10 [ 55.802537][ T5072] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 55.807556][ T5072] __x64_sys_ioctl+0x18f/0x210 [ 55.812310][ T5072] do_syscall_64+0x40/0x110 [ 55.816798][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.822675][ T5072] RIP: 0033:0x7efe98014769 [ 55.827070][ T5072] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.846660][ T5072] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [pid 5072] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000100) = -1 ENOSPC (No space left on device) [pid 5071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = 0 [pid 5072] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD [pid 5071] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... ioctl resumed>, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5072] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5072] <... futex resumed>) = 1 [pid 5071] exit_group(0) = ? [pid 5072] +++ exited with 0 +++ [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached [ 55.855056][ T5072] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [ 55.863009][ T5072] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 55.870964][ T5072] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 55.878939][ T5072] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 55.886907][ T5072] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 55.894888][ T5072] [pid 5073] set_robust_list(0x5555558226a0, 24 [pid 5070] <... clone resumed>, child_tidptr=0x555555822690) = 5073 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5073] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5073] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5074 attached [pid 5074] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053 [pid 5073] <... clone3 resumed> => {parent_tid=[5074]}, 88) = 5074 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5073] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] <... rseq resumed>) = 0 [pid 5074] set_robust_list(0x7efe97fd29a0, 24 [pid 5073] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... set_robust_list resumed>) = 0 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5074] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3 [pid 5074] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5074] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] <... futex resumed>) = 0 [pid 5074] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5073] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... openat resumed>) = 4 [pid 5074] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5073] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5073] <... futex resumed>) = 0 [pid 5074] <... ioctl resumed>, 0x200001c0) = 0 [pid 5073] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5073] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5073] <... futex resumed>) = 0 [pid 5074] <... ioctl resumed>, 0x200003c0) = 0 [pid 5073] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5073] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5073] <... futex resumed>) = 0 [pid 5074] <... ioctl resumed>, 0x20000440) = 0 [pid 5073] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5074] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] <... futex resumed>) = 0 [pid 5074] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5073] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... openat resumed>) = 5 [pid 5074] write(5, "11", 2) = 2 [ 56.035007][ T5074] FAULT_INJECTION: forcing a failure. [ 56.035007][ T5074] name failslab, interval 1, probability 0, space 0, times 0 [ 56.047680][ T5074] CPU: 0 PID: 5074 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 56.058102][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 56.068159][ T5074] Call Trace: [ 56.071429][ T5074] [ 56.074348][ T5074] dump_stack_lvl+0x125/0x1b0 [ 56.079105][ T5074] should_fail_ex+0x496/0x5b0 [ 56.083778][ T5074] should_failslab+0x9/0x20 [ 56.088271][ T5074] __kmem_cache_alloc_node+0x6b/0x310 [ 56.095110][ T5074] ? vma_node_allow+0x56/0x300 [ 56.099865][ T5074] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 56.105749][ T5074] kmalloc_trace+0x25/0x60 [ 56.110155][ T5074] vma_node_allow+0x56/0x300 [ 56.114736][ T5074] drm_gem_handle_create_tail+0x222/0x540 [ 56.120449][ T5074] drm_gem_shmem_dumb_create+0x21a/0x310 [ 56.126079][ T5074] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 56.131798][ T5074] drm_ioctl_kernel+0x28c/0x4d0 [ 56.136644][ T5074] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 56.142010][ T5074] ? drm_setversion+0x870/0x870 [ 56.146858][ T5074] drm_ioctl+0x5cb/0xbf0 [ 56.151098][ T5074] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 56.156464][ T5074] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 56.161479][ T5074] ? reacquire_held_locks+0x4c0/0x4c0 [ 56.166861][ T5074] ? bpf_lsm_file_ioctl+0x9/0x10 [ 56.171789][ T5074] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 56.176807][ T5074] __x64_sys_ioctl+0x18f/0x210 [ 56.181572][ T5074] do_syscall_64+0x40/0x110 [ 56.186071][ T5074] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.191954][ T5074] RIP: 0033:0x7efe98014769 [ 56.196357][ T5074] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 56.215957][ T5074] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.224357][ T5074] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5074] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB [pid 5073] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5073] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5074] <... ioctl resumed>, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5073] <... mmap resumed>) = 0x7efe97f91000 [pid 5074] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] mprotect(0x7efe97f92000, 131072, PROT_READ|PROT_WRITE [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... mprotect resumed>) = 0 [pid 5073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fb1990, parent_tid=0x7efe97fb1990, exit_signal=0, stack=0x7efe97f91000, stack_size=0x20300, tls=0x7efe97fb16c0} => {parent_tid=[5075]}, 88) = 5075 ./strace-static-x86_64: Process 5075 attached [pid 5073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5073] futex(0x7efe9809c418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7efe9809c41c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] rseq(0x7efe97fb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5075] set_robust_list(0x7efe97fb19a0, 24) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5075] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5075] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5075] futex(0x7efe9809c418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] exit_group(0 [pid 5075] <... futex resumed>) = ? [pid 5074] <... futex resumed>) = ? [pid 5073] <... exit_group resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 56.232318][ T5074] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 56.240277][ T5074] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 56.248237][ T5074] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 56.256226][ T5074] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 56.264196][ T5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x5555558226a0, 24 [pid 5070] <... clone resumed>, child_tidptr=0x555555822690) = 5076 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5076] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5077 attached => {parent_tid=[5077]}, 88) = 5077 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5076] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] set_robust_list(0x7efe97fd29a0, 24 [pid 5076] <... futex resumed>) = 0 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5076] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3 [pid 5077] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5076] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY) = 4 [pid 5077] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5076] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES, 0x200001c0) = 0 [pid 5077] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5077] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5077] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5076] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... ioctl resumed>, 0x200003c0) = 0 [pid 5077] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5077] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5077] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5076] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... ioctl resumed>, 0x20000440) = 0 [pid 5077] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5077] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5076] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... openat resumed>) = 5 [pid 5077] write(5, "11", 2) = 2 [ 56.433627][ T5077] FAULT_INJECTION: forcing a failure. [ 56.433627][ T5077] name failslab, interval 1, probability 0, space 0, times 0 [ 56.446290][ T5077] CPU: 0 PID: 5077 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 56.456701][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 56.466769][ T5077] Call Trace: [ 56.470040][ T5077] [ 56.472955][ T5077] dump_stack_lvl+0x125/0x1b0 [ 56.477624][ T5077] should_fail_ex+0x496/0x5b0 [ 56.482296][ T5077] should_failslab+0x9/0x20 [ 56.486788][ T5077] __kmem_cache_alloc_node+0x6b/0x310 [ 56.492153][ T5077] ? vma_node_allow+0x56/0x300 [ 56.496917][ T5077] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 56.502807][ T5077] kmalloc_trace+0x25/0x60 [ 56.507223][ T5077] vma_node_allow+0x56/0x300 [ 56.511814][ T5077] drm_gem_handle_create_tail+0x222/0x540 [ 56.517535][ T5077] drm_gem_shmem_dumb_create+0x21a/0x310 [ 56.523165][ T5077] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 56.528888][ T5077] drm_ioctl_kernel+0x28c/0x4d0 [ 56.533733][ T5077] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 56.539106][ T5077] ? drm_setversion+0x870/0x870 [ 56.543955][ T5077] drm_ioctl+0x5cb/0xbf0 [ 56.548200][ T5077] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 56.553574][ T5077] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 56.558591][ T5077] ? reacquire_held_locks+0x4c0/0x4c0 [ 56.563973][ T5077] ? bpf_lsm_file_ioctl+0x9/0x10 [ 56.568904][ T5077] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 56.573922][ T5077] __x64_sys_ioctl+0x18f/0x210 [ 56.578693][ T5077] do_syscall_64+0x40/0x110 [ 56.583200][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.589089][ T5077] RIP: 0033:0x7efe98014769 [ 56.593493][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 56.613092][ T5077] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.621497][ T5077] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5077] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5076] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5077] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD [pid 5076] <... futex resumed>) = 0 [pid 5077] <... ioctl resumed>, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5077] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] exit_group(0) = ? [pid 5077] <... futex resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x5555558226a0, 24 [pid 5070] <... clone resumed>, child_tidptr=0x555555822690) = 5078 [pid 5078] <... set_robust_list resumed>) = 0 [ 56.629459][ T5077] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 56.637416][ T5077] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 56.645375][ T5077] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 56.653334][ T5077] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 56.661305][ T5077] [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5078] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5079 attached [pid 5079] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053 [pid 5078] <... clone3 resumed> => {parent_tid=[5079]}, 88) = 5079 [pid 5079] <... rseq resumed>) = 0 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5079] set_robust_list(0x7efe97fd29a0, 24 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY [pid 5078] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... openat resumed>) = 3 [pid 5079] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5078] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... openat resumed>) = 4 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5078] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES, 0x200001c0) = 0 [pid 5079] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5079] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5078] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... ioctl resumed>, 0x200003c0) = 0 [pid 5079] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5078] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... ioctl resumed>, 0x20000440) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5078] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... openat resumed>) = 5 [pid 5079] write(5, "11", 2) = 2 [ 56.851735][ T5079] FAULT_INJECTION: forcing a failure. [ 56.851735][ T5079] name failslab, interval 1, probability 0, space 0, times 0 [ 56.864405][ T5079] CPU: 0 PID: 5079 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 56.874800][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 56.884872][ T5079] Call Trace: [ 56.888143][ T5079] [ 56.891064][ T5079] dump_stack_lvl+0x125/0x1b0 [ 56.895738][ T5079] should_fail_ex+0x496/0x5b0 [ 56.900416][ T5079] should_failslab+0x9/0x20 [ 56.904916][ T5079] __kmem_cache_alloc_node+0x6b/0x310 [ 56.910283][ T5079] ? vma_node_allow+0x56/0x300 [ 56.915042][ T5079] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 56.920931][ T5079] kmalloc_trace+0x25/0x60 [ 56.925342][ T5079] vma_node_allow+0x56/0x300 [ 56.929931][ T5079] drm_gem_handle_create_tail+0x222/0x540 [ 56.935827][ T5079] drm_gem_shmem_dumb_create+0x21a/0x310 [ 56.941459][ T5079] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 56.947178][ T5079] drm_ioctl_kernel+0x28c/0x4d0 [ 56.952028][ T5079] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 56.957398][ T5079] ? drm_setversion+0x870/0x870 [ 56.962250][ T5079] drm_ioctl+0x5cb/0xbf0 [ 56.966491][ T5079] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 56.971861][ T5079] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 56.976880][ T5079] ? reacquire_held_locks+0x4c0/0x4c0 [ 56.982264][ T5079] ? bpf_lsm_file_ioctl+0x9/0x10 [ 56.987215][ T5079] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 56.992233][ T5079] __x64_sys_ioctl+0x18f/0x210 [ 56.997001][ T5079] do_syscall_64+0x40/0x110 [ 57.001502][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.007389][ T5079] RIP: 0033:0x7efe98014769 [ 57.011796][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 57.031397][ T5079] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.039800][ T5079] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5079] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB [pid 5078] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5079] <... ioctl resumed>, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5078] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... futex resumed>) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97f91000 [pid 5078] mprotect(0x7efe97f92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fb1990, parent_tid=0x7efe97fb1990, exit_signal=0, stack=0x7efe97f91000, stack_size=0x20300, tls=0x7efe97fb16c0}./strace-static-x86_64: Process 5080 attached [pid 5080] rseq(0x7efe97fb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5078] <... clone3 resumed> => {parent_tid=[5080]}, 88) = 5080 [pid 5080] set_robust_list(0x7efe97fb19a0, 24 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5080] <... set_robust_list resumed>) = 0 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] futex(0x7efe9809c418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD [pid 5078] <... futex resumed>) = 0 [pid 5080] <... ioctl resumed>, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5078] futex(0x7efe9809c41c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5080] futex(0x7efe9809c418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] exit_group(0 [pid 5080] <... futex resumed>) = ? [pid 5079] <... futex resumed>) = ? [pid 5078] <... exit_group resumed>) = ? [pid 5080] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x5555558226a0, 24 [pid 5070] <... clone resumed>, child_tidptr=0x555555822690) = 5081 [pid 5081] <... set_robust_list resumed>) = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 57.047761][ T5079] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 57.055728][ T5079] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 57.063687][ T5079] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 57.071651][ T5079] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 57.079621][ T5079] [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5081] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5082 attached [pid 5082] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053 [pid 5081] <... clone3 resumed> => {parent_tid=[5082]}, 88) = 5082 [pid 5082] <... rseq resumed>) = 0 [pid 5082] set_robust_list(0x7efe97fd29a0, 24) = 0 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3 [pid 5082] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5081] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... openat resumed>) = 4 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5081] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5081] <... futex resumed>) = 0 [pid 5082] <... ioctl resumed>, 0x200001c0) = 0 [pid 5081] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5082] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5081] <... futex resumed>) = 0 [pid 5082] <... ioctl resumed>, 0x200003c0) = 0 [pid 5081] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5081] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5081] <... futex resumed>) = 0 [pid 5082] <... ioctl resumed>, 0x20000440) = 0 [pid 5081] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5081] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5081] <... futex resumed>) = 0 [pid 5082] <... openat resumed>) = 5 [pid 5081] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] write(5, "11", 2) = 2 [ 57.229219][ T5082] FAULT_INJECTION: forcing a failure. [ 57.229219][ T5082] name failslab, interval 1, probability 0, space 0, times 0 [ 57.241871][ T5082] CPU: 1 PID: 5082 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 57.252271][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 57.262313][ T5082] Call Trace: [ 57.265584][ T5082] [ 57.268505][ T5082] dump_stack_lvl+0x125/0x1b0 [ 57.273175][ T5082] should_fail_ex+0x496/0x5b0 [ 57.277851][ T5082] should_failslab+0x9/0x20 [ 57.282341][ T5082] __kmem_cache_alloc_node+0x6b/0x310 [ 57.287704][ T5082] ? vma_node_allow+0x56/0x300 [ 57.292460][ T5082] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 57.298344][ T5082] kmalloc_trace+0x25/0x60 [ 57.302748][ T5082] vma_node_allow+0x56/0x300 [ 57.307324][ T5082] drm_gem_handle_create_tail+0x222/0x540 [ 57.313038][ T5082] drm_gem_shmem_dumb_create+0x21a/0x310 [ 57.318683][ T5082] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 57.324423][ T5082] drm_ioctl_kernel+0x28c/0x4d0 [ 57.329279][ T5082] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 57.334640][ T5082] ? drm_setversion+0x870/0x870 [ 