./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2738992122 <...> DUID 00:04:7a:dc:29:a2:f4:b1:6d:28:30:de:a7:64:4f:eb:cd:90 forked to background, child pid 3175 [ 25.532773][ T3176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.545884][ T3176] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.110' (ECDSA) to the list of known hosts. execve("./syz-executor2738992122", ["./syz-executor2738992122"], 0x7ffcb3d76d50 /* 10 vars */) = 0 brk(NULL) = 0x555556850000 brk(0x555556850c40) = 0x555556850c40 arch_prctl(ARCH_SET_FS, 0x555556850300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555568505d0) = 3596 set_robust_list(0x5555568505e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f6b12c24ec0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f6b12c25590}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f6b12c24f60, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6b12c25590}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2738992122", 4096) = 28 brk(0x555556871c40) = 0x555556871c40 brk(0x555556872000) = 0x555556872000 mprotect(0x7f6b12ce6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3597 attached , child_tidptr=0x5555568505d0) = 3597 [pid 3597] set_robust_list(0x5555568505e0, 24) = 0 [pid 3597] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3597] setsid() = 1 [pid 3597] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3597] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3597] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3597] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3597] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3597] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3597] unshare(CLONE_NEWNS) = 0 [pid 3597] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3597] unshare(CLONE_NEWIPC) = 0 [pid 3597] unshare(CLONE_NEWCGROUP) = 0 [pid 3597] unshare(CLONE_NEWUTS) = 0 [pid 3597] unshare(CLONE_SYSVSEM) = 0 [pid 3597] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3597] write(3, "16777216", 8) = 8 [pid 3597] close(3) = 0 [pid 3597] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3597] write(3, "536870912", 9) = 9 [pid 3597] close(3) = 0 [pid 3597] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3597] write(3, "1024", 4) = 4 [pid 3597] close(3) = 0 [pid 3597] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3597] write(3, "8192", 4) = 4 [pid 3597] close(3) = 0 [pid 3597] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3597] write(3, "1024", 4) = 4 [pid 3597] close(3) = 0 [pid 3597] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3597] write(3, "1024", 4) = 4 [pid 3597] close(3) = 0 [pid 3597] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3597] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3597] close(3) = 0 [pid 3597] getpid() = 1 [pid 3597] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3615] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3615] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3615] write(3, "4", 1) = 1 [ 47.233771][ T3615] FAULT_INJECTION: forcing a failure. [ 47.233771][ T3615] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 47.248357][ T3615] CPU: 0 PID: 3615 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 47.258856][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.268900][ T3615] Call Trace: [ 47.272175][ T3615] [ 47.275119][ T3615] dump_stack_lvl+0x1e3/0x2cb [ 47.279897][ T3615] ? bfq_pos_tree_add_move+0x436/0x436 [ 47.285362][ T3615] ? panic+0x76e/0x76e [ 47.289432][ T3615] ? mark_lock+0x98/0x350 [ 47.293784][ T3615] should_fail+0x384/0x4b0 [ 47.298221][ T3615] prepare_alloc_pages+0x1d7/0x5a0 [ 47.303439][ T3615] __alloc_pages+0x14d/0x5f0 [ 47.308033][ T3615] ? __rmqueue_pcplist+0x1cb0/0x1cb0 [ 47.313330][ T3615] ? alloc_pages+0x43d/0x690 [ 47.317913][ T3615] alloc_slab_page+0x70/0xf0 [ 47.322489][ T3615] allocate_slab+0x5e/0x560 [ 47.326985][ T3615] ___slab_alloc+0x41e/0xcd0 [ 47.331560][ T3615] ? __build_skb+0x25/0x2f0 [ 47.336052][ T3615] ? __build_skb+0x25/0x2f0 [ 47.340566][ T3615] kmem_cache_alloc+0x246/0x2f0 [ 47.345411][ T3615] ? __build_skb+0x25/0x2f0 [ 47.349912][ T3615] __build_skb+0x25/0x2f0 [ 47.354253][ T3615] build_skb+0x1f/0x240 [ 47.358409][ T3615] tun_build_skb+0x40b/0x1510 [ 47.363094][ T3615] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 47.369088][ T3615] ? mark_lock+0x98/0x350 [ 47.373416][ T3615] ? tun_get_user+0x2540/0x2540 [ 47.378264][ T3615] ? rcu_lock_release+0x5/0x20 [ 47.383025][ T3615] ? rcu_read_lock_sched_held+0x89/0x130 [ 47.388666][ T3615] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 47.394663][ T3615] tun_get_user+0x7b7/0x2540 [ 47.399266][ T3615] ? tun_ring_recv+0xcc0/0xcc0 [ 47.404038][ T3615] ? __lock_acquire+0x1f80/0x1f80 [ 47.409263][ T3615] tun_chr_write_iter+0x10a/0x1e0 [ 47.414295][ T3615] vfs_write+0xa22/0xd40 [ 47.418539][ T3615] ? __lock_acquire+0x1f80/0x1f80 [ 47.423578][ T3615] ? file_end_write+0x230/0x230 [ 47.428426][ T3615] ? print_irqtrace_events+0x220/0x220 [ 47.433889][ T3615] ? __fget_files+0x3d0/0x440 [ 47.438569][ T3615] ? __fdget_pos+0x1d7/0x2e0 [ 47.443150][ T3615] ? ksys_write+0x77/0x2c0 [ 47.447559][ T3615] ksys_write+0x19b/0x2c0 [ 47.451874][ T3615] ? print_irqtrace_events+0x220/0x220 [ 47.457329][ T3615] ? __ia32_sys_read+0x80/0x80 [ 47.462077][ T3615] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 47.468060][ T3615] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 47.474024][ T3615] do_syscall_64+0x2b/0x70 [ 47.478426][ T3615] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 47.484317][ T3615] RIP: 0033:0x7f6b12c241ff [ 47.488891][ T3615] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 47.508566][ T3615] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 47.516970][ T3615] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 47.524940][ T3615] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [pid 3615] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3614] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3614] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3614] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3614] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 4 [pid 3614] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3615] <... write resumed>) = 14 [pid 3615] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3616 attached [pid 3616] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3616] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3616] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = 0 [pid 3614] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] <... futex resumed>) = 0 [pid 3614] <... futex resumed>) = 1 [pid 3615] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3614] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3615] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3615] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3614] <... futex resumed>) = 0 [pid 3615] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3614] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] <... socket resumed>) = 5 [pid 3614] <... futex resumed>) = 0 [pid 3615] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3615] <... futex resumed>) = 0 [pid 3614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3615] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3614] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3614] <... futex resumed>) = 0 [pid 3615] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3614] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3615] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3616] <... futex resumed>) = 1 [pid 3615] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3614] <... futex resumed>) = 0 [pid 3616] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3615] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3614] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3614] <... futex resumed>) = 0 [ 47.532981][ T3615] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 47.540937][ T3615] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 47.548900][ T3615] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 47.556869][ T3615] [pid 3615] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3614] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3615] <... sendmsg resumed>) = 64 [pid 3615] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3614] <... futex resumed>) = 0 [pid 3614] close(3) = 0 [pid 3614] close(4) = 0 [pid 3614] close(5) = 0 [pid 3615] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3614] close(6) = -1 EBADF (Bad file descriptor) [pid 3614] close(7) = -1 EBADF (Bad file descriptor) [pid 3614] close(8) = -1 EBADF (Bad file descriptor) [pid 3614] close(9) = -1 EBADF (Bad file descriptor) [pid 3614] close(10) = -1 EBADF (Bad file descriptor) [pid 3614] close(11) = -1 EBADF (Bad file descriptor) [pid 3614] close(12) = -1 EBADF (Bad file descriptor) [pid 3614] close(13) = -1 EBADF (Bad file descriptor) [pid 3614] close(14) = -1 EBADF (Bad file descriptor) [pid 3614] close(15) = -1 EBADF (Bad file descriptor) [pid 3614] close(16) = -1 EBADF (Bad file descriptor) [pid 3614] close(17) = -1 EBADF (Bad file descriptor) [pid 3614] close(18) = -1 EBADF (Bad file descriptor) [pid 3614] close(19) = -1 EBADF (Bad file descriptor) [pid 3614] close(20) = -1 EBADF (Bad file descriptor) [pid 3614] close(21) = -1 EBADF (Bad file descriptor) [pid 3614] close(22) = -1 EBADF (Bad file descriptor) [pid 3614] close(23) = -1 EBADF (Bad file descriptor) [pid 3614] close(24) = -1 EBADF (Bad file descriptor) [pid 3614] close(25) = -1 EBADF (Bad file descriptor) [pid 3614] close(26) = -1 EBADF (Bad file descriptor) [pid 3614] close(27) = -1 EBADF (Bad file descriptor) [pid 3614] close(28) = -1 EBADF (Bad file descriptor) [pid 3614] close(29) = -1 EBADF (Bad file descriptor) [pid 3614] exit_group(0) = ? [pid 3616] <... futex resumed>) = ? [pid 3615] <... futex resumed>) = ? [pid 3616] +++ exited with 0 +++ [pid 3615] +++ exited with 0 +++ [pid 3614] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=34} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 5 ./strace-static-x86_64: Process 3617 attached [pid 3617] set_robust_list(0x5555568505e0, 24) = 0 [pid 3617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3617] setpgid(0, 0) = 0 [pid 3617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3617] write(3, "1000", 4) = 4 [pid 3617] close(3) = 0 [pid 3617] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3617] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3617] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3617] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3618 attached , parent_tid=[6], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 6 [pid 3618] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3618] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3617] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3617] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] <... futex resumed>) = 0 [pid 3618] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3618] write(3, "4", 1) = 1 [ 47.589207][ T3615] device syz_tun entered promiscuous mode [ 47.596005][ T3615] device batadv_slave_0 entered promiscuous mode [pid 3618] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3617] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3617] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 47.638122][ T3618] FAULT_INJECTION: forcing a failure. [ 47.638122][ T3618] name failslab, interval 1, probability 0, space 0, times 1 [ 47.650907][ T3618] CPU: 1 PID: 3618 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 47.661419][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.671477][ T3618] Call Trace: [ 47.674753][ T3618] [ 47.677668][ T3618] dump_stack_lvl+0x1e3/0x2cb [ 47.682334][ T3618] ? bfq_pos_tree_add_move+0x436/0x436 [pid 3617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3617] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3617] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 7 [pid 3617] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3619 attached [pid 3619] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3619] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3619] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = 0 [pid 3617] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3619] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = 0 [pid 3617] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3619] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = 0 [pid 3617] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3619] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = 0 [pid 