57.339484][ T5082] drm_ioctl+0x5cb/0xbf0 [ 57.343750][ T5082] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 57.349160][ T5082] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 57.354203][ T5082] ? reacquire_held_locks+0x4c0/0x4c0 [ 57.359602][ T5082] ? bpf_lsm_file_ioctl+0x9/0x10 [ 57.364521][ T5082] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 57.369533][ T5082] __x64_sys_ioctl+0x18f/0x210 [ 57.374290][ T5082] do_syscall_64+0x40/0x110 [ 57.378786][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.384665][ T5082] RIP: 0033:0x7efe98014769 [ 57.389065][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 57.408662][ T5082] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.417064][ T5082] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5082] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5082] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5082] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD [pid 5081] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... ioctl resumed>, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5082] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5082] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] exit_group(0 [pid 5082] <... futex resumed>) = ? [pid 5081] <... exit_group resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached , child_tidptr=0x555555822690) = 5083 [pid 5083] set_robust_list(0x5555558226a0, 24) = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [ 57.425024][ T5082] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 57.432982][ T5082] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 57.440941][ T5082] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 57.448900][ T5082] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 57.456864][ T5082] [ 57.459880][ C1] vkms_vblank_simulate: vblank timer overrun [pid 5083] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5083] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5084 attached [pid 5084] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053 [pid 5083] <... clone3 resumed> => {parent_tid=[5084]}, 88) = 5084 [pid 5084] <... rseq resumed>) = 0 [pid 5084] set_robust_list(0x7efe97fd29a0, 24) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5083] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5084] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY [pid 5083] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 3 [pid 5084] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5084] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5084] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5083] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 4 [pid 5084] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5084] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5083] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... ioctl resumed>, 0x200001c0) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5084] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5084] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5083] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... ioctl resumed>, 0x200003c0) = 0 [pid 5084] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5083] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5083] <... futex resumed>) = 0 [pid 5084] <... ioctl resumed>, 0x20000440) = 0 [pid 5083] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5083] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] write(5, "11", 2) = 2 [ 57.597029][ T5084] FAULT_INJECTION: forcing a failure. [ 57.597029][ T5084] name failslab, interval 1, probability 0, space 0, times 0 [ 57.609693][ T5084] CPU: 0 PID: 5084 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 57.620119][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 57.630187][ T5084] Call Trace: [ 57.633454][ T5084] [ 57.636369][ T5084] dump_stack_lvl+0x125/0x1b0 [ 57.641039][ T5084] should_fail_ex+0x496/0x5b0 [ 57.645713][ T5084] should_failslab+0x9/0x20 [ 57.650203][ T5084] __kmem_cache_alloc_node+0x6b/0x310 [ 57.655570][ T5084] ? vma_node_allow+0x56/0x300 [ 57.660326][ T5084] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 57.666205][ T5084] kmalloc_trace+0x25/0x60 [ 57.670615][ T5084] vma_node_allow+0x56/0x300 [ 57.675195][ T5084] drm_gem_handle_create_tail+0x222/0x540 [ 57.680915][ T5084] drm_gem_shmem_dumb_create+0x21a/0x310 [ 57.686549][ T5084] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 57.692266][ T5084] drm_ioctl_kernel+0x28c/0x4d0 [ 57.697112][ T5084] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 57.702480][ T5084] ? drm_setversion+0x870/0x870 [ 57.707331][ T5084] drm_ioctl+0x5cb/0xbf0 [ 57.711571][ T5084] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 57.716939][ T5084] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 57.721955][ T5084] ? reacquire_held_locks+0x4c0/0x4c0 [ 57.727334][ T5084] ? bpf_lsm_file_ioctl+0x9/0x10 [ 57.732263][ T5084] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 57.737284][ T5084] __x64_sys_ioctl+0x18f/0x210 [ 57.742051][ T5084] do_syscall_64+0x40/0x110 [ 57.746554][ T5084] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.752438][ T5084] RIP: 0033:0x7efe98014769 [ 57.756842][ T5084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 57.776440][ T5084] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.784846][ T5084] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5084] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB [pid 5083] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5083] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97f91000 [pid 5084] <... ioctl resumed>, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5084] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] mprotect(0x7efe97f92000, 131072, PROT_READ|PROT_WRITE [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... mprotect resumed>) = 0 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fb1990, parent_tid=0x7efe97fb1990, exit_signal=0, stack=0x7efe97f91000, stack_size=0x20300, tls=0x7efe97fb16c0}./strace-static-x86_64: Process 5085 attached => {parent_tid=[5085]}, 88) = 5085 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] rseq(0x7efe97fb1fe0, 0x20, 0, 0x53053053 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] <... rseq resumed>) = 0 [pid 5085] set_robust_list(0x7efe97fb19a0, 24 [pid 5083] futex(0x7efe9809c418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] futex(0x7efe9809c41c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5085] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5085] futex(0x7efe9809c418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] exit_group(0 [pid 5085] <... futex resumed>) = ? [pid 5084] <... futex resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ [pid 5083] <... exit_group resumed>) = ? [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached , child_tidptr=0x555555822690) = 5086 [ 57.792806][ T5084] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 57.800778][ T5084] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 57.808915][ T5084] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 57.816879][ T5084] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 57.824849][ T5084] [pid 5086] set_robust_list(0x5555558226a0, 24) = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5086] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5086] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5087 attached [pid 5087] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053 [pid 5086] <... clone3 resumed> => {parent_tid=[5087]}, 88) = 5087 [pid 5087] <... rseq resumed>) = 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] set_robust_list(0x7efe97fd29a0, 24 [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5086] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] <... futex resumed>) = 0 [pid 5087] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY [pid 5086] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... openat resumed>) = 3 [pid 5087] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5086] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... openat resumed>) = 4 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5086] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5086] <... futex resumed>) = 0 [pid 5087] <... ioctl resumed>, 0x200001c0) = 0 [pid 5086] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5087] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5086] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... ioctl resumed>, 0x200003c0) = 0 [pid 5087] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5087] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5086] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... ioctl resumed>, 0x20000440) = 0 [pid 5087] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5086] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] <... openat resumed>) = 5 [pid 5086] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] write(5, "11", 2) = 2 [ 57.941525][ T5087] FAULT_INJECTION: forcing a failure. [ 57.941525][ T5087] name failslab, interval 1, probability 0, space 0, times 0 [ 57.954245][ T5087] CPU: 0 PID: 5087 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 57.964670][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 57.974706][ T5087] Call Trace: [ 57.977969][ T5087] [ 57.980883][ T5087] dump_stack_lvl+0x125/0x1b0 [ 57.985569][ T5087] should_fail_ex+0x496/0x5b0 [ 57.990244][ T5087] should_failslab+0x9/0x20 [ 57.994734][ T5087] __kmem_cache_alloc_node+0x6b/0x310 [ 58.000094][ T5087] ? vma_node_allow+0x56/0x300 [ 58.004844][ T5087] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 