3617] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [ 47.687785][ T3618] ? panic+0x76e/0x76e [ 47.691869][ T3618] ? validate_chain+0x126/0x65c0 [ 47.696825][ T3618] ? rcu_lock_release+0x5/0x20 [ 47.701608][ T3618] should_fail+0x384/0x4b0 [ 47.706043][ T3618] ? hsr_add_node+0x65/0x830 [ 47.710646][ T3618] should_failslab+0x5/0x20 [ 47.715161][ T3618] kmem_cache_alloc_trace+0x68/0x310 [ 47.720461][ T3618] hsr_add_node+0x65/0x830 [ 47.724873][ T3618] ? hsr_mac_hash+0x1f/0x270 [ 47.729451][ T3618] hsr_forward_skb+0x37f/0x2150 [ 47.734301][ T3618] ? prp_fill_frame_info+0x5b0/0x5b0 [ 47.739582][ T3618] ? hsr_addr_is_self+0x160/0x2b0 [ 47.744593][ T3618] hsr_handle_frame+0x4fd/0x6b0 [ 47.749434][ T3618] ? hsr_port_exists+0x50/0x50 [ 47.754183][ T3618] __netif_receive_skb_core+0x1448/0x3bc0 [ 47.759899][ T3618] ? trace_netif_rx+0x260/0x260 [ 47.764750][ T3618] __netif_receive_skb+0x11a/0x500 [ 47.769846][ T3618] ? read_lock_is_recursive+0x10/0x10 [ 47.775203][ T3618] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 47.780475][ T3618] ? __netif_receive_skb_list_core+0x930/0x930 [ 47.786628][ T3618] netif_receive_skb_internal+0x108/0x360 [ 47.792424][ T3618] ? trace_netif_receive_skb_entry+0x260/0x260 [ 47.798563][ T3618] ? rcu_read_lock_sched_held+0x89/0x130 [ 47.804180][ T3618] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 47.810175][ T3618] netif_receive_skb+0x19/0x30 [ 47.814929][ T3618] tun_rx_batched+0x777/0x920 [ 47.819593][ T3618] ? read_lock_is_recursive+0x10/0x10 [ 47.824953][ T3618] ? local_bh_enable+0x20/0x20 [ 47.829709][ T3618] ? rcu_lock_release+0x5/0x20 [ 47.834465][ T3618] tun_get_user+0x1b5a/0x2540 [ 47.839141][ T3618] ? tun_ring_recv+0xcc0/0xcc0 [ 47.843890][ T3618] ? __lock_acquire+0x1f80/0x1f80 [ 47.848914][ T3618] tun_chr_write_iter+0x10a/0x1e0 [ 47.853928][ T3618] vfs_write+0xa22/0xd40 [ 47.858158][ T3618] ? __lock_acquire+0x1f80/0x1f80 [ 47.863172][ T3618] ? file_end_write+0x230/0x230 [ 47.868008][ T3618] ? print_irqtrace_events+0x220/0x220 [ 47.873625][ T3618] ? __fget_files+0x3d0/0x440 [ 47.878294][ T3618] ? __fdget_pos+0x1d7/0x2e0 [ 47.882867][ T3618] ? ksys_write+0x77/0x2c0 [ 47.887267][ T3618] ksys_write+0x19b/0x2c0 [ 47.891580][ T3618] ? print_irqtrace_events+0x220/0x220 [ 47.897028][ T3618] ? __ia32_sys_read+0x80/0x80 [ 47.901778][ T3618] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 47.907746][ T3618] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 47.913714][ T3618] do_syscall_64+0x2b/0x70 [ 47.918118][ T3618] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 47.923998][ T3618] RIP: 0033:0x7f6b12c241ff [ 47.928406][ T3618] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 47.948001][ T3618] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 47.956407][ T3618] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 47.964364][ T3618] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 47.972333][ T3618] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 47.980546][ T3618] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3619] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3618] <... write resumed>) = 14 [pid 3617] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3618] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 47.988509][ T3618] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 47.996496][ T3618] [pid 3618] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3619] <... sendmsg resumed>) = 64 [pid 3619] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3619] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3617] close(3) = 0 [pid 3617] close(4) = 0 [pid 3617] close(5) = 0 [pid 3617] close(6) = -1 EBADF (Bad file descriptor) [pid 3617] close(7) = -1 EBADF (Bad file descriptor) [pid 3617] close(8) = -1 EBADF (Bad file descriptor) [pid 3617] close(9) = -1 EBADF (Bad file descriptor) [pid 3617] close(10) = -1 EBADF (Bad file descriptor) [pid 3617] close(11) = -1 EBADF (Bad file descriptor) [pid 3617] close(12) = -1 EBADF (Bad file descriptor) [pid 3617] close(13) = -1 EBADF (Bad file descriptor) [pid 3617] close(14) = -1 EBADF (Bad file descriptor) [pid 3617] close(15) = -1 EBADF (Bad file descriptor) [pid 3617] close(16) = -1 EBADF (Bad file descriptor) [pid 3617] close(17) = -1 EBADF (Bad file descriptor) [pid 3617] close(18) = -1 EBADF (Bad file descriptor) [pid 3617] close(19) = -1 EBADF (Bad file descriptor) [pid 3617] close(20) = -1 EBADF (Bad file descriptor) [pid 3617] close(21) = -1 EBADF (Bad file descriptor) [pid 3617] close(22) = -1 EBADF (Bad file descriptor) [pid 3617] close(23) = -1 EBADF (Bad file descriptor) [pid 3617] close(24) = -1 EBADF (Bad file descriptor) [pid 3617] close(25) = -1 EBADF (Bad file descriptor) [pid 3617] close(26) = -1 EBADF (Bad file descriptor) [pid 3617] close(27) = -1 EBADF (Bad file descriptor) [pid 3617] close(28) = -1 EBADF (Bad file descriptor) [pid 3617] close(29) = -1 EBADF (Bad file descriptor) [pid 3617] exit_group(0 [pid 3619] <... futex resumed>) = ? [pid 3618] <... futex resumed>) = ? [pid 3617] <... exit_group resumed>) = ? [pid 3619] +++ exited with 0 +++ [pid 3618] +++ exited with 0 +++ [pid 3617] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=39} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 8 ./strace-static-x86_64: Process 3620 attached [pid 3620] set_robust_list(0x5555568505e0, 24) = 0 [pid 3620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3620] setpgid(0, 0) = 0 [pid 3620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3620] write(3, "1000", 4) = 4 [pid 3620] close(3) = 0 [pid 3620] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3620] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3620] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3620] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3621 attached , parent_tid=[9], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 9 [pid 3621] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3621] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3620] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3621] <... futex resumed>) = 0 [pid 3621] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3621] write(3, "4", 1) = 1 [pid 3621] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [ 48.114373][ T3621] FAULT_INJECTION: forcing a failure. [ 48.114373][ T3621] name failslab, interval 1, probability 0, space 0, times 0 [ 48.127076][ T3621] CPU: 1 PID: 3621 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 48.137566][ T3621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.147623][ T3621] Call Trace: [ 48.150951][ T3621] [ 48.153894][ T3621] dump_stack_lvl+0x1e3/0x2cb [ 48.158578][ T3621] ? bfq_pos_tree_add_move+0x436/0x436 [pid 3620] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3620] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3620] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3620] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[10], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 10 [pid 3620] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3622 attached [pid 3622] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3622] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3622] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... futex resumed>) = 1 [pid 3622] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3622] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... futex resumed>) = 1 [pid 3622] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3622] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... futex resumed>) = 1 [pid 3622] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3622] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... futex resumed>) = 1 [ 48.164027][ T3621] ? panic+0x76e/0x76e [ 48.168100][ T3621] ? validate_chain+0x126/0x65c0 [ 48.173156][ T3621] ? rcu_lock_release+0x5/0x20 [ 48.177912][ T3621] should_fail+0x384/0x4b0 [ 48.182320][ T3621] ? hsr_add_node+0x65/0x830 [ 48.186899][ T3621] should_failslab+0x5/0x20 [ 48.191426][ T3621] kmem_cache_alloc_trace+0x68/0x310 [ 48.196729][ T3621] hsr_add_node+0x65/0x830 [ 48.201173][ T3621] ? hsr_mac_hash+0x1f/0x270 [ 48.205779][ T3621] hsr_forward_skb+0x37f/0x2150 [pid 3622] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3620] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 48.210933][ T3621] ? prp_fill_frame_info+0x5b0/0x5b0 [ 48.216251][ T3621] ? hsr_addr_is_self+0x160/0x2b0 [ 48.221298][ T3621] hsr_handle_frame+0x4fd/0x6b0 [ 48.226137][ T3621] ? hsr_port_exists+0x50/0x50 [ 48.230885][ T3621] __netif_receive_skb_core+0x1448/0x3bc0 [ 48.236611][ T3621] ? trace_netif_rx+0x260/0x260 [ 48.241478][ T3621] __netif_receive_skb+0x11a/0x500 [ 48.246609][ T3621] ? read_lock_is_recursive+0x10/0x10 [ 48.251976][ T3621] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 48.257267][ T3621] ? __netif_receive_skb_list_core+0x930/0x930 [ 48.263422][ T3621] netif_receive_skb_internal+0x108/0x360 [ 48.269141][ T3621] ? trace_netif_receive_skb_entry+0x260/0x260 [ 48.275283][ T3621] ? rcu_read_lock_sched_held+0x89/0x130 [ 48.280909][ T3621] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 48.286904][ T3621] netif_receive_skb+0x19/0x30 [ 48.291675][ T3621] tun_rx_batched+0x777/0x920 [ 48.296365][ T3621] ? read_lock_is_recursive+0x10/0x10 [ 48.301748][ T3621] ? local_bh_enable+0x20/0x20 [ 48.306511][ T3621] ? rcu_lock_release+0x5/0x20 [ 48.311292][ T3621] tun_get_user+0x1b5a/0x2540 [ 48.315968][ T3621] ? tun_ring_recv+0xcc0/0xcc0 [ 48.320724][ T3621] ? __lock_acquire+0x1f80/0x1f80 [ 48.325760][ T3621] tun_chr_write_iter+0x10a/0x1e0 [ 48.330786][ T3621] vfs_write+0xa22/0xd40 [ 48.335034][ T3621] ? __lock_acquire+0x1f80/0x1f80 [ 48.340067][ T3621] ? file_end_write+0x230/0x230 [ 48.344903][ T3621] ? print_irqtrace_events+0x220/0x220 [ 48.350350][ T3621] ? __fget_files+0x3d0/0x440 [ 48.355015][ T3621] ? __fdget_pos+0x1d7/0x2e0 [ 48.359593][ T3621] ? ksys_write+0x77/0x2c0 [pid 3620] close(3) = 0 [pid 3620] close(4) = 0 [pid 3620] close(5) = 0 [pid 3620] close(6) = -1 EBADF (Bad file descriptor) [pid 3620] close(7) = -1 EBADF (Bad file descriptor) [pid 3620] close(8) = -1 EBADF (Bad file descriptor) [pid 3620] close(9) = -1 EBADF (Bad file descriptor) [pid 3620] close(10) = -1 EBADF (Bad file descriptor) [pid 3620] close(11) = -1 EBADF (Bad file descriptor) [pid 3620] close(12) = -1 EBADF (Bad file descriptor) [pid 3620] close(13) = -1 EBADF (Bad file descriptor) [pid 3620] close(14) = -1 EBADF (Bad file descriptor) [pid 3620] close(15) = -1 EBADF (Bad file descriptor) [pid 3620] close(16) = -1 EBADF (Bad file descriptor) [pid 3620] close(17) = -1 EBADF (Bad file descriptor) [pid 3620] close(18) = -1 EBADF (Bad file descriptor) [pid 3620] close(19) = -1 EBADF (Bad file descriptor) [pid 3620] close(20) = -1 EBADF (Bad file descriptor) [ 48.364019][ T3621] ksys_write+0x19b/0x2c0 [ 48.368355][ T3621] ? print_irqtrace_events+0x220/0x220 [ 48.373915][ T3621] ? __ia32_sys_read+0x80/0x80 [ 48.378698][ T3621] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 48.384682][ T3621] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 48.390655][ T3621] do_syscall_64+0x2b/0x70 [ 48.395082][ T3621] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.400981][ T3621] RIP: 0033:0x7f6b12c241ff [pid 3620] close(21) = -1 EBADF (Bad file descriptor) [pid 3620] close(22) = -1 EBADF (Bad file descriptor) [pid 3620] close(23) = -1 EBADF (Bad file descriptor) [pid 3620] close(24) = -1 EBADF (Bad file descriptor) [pid 3620] close(25) = -1 EBADF (Bad file descriptor) [pid 3620] close(26) = -1 EBADF (Bad file descriptor) [pid 3620] close(27) = -1 EBADF (Bad file descriptor) [pid 3620] close(28) = -1 EBADF (Bad file descriptor) [pid 3620] close(29) = -1 EBADF (Bad file descriptor) [pid 3620] exit_group(0) = ? [ 48.405406][ T3621] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 48.425013][ T3621] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 48.433414][ T3621] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 48.441379][ T3621] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 48.449353][ T3621] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 48.457327][ T3621] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3621] <... write resumed>) = ? [pid 3621] +++ exited with 0 +++ [ 48.465286][ T3621] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 48.473257][ T3621] [pid 3622] <... sendmsg resumed>) = ? [pid 3622] +++ exited with 0 +++ [pid 3620] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=39} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3623 attached , child_tidptr=0x5555568505d0) = 11 [pid 3623] set_robust_list(0x5555568505e0, 24) = 0 [pid 3623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3623] setpgid(0, 0) = 0 [pid 3623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3623] write(3, "1000", 4) = 4 [pid 3623] close(3) = 0 [pid 3623] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3623] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3623] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3623] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[12], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 12 [pid 3623] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3623] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3624 attached [pid 3624] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3624] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3624] write(3, "4", 1) = 1 [ 48.542367][ T3624] FAULT_INJECTION: forcing a failure. [ 48.542367][ T3624] name failslab, interval 1, probability 0, space 0, times 0 [ 48.555039][ T3624] CPU: 0 PID: 3624 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 48.565665][ T3624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.575714][ T3624] Call Trace: [ 48.578994][ T3624] [ 48.581931][ T3624] dump_stack_lvl+0x1e3/0x2cb [ 48.586608][ T3624] ? bfq_pos_tree_add_move+0x436/0x436 [ 48.592072][ T3624] ? panic+0x76e/0x76e [ 48.596132][ T3624] ? validate_chain+0x126/0x65c0 [ 48.601063][ T3624] ? rcu_lock_release+0x5/0x20 [ 48.605819][ T3624] should_fail+0x384/0x4b0 [ 48.610232][ T3624] ? hsr_add_node+0x65/0x830 [ 48.614808][ T3624] should_failslab+0x5/0x20 [ 48.619297][ T3624] kmem_cache_alloc_trace+0x68/0x310 [ 48.624574][ T3624] hsr_add_node+0x65/0x830 [ 48.628977][ T3624] ? hsr_mac_hash+0x1f/0x270 [ 48.633554][ T3624] hsr_forward_skb+0x37f/0x2150 [ 48.638407][ T3624] ? prp_fill_frame_info+0x5b0/0x5b0 [ 48.643695][ T3624] ? hsr_addr_is_self+0x160/0x2b0 [ 48.648707][ T3624] hsr_handle_frame+0x4fd/0x6b0 [ 48.653546][ T3624] ? hsr_port_exists+0x50/0x50 [ 48.658294][ T3624] __netif_receive_skb_core+0x1448/0x3bc0 [ 48.664018][ T3624] ? trace_netif_rx+0x260/0x260 [ 48.668871][ T3624] __netif_receive_skb+0x11a/0x500 [ 48.673971][ T3624] ? read_lock_is_recursive+0x10/0x10 [ 48.679332][ T3624] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 48.684605][ T3624] ? __netif_receive_skb_list_core+0x930/0x930 [ 48.690744][ T3624] ? __schedule+0x95f/0xec0 [ 48.695246][ T3624] netif_receive_skb_internal+0x108/0x360 [ 48.700950][ T3624] ? trace_netif_receive_skb_entry+0x260/0x260 [ 48.707085][ T3624] ? rcu_read_lock_sched_held+0x89/0x130 [ 48.712704][ T3624] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 48.718676][ T3624] netif_receive_skb+0x19/0x30 [ 48.723421][ T3624] tun_rx_batched+0x777/0x920 [ 48.728085][ T3624] ? read_lock_is_recursive+0x10/0x10 [ 48.733445][ T3624] ? local_bh_enable+0x20/0x20 [ 48.738200][ T3624] ? rcu_lock_release+0x5/0x20 [ 48.742956][ T3624] tun_get_user+0x1b5a/0x2540 [ 48.747629][ T3624] ? tun_ring_recv+0xcc0/0xcc0 [ 48.752415][ T3624] ? __lock_acquire+0x1f80/0x1f80 [ 48.757443][ T3624] tun_chr_write_iter+0x10a/0x1e0 [ 48.762462][ T3624] vfs_write+0xa22/0xd40 [ 48.766690][ T3624] ? __lock_acquire+0x1f80/0x1f80 [ 48.771703][ T3624] ? file_end_write+0x230/0x230 [ 48.776542][ T3624] ? print_irqtrace_events+0x220/0x220 [ 48.781986][ T3624] ? __fget_files+0x3d0/0x440 [ 48.786656][ T3624] ? __fdget_pos+0x1d7/0x2e0 [ 48.791227][ T3624] ? ksys_write+0x77/0x2c0 [ 48.795630][ T3624] ksys_write+0x19b/0x2c0 [ 48.799950][ T3624] ? print_irqtrace_events+0x220/0x220 [ 48.805399][ T3624] ? __ia32_sys_read+0x80/0x80 [ 48.810148][ T3624] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 48.816119][ T3624] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 48.822084][ T3624] do_syscall_64+0x2b/0x70 [ 48.826516][ T3624] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.832423][ T3624] RIP: 0033:0x7f6b12c241ff [ 48.836824][ T3624] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 48.856416][ T3624] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 48.864818][ T3624] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 48.872776][ T3624] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 48.880735][ T3624] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [pid 3624] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [pid 3623] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3624] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3623] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3623] <... futex resumed>) = 0 [pid 3624] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3623] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] <... socket resumed>) = 4 [pid 3624] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3624] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3623] <... futex resumed>) = 0 [pid 3623] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3623] <... futex resumed>) = 1 [pid 3624] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3623] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3624] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3623] <... futex resumed>) = 0 [pid 3624] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3623] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3623] <... futex resumed>) = 0 [pid 3624] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3623] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] <... socket resumed>) = 5 [pid 3624] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3623] <... futex resumed>) = 0 [pid 3624] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3623] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3623] <... futex resumed>) = 0 [pid 3624] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3623] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3624] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3623] <... futex resumed>) = 0 [pid 3624] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3623] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3623] <... futex resumed>) = 0 [pid 3624] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 48.888786][ T3624] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 48.896833][ T3624] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 48.904811][ T3624] [pid 3623] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] <... sendmsg resumed>) = 64 [pid 3624] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3623] <... futex resumed>) = 0 [pid 3624] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3623] close(3) = 0 [pid 3623] close(4) = 0 [pid 3623] close(5) = 0 [pid 3623] close(6) = -1 EBADF (Bad file descriptor) [pid 3623] close(7) = -1 EBADF (Bad file descriptor) [pid 3623] close(8) = -1 EBADF (Bad file descriptor) [pid 3623] close(9) = -1 EBADF (Bad file descriptor) [pid 3623] close(10) = -1 EBADF (Bad file descriptor) [pid 3623] close(11) = -1 EBADF (Bad file descriptor) [pid 3623] close(12) = -1 EBADF (Bad file descriptor) [pid 3623] close(13) = -1 EBADF (Bad file descriptor) [pid 3623] close(14) = -1 EBADF (Bad file descriptor) [pid 3623] close(15) = -1 EBADF (Bad file descriptor) [pid 3623] close(16) = -1 EBADF (Bad file descriptor) [pid 3623] close(17) = -1 EBADF (Bad file descriptor) [pid 3623] close(18) = -1 EBADF (Bad file descriptor) [pid 3623] close(19) = -1 EBADF (Bad file descriptor) [pid 3623] close(20) = -1 EBADF (Bad file descriptor) [pid 3623] close(21) = -1 EBADF (Bad file descriptor) [pid 3623] close(22) = -1 EBADF (Bad file descriptor) [pid 3623] close(23) = -1 EBADF (Bad file descriptor) [pid 3623] close(24) = -1 EBADF (Bad file descriptor) [pid 3623] close(25) = -1 EBADF (Bad file descriptor) [pid 3623] close(26) = -1 EBADF (Bad file descriptor) [pid 3623] close(27) = -1 EBADF (Bad file descriptor) [pid 3623] close(28) = -1 EBADF (Bad file descriptor) [pid 3623] close(29) = -1 EBADF (Bad file descriptor) [pid 3623] exit_group(0 [pid 3624] <... futex resumed>) = ? [pid 3623] <... exit_group resumed>) = ? [pid 3624] +++ exited with 0 +++ [pid 3623] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 13 ./strace-static-x86_64: Process 3625 attached [pid 3625] set_robust_list(0x5555568505e0, 24) = 0 [pid 3625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3625] setpgid(0, 0) = 0 [pid 3625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3625] write(3, "1000", 4) = 4 [pid 3625] close(3) = 0 [pid 3625] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3625] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3625] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3625] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[14], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 14 [pid 3625] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3626 attached [pid 3626] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3626] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3626] write(3, "4", 1) = 1 [ 49.010453][ T3626] FAULT_INJECTION: forcing a failure. [ 49.010453][ T3626] name failslab, interval 1, probability 0, space 0, times 0 [ 49.023211][ T3626] CPU: 0 PID: 3626 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 49.033698][ T3626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.044061][ T3626] Call Trace: [ 49.047335][ T3626] [ 49.050317][ T3626] dump_stack_lvl+0x1e3/0x2cb [ 49.054994][ T3626] ? bfq_pos_tree_add_move+0x436/0x436 [ 49.060443][ T3626] ? panic+0x76e/0x76e [ 49.064508][ T3626] ? validate_chain+0x126/0x65c0 [ 49.069444][ T3626] ? rcu_lock_release+0x5/0x20 [ 49.074206][ T3626] should_fail+0x384/0x4b0 [ 49.078615][ T3626] ? hsr_add_node+0x65/0x830 [ 49.083282][ T3626] should_failslab+0x5/0x20 [ 49.087779][ T3626] kmem_cache_alloc_trace+0x68/0x310 [ 49.093060][ T3626] hsr_add_node+0x65/0x830 [ 49.097477][ T3626] ? hsr_mac_hash+0x1f/0x270 [ 49.102057][ T3626] hsr_forward_skb+0x37f/0x2150 [ 49.106914][ T3626] ? prp_fill_frame_info+0x5b0/0x5b0 [ 49.112201][ T3626] ? hsr_addr_is_self+0x160/0x2b0 [ 49.117216][ T3626] hsr_handle_frame+0x4fd/0x6b0 [ 49.122063][ T3626] ? hsr_port_exists+0x50/0x50 [ 49.126817][ T3626] __netif_receive_skb_core+0x1448/0x3bc0 [ 49.132540][ T3626] ? trace_netif_rx+0x260/0x260 [ 49.137408][ T3626] __netif_receive_skb+0x11a/0x500 [ 49.142528][ T3626] ? read_lock_is_recursive+0x10/0x10 [ 49.148594][ T3626] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 49.153883][ T3626] ? __netif_receive_skb_list_core+0x930/0x930 [ 49.160056][ T3626] netif_receive_skb_internal+0x108/0x360 [ 49.165771][ T3626] ? trace_netif_receive_skb_entry+0x260/0x260 [ 49.171911][ T3626] ? rcu_read_lock_sched_held+0x89/0x130 [ 49.177538][ T3626] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 49.183517][ T3626] netif_receive_skb+0x19/0x30 [ 49.188271][ T3626] tun_rx_batched+0x777/0x920 [ 49.192945][ T3626] ? read_lock_is_recursive+0x10/0x10 [ 49.198309][ T3626] ? local_bh_enable+0x20/0x20 [ 49.203163][ T3626] tun_get_user+0x1b5a/0x2540 [ 49.207852][ T3626] ? tun_ring_recv+0xcc0/0xcc0 [ 49.212779][ T3626] ? __lock_acquire+0x1f80/0x1f80 [ 49.217808][ T3626] tun_chr_write_iter+0x10a/0x1e0 [ 49.222824][ T3626] vfs_write+0xa22/0xd40 [ 49.227064][ T3626] ? __lock_acquire+0x1f80/0x1f80 [ 49.232086][ T3626] ? file_end_write+0x230/0x230 [ 49.237013][ T3626] ? print_irqtrace_events+0x220/0x220 [ 49.242477][ T3626] ? __fget_files+0x3d0/0x440 [ 49.247152][ T3626] ? __fdget_pos+0x1d7/0x2e0 [ 49.251725][ T3626] ? ksys_write+0x77/0x2c0 [ 49.256131][ T3626] ksys_write+0x19b/0x2c0 [ 49.260445][ T3626] ? print_irqtrace_events+0x220/0x220 [ 49.265976][ T3626] ? __ia32_sys_read+0x80/0x80 [ 49.270725][ T3626] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 49.276692][ T3626] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 49.282658][ T3626] do_syscall_64+0x2b/0x70 [ 49.287073][ T3626] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.292951][ T3626] RIP: 0033:0x7f6b12c241ff [ 49.297353][ T3626] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 49.316943][ T3626] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 49.325340][ T3626] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 49.333327][ T3626] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 49.341284][ T3626] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 49.349240][ T3626] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3626] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3625] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3626] <... write resumed>) = 14 [pid 3626] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3626] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3625] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3625] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3626] <... futex resumed>) = 0 [pid 