58.010723][ T5087] kmalloc_trace+0x25/0x60 [ 58.015126][ T5087] vma_node_allow+0x56/0x300 [ 58.019709][ T5087] drm_gem_handle_create_tail+0x222/0x540 [ 58.025412][ T5087] drm_gem_shmem_dumb_create+0x21a/0x310 [ 58.031030][ T5087] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 58.036733][ T5087] drm_ioctl_kernel+0x28c/0x4d0 [ 58.041569][ T5087] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 58.046926][ T5087] ? drm_setversion+0x870/0x870 [ 58.051770][ T5087] drm_ioctl+0x5cb/0xbf0 [ 58.056009][ T5087] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 58.061379][ T5087] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 58.066395][ T5087] ? reacquire_held_locks+0x4c0/0x4c0 [ 58.071777][ T5087] ? bpf_lsm_file_ioctl+0x9/0x10 [ 58.076708][ T5087] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 58.081731][ T5087] __x64_sys_ioctl+0x18f/0x210 [ 58.086496][ T5087] do_syscall_64+0x40/0x110 [ 58.090995][ T5087] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 58.096879][ T5087] RIP: 0033:0x7efe98014769 [ 58.101285][ T5087] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 58.120882][ T5087] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.129284][ T5087] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5087] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB [pid 5086] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5087] <... ioctl resumed>, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5086] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97f91000 [pid 5086] mprotect(0x7efe97f92000, 131072, PROT_READ|PROT_WRITE [pid 5087] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... mprotect resumed>) = 0 [pid 5087] <... futex resumed>) = 0 [pid 5086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fb1990, parent_tid=0x7efe97fb1990, exit_signal=0, stack=0x7efe97f91000, stack_size=0x20300, tls=0x7efe97fb16c0} => {parent_tid=[5088]}, 88) = 5088 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] futex(0x7efe9809c418, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5088 attached [pid 5087] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5088] rseq(0x7efe97fb1fe0, 0x20, 0, 0x53053053 [pid 5086] futex(0x7efe9809c41c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... rseq resumed>) = 0 [pid 5088] set_robust_list(0x7efe97fb19a0, 24) = 0 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5088] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5088] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5088] futex(0x7efe9809c418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] exit_group(0 [pid 5088] <... futex resumed>) = ? [pid 5087] <... futex resumed>) = ? [pid 5086] <... exit_group resumed>) = ? [pid 5088] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 58.137242][ T5087] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 58.145201][ T5087] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 58.153160][ T5087] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 58.161119][ T5087] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 58.169087][ T5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached , child_tidptr=0x555555822690) = 5089 [pid 5089] set_robust_list(0x5555558226a0, 24) = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5089] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5090 attached [pid 5090] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5089] <... clone3 resumed> => {parent_tid=[5090]}, 88) = 5090 [pid 5090] set_robust_list(0x7efe97fd29a0, 24 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... set_robust_list resumed>) = 0 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5090] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY [pid 5089] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... openat resumed>) = 3 [pid 5090] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5089] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... openat resumed>) = 4 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... futex resumed>) = 0 [pid 5089] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5089] <... futex resumed>) = 0 [pid 5090] <... ioctl resumed>, 0x200001c0) = 0 [pid 5089] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] <... futex resumed>) = 0 [pid 5090] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5089] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... ioctl resumed>, 0x200003c0) = 0 [pid 5090] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5089] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... ioctl resumed>, 0x20000440) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... futex resumed>) = 0 [pid 5089] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... openat resumed>) = 5 [pid 5090] write(5, "11", 2) = 2 [ 58.333038][ T5090] FAULT_INJECTION: forcing a failure. [ 58.333038][ T5090] name failslab, interval 1, probability 0, space 0, times 0 [ 58.345828][ T5090] CPU: 1 PID: 5090 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 58.356256][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 58.366298][ T5090] Call Trace: [ 58.369564][ T5090] [ 58.372477][ T5090] dump_stack_lvl+0x125/0x1b0 [ 58.377145][ T5090] should_fail_ex+0x496/0x5b0 [ 58.381816][ T5090] should_failslab+0x9/0x20 [ 58.386305][ T5090] __kmem_cache_alloc_node+0x6b/0x310 [ 58.391664][ T5090] ? vma_node_allow+0x56/0x300 [ 58.396419][ T5090] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 58.402300][ T5090] kmalloc_trace+0x25/0x60 [ 58.406707][ T5090] vma_node_allow+0x56/0x300 [ 58.411288][ T5090] drm_gem_handle_create_tail+0x222/0x540 [ 58.416998][ T5090] drm_gem_shmem_dumb_create+0x21a/0x310 [ 58.422615][ T5090] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 58.428326][ T5090] drm_ioctl_kernel+0x28c/0x4d0 [ 58.433157][ T5090] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 58.438518][ T5090] ? drm_setversion+0x870/0x870 [ 58.443355][ T5090] drm_ioctl+0x5cb/0xbf0 [ 58.447584][ T5090] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 58.452944][ T5090] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 58.457954][ T5090] ? reacquire_held_locks+0x4c0/0x4c0 [ 58.463327][ T5090] ? bpf_lsm_file_ioctl+0x9/0x10 [ 58.468250][ T5090] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 58.473262][ T5090] __x64_sys_ioctl+0x18f/0x210 [ 58.478017][ T5090] do_syscall_64+0x40/0x110 [ 58.482537][ T5090] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 58.488416][ T5090] RIP: 0033:0x7efe98014769 [ 58.492817][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 58.512433][ T5090] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.520831][ T5090] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5090] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5090] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5090] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD [pid 5089] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... ioctl resumed>, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5090] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] exit_group(0 [pid 5090] <... futex resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5089] <... exit_group resumed>) = ? [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached , child_tidptr=0x555555822690) = 5091 [pid 5091] set_robust_list(0x5555558226a0, 24) = 0 [ 58.528804][ T5090] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 58.536785][ T5090] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 58.544741][ T5090] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 58.552705][ T5090] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 58.560667][ T5090] [ 58.563683][ C1] vkms_vblank_simulate: vblank timer overrun [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5091] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5092 attached [pid 5092] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5091] <... clone3 resumed> => {parent_tid=[5092]}, 88) = 5092 [pid 5092] set_robust_list(0x7efe97fd29a0, 24) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY [pid 5091] <... futex resumed>) = 0 [pid 5092] <... openat resumed>) = 3 [pid 5091] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5091] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... openat resumed>) = 4 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... futex resumed>) = 0 [pid 5092] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5091] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... ioctl resumed>, 0x200001c0) = 0 [pid 5092] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... futex resumed>) = 0 [pid 5092] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5091] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... ioctl resumed>, 0x200003c0) = 0 [pid 5092] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... futex resumed>) = 0 [pid 5092] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5091] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... ioctl resumed>, 0x20000440) = 0 [pid 5092] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5091] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] <... openat resumed>) = 5 [pid 5091] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] write(5, "11", 2) = 2 [ 58.699906][ T5092] FAULT_INJECTION: forcing a failure. [ 58.699906][ T5092] name failslab, interval 1, probability 0, space 0, times 0 [ 58.712572][ T5092] CPU: 1 PID: 5092 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 58.722983][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 58.733049][ T5092] Call Trace: [ 58.736315][ T5092] [ 58.739235][ T5092] dump_stack_lvl+0x125/0x1b0 [ 58.743907][ T5092] should_fail_ex+0x496/0x5b0 [ 58.748582][ T5092] should_failslab+0x9/0x20 [ 58.753071][ T5092] __kmem_cache_alloc_node+0x6b/0x310 [ 58.758439][ T5092] ? vma_node_allow+0x56/0x300 [ 58.763190][ T5092] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 58.769077][ T5092] kmalloc_trace+0x25/0x60 [ 58.773478][ T5092] vma_node_allow+0x56/0x300 [ 58.778053][ T5092] drm_gem_handle_create_tail+0x222/0x540 [ 58.783760][ T5092] drm_gem_shmem_dumb_create+0x21a/0x310 [ 58.789377][ T5092] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 58.795086][ T5092] drm_ioctl_kernel+0x28c/0x4d0 [ 58.799921][ T5092] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 58.805282][ T5092] ? drm_setversion+0x870/0x870 [ 58.810125][ T5092] drm_ioctl+0x5cb/0xbf0 [ 58.814357][ T5092] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 58.819725][ T5092] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 58.824752][ T5092] ? reacquire_held_locks+0x4c0/0x4c0 [ 58.830145][ T5092] ? bpf_lsm_file_ioctl+0x9/0x10 [ 58.835083][ T5092] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 58.840104][ T5092] __x64_sys_ioctl+0x18f/0x210 [ 58.844872][ T5092] do_syscall_64+0x40/0x110 [ 58.849377][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 58.855264][ T5092] RIP: 0033:0x7efe98014769 [ 58.859670][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 58.879271][ T5092] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.887674][ T5092] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5092] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5092] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 0 [pid 5092] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD [pid 5091] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... ioctl resumed>, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5092] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] exit_group(0 [pid 5092] <... futex resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5091] <... exit_group resumed>) = ? [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x5555558226a0, 24 [pid 5070] <... clone resumed>, child_tidptr=0x555555822690) = 5093 [pid 5093] <... set_robust_list resumed>) = 0 [ 58.895636][ T5092] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 58.903597][ T5092] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 58.911558][ T5092] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 58.919517][ T5092] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 58.927488][ T5092] [ 58.930515][ C1] vkms_vblank_simulate: vblank timer overrun [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5093] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5094 attached => {parent_tid=[5094]}, 88) = 5094 [pid 5094] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] <... rseq resumed>) = 0 [pid 5093] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] set_robust_list(0x7efe97fd29a0, 24) = 0 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5094] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3 [pid 5094] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5094] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5093] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... openat resumed>) = 4 [pid 5094] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES, 0x200001c0) = 0 [pid 5094] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5093] <... futex resumed>) = 0 [pid 5094] <... ioctl resumed>, 0x200003c0) = 0 [pid 5093] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5094] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5093] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... ioctl resumed>, 0x20000440) = 0 [pid 5094] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5094] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5093] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... openat resumed>) = 5 [pid 5094] write(5, "11", 2) = 2 [pid 5094] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000100) = 0 [pid 5094] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5094] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD [pid 5093] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... ioctl resumed>, 0x20000080) = 0 [pid 5094] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... futex resumed>) = 0 [pid 5093] exit_group(0 [pid 5094] <... futex resumed>) = ? [pid 5093] <... exit_group resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached , child_tidptr=0x555555822690) = 5095 [pid 5095] set_robust_list(0x5555558226a0, 24) = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5095] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5096 attached [pid 5096] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053 [pid 5095] <... clone3 resumed> => {parent_tid=[5096]}, 88) = 5096 [pid 5096] <... rseq resumed>) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5096] set_robust_list(0x7efe97fd29a0, 24) = 0 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5096] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY [pid 5095] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... openat resumed>) = 3 [pid 5096] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY) = 4 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5095] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES, 0x200001c0) = 0 [pid 5096] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5095] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... ioctl resumed>, 0x200003c0) = 0 [pid 5096] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5095] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... ioctl resumed>, 0x20000440) = 0 [pid 5096] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5095] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... openat resumed>) = 5 [pid 5096] write(5, "11", 2) = 2 [ 59.190899][ T5096] FAULT_INJECTION: forcing a failure. [ 59.190899][ T5096] name failslab, interval 1, probability 0, space 0, times 0 [ 59.203591][ T5096] CPU: 0 PID: 5096 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 59.213985][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 59.224025][ T5096] Call Trace: [ 59.227290][ T5096] [ 59.230209][ T5096] dump_stack_lvl+0x125/0x1b0 [ 59.234879][ T5096] should_fail_ex+0x496/0x5b0 [ 59.239550][ T5096] should_failslab+0x9/0x20 [ 59.244038][ T5096] __kmem_cache_alloc_node+0x6b/0x310 [ 59.249397][ T5096] ? vma_node_allow+0x56/0x300 [ 59.254143][ T5096] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 59.260024][ T5096] kmalloc_trace+0x25/0x60 [ 59.264424][ T5096] vma_node_allow+0x56/0x300 [ 59.269008][ T5096] drm_gem_handle_create_tail+0x222/0x540 [ 59.274725][ T5096] drm_gem_shmem_dumb_create+0x21a/0x310 [ 59.280345][ T5096] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 59.286058][ T5096] drm_ioctl_kernel+0x28c/0x4d0 [ 59.290897][ T5096] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 59.296259][ T5096] ? drm_setversion+0x870/0x870 [ 59.301102][ T5096] drm_ioctl+0x5cb/0xbf0 [ 59.305366][ T5096] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 59.310732][ T5096] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 59.315744][ T5096] ? reacquire_held_locks+0x4c0/0x4c0 [ 59.321116][ T5096] ? bpf_lsm_file_ioctl+0x9/0x10 [ 59.326032][ T5096] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 59.331041][ T5096] __x64_sys_ioctl+0x18f/0x210 [ 59.335792][ T5096] do_syscall_64+0x40/0x110 [ 59.340285][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 59.346157][ T5096] RIP: 0033:0x7efe98014769 [ 59.350555][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 59.370147][ T5096] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 59.378548][ T5096] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5096] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB [pid 5095] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5096] <... ioctl resumed>, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5095] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... mmap resumed>) = 0x7efe97f91000 [pid 5096] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] mprotect(0x7efe97f92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fb1990, parent_tid=0x7efe97fb1990, exit_signal=0, stack=0x7efe97f91000, stack_size=0x20300, tls=0x7efe97fb16c0}./strace-static-x86_64: Process 5097 attached [pid 5097] rseq(0x7efe97fb1fe0, 0x20, 0, 0x53053053 [pid 5095] <... clone3 resumed> => {parent_tid=[5097]}, 88) = 5097 [pid 5097] <... rseq resumed>) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] set_robust_list(0x7efe97fb19a0, 24) = 0 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] futex(0x7efe9809c418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5097] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD [pid 5095] futex(0x7efe9809c41c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... ioctl resumed>, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5097] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5097] futex(0x7efe9809c418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0 [pid 5097] <... futex resumed>) = ? [pid 5096] <... futex resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ [pid 5095] <... exit_group resumed>) = ? [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 59.386502][ T5096] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 59.394457][ T5096] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 59.402414][ T5096] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 59.410396][ T5096] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 59.418358][ T5096] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached , child_tidptr=0x555555822690) = 5098 [pid 5098] set_robust_list(0x5555558226a0, 24) = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5098] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5099 attached [pid 5099] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5099] set_robust_list(0x7efe97fd29a0, 24) = 0 [pid 5098] <... clone3 resumed> => {parent_tid=[5099]}, 88) = 5099 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5098] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5098] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3 [pid 5099] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5098] <... futex resumed>) = 1 [pid 5099] <... openat resumed>) = 4 [pid 5098] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5098] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5098] <... futex resumed>) = 0 [pid 5099] <... ioctl resumed>, 0x200001c0) = 0 [pid 5098] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5098] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5098] <... futex resumed>) = 0 [pid 5099] <... ioctl resumed>, 0x200003c0) = 0 [pid 5098] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5098] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5098] <... futex resumed>) = 0 [pid 5099] <... ioctl resumed>, 0x20000440) = 0 [pid 5098] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] <... futex resumed>) = 0 [pid 5099] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5098] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... openat resumed>) = 5 [pid 5099] write(5, "11", 2) = 2 [ 59.529943][ T5099] FAULT_INJECTION: forcing a failure. [ 59.529943][ T5099] name failslab, interval 1, probability 0, space 0, times 0 [ 59.542748][ T5099] CPU: 0 PID: 5099 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 59.553193][ T5099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 59.563242][ T5099] Call Trace: [ 59.566511][ T5099] [ 59.569435][ T5099] dump_stack_lvl+0x125/0x1b0 [ 59.574112][ T5099] should_fail_ex+0x496/0x5b0 [ 59.578792][ T5099] should_failslab+0x9/0x20 [ 59.583296][ T5099] __kmem_cache_alloc_node+0x6b/0x310 [ 59.588668][ T5099] ? vma_node_allow+0x56/0x300 [ 59.593429][ T5099] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 59.599320][ T5099] kmalloc_trace+0x25/0x60 [ 59.603734][ T5099] vma_node_allow+0x56/0x300 [ 59.608324][ T5099] drm_gem_handle_create_tail+0x222/0x540 [ 59.614217][ T5099] drm_gem_shmem_dumb_create+0x21a/0x310 [ 59.619850][ T5099] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 59.625572][ T5099] drm_ioctl_kernel+0x28c/0x4d0 [ 59.630419][ T5099] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 59.635788][ T5099] ? drm_setversion+0x870/0x870 [ 59.640639][ T5099] drm_ioctl+0x5cb/0xbf0 [ 59.644880][ T5099] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 59.650247][ T5099] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 59.655267][ T5099] ? reacquire_held_locks+0x4c0/0x4c0 [ 59.660651][ T5099] ? bpf_lsm_file_ioctl+0x9/0x10 [ 59.665586][ T5099] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 59.670610][ T5099] __x64_sys_ioctl+0x18f/0x210 [ 59.675376][ T5099] do_syscall_64+0x40/0x110 [ 59.679877][ T5099] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 59.685764][ T5099] RIP: 0033:0x7efe98014769 [ 59.690168][ T5099] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 59.709768][ T5099] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 59.718175][ T5099] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5099] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB [pid 5098] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5098] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97f91000 [pid 5098] mprotect(0x7efe97f92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5099] <... ioctl resumed>, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fb1990, parent_tid=0x7efe97fb1990, exit_signal=0, stack=0x7efe97f91000, stack_size=0x20300, tls=0x7efe97fb16c0} [pid 5099] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5100 attached ) = 0 [pid 5100] rseq(0x7efe97fb1fe0, 0x20, 0, 0x53053053 [pid 5099] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... clone3 resumed> => {parent_tid=[5100]}, 88) = 5100 [pid 5100] <... rseq resumed>) = 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5100] set_robust_list(0x7efe97fb19a0, 24 [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5100] <... set_robust_list resumed>) = 0 [pid 5098] futex(0x7efe9809c418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], [pid 5098] <... futex resumed>) = 0 [pid 5100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] futex(0x7efe9809c41c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5100] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] exit_group(0) = ? [pid 5099] <... futex resumed>) = ? [pid 5099] +++ exited with 0 +++ [pid 5100] <... futex resumed>) = ? [pid 5100] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached , child_tidptr=0x555555822690) = 5101 [ 59.726136][ T5099] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 59.734094][ T5099] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 59.742053][ T5099] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 59.750102][ T5099] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 59.758076][ T5099] [pid 5101] set_robust_list(0x5555558226a0, 24) = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5101] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5102 attached [pid 5102] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053 [pid 5101] <... clone3 resumed> => {parent_tid=[5102]}, 88) = 5102 [pid 5102] <... rseq resumed>) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5102] set_robust_list(0x7efe97fd29a0, 24 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5102] <... set_robust_list resumed>) = 0 [pid 5101] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] <... futex resumed>) = 0 [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3 [pid 5102] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5101] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5101] <... futex resumed>) = 0 [pid 5102] <... openat resumed>) = 4 [pid 5101] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5101] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... ioctl resumed>, 0x200001c0) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5102] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5101] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... ioctl resumed>, 0x200003c0) = 0 [pid 5102] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5102] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5101] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... ioctl resumed>, 0x20000440) = 0 [pid 5102] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5101] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... openat resumed>) = 5 [pid 5102] write(5, "11", 2) = 2 [ 59.931912][ T5102] FAULT_INJECTION: forcing a failure. [ 59.931912][ T5102] name failslab, interval 1, probability 0, space 0, times 0 [ 59.944552][ T5102] CPU: 0 PID: 5102 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 59.954967][ T5102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 59.965034][ T5102] Call Trace: [ 59.968308][ T5102] [ 59.971223][ T5102] dump_stack_lvl+0x125/0x1b0 [ 59.975895][ T5102] should_fail_ex+0x496/0x5b0 [ 59.980572][ T5102] should_failslab+0x9/0x20 [ 59.985064][ T5102] __kmem_cache_alloc_node+0x6b/0x310 [ 59.990431][ T5102] ? vma_node_allow+0x56/0x300 [ 59.995183][ T5102] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 60.001087][ T5102] kmalloc_trace+0x25/0x60 [ 60.005561][ T5102] vma_node_allow+0x56/0x300 [ 60.010142][ T5102] drm_gem_handle_create_tail+0x222/0x540 [ 60.015853][ T5102] drm_gem_shmem_dumb_create+0x21a/0x310 [ 60.021476][ T5102] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 60.027188][ T5102] drm_ioctl_kernel+0x28c/0x4d0 [ 60.032028][ T5102] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 60.037393][ T5102] ? drm_setversion+0x870/0x870 [ 60.042234][ T5102] drm_ioctl+0x5cb/0xbf0 [ 60.046469][ T5102] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 60.051833][ T5102] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 60.056840][ T5102] ? reacquire_held_locks+0x4c0/0x4c0 [ 60.062211][ T5102] ? bpf_lsm_file_ioctl+0x9/0x10 [ 60.067136][ T5102] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 60.072148][ T5102] __x64_sys_ioctl+0x18f/0x210 [ 60.076901][ T5102] do_syscall_64+0x40/0x110 [ 60.081396][ T5102] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 60.087270][ T5102] RIP: 0033:0x7efe98014769 [ 60.091668][ T5102] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 60.111282][ T5102] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.119680][ T5102] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5102] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5101] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5101] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... mmap resumed>) = 0x7efe97f91000 [pid 5101] mprotect(0x7efe97f92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fb1990, parent_tid=0x7efe97fb1990, exit_signal=0, stack=0x7efe97f91000, stack_size=0x20300, tls=0x7efe97fb16c0}./strace-static-x86_64: Process 5103 attached => {parent_tid=[5103]}, 88) = 5103 [pid 5103] rseq(0x7efe97fb1fe0, 0x20, 0, 0x53053053 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] <... rseq resumed>) = 0 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] set_robust_list(0x7efe97fb19a0, 24 [pid 5101] futex(0x7efe9809c418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... set_robust_list