3626] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3626] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3625] <... futex resumed>) = 0 [pid 3625] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3626] <... futex resumed>) = 1 [pid 3626] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3626] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3625] <... futex resumed>) = 0 [pid 3625] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3626] <... futex resumed>) = 1 [pid 3626] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3626] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3625] <... futex resumed>) = 0 [pid 3625] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3626] <... futex resumed>) = 1 [pid 3626] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3626] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3625] <... futex resumed>) = 0 [pid 3625] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3626] <... futex resumed>) = 1 [ 49.357197][ T3626] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 49.365169][ T3626] [pid 3626] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3625] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3625] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3626] <... sendmsg resumed>) = 64 [pid 3626] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3626] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3625] close(3) = 0 [pid 3625] close(4) = 0 [pid 3625] close(5) = 0 [pid 3625] close(6) = -1 EBADF (Bad file descriptor) [pid 3625] close(7) = -1 EBADF (Bad file descriptor) [pid 3625] close(8) = -1 EBADF (Bad file descriptor) [pid 3625] close(9) = -1 EBADF (Bad file descriptor) [pid 3625] close(10) = -1 EBADF (Bad file descriptor) [pid 3625] close(11) = -1 EBADF (Bad file descriptor) [pid 3625] close(12) = -1 EBADF (Bad file descriptor) [pid 3625] close(13) = -1 EBADF (Bad file descriptor) [pid 3625] close(14) = -1 EBADF (Bad file descriptor) [pid 3625] close(15) = -1 EBADF (Bad file descriptor) [pid 3625] close(16) = -1 EBADF (Bad file descriptor) [pid 3625] close(17) = -1 EBADF (Bad file descriptor) [pid 3625] close(18) = -1 EBADF (Bad file descriptor) [pid 3625] close(19) = -1 EBADF (Bad file descriptor) [pid 3625] close(20) = -1 EBADF (Bad file descriptor) [pid 3625] close(21) = -1 EBADF (Bad file descriptor) [pid 3625] close(22) = -1 EBADF (Bad file descriptor) [pid 3625] close(23) = -1 EBADF (Bad file descriptor) [pid 3625] close(24) = -1 EBADF (Bad file descriptor) [pid 3625] close(25) = -1 EBADF (Bad file descriptor) [pid 3625] close(26) = -1 EBADF (Bad file descriptor) [pid 3625] close(27) = -1 EBADF (Bad file descriptor) [pid 3625] close(28) = -1 EBADF (Bad file descriptor) [pid 3625] close(29) = -1 EBADF (Bad file descriptor) [pid 3625] exit_group(0 [pid 3626] <... futex resumed>) = ? [pid 3625] <... exit_group resumed>) = ? [pid 3626] +++ exited with 0 +++ [pid 3625] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3627 attached , child_tidptr=0x5555568505d0) = 15 [pid 3627] set_robust_list(0x5555568505e0, 24) = 0 [pid 3627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3627] setpgid(0, 0) = 0 [pid 3627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3627] write(3, "1000", 4) = 4 [pid 3627] close(3) = 0 [pid 3627] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3627] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3627] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3627] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[16], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 16 [pid 3627] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3628 attached [pid 3628] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3628] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3628] write(3, "4", 1) = 1 [ 49.466013][ T3628] FAULT_INJECTION: forcing a failure. [ 49.466013][ T3628] name failslab, interval 1, probability 0, space 0, times 0 [ 49.478670][ T3628] CPU: 0 PID: 3628 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 49.489167][ T3628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.499209][ T3628] Call Trace: [ 49.502472][ T3628] [ 49.505417][ T3628] dump_stack_lvl+0x1e3/0x2cb [ 49.510091][ T3628] ? bfq_pos_tree_add_move+0x436/0x436 [ 49.515541][ T3628] ? panic+0x76e/0x76e [ 49.519597][ T3628] ? validate_chain+0x126/0x65c0 [ 49.524523][ T3628] ? rcu_lock_release+0x5/0x20 [ 49.529276][ T3628] should_fail+0x384/0x4b0 [ 49.533778][ T3628] ? hsr_add_node+0x65/0x830 [ 49.538357][ T3628] should_failslab+0x5/0x20 [ 49.542850][ T3628] kmem_cache_alloc_trace+0x68/0x310 [ 49.548138][ T3628] hsr_add_node+0x65/0x830 [ 49.552993][ T3628] ? hsr_mac_hash+0x1f/0x270 [ 49.557572][ T3628] hsr_forward_skb+0x37f/0x2150 [ 49.562421][ T3628] ? prp_fill_frame_info+0x5b0/0x5b0 [ 49.567699][ T3628] ? hsr_addr_is_self+0x160/0x2b0 [ 49.572709][ T3628] hsr_handle_frame+0x4fd/0x6b0 [ 49.577549][ T3628] ? hsr_port_exists+0x50/0x50 [ 49.582296][ T3628] __netif_receive_skb_core+0x1448/0x3bc0 [ 49.588022][ T3628] ? trace_netif_rx+0x260/0x260 [ 49.592872][ T3628] __netif_receive_skb+0x11a/0x500 [ 49.597967][ T3628] ? read_lock_is_recursive+0x10/0x10 [ 49.603328][ T3628] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 49.608599][ T3628] ? __netif_receive_skb_list_core+0x930/0x930 [ 49.614752][ T3628] netif_receive_skb_internal+0x108/0x360 [ 49.620458][ T3628] ? trace_netif_receive_skb_entry+0x260/0x260 [ 49.626598][ T3628] ? rcu_read_lock_sched_held+0x89/0x130 [ 49.632218][ T3628] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 49.638192][ T3628] netif_receive_skb+0x19/0x30 [ 49.642944][ T3628] tun_rx_batched+0x777/0x920 [ 49.647613][ T3628] ? read_lock_is_recursive+0x10/0x10 [ 49.652970][ T3628] ? local_bh_enable+0x20/0x20 [ 49.657725][ T3628] ? rcu_lock_release+0x5/0x20 [ 49.662566][ T3628] tun_get_user+0x1b5a/0x2540 [ 49.667241][ T3628] ? tun_ring_recv+0xcc0/0xcc0 [ 49.671988][ T3628] ? __lock_acquire+0x1f80/0x1f80 [ 49.677026][ T3628] tun_chr_write_iter+0x10a/0x1e0 [ 49.682040][ T3628] vfs_write+0xa22/0xd40 [ 49.686310][ T3628] ? __lock_acquire+0x1f80/0x1f80 [ 49.691326][ T3628] ? file_end_write+0x230/0x230 [ 49.696160][ T3628] ? print_irqtrace_events+0x220/0x220 [ 49.701606][ T3628] ? __fget_files+0x3d0/0x440 [ 49.706276][ T3628] ? __fdget_pos+0x1d7/0x2e0 [ 49.710853][ T3628] ? ksys_write+0x77/0x2c0 [ 49.715359][ T3628] ksys_write+0x19b/0x2c0 [ 49.719683][ T3628] ? print_irqtrace_events+0x220/0x220 [ 49.725129][ T3628] ? __ia32_sys_read+0x80/0x80 [ 49.729875][ T3628] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 49.735844][ T3628] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 49.741814][ T3628] do_syscall_64+0x2b/0x70 [ 49.746213][ T3628] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.752181][ T3628] RIP: 0033:0x7f6b12c241ff [ 49.756671][ T3628] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 49.776348][ T3628] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 49.784747][ T3628] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 49.792713][ T3628] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 49.800669][ T3628] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 49.808626][ T3628] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3628] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [pid 3627] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3628] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3627] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3628] <... futex resumed>) = 0 [pid 3627] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3628] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3627] <... futex resumed>) = 0 [pid 3628] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3627] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3627] <... futex resumed>) = 0 [pid 3628] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3627] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3627] <... futex resumed>) = 0 [pid 3628] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3627] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] <... socket resumed>) = 5 [pid 3628] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3627] <... futex resumed>) = 0 [pid 3628] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3627] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3628] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3628] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 49.816580][ T3628] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 49.824548][ T3628] [pid 3627] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3628] <... sendmsg resumed>) = 64 [pid 3628] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3628] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3627] close(3) = 0 [pid 3627] close(4) = 0 [pid 3627] close(5) = 0 [pid 3627] close(6) = -1 EBADF (Bad file descriptor) [pid 3627] close(7) = -1 EBADF (Bad file descriptor) [pid 3627] close(8) = -1 EBADF (Bad file descriptor) [pid 3627] close(9) = -1 EBADF (Bad file descriptor) [pid 3627] close(10) = -1 EBADF (Bad file descriptor) [pid 3627] close(11) = -1 EBADF (Bad file descriptor) [pid 3627] close(12) = -1 EBADF (Bad file descriptor) [pid 3627] close(13) = -1 EBADF (Bad file descriptor) [pid 3627] close(14) = -1 EBADF (Bad file descriptor) [pid 3627] close(15) = -1 EBADF (Bad file descriptor) [pid 3627] close(16) = -1 EBADF (Bad file descriptor) [pid 3627] close(17) = -1 EBADF (Bad file descriptor) [pid 3627] close(18) = -1 EBADF (Bad file descriptor) [pid 3627] close(19) = -1 EBADF (Bad file descriptor) [pid 3627] close(20) = -1 EBADF (Bad file descriptor) [pid 3627] close(21) = -1 EBADF (Bad file descriptor) [pid 3627] close(22) = -1 EBADF (Bad file descriptor) [pid 3627] close(23) = -1 EBADF (Bad file descriptor) [pid 3627] close(24) = -1 EBADF (Bad file descriptor) [pid 3627] close(25) = -1 EBADF (Bad file descriptor) [pid 3627] close(26) = -1 EBADF (Bad file descriptor) [pid 3627] close(27) = -1 EBADF (Bad file descriptor) [pid 3627] close(28) = -1 EBADF (Bad file descriptor) [pid 3627] close(29) = -1 EBADF (Bad file descriptor) [pid 3627] exit_group(0 [pid 3628] <... futex resumed>) = ? [pid 3627] <... exit_group resumed>) = ? [pid 3628] +++ exited with 0 +++ [pid 3627] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=37} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 17 ./strace-static-x86_64: Process 3629 attached [pid 3629] set_robust_list(0x5555568505e0, 24) = 0 [pid 3629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3629] setpgid(0, 0) = 0 [pid 3629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3629] write(3, "1000", 4) = 4 [pid 3629] close(3) = 0 [pid 3629] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3629] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3629] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3629] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3630 attached , parent_tid=[18], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 18 [pid 3630] set_robust_list(0x7f6b12c119e0, 24 [pid 3629] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3630] <... set_robust_list resumed>) = 0 [pid 3629] <... futex resumed>) = 0 [pid 3629] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3630] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3630] write(3, "4", 1) = 1 [ 49.935721][ T3630] FAULT_INJECTION: forcing a failure. [ 49.935721][ T3630] name failslab, interval 1, probability 0, space 0, times 0 [ 49.948360][ T3630] CPU: 0 PID: 3630 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 49.958870][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.968935][ T3630] Call Trace: [ 49.972214][ T3630] [ 49.975132][ T3630] dump_stack_lvl+0x1e3/0x2cb [ 49.979952][ T3630] ? bfq_pos_tree_add_move+0x436/0x436 [ 49.985397][ T3630] ? panic+0x76e/0x76e [ 49.989451][ T3630] ? validate_chain+0x126/0x65c0 [ 49.994374][ T3630] ? rcu_lock_release+0x5/0x20 [ 49.999139][ T3630] should_fail+0x384/0x4b0 [ 50.003570][ T3630] ? hsr_add_node+0x65/0x830 [ 50.008146][ T3630] should_failslab+0x5/0x20 [ 50.012639][ T3630] kmem_cache_alloc_trace+0x68/0x310 [ 50.017915][ T3630] hsr_add_node+0x65/0x830 [ 50.022325][ T3630] ? hsr_mac_hash+0x1f/0x270 [ 50.026899][ T3630] hsr_forward_skb+0x37f/0x2150 [ 50.031735][ T3630] ? print_irqtrace_events+0x220/0x220 [ 50.037199][ T3630] ? prp_fill_frame_info+0x5b0/0x5b0 [ 50.042486][ T3630] ? hsr_addr_is_self+0x160/0x2b0 [ 50.047511][ T3630] hsr_handle_frame+0x4fd/0x6b0 [ 50.052357][ T3630] ? hsr_port_exists+0x50/0x50 [ 50.057119][ T3630] __netif_receive_skb_core+0x1448/0x3bc0 [ 50.062835][ T3630] ? trace_netif_rx+0x260/0x260 [ 50.067697][ T3630] __netif_receive_skb+0x11a/0x500 [ 50.072811][ T3630] ? read_lock_is_recursive+0x10/0x10 [ 50.078169][ T3630] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 50.083441][ T3630] ? __netif_receive_skb_list_core+0x930/0x930 [ 50.089586][ T3630] netif_receive_skb_internal+0x108/0x360 [ 50.095297][ T3630] ? trace_netif_receive_skb_entry+0x260/0x260 [ 50.101441][ T3630] ? rcu_read_lock_sched_held+0x89/0x130 [ 50.107080][ T3630] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 50.113083][ T3630] netif_receive_skb+0x19/0x30 [ 50.117848][ T3630] tun_rx_batched+0x777/0x920 [ 50.122569][ T3630] ? read_lock_is_recursive+0x10/0x10 [ 50.127942][ T3630] ? local_bh_enable+0x20/0x20 [ 50.132708][ T3630] ? rcu_lock_release+0x5/0x20 [ 50.137481][ T3630] tun_get_user+0x1b5a/0x2540 [ 50.142154][ T3630] ? tun_ring_recv+0xcc0/0xcc0 [ 50.146904][ T3630] ? __lock_acquire+0x1f80/0x1f80 [ 50.151927][ T3630] tun_chr_write_iter+0x10a/0x1e0 [ 50.156953][ T3630] vfs_write+0xa22/0xd40 [ 50.161190][ T3630] ? __lock_acquire+0x1f80/0x1f80 [ 50.166218][ T3630] ? file_end_write+0x230/0x230 [ 50.171223][ T3630] ? print_irqtrace_events+0x220/0x220 [ 50.176681][ T3630] ? __fget_files+0x3d0/0x440 [ 50.181366][ T3630] ? __fdget_pos+0x1d7/0x2e0 [ 50.185943][ T3630] ? ksys_write+0x77/0x2c0 [ 50.190445][ T3630] ksys_write+0x19b/0x2c0 [ 50.194761][ T3630] ? print_irqtrace_events+0x220/0x220 [ 50.200457][ T3630] ? __ia32_sys_read+0x80/0x80 [ 50.205213][ T3630] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 50.211180][ T3630] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 50.217155][ T3630] do_syscall_64+0x2b/0x70 [ 50.221562][ T3630] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 50.227639][ T3630] RIP: 0033:0x7f6b12c241ff [ 50.232045][ T3630] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 50.251638][ T3630] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 50.260043][ T3630] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 50.268027][ T3630] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 50.276002][ T3630] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [pid 3630] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [pid 3630] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3630] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3629] <... futex resumed>) = 0 [pid 3629] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3629] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3630] <... futex resumed>) = 0 [pid 3630] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3630] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... futex resumed>) = 0 [pid 3629] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3630] <... futex resumed>) = 1 [pid 3630] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3630] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... futex resumed>) = 0 [pid 3629] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3630] <... futex resumed>) = 1 [pid 3630] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3630] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... futex resumed>) = 0 [pid 3629] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3630] <... futex resumed>) = 1 [pid 3630] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3630] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... futex resumed>) = 0 [pid 3629] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3630] <... futex resumed>) = 1 [ 50.283957][ T3630] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 50.291919][ T3630] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 50.299916][ T3630] [pid 3630] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3629] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3629] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3630] <... sendmsg resumed>) = 64 [pid 3630] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] close(3 [pid 3630] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3629] <... close resumed>) = 0 [pid 3629] close(4) = 0 [pid 3629] close(5) = 0 [pid 3629] close(6) = -1 EBADF (Bad file descriptor) [pid 3629] close(7) = -1 EBADF (Bad file descriptor) [pid 3629] close(8) = -1 EBADF (Bad file descriptor) [pid 3629] close(9) = -1 EBADF (Bad file descriptor) [pid 3629] close(10) = -1 EBADF (Bad file descriptor) [pid 3629] close(11) = -1 EBADF (Bad file descriptor) [pid 3629] close(12) = -1 EBADF (Bad file descriptor) [pid 3629] close(13) = -1 EBADF (Bad file descriptor) [pid 3629] close(14) = -1 EBADF (Bad file descriptor) [pid 3629] close(15) = -1 EBADF (Bad file descriptor) [pid 3629] close(16) = -1 EBADF (Bad file descriptor) [pid 3629] close(17) = -1 EBADF (Bad file descriptor) [pid 3629] close(18) = -1 EBADF (Bad file descriptor) [pid 3629] close(19) = -1 EBADF (Bad file descriptor) [pid 3629] close(20) = -1 EBADF (Bad file descriptor) [pid 3629] close(21) = -1 EBADF (Bad file descriptor) [pid 3629] close(22) = -1 EBADF (Bad file descriptor) [pid 3629] close(23) = -1 EBADF (Bad file descriptor) [pid 3629] close(24) = -1 EBADF (Bad file descriptor) [pid 3629] close(25) = -1 EBADF (Bad file descriptor) [pid 3629] close(26) = -1 EBADF (Bad file descriptor) [pid 3629] close(27) = -1 EBADF (Bad file descriptor) [pid 3629] close(28) = -1 EBADF (Bad file descriptor) [pid 3629] close(29) = -1 EBADF (Bad file descriptor) [pid 3629] exit_group(0 [pid 3630] <... futex resumed>) = ? [pid 3629] <... exit_group resumed>) = ? [pid 3630] +++ exited with 0 +++ [pid 3629] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 19 ./strace-static-x86_64: Process 3631 attached [pid 3631] set_robust_list(0x5555568505e0, 24) = 0 [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setpgid(0, 0) = 0 [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1000", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3631] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3631] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3632 attached , parent_tid=[20], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 20 [pid 3631] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3632] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3632] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3632] write(3, "4", 1) = 1 [ 50.393234][ T3632] FAULT_INJECTION: forcing a failure. [ 50.393234][ T3632] name failslab, interval 1, probability 0, space 0, times 0 [ 50.405898][ T3632] CPU: 1 PID: 3632 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 50.416383][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.426446][ T3632] Call Trace: [ 50.429729][ T3632] [ 50.432644][ T3632] dump_stack_lvl+0x1e3/0x2cb [ 50.437318][ T3632] ? bfq_pos_tree_add_move+0x436/0x436 [pid 3632] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3631] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3631] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3631] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[21], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 21 [pid 3631] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3633 attached [pid 3633] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3633] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3633] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3633] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3633] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3633] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [ 50.442782][ T3632] ? panic+0x76e/0x76e [ 50.446877][ T3632] ? validate_chain+0x126/0x65c0 [ 50.451823][ T3632] ? rcu_lock_release+0x5/0x20 [ 50.456586][ T3632] should_fail+0x384/0x4b0 [ 50.461013][ T3632] ? hsr_add_node+0x65/0x830 [ 50.465596][ T3632] should_failslab+0x5/0x20 [ 50.470104][ T3632] kmem_cache_alloc_trace+0x68/0x310 [ 50.475389][ T3632] hsr_add_node+0x65/0x830 [ 50.479815][ T3632] ? hsr_mac_hash+0x1f/0x270 [ 50.484407][ T3632] hsr_forward_skb+0x37f/0x2150 [pid 3633] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3631] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 50.489253][ T3632] ? prp_fill_frame_info+0x5b0/0x5b0 [ 50.494533][ T3632] ? hsr_addr_is_self+0x160/0x2b0 [ 50.499541][ T3632] hsr_handle_frame+0x4fd/0x6b0 [ 50.504390][ T3632] ? hsr_port_exists+0x50/0x50 [ 50.509154][ T3632] __netif_receive_skb_core+0x1448/0x3bc0 [ 50.515041][ T3632] ? trace_netif_rx+0x260/0x260 [ 50.519911][ T3632] __netif_receive_skb+0x11a/0x500 [ 50.525024][ T3632] ? read_lock_is_recursive+0x10/0x10 [ 50.530379][ T3632] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 50.535654][ T3632] ? __netif_receive_skb_list_core+0x930/0x930 [ 50.541799][ T3632] netif_receive_skb_internal+0x108/0x360 [ 50.547942][ T3632] ? trace_netif_receive_skb_entry+0x260/0x260 [ 50.554101][ T3632] ? rcu_read_lock_sched_held+0x89/0x130 [ 50.559742][ T3632] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 50.565746][ T3632] netif_receive_skb+0x19/0x30 [ 50.571116][ T3632] tun_rx_batched+0x777/0x920 [ 50.575799][ T3632] ? read_lock_is_recursive+0x10/0x10 [ 50.581180][ T3632] ? local_bh_enable+0x20/0x20 [ 50.585948][ T3632] ? rcu_lock_release+0x5/0x20 [pid 3631] close(3) = 0 [pid 3631] close(4) = 0 [pid 3631] close(5) = 0 [pid 3631] close(6) = -1 EBADF (Bad file descriptor) [pid 3631] close(7) = -1 EBADF (Bad file descriptor) [pid 3631] close(8) = -1 EBADF (Bad file descriptor) [pid 3631] close(9) = -1 EBADF (Bad file descriptor) [pid 3631] close(10) = -1 EBADF (Bad file descriptor) [pid 3631] close(11) = -1 EBADF (Bad file descriptor) [pid 3631] close(12) = -1 EBADF (Bad file descriptor) [pid 3631] close(13) = -1 EBADF (Bad file descriptor) [pid 3631] close(14) = -1 EBADF (Bad file descriptor) [pid 3631] close(15) = -1 EBADF (Bad file descriptor) [pid 3631] close(16) = -1 EBADF (Bad file descriptor) [pid 3631] close(17) = -1 EBADF (Bad file descriptor) [pid 3631] close(18) = -1 EBADF (Bad file descriptor) [pid 3631] close(19) = -1 EBADF (Bad file descriptor) [ 50.590724][ T3632] tun_get_user+0x1b5a/0x2540 [ 50.595424][ T3632] ? tun_ring_recv+0xcc0/0xcc0 [ 50.600191][ T3632] ? __lock_acquire+0x1f80/0x1f80 [ 50.605226][ T3632] tun_chr_write_iter+0x10a/0x1e0 [ 50.610262][ T3632] vfs_write+0xa22/0xd40 [ 50.614522][ T3632] ? __lock_acquire+0x1f80/0x1f80 [ 50.619550][ T3632] ? file_end_write+0x230/0x230 [ 50.624382][ T3632] ? print_irqtrace_events+0x220/0x220 [ 50.629835][ T3632] ? __fget_files+0x3d0/0x440 [ 50.634534][ T3632] ? __fdget_pos+0x1d7/0x2e0 [ 50.639145][ T3632] ? ksys_write+0x77/0x2c0 [pid 3631] close(20) = -1 EBADF (Bad file descriptor) [pid 3631] close(21) = -1 EBADF (Bad file descriptor) [pid 3631] close(22) = -1 EBADF (Bad file descriptor) [pid 3631] close(23) = -1 EBADF (Bad file descriptor) [pid 3631] close(24) = -1 EBADF (Bad file descriptor) [pid 3631] close(25) = -1 EBADF (Bad file descriptor) [pid 3631] close(26) = -1 EBADF (Bad file descriptor) [pid 3631] close(27) = -1 EBADF (Bad file descriptor) [pid 3631] close(28) = -1 EBADF (Bad file descriptor) [pid 3631] close(29) = -1 EBADF (Bad file descriptor) [pid 3631] exit_group(0) = ? [ 50.643570][ T3632] ksys_write+0x19b/0x2c0 [ 50.647911][ T3632] ? print_irqtrace_events+0x220/0x220 [ 50.653383][ T3632] ? __ia32_sys_read+0x80/0x80 [ 50.658157][ T3632] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 50.664143][ T3632] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 50.670114][ T3632] do_syscall_64+0x2b/0x70 [ 50.674514][ T3632] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 50.680394][ T3632] RIP: 0033:0x7f6b12c241ff [ 50.684817][ T3632] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 50.704509][ T3632] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 50.712913][ T3632] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 50.720880][ T3632] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 50.728857][ T3632] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 50.736823][ T3632] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3632] <... write resumed>) = ? [pid 3632] +++ exited with 0 +++ [pid 3633] <... sendmsg resumed>) = ? [pid 3633] +++ exited with 0 +++ [pid 3631] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3634 attached , child_tidptr=0x5555568505d0) = 22 [pid 3634] set_robust_list(0x5555568505e0, 24) = 0 [pid 3634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3634] setpgid(0, 0) = 0 [pid 3634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 50.744780][ T3632] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 50.752764][ T3632] [pid 3634] write(3, "1000", 4) = 4 [pid 3634] close(3) = 0 [pid 3634] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3634] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3634] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3634] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3635 attached , parent_tid=[23], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 23 [pid 3634] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3634] <... futex resumed>) = 0 [pid 3634] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3635] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3635] write(3, "4", 1) = 1 [pid 3635] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3634] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3634] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [ 50.816929][ T3635] FAULT_INJECTION: forcing a failure. [ 50.816929][ T3635] name failslab, interval 1, probability 0, space 0, times 0 [ 50.829691][ T3635] CPU: 1 PID: 3635 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 50.840198][ T3635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.850240][ T3635] Call Trace: [ 50.853513][ T3635] [ 50.856452][ T3635] dump_stack_lvl+0x1e3/0x2cb [ 50.861153][ T3635] ? bfq_pos_tree_add_move+0x436/0x436 [pid 3634] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3634] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[24], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 24 [pid 3634] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3636 attached [pid 3636] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3636] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3636] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] <... futex resumed>) = 0 [pid 3634] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... futex resumed>) = 1 [ 50.866609][ T3635] ? panic+0x76e/0x76e [ 50.870711][ T3635] ? validate_chain+0x126/0x65c0 [ 50.875665][ T3635] ? rcu_lock_release+0x5/0x20 [ 50.880476][ T3635] should_fail+0x384/0x4b0 [ 50.884881][ T3635] ? hsr_add_node+0x65/0x830 [ 50.889466][ T3635] should_failslab+0x5/0x20 [ 50.894080][ T3635] kmem_cache_alloc_trace+0x68/0x310 [ 50.899375][ T3635] hsr_add_node+0x65/0x830 [ 50.903791][ T3635] ? hsr_mac_hash+0x1f/0x270 [ 50.908382][ T3635] hsr_forward_skb+0x37f/0x2150 [ 50.913240][ T3635] ? prp_fill_frame_info+0x5b0/0x5b0 [ 50.918957][ T3635] ? hsr_addr_is_self+0x160/0x2b0 [ 50.923977][ T3635] hsr_handle_frame+0x4fd/0x6b0 [ 50.928820][ T3635] ? hsr_port_exists+0x50/0x50 [ 50.933655][ T3635] __netif_receive_skb_core+0x1448/0x3bc0 [ 50.939381][ T3635] ? trace_netif_rx+0x260/0x260 [ 50.944248][ T3635] __netif_receive_skb+0x11a/0x500 [ 50.949349][ T3635] ? read_lock_is_recursive+0x10/0x10 [ 50.954805][ T3635] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 50.960082][ T3635] ? __netif_receive_skb_list_core+0x930/0x930 [ 50.966414][ T3635] netif_receive_skb_internal+0x108/0x360 [ 50.972127][ T3635] ? trace_netif_receive_skb_entry+0x260/0x260 [ 50.978351][ T3635] ? rcu_read_lock_sched_held+0x89/0x130 [ 50.983980][ T3635] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 50.990042][ T3635] netif_receive_skb+0x19/0x30 [ 50.994794][ T3635] tun_rx_batched+0x777/0x920 [ 51.000242][ T3635] ? read_lock_is_recursive+0x10/0x10 [ 51.005606][ T3635] ? local_bh_enable+0x20/0x20 [ 51.010367][ T3635] ? rcu_lock_release+0x5/0x20 [ 51.015129][ T3635] tun_get_user+0x1b5a/0x2540 [ 51.019805][ T3635] ? tun_ring_recv+0xcc0/0xcc0 [ 51.024557][ T3635] ? __lock_acquire+0x1f80/0x1f80 [ 51.029589][ T3635] tun_chr_write_iter+0x10a/0x1e0 [ 51.034694][ T3635] vfs_write+0xa22/0xd40 [ 51.039014][ T3635] ? __lock_acquire+0x1f80/0x1f80 [ 51.044032][ T3635] ? file_end_write+0x230/0x230 [ 51.048965][ T3635] ? print_irqtrace_events+0x220/0x220 [ 51.054421][ T3635] ? __fget_files+0x3d0/0x440 [ 51.059093][ T3635] ? __fdget_pos+0x1d7/0x2e0 [ 51.063667][ T3635] ? ksys_write+0x77/0x2c0 [ 51.068070][ T3635] ksys_write+0x19b/0x2c0 [ 51.072394][ T3635] ? print_irqtrace_events+0x220/0x220 [ 51.077841][ T3635] ? __ia32_sys_read+0x80/0x80 [ 51.082593][ T3635] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 51.088567][ T3635] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 51.094546][ T3635] do_syscall_64+0x2b/0x70 [ 51.098973][ T3635] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.104854][ T3635] RIP: 0033:0x7f6b12c241ff [ 51.109257][ T3635] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 51.128853][ T3635] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 51.137267][ T3635] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 51.145322][ T3635] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 51.153281][ T3635] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [pid 3636] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3636] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] <... write resumed>) = 14 [pid 3634] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3636] <... futex resumed>) = 0 [pid 3634] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3634] <... futex resumed>) = 0 [pid 3636] <... socket resumed>) = 5 [pid 3634] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3636] <... futex resumed>) = 0 [pid 3634] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3635] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] <... futex resumed>) = 0 [pid 3636] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3635] <... futex resumed>) = 0 [pid 3634] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3636] <... futex resumed>) = 0 [pid 3634] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3634] <... futex resumed>) = 1 [pid 3635] <... futex resumed>) = 0 [pid 3634] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 51.161243][ T3635] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 51.169374][ T3635] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 51.177348][ T3635] [pid 3635] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 64 [pid 3635] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3634] <... futex resumed>) = 0 [pid 3634] close(3) = 0 [pid 3634] close(4) = 0 [pid 3634] close(5) = 0 [pid 3634] close(6) = -1 EBADF (Bad file descriptor) [pid 3634] close(7) = -1 EBADF (Bad file descriptor) [pid 3634] close(8) = -1 EBADF (Bad file descriptor) [pid 3634] close(9) = -1 EBADF (Bad file descriptor) [pid 3634] close(10) = -1 EBADF (Bad file descriptor) [pid 3634] close(11) = -1 EBADF (Bad file descriptor) [pid 3634] close(12) = -1 EBADF (Bad file descriptor) [pid 3634] close(13) = -1 EBADF (Bad file descriptor) [pid 3634] close(14) = -1 EBADF (Bad file descriptor) [pid 3634] close(15) = -1 EBADF (Bad file descriptor) [pid 3634] close(16) = -1 EBADF (Bad file descriptor) [pid 3634] close(17) = -1 EBADF (Bad file descriptor) [pid 3634] close(18) = -1 EBADF (Bad file descriptor) [pid 3634] close(19) = -1 EBADF (Bad file descriptor) [pid 3634] close(20) = -1 EBADF (Bad file descriptor) [pid 3634] close(21) = -1 EBADF (Bad file descriptor) [pid 3634] close(22) = -1 EBADF (Bad file descriptor) [pid 3634] close(23) = -1 EBADF (Bad file descriptor) [pid 3634] close(24) = -1 EBADF (Bad file descriptor) [pid 3634] close(25) = -1 EBADF (Bad file descriptor) [pid 3634] close(26) = -1 EBADF (Bad file descriptor) [pid 3634] close(27) = -1 EBADF (Bad file descriptor) [pid 3634] close(28) = -1 EBADF (Bad file descriptor) [pid 3634] close(29) = -1 EBADF (Bad file descriptor) [pid 3634] exit_group(0 [pid 3636] <... futex resumed>) = ? [pid 3634] <... exit_group resumed>) = ? [pid 3636] +++ exited with 0 +++ [pid 3635] +++ exited with 0 +++ [pid 3634] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3637 attached [pid 3637] set_robust_list(0x5555568505e0, 24) = 0 [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3637] close(3) = 0 [pid 3637] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3637] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3597] <... clone resumed>, child_tidptr=0x5555568505d0) = 25 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3637] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3637] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[26], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 26 [pid 3637] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3638 attached [pid 3638] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3638] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3638] write(3, "4", 1) = 1 [ 51.269854][ T3638] FAULT_INJECTION: forcing a failure. [ 51.269854][ T3638] name failslab, interval 1, probability 0, space 0, times 0 [ 51.282618][ T3638] CPU: 1 PID: 3638 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 51.293126][ T3638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.303435][ T3638] Call Trace: [ 51.306714][ T3638] [ 51.309651][ T3638] dump_stack_lvl+0x1e3/0x2cb [ 51.314347][ T3638] ? bfq_pos_tree_add_move+0x436/0x436 [ 51.319969][ T3638] ? panic+0x76e/0x76e [ 51.324039][ T3638] ? validate_chain+0x126/0x65c0 [ 51.329411][ T3638] ? rcu_lock_release+0x5/0x20 [ 51.334186][ T3638] should_fail+0x384/0x4b0 [ 51.338603][ T3638] ? hsr_add_node+0x65/0x830 [ 51.343203][ T3638] should_failslab+0x5/0x20 [ 51.347695][ T3638] kmem_cache_alloc_trace+0x68/0x310 [ 51.353193][ T3638] hsr_add_node+0x65/0x830 [ 51.357619][ T3638] ? hsr_mac_hash+0x1f/0x270 [ 51.362445][ T3638] hsr_forward_skb+0x37f/0x2150 [ 51.367396][ T3638] ? prp_fill_frame_info+0x5b0/0x5b0 [ 51.372691][ T3638] ? hsr_addr_is_self+0x160/0x2b0 [ 51.377715][ T3638] hsr_handle_frame+0x4fd/0x6b0 [ 51.382582][ T3638] ? hsr_port_exists+0x50/0x50 [ 51.387348][ T3638] __netif_receive_skb_core+0x1448/0x3bc0 [ 51.393087][ T3638] ? trace_netif_rx+0x260/0x260 [ 51.397958][ T3638] __netif_receive_skb+0x11a/0x500 [ 51.403078][ T3638] ? read_lock_is_recursive+0x10/0x10 [ 51.408440][ T3638] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 51.413710][ T3638] ? __netif_receive_skb_list_core+0x930/0x930 [ 51.419862][ T3638] netif_receive_skb_internal+0x108/0x360 [ 51.425573][ T3638] ? trace_netif_receive_skb_entry+0x260/0x260 [ 51.431719][ T3638] ? rcu_read_lock_sched_held+0x89/0x130 [ 51.437361][ T3638] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 51.443368][ T3638] netif_receive_skb+0x19/0x30 [ 51.448234][ T3638] tun_rx_batched+0x777/0x920 [ 51.452931][ T3638] ? read_lock_is_recursive+0x10/0x10 [ 51.458304][ T3638] ? local_bh_enable+0x20/0x20 [ 51.463076][ T3638] ? rcu_lock_release+0x5/0x20 [ 51.467834][ T3638] tun_get_user+0x1b5a/0x2540 [ 51.472704][ T3638] ? tun_ring_recv+0xcc0/0xcc0 [ 51.477464][ T3638] ? __lock_acquire+0x1f80/0x1f80 [ 51.482512][ T3638] tun_chr_write_iter+0x10a/0x1e0 [ 51.487557][ T3638] vfs_write+0xa22/0xd40 [ 51.491813][ T3638] ? __lock_acquire+0x1f80/0x1f80 [ 51.496921][ T3638] ? file_end_write+0x230/0x230 [ 51.501765][ T3638] ? print_irqtrace_events+0x220/0x220 [ 51.507213][ T3638] ? __fget_files+0x3d0/0x440 [ 51.511888][ T3638] ? __fdget_pos+0x1d7/0x2e0 [ 51.516470][ T3638] ? ksys_write+0x77/0x2c0 [ 51.521039][ T3638] ksys_write+0x19b/0x2c0 [ 51.525387][ T3638] ? print_irqtrace_events+0x220/0x220 [ 51.530875][ T3638] ? __ia32_sys_read+0x80/0x80 [ 51.535629][ T3638] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 51.541637][ T3638] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 51.547725][ T3638] do_syscall_64+0x2b/0x70 [ 51.552136][ T3638] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.558017][ T3638] RIP: 0033:0x7f6b12c241ff [ 51.562432][ T3638] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 51.582038][ T3638] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 51.590531][ T3638] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 51.598493][ T3638] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 51.606454][ T3638] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [pid 3638] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3637] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3638] <... write resumed>) = 14 [pid 3637] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3638] <... futex resumed>) = 0 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3638] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] <... mmap resumed>) = 0x7f6b12bd0000 [pid 3637] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3637] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[27], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 27 [pid 3637] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3639 attached [pid 3639] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3639] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3639] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3638] <... futex resumed>) = 0 [pid 3637] <... futex resumed>) = 1 [pid 3638] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3638] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3638] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3637] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] <... futex resumed>) = 0 [pid 3637] <... futex resumed>) = 1 [pid 