resumed>) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] futex(0x7efe9809c41c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5103] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5103] futex(0x7efe9809c418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] exit_group(0 [pid 5103] <... futex resumed>) = ? [pid 5101] <... exit_group resumed>) = ? [pid 5102] <... futex resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x555555822690) = 5104 [pid 5104] set_robust_list(0x5555558226a0, 24) = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [ 60.127634][ T5102] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 60.135589][ T5102] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 60.143545][ T5102] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 60.151499][ T5102] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 60.159462][ T5102] [pid 5104] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5104] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5105 attached => {parent_tid=[5105]}, 88) = 5105 [pid 5105] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] <... rseq resumed>) = 0 [pid 5104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5104] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] set_robust_list(0x7efe97fd29a0, 24) = 0 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5105] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3 [pid 5105] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5104] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... openat resumed>) = 4 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5104] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5104] <... futex resumed>) = 0 [pid 5105] <... ioctl resumed>, 0x200001c0) = 0 [pid 5104] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5104] <... futex resumed>) = 0 [pid 5105] <... ioctl resumed>, 0x200003c0) = 0 [pid 5104] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5105] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5104] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... ioctl resumed>, 0x20000440) = 0 [pid 5105] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5104] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5104] <... futex resumed>) = 0 [pid 5105] <... openat resumed>) = 5 [pid 5104] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] write(5, "11", 2) = 2 [ 60.287650][ T5105] FAULT_INJECTION: forcing a failure. [ 60.287650][ T5105] name failslab, interval 1, probability 0, space 0, times 0 [ 60.300700][ T5105] CPU: 1 PID: 5105 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 60.311122][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 60.321162][ T5105] Call Trace: [ 60.324430][ T5105] [ 60.327344][ T5105] dump_stack_lvl+0x125/0x1b0 [ 60.332010][ T5105] should_fail_ex+0x496/0x5b0 [ 60.336684][ T5105] should_failslab+0x9/0x20 [ 60.341174][ T5105] __kmem_cache_alloc_node+0x6b/0x310 [ 60.346556][ T5105] ? vma_node_allow+0x56/0x300 [ 60.351350][ T5105] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 60.357238][ T5105] kmalloc_trace+0x25/0x60 [ 60.361647][ T5105] vma_node_allow+0x56/0x300 [ 60.366227][ T5105] drm_gem_handle_create_tail+0x222/0x540 [ 60.371936][ T5105] drm_gem_shmem_dumb_create+0x21a/0x310 [ 60.377558][ T5105] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 60.383271][ T5105] drm_ioctl_kernel+0x28c/0x4d0 [ 60.388109][ T5105] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 60.393470][ T5105] ? drm_setversion+0x870/0x870 [ 60.398310][ T5105] drm_ioctl+0x5cb/0xbf0 [ 60.402538][ T5105] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 60.407903][ T5105] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 60.412929][ T5105] ? reacquire_held_locks+0x4c0/0x4c0 [ 60.418310][ T5105] ? bpf_lsm_file_ioctl+0x9/0x10 [ 60.423248][ T5105] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 60.428277][ T5105] __x64_sys_ioctl+0x18f/0x210 [ 60.433046][ T5105] do_syscall_64+0x40/0x110 [ 60.437547][ T5105] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 60.443433][ T5105] RIP: 0033:0x7efe98014769 [ 60.447839][ T5105] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 60.467437][ T5105] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.475840][ T5105] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5105] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5105] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5104] <... futex resumed>) = 0 [pid 5105] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD [pid 5104] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... ioctl resumed>, 0x20000080) = -1 ENOENT (No such file or directory) [pid 5105] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] exit_group(0 [pid 5105] <... futex resumed>) = ? [pid 5104] <... exit_group resumed>) = ? [pid 5105] +++ exited with 0 +++ [ 60.483804][ T5105] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 60.491770][ T5105] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 60.499736][ T5105] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 60.507698][ T5105] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 60.515674][ T5105] [ 60.518774][ C1] vkms_vblank_simulate: vblank timer overrun [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached , child_tidptr=0x555555822690) = 5106 [pid 5106] set_robust_list(0x5555558226a0, 24) = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] rt_sigaction(SIGRT_1, {sa_handler=0x7efe9803a6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efe9802bd20}, NULL, 8) = 0 [pid 5106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97fb2000 [pid 5106] mprotect(0x7efe97fb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fd2990, parent_tid=0x7efe97fd2990, exit_signal=0, stack=0x7efe97fb2000, stack_size=0x20300, tls=0x7efe97fd26c0}./strace-static-x86_64: Process 5107 attached [pid 5107] rseq(0x7efe97fd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5107] set_robust_list(0x7efe97fd29a0, 24) = 0 [pid 5106] <... clone3 resumed> => {parent_tid=[5107]}, 88) = 5107 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5107] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5106] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5106] <... futex resumed>) = 1 [pid 5106] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3 [pid 5107] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5106] <... futex resumed>) = 0 [pid 5107] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY [pid 5106] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... openat resumed>) = 4 [pid 5107] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5106] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... ioctl resumed>, 0x200001c0) = 0 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] <... futex resumed>) = 0 [pid 5106] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5106] <... futex resumed>) = 0 [pid 5107] <... ioctl resumed>, 0x200003c0) = 0 [pid 5106] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5106] <... futex resumed>) = 0 [pid 5107] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5106] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... ioctl resumed>, 0x20000440) = 0 [pid 5107] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5106] futex(0x7efe9809c408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7efe9809c40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... openat resumed>) = 5 [pid 5107] write(5, "11", 2) = 2 [pid 5107] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB [pid 5106] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5106] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efe97f91000 [pid 5106] mprotect(0x7efe97f92000, 131072, PROT_READ|PROT_WRITE) = 0 [ 60.646336][ T5107] FAULT_INJECTION: forcing a failure. [ 60.646336][ T5107] name failslab, interval 1, probability 0, space 0, times 0 [ 60.659102][ T5107] CPU: 1 PID: 5107 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 60.669535][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 60.679577][ T5107] Call Trace: [ 60.682846][ T5107] [ 60.685767][ T5107] dump_stack_lvl+0x125/0x1b0 [ 60.690438][ T5107] should_fail_ex+0x496/0x5b0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7efe97fb1990, parent_tid=0x7efe97fb1990, exit_signal=0, stack=0x7efe97f91000, stack_size=0x20300, tls=0x7efe97fb16c0}./strace-static-x86_64: Process 5108 attached [pid 5108] rseq(0x7efe97fb1fe0, 0x20, 0, 0x53053053 [pid 5106] <... clone3 resumed> => {parent_tid=[5108]}, 88) = 5108 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] <... rseq resumed>) = 0 [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] set_robust_list(0x7efe97fb19a0, 24 [pid 5106] futex(0x7efe9809c418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5106] <... futex resumed>) = 0 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] futex(0x7efe9809c41c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] ioctl(3, DRM_IOCTL_PRIME_HANDLE_TO_FD, 0x20000080) = 0 [ 60.695121][ T5107] should_failslab+0x9/0x20 [ 60.700098][ T5107] __kmem_cache_alloc_node+0x6b/0x310 [ 60.705461][ T5107] ? vma_node_allow+0x56/0x300 [ 60.710216][ T5107] ? drm_gem_handle_create_tail+0x1c6/0x540 [ 60.716104][ T5107] kmalloc_trace+0x25/0x60 [ 60.720532][ T5107] vma_node_allow+0x56/0x300 [ 60.725109][ T5107] drm_gem_handle_create_tail+0x222/0x540 [ 60.730821][ T5107] drm_gem_shmem_dumb_create+0x21a/0x310 [ 60.736440][ T5107] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 60.742848][ T5107] drm_ioctl_kernel+0x28c/0x4d0 [ 60.747678][ T5107] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 60.753039][ T5107] ? drm_setversion+0x870/0x870 [ 60.757892][ T5107] drm_ioctl+0x5cb/0xbf0 [ 60.762123][ T5107] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 60.767484][ T5107] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 60.772493][ T5107] ? reacquire_held_locks+0x4c0/0x4c0 [ 60.777866][ T5107] ? bpf_lsm_file_ioctl+0x9/0x10 [ 60.782789][ T5107] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 60.787814][ T5107] __x64_sys_ioctl+0x18f/0x210 [ 60.792576][ T5107] do_syscall_64+0x40/0x110 [ 60.797063][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 60.802953][ T5107] RIP: 0033:0x7efe98014769 [ 60.807386][ T5107] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 60.826979][ T5107] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.835377][ T5107] RAX: ffffffffffffffda RBX: 00007efe9809c408 RCX: 00007efe98014769 [pid 5108] futex(0x7efe9809c41c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5108] futex(0x7efe9809c418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... ioctl resumed>, 0x20000100) = -1 ENOMEM (Cannot allocate memory) [pid 5107] futex(0x7efe9809c40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7efe9809c408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] exit_group(0 [pid 5108] <... futex resumed>) = ? [pid 5106] <... exit_group resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5107] <... futex resumed>) = ? [ 60.843334][ T5107] RDX: 0000000020000100 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 60.851290][ T5107] RBP: 00007efe9809c400 R08: 00007efe97fd1fa6 R09: 0000000000003131 [ 60.859249][ T5107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 60.867216][ T5107] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 60.875203][ T5107] [ 60.878220][ C1] vkms_vblank_simulate: vblank timer overrun [ 60.898059][ T5107] ------------[ cut here ]------------ [ 60.903513][ T5107] WARNING: CPU: 0 PID: 5107 at drivers/gpu/drm/drm_prime.c:227 drm_prime_destroy_file_private+0x43/0x60 [ 60.914660][ T5107] Modules linked in: [ 60.918604][ T5107] CPU: 0 PID: 5107 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 60.929031][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 60.939103][ T5107] RIP: 0010:drm_prime_destroy_file_private+0x43/0x60 [ 60.945775][ T5107] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 21 48 8b 83 90 00 00 00 48 85 c0 75 06 5b e9 13 f1 93 fc e8 0e f1 93 fc 90 <0f> 0b 90 5b e9 04 f1 93 fc e8 3f 9b ea fc eb d8 66 66 2e 0f 1f 84 [ 60.965468][ T5107] RSP: 0018:ffffc90003bdf9e0 EFLAGS: 00010293 [ 60.971584][ T5107] RAX: 0000000000000000 RBX: ffff888019f28378 RCX: ffffc90003bdf9b0 [ 60.979587][ T5107] RDX: ffff888018ff9dc0 RSI: ffffffff84f380c2 RDI: ffff888019f28408 [ 60.987563][ T5107] RBP: ffff888019f28000 R08: 0000000000000001 R09: 0000000000000001 [ 60.995577][ T5107] R10: ffffffff8f193a57 R11: 0000000000000000 R12: ffff88814829a000 [ 61.003604][ T5107] R13: ffff888019f282a8 R14: ffff88814829a068 R15: ffff88814829a0a0 [ 61.011630][ T5107] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 61.020601][ T5107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.027192][ T5107] CR2: 00007efe98050410 CR3: 000000006d1ff000 CR4: 0000000000350ef0 [ 61.035243][ T5107] Call Trace: [ 61.038544][ T5107] [ 61.041471][ T5107] ? show_regs+0x8f/0xa0 [ 61.045698][ T5107] ? __warn+0xe6/0x390 [ 61.049798][ T5107] ? drm_prime_destroy_file_private+0x43/0x60 [ 61.055882][ T5107] ? report_bug+0x3bc/0x580 [ 61.060422][ T5107] ? handle_bug+0x3d/0x70 [ 61.064773][ T5107] ? exc_invalid_op+0x17/0x40 [ 61.069486][ T5107] ? asm_exc_invalid_op+0x1a/0x20 [ 61.074525][ T5107] ? drm_prime_destroy_file_private+0x42/0x60 [ 61.080617][ T5107] ? drm_prime_destroy_file_private+0x43/0x60 [ 61.086703][ T5107] ? vmw_debugfs_gem_init+0x80/0x80 [ 61.091925][ T5107] drm_file_free.part.0+0x738/0xb90 [ 61.097137][ T5107] ? __fsnotify_update_child_dentry_flags+0x360/0x360 [ 61.103936][ T5107] drm_close_helper.isra.0+0x180/0x1f0 [ 61.109472][ T5107] drm_release+0x22a/0x4f0 [ 61.113875][ T5107] ? drm_lastclose+0x1a0/0x1a0 [ 61.118654][ T5107] __fput+0x270/0xb70 [ 61.122646][ T5107] task_work_run+0x14d/0x240 [ 61.127220][ T5107] ? task_work_cancel+0x30/0x30 [ 61.132121][ T5107] ? do_raw_spin_unlock+0x173/0x230 [ 61.137342][ T5107] do_exit+0xa8a/0x2ad0 [ 61.141562][ T5107] ? get_signal+0x935/0x2790 [ 61.146178][ T5107] ? mm_update_next_owner+0x840/0x840 [ 61.151605][ T5107] ? do_raw_spin_lock+0x12e/0x2b0 [ 61.156639][ T5107] ? spin_bug+0x1d0/0x1d0 [ 61.161007][ T5107] do_group_exit+0xd4/0x2a0 [ 61.165536][ T5107] get_signal+0x23b5/0x2790 [ 61.170077][ T5107] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 61.176097][ T5107] ? exit_signals+0x960/0x960 [ 61.180800][ T5107] ? from_kuid+0xc0/0xc0 [ 61.185068][ T5107] arch_do_signal_or_restart+0x90/0x7f0 [ 61.190705][ T5107] ? get_sigframe_size+0x20/0x20 [ 61.195661][ T5107] ? reacquire_held_locks+0x4c0/0x4c0 [ 61.201066][ T5107] ? _raw_spin_unlock_irq+0x23/0x50 [ 61.206283][ T5107] exit_to_user_mode_prepare+0x121/0x240 [ 61.211944][ T5107] syscall_exit_to_user_mode+0x1e/0x60 [ 61.217415][ T5107] do_syscall_64+0x4d/0x110 [ 61.221971][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 61.227901][ T5107] RIP: 0033:0x7efe98014769 [ 61.232301][ T5107] Code: Unable to access opcode bytes at 0x7efe9801473f. [ 61.239350][ T5107] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 61.247817][ T5107] RAX: fffffffffffffe00 RBX: 00007efe9809c408 RCX: 00007efe98014769 [ 61.255809][ T5107] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007efe9809c408 [ 61.263828][ T5107] RBP: 00007efe9809c400 R08: 0000000000003131 R09: 0000000000003131 [ 61.271846][ T5107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 61.279875][ T5107] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 61.287890][ T5107] [ 61.290898][ T5107] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 61.298168][ T5107] CPU: 0 PID: 5107 Comm: syz-executor227 Not tainted 6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0 [ 61.308611][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 61.318653][ T5107] Call Trace: [ 61.321921][ T5107] [ 61.324836][ T5107] dump_stack_lvl+0xd9/0x1b0 [ 61.329419][ T5107] panic+0x6dc/0x790 [ 61.333306][ T5107] ? panic_smp_self_stop+0xa0/0xa0 [ 61.338408][ T5107] ? show_trace_log_lvl+0x363/0x4f0 [ 61.343600][ T5107] ? check_panic_on_warn+0x1f/0xb0 [ 61.348700][ T5107] ? drm_prime_destroy_file_private+0x43/0x60 [ 61.354751][ T5107] check_panic_on_warn+0xab/0xb0 [ 61.359682][ T5107] __warn+0xf2/0x390 [ 61.363567][ T5107] ? drm_prime_destroy_file_private+0x43/0x60 [ 61.369623][ T5107] report_bug+0x3bc/0x580 [ 61.373943][ T5107] handle_bug+0x3d/0x70 [ 61.378094][ T5107] exc_invalid_op+0x17/0x40 [ 61.382601][ T5107] asm_exc_invalid_op+0x1a/0x20 [ 61.387441][ T5107] RIP: 0010:drm_prime_destroy_file_private+0x43/0x60 [ 61.394109][ T5107] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 21 48 8b 83 90 00 00 00 48 85 c0 75 06 5b e9 13 f1 93 fc e8 0e f1 93 fc 90 <0f> 0b 90 5b e9 04 f1 93 fc e8 3f 9b ea fc eb d8 66 66 2e 0f 1f 84 [ 61.413708][ T5107] RSP: 0018:ffffc90003bdf9e0 EFLAGS: 00010293 [ 61.419769][ T5107] RAX: 0000000000000000 RBX: ffff888019f28378 RCX: ffffc90003bdf9b0 [ 61.427732][ T5107] RDX: ffff888018ff9dc0 RSI: ffffffff84f380c2 RDI: ffff888019f28408 [ 61.435696][ T5107] RBP: ffff888019f28000 R08: 0000000000000001 R09: 0000000000000001 [ 61.443660][ T5107] R10: ffffffff8f193a57 R11: 0000000000000000 R12: ffff88814829a000 [ 61.451627][ T5107] R13: ffff888019f282a8 R14: ffff88814829a068 R15: ffff88814829a0a0 [ 61.459605][ T5107] ? drm_prime_destroy_file_private+0x42/0x60 [ 61.465677][ T5107] ? vmw_debugfs_gem_init+0x80/0x80 [ 61.470872][ T5107] drm_file_free.part.0+0x738/0xb90 [ 61.476061][ T5107] ? __fsnotify_update_child_dentry_flags+0x360/0x360 [ 61.482821][ T5107] drm_close_helper.isra.0+0x180/0x1f0 [ 61.488272][ T5107] drm_release+0x22a/0x4f0 [ 61.492686][ T5107] ? drm_lastclose+0x1a0/0x1a0 [ 61.497444][ T5107] __fput+0x270/0xb70 [ 61.501423][ T5107] task_work_run+0x14d/0x240 [ 61.506004][ T5107] ? task_work_cancel+0x30/0x30 [ 61.510844][ T5107] ? do_raw_spin_unlock+0x173/0x230 [ 61.516034][ T5107] do_exit+0xa8a/0x2ad0 [ 61.520182][ T5107] ? get_signal+0x935/0x2790 [ 61.524765][ T5107] ? mm_update_next_owner+0x840/0x840 [ 61.530124][ T5107] ? do_raw_spin_lock+0x12e/0x2b0 [ 61.535137][ T5107] ? spin_bug+0x1d0/0x1d0 [ 61.539455][ T5107] do_group_exit+0xd4/0x2a0 [ 61.543948][ T5107] get_signal+0x23b5/0x2790 [ 61.548446][ T5107] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 61.554427][ T5107] ? exit_signals+0x960/0x960 [ 61.559093][ T5107] ? from_kuid+0xc0/0xc0 [ 61.563331][ T5107] arch_do_signal_or_restart+0x90/0x7f0 [ 61.568877][ T5107] ? get_sigframe_size+0x20/0x20 [ 61.573810][ T5107] ? reacquire_held_locks+0x4c0/0x4c0 [ 61.579184][ T5107] ? _raw_spin_unlock_irq+0x23/0x50 [ 61.584381][ T5107] exit_to_user_mode_prepare+0x121/0x240 [ 61.590009][ T5107] syscall_exit_to_user_mode+0x1e/0x60 [ 61.595455][ T5107] do_syscall_64+0x4d/0x110 [ 61.599953][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 61.605837][ T5107] RIP: 0033:0x7efe98014769 [ 61.610239][ T5107] Code: Unable to access opcode bytes at 0x7efe9801473f. [ 61.617239][ T5107] RSP: 002b:00007efe97fd2208 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 61.625642][ T5107] RAX: fffffffffffffe00 RBX: 00007efe9809c408 RCX: 00007efe98014769 [ 61.633607][ T5107] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007efe9809c408 [ 61.641566][ T5107] RBP: 00007efe9809c400 R08: 0000000000003131 R09: 0000000000003131 [ 61.649526][ T5107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe98069194 [ 61.657485][ T5107] R13: 00007efe97fd2210 R14: 0000000000000002 R15: 6972642f7665642f [ 61.665455][ T5107] [ 61.668713][ T5107] Kernel Offset: disabled [ 61.673073][ T5107] Rebooting in 86400 seconds..