3638] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3637] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... socket resumed>) = 5 [pid 3638] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3638] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3637] <... futex resumed>) = 0 [pid 3638] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3637] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3638] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3638] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3637] <... futex resumed>) = 0 [pid 3638] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 51.614415][ T3638] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 51.622375][ T3638] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 51.630357][ T3638] [pid 3637] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... sendmsg resumed>) = 64 [pid 3638] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3638] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] close(3) = 0 [pid 3637] close(4) = 0 [pid 3637] close(5) = 0 [pid 3637] close(6) = -1 EBADF (Bad file descriptor) [pid 3637] close(7) = -1 EBADF (Bad file descriptor) [pid 3637] close(8) = -1 EBADF (Bad file descriptor) [pid 3637] close(9) = -1 EBADF (Bad file descriptor) [pid 3637] close(10) = -1 EBADF (Bad file descriptor) [pid 3637] close(11) = -1 EBADF (Bad file descriptor) [pid 3637] close(12) = -1 EBADF (Bad file descriptor) [pid 3637] close(13) = -1 EBADF (Bad file descriptor) [pid 3637] close(14) = -1 EBADF (Bad file descriptor) [pid 3637] close(15) = -1 EBADF (Bad file descriptor) [pid 3637] close(16) = -1 EBADF (Bad file descriptor) [pid 3637] close(17) = -1 EBADF (Bad file descriptor) [pid 3637] close(18) = -1 EBADF (Bad file descriptor) [pid 3637] close(19) = -1 EBADF (Bad file descriptor) [pid 3637] close(20) = -1 EBADF (Bad file descriptor) [pid 3637] close(21) = -1 EBADF (Bad file descriptor) [pid 3637] close(22) = -1 EBADF (Bad file descriptor) [pid 3637] close(23) = -1 EBADF (Bad file descriptor) [pid 3637] close(24) = -1 EBADF (Bad file descriptor) [pid 3637] close(25) = -1 EBADF (Bad file descriptor) [pid 3637] close(26) = -1 EBADF (Bad file descriptor) [pid 3637] close(27) = -1 EBADF (Bad file descriptor) [pid 3637] close(28) = -1 EBADF (Bad file descriptor) [pid 3637] close(29) = -1 EBADF (Bad file descriptor) [pid 3637] exit_group(0 [pid 3639] <... futex resumed>) = ? [pid 3638] <... futex resumed>) = ? [pid 3637] <... exit_group resumed>) = ? [pid 3639] +++ exited with 0 +++ [pid 3638] +++ exited with 0 +++ [pid 3637] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 28 ./strace-static-x86_64: Process 3640 attached [pid 3640] set_robust_list(0x5555568505e0, 24) = 0 [pid 3640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3640] setpgid(0, 0) = 0 [pid 3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3640] write(3, "1000", 4) = 4 [pid 3640] close(3) = 0 [pid 3640] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3640] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3640] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3640] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[29], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 29 [pid 3640] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3641 attached [pid 3641] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3641] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3641] write(3, "4", 1) = 1 [ 51.730398][ T3641] FAULT_INJECTION: forcing a failure. [ 51.730398][ T3641] name failslab, interval 1, probability 0, space 0, times 0 [ 51.743148][ T3641] CPU: 0 PID: 3641 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 51.753727][ T3641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.763788][ T3641] Call Trace: [ 51.767079][ T3641] [ 51.770016][ T3641] dump_stack_lvl+0x1e3/0x2cb [ 51.774690][ T3641] ? bfq_pos_tree_add_move+0x436/0x436 [ 51.780492][ T3641] ? panic+0x76e/0x76e [ 51.784556][ T3641] ? validate_chain+0x126/0x65c0 [ 51.789756][ T3641] ? rcu_lock_release+0x5/0x20 [ 51.794528][ T3641] should_fail+0x384/0x4b0 [ 51.798935][ T3641] ? hsr_add_node+0x65/0x830 [ 51.803523][ T3641] should_failslab+0x5/0x20 [ 51.808044][ T3641] kmem_cache_alloc_trace+0x68/0x310 [ 51.813338][ T3641] hsr_add_node+0x65/0x830 [ 51.817750][ T3641] ? hsr_mac_hash+0x1f/0x270 [ 51.822348][ T3641] hsr_forward_skb+0x37f/0x2150 [ 51.827212][ T3641] ? prp_fill_frame_info+0x5b0/0x5b0 [ 51.832491][ T3641] ? hsr_addr_is_self+0x160/0x2b0 [ 51.837514][ T3641] hsr_handle_frame+0x4fd/0x6b0 [ 51.842497][ T3641] ? hsr_port_exists+0x50/0x50 [ 51.847249][ T3641] __netif_receive_skb_core+0x1448/0x3bc0 [ 51.853136][ T3641] ? trace_netif_rx+0x260/0x260 [ 51.858000][ T3641] __netif_receive_skb+0x11a/0x500 [ 51.863291][ T3641] ? read_lock_is_recursive+0x10/0x10 [ 51.868740][ T3641] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 51.874015][ T3641] ? __netif_receive_skb_list_core+0x930/0x930 [ 51.880168][ T3641] netif_receive_skb_internal+0x108/0x360 [ 51.885877][ T3641] ? trace_netif_receive_skb_entry+0x260/0x260 [ 51.892082][ T3641] ? rcu_read_lock_sched_held+0x89/0x130 [ 51.897707][ T3641] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 51.903705][ T3641] netif_receive_skb+0x19/0x30 [ 51.908464][ T3641] tun_rx_batched+0x777/0x920 [ 51.913132][ T3641] ? read_lock_is_recursive+0x10/0x10 [ 51.918496][ T3641] ? local_bh_enable+0x20/0x20 [ 51.923433][ T3641] ? rcu_lock_release+0x5/0x20 [ 51.928205][ T3641] tun_get_user+0x1b5a/0x2540 [ 51.932877][ T3641] ? tun_ring_recv+0xcc0/0xcc0 [ 51.937638][ T3641] ? __lock_acquire+0x1f80/0x1f80 [ 51.942674][ T3641] tun_chr_write_iter+0x10a/0x1e0 [ 51.947699][ T3641] vfs_write+0xa22/0xd40 [ 51.951950][ T3641] ? __lock_acquire+0x1f80/0x1f80 [ 51.956998][ T3641] ? file_end_write+0x230/0x230 [ 51.961877][ T3641] ? print_irqtrace_events+0x220/0x220 [ 51.967324][ T3641] ? __fget_files+0x3d0/0x440 [ 51.972001][ T3641] ? __fdget_pos+0x1d7/0x2e0 [ 51.976593][ T3641] ? ksys_write+0x77/0x2c0 [ 51.981017][ T3641] ksys_write+0x19b/0x2c0 [ 51.985330][ T3641] ? print_irqtrace_events+0x220/0x220 [ 51.990779][ T3641] ? __ia32_sys_read+0x80/0x80 [ 51.995532][ T3641] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 52.001497][ T3641] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 52.007468][ T3641] do_syscall_64+0x2b/0x70 [ 52.011879][ T3641] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.017783][ T3641] RIP: 0033:0x7f6b12c241ff [ 52.022199][ T3641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 52.041791][ T3641] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 52.050199][ T3641] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 52.058160][ T3641] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 52.066294][ T3641] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [pid 3641] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3640] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3640] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] <... write resumed>) = 14 [pid 3640] <... futex resumed>) = 0 [pid 3640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3641] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3640] <... mmap resumed>) = 0x7f6b12bd0000 [pid 3641] <... futex resumed>) = 0 [pid 3640] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE [pid 3641] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3640] <... mprotect resumed>) = 0 [pid 3640] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[30], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 30 [pid 3640] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3642 attached [pid 3642] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3642] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3642] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3640] <... futex resumed>) = 0 [pid 3640] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3640] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3642] <... futex resumed>) = 1 [pid 3642] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3641] <... futex resumed>) = 0 [pid 3641] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3641] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3640] <... futex resumed>) = 0 [pid 3640] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] <... futex resumed>) = 1 [pid 3641] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3641] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3640] <... futex resumed>) = 0 [pid 3640] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] <... futex resumed>) = 1 [pid 3641] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3641] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3640] <... futex resumed>) = 0 [pid 3640] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] <... futex resumed>) = 1 [ 52.074267][ T3641] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 52.082232][ T3641] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 52.090331][ T3641] [pid 3641] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 64 [pid 3641] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3640] <... futex resumed>) = 0 [pid 3641] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3640] close(3) = 0 [pid 3640] close(4) = 0 [pid 3640] close(5) = 0 [pid 3640] close(6) = -1 EBADF (Bad file descriptor) [pid 3640] close(7) = -1 EBADF (Bad file descriptor) [pid 3640] close(8) = -1 EBADF (Bad file descriptor) [pid 3640] close(9) = -1 EBADF (Bad file descriptor) [pid 3640] close(10) = -1 EBADF (Bad file descriptor) [pid 3640] close(11) = -1 EBADF (Bad file descriptor) [pid 3640] close(12) = -1 EBADF (Bad file descriptor) [pid 3640] close(13) = -1 EBADF (Bad file descriptor) [pid 3640] close(14) = -1 EBADF (Bad file descriptor) [pid 3640] close(15) = -1 EBADF (Bad file descriptor) [pid 3640] close(16) = -1 EBADF (Bad file descriptor) [pid 3640] close(17) = -1 EBADF (Bad file descriptor) [pid 3640] close(18) = -1 EBADF (Bad file descriptor) [pid 3640] close(19) = -1 EBADF (Bad file descriptor) [pid 3640] close(20) = -1 EBADF (Bad file descriptor) [pid 3640] close(21) = -1 EBADF (Bad file descriptor) [pid 3640] close(22) = -1 EBADF (Bad file descriptor) [pid 3640] close(23) = -1 EBADF (Bad file descriptor) [pid 3640] close(24) = -1 EBADF (Bad file descriptor) [pid 3640] close(25) = -1 EBADF (Bad file descriptor) [pid 3640] close(26) = -1 EBADF (Bad file descriptor) [pid 3640] close(27) = -1 EBADF (Bad file descriptor) [pid 3640] close(28) = -1 EBADF (Bad file descriptor) [pid 3640] close(29) = -1 EBADF (Bad file descriptor) [pid 3640] exit_group(0 [pid 3642] <... futex resumed>) = ? [pid 3641] <... futex resumed>) = ? [pid 3640] <... exit_group resumed>) = ? [pid 3642] +++ exited with 0 +++ [pid 3641] +++ exited with 0 +++ [pid 3640] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 31 ./strace-static-x86_64: Process 3643 attached [pid 3643] set_robust_list(0x5555568505e0, 24) = 0 [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3643] setpgid(0, 0) = 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3643] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3643] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3643] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3644 attached , parent_tid=[32], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 32 [pid 3644] set_robust_list(0x7f6b12c119e0, 24 [pid 3643] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3644] <... set_robust_list resumed>) = 0 [pid 3643] <... futex resumed>) = 0 [pid 3644] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3643] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] <... openat resumed>) = 3 [pid 3644] write(3, "4", 1) = 1 [ 52.176425][ T3644] FAULT_INJECTION: forcing a failure. [ 52.176425][ T3644] name failslab, interval 1, probability 0, space 0, times 0 [ 52.189087][ T3644] CPU: 1 PID: 3644 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 52.199573][ T3644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.209724][ T3644] Call Trace: [ 52.213091][ T3644] [ 52.216011][ T3644] dump_stack_lvl+0x1e3/0x2cb [ 52.220681][ T3644] ? bfq_pos_tree_add_move+0x436/0x436 [ 52.226128][ T3644] ? panic+0x76e/0x76e [ 52.230194][ T3644] ? validate_chain+0x126/0x65c0 [ 52.235130][ T3644] ? rcu_lock_release+0x5/0x20 [ 52.240006][ T3644] should_fail+0x384/0x4b0 [ 52.244423][ T3644] ? hsr_add_node+0x65/0x830 [ 52.249005][ T3644] should_failslab+0x5/0x20 [ 52.253518][ T3644] kmem_cache_alloc_trace+0x68/0x310 [ 52.258815][ T3644] hsr_add_node+0x65/0x830 [ 52.263231][ T3644] ? hsr_mac_hash+0x1f/0x270 [ 52.267807][ T3644] hsr_forward_skb+0x37f/0x2150 [ 52.272670][ T3644] ? prp_fill_frame_info+0x5b0/0x5b0 [ 52.277971][ T3644] ? hsr_addr_is_self+0x160/0x2b0 [ 52.283166][ T3644] hsr_handle_frame+0x4fd/0x6b0 [ 52.288023][ T3644] ? hsr_port_exists+0x50/0x50 [ 52.292836][ T3644] __netif_receive_skb_core+0x1448/0x3bc0 [ 52.298576][ T3644] ? trace_netif_rx+0x260/0x260 [ 52.303461][ T3644] __netif_receive_skb+0x11a/0x500 [ 52.308584][ T3644] ? read_lock_is_recursive+0x10/0x10 [ 52.313942][ T3644] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 52.319390][ T3644] ? __netif_receive_skb_list_core+0x930/0x930 [ 52.325540][ T3644] netif_receive_skb_internal+0x108/0x360 [ 52.331256][ T3644] ? trace_netif_receive_skb_entry+0x260/0x260 [ 52.337399][ T3644] ? rcu_read_lock_sched_held+0x89/0x130 [ 52.343141][ T3644] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 52.349120][ T3644] netif_receive_skb+0x19/0x30 [ 52.353961][ T3644] tun_rx_batched+0x777/0x920 [ 52.358635][ T3644] ? read_lock_is_recursive+0x10/0x10 [ 52.364020][ T3644] ? local_bh_enable+0x20/0x20 [ 52.368793][ T3644] ? rcu_lock_release+0x5/0x20 [ 52.373659][ T3644] tun_get_user+0x1b5a/0x2540 [ 52.378376][ T3644] ? tun_ring_recv+0xcc0/0xcc0 [ 52.383142][ T3644] ? __lock_acquire+0x1f80/0x1f80 [ 52.388199][ T3644] tun_chr_write_iter+0x10a/0x1e0 [ 52.393233][ T3644] vfs_write+0xa22/0xd40 [ 52.397558][ T3644] ? __lock_acquire+0x1f80/0x1f80 [ 52.402684][ T3644] ? file_end_write+0x230/0x230 [ 52.407533][ T3644] ? print_irqtrace_events+0x220/0x220 [ 52.413181][ T3644] ? __fget_files+0x3d0/0x440 [ 52.417852][ T3644] ? __fdget_pos+0x1d7/0x2e0 [ 52.422427][ T3644] ? ksys_write+0x77/0x2c0 [ 52.426836][ T3644] ksys_write+0x19b/0x2c0 [ 52.431172][ T3644] ? print_irqtrace_events+0x220/0x220 [ 52.436641][ T3644] ? __ia32_sys_read+0x80/0x80 [ 52.441405][ T3644] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 52.447504][ T3644] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 52.453561][ T3644] do_syscall_64+0x2b/0x70 [ 52.457964][ T3644] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.463845][ T3644] RIP: 0033:0x7f6b12c241ff [ 52.468262][ T3644] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 52.487868][ T3644] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 52.496289][ T3644] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 52.504264][ T3644] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 52.512226][ T3644] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [pid 3644] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3643] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3643] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3643] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3643] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3644] <... write resumed>) = 14 [pid 3643] <... clone resumed>, parent_tid=[33], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 33 [pid 3644] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3645 attached [pid 3644] <... futex resumed>) = 0 [pid 3643] <... futex resumed>) = 0 [pid 3645] set_robust_list(0x7f6b12bf09e0, 24 [pid 3644] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3645] <... set_robust_list resumed>) = 0 [pid 3645] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3645] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3643] <... futex resumed>) = 0 [pid 3645] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3644] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3644] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = 0 [pid 3644] <... futex resumed>) = 1 [pid 3643] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3644] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = 0 [pid 3644] <... futex resumed>) = 1 [pid 3643] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3644] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3643] <... futex resumed>) = 0 [pid 3643] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3644] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3643] <... futex resumed>) = 0 [pid 3643] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 52.520180][ T3644] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 52.528241][ T3644] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 52.536230][ T3644] [pid 3644] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 64 [pid 3644] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = 0 [pid 3644] <... futex resumed>) = 1 [pid 3643] close(3) = 0 [pid 3643] close(4) = 0 [pid 3643] close(5) = 0 [pid 3643] close(6) = -1 EBADF (Bad file descriptor) [pid 3643] close(7) = -1 EBADF (Bad file descriptor) [pid 3643] close(8) = -1 EBADF (Bad file descriptor) [pid 3643] close(9) = -1 EBADF (Bad file descriptor) [pid 3643] close(10) = -1 EBADF (Bad file descriptor) [pid 3643] close(11) = -1 EBADF (Bad file descriptor) [pid 3643] close(12) = -1 EBADF (Bad file descriptor) [pid 3643] close(13) = -1 EBADF (Bad file descriptor) [pid 3643] close(14) = -1 EBADF (Bad file descriptor) [pid 3643] close(15) = -1 EBADF (Bad file descriptor) [pid 3643] close(16) = -1 EBADF (Bad file descriptor) [pid 3643] close(17) = -1 EBADF (Bad file descriptor) [pid 3643] close(18) = -1 EBADF (Bad file descriptor) [pid 3643] close(19) = -1 EBADF (Bad file descriptor) [pid 3643] close(20) = -1 EBADF (Bad file descriptor) [pid 3643] close(21) = -1 EBADF (Bad file descriptor) [pid 3643] close(22) = -1 EBADF (Bad file descriptor) [pid 3643] close(23) = -1 EBADF (Bad file descriptor) [pid 3643] close(24) = -1 EBADF (Bad file descriptor) [pid 3643] close(25) = -1 EBADF (Bad file descriptor) [pid 3643] close(26) = -1 EBADF (Bad file descriptor) [pid 3643] close(27) = -1 EBADF (Bad file descriptor) [pid 3644] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] close(28) = -1 EBADF (Bad file descriptor) [pid 3643] close(29) = -1 EBADF (Bad file descriptor) [pid 3643] exit_group(0 [pid 3645] <... futex resumed>) = ? [pid 3643] <... exit_group resumed>) = ? [pid 3645] +++ exited with 0 +++ [pid 3644] <... futex resumed>) = ? [pid 3644] +++ exited with 0 +++ [pid 3643] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=39} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 34 ./strace-static-x86_64: Process 3646 attached [pid 3646] set_robust_list(0x5555568505e0, 24) = 0 [pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3646] setpgid(0, 0) = 0 [pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3646] write(3, "1000", 4) = 4 [pid 3646] close(3) = 0 [pid 3646] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3646] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3646] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3646] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[35], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 35 [pid 3646] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3647 attached [pid 3647] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3647] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3647] write(3, "4", 1) = 1 [ 52.631361][ T3647] FAULT_INJECTION: forcing a failure. [ 52.631361][ T3647] name failslab, interval 1, probability 0, space 0, times 0 [ 52.644042][ T3647] CPU: 0 PID: 3647 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 52.654527][ T3647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.664573][ T3647] Call Trace: [ 52.667849][ T3647] [ 52.670781][ T3647] dump_stack_lvl+0x1e3/0x2cb [ 52.675463][ T3647] ? bfq_pos_tree_add_move+0x436/0x436 [ 52.680934][ T3647] ? panic+0x76e/0x76e [ 52.685002][ T3647] ? validate_chain+0x126/0x65c0 [ 52.689926][ T3647] ? rcu_lock_release+0x5/0x20 [ 52.694676][ T3647] should_fail+0x384/0x4b0 [ 52.699079][ T3647] ? hsr_add_node+0x65/0x830 [ 52.703661][ T3647] should_failslab+0x5/0x20 [ 52.708164][ T3647] kmem_cache_alloc_trace+0x68/0x310 [ 52.713540][ T3647] hsr_add_node+0x65/0x830 [ 52.717968][ T3647] ? hsr_mac_hash+0x1f/0x270 [ 52.722557][ T3647] hsr_forward_skb+0x37f/0x2150 [ 52.727420][ T3647] ? prp_fill_frame_info+0x5b0/0x5b0 [ 52.732734][ T3647] ? hsr_addr_is_self+0x160/0x2b0 [ 52.737749][ T3647] hsr_handle_frame+0x4fd/0x6b0 [ 52.742608][ T3647] ? hsr_port_exists+0x50/0x50 [ 52.747357][ T3647] __netif_receive_skb_core+0x1448/0x3bc0 [ 52.753094][ T3647] ? trace_netif_rx+0x260/0x260 [ 52.757958][ T3647] __netif_receive_skb+0x11a/0x500 [ 52.763072][ T3647] ? read_lock_is_recursive+0x10/0x10 [ 52.768493][ T3647] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 52.773768][ T3647] ? __netif_receive_skb_list_core+0x930/0x930 [ 52.779925][ T3647] netif_receive_skb_internal+0x108/0x360 [ 52.785632][ T3647] ? trace_netif_receive_skb_entry+0x260/0x260 [ 52.791767][ T3647] ? rcu_read_lock_sched_held+0x89/0x130 [ 52.797387][ T3647] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 52.803374][ T3647] netif_receive_skb+0x19/0x30 [ 52.808150][ T3647] tun_rx_batched+0x777/0x920 [ 52.812829][ T3647] ? read_lock_is_recursive+0x10/0x10 [ 52.818194][ T3647] ? local_bh_enable+0x20/0x20 [ 52.822950][ T3647] ? rcu_lock_release+0x5/0x20 [ 52.827711][ T3647] tun_get_user+0x1b5a/0x2540 [ 52.832568][ T3647] ? tun_ring_recv+0xcc0/0xcc0 [ 52.837319][ T3647] ? __lock_acquire+0x1f80/0x1f80 [ 52.842354][ T3647] tun_chr_write_iter+0x10a/0x1e0 [ 52.847371][ T3647] vfs_write+0xa22/0xd40 [ 52.851613][ T3647] ? __lock_acquire+0x1f80/0x1f80 [ 52.856624][ T3647] ? file_end_write+0x230/0x230 [ 52.861469][ T3647] ? print_irqtrace_events+0x220/0x220 [ 52.866923][ T3647] ? __fget_files+0x3d0/0x440 [ 52.871602][ T3647] ? __fdget_pos+0x1d7/0x2e0 [ 52.876179][ T3647] ? ksys_write+0x77/0x2c0 [ 52.880600][ T3647] ksys_write+0x19b/0x2c0 [ 52.884933][ T3647] ? print_irqtrace_events+0x220/0x220 [ 52.890376][ T3647] ? __ia32_sys_read+0x80/0x80 [ 52.895132][ T3647] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 52.901113][ T3647] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 52.907089][ T3647] do_syscall_64+0x2b/0x70 [ 52.911506][ T3647] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.917386][ T3647] RIP: 0033:0x7f6b12c241ff [ 52.921807][ T3647] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 52.941496][ T3647] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 52.949900][ T3647] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 52.957863][ T3647] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 52.965834][ T3647] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 52.974138][ T3647] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3647] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3646] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3646] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3647] <... write resumed>) = 14 [pid 3647] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... mmap resumed>) = 0x7f6b12bd0000 [pid 3647] <... futex resumed>) = 0 [pid 3647] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3646] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3648 attached , parent_tid=[36], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 36 [pid 3646] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3648] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3648] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3648] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3646] <... futex resumed>) = 0 [pid 3648] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 0 [pid 3646] <... futex resumed>) = 1 [pid 3647] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3646] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3647] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3647] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3646] <... futex resumed>) = 0 [pid 3647] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3646] <... futex resumed>) = 0 [pid 3647] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3646] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3647] <... socket resumed>) = 5 [pid 3647] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3646] <... futex resumed>) = 0 [pid 3647] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3646] <... futex resumed>) = 0 [pid 3647] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3646] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3647] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3647] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3646] <... futex resumed>) = 0 [pid 3647] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3646] <... futex resumed>) = 0 [pid 3647] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 52.982100][ T3647] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 52.990096][ T3647] [pid 3646] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3647] <... sendmsg resumed>) = 64 [pid 3647] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3646] <... futex resumed>) = 0 [pid 3647] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] close(3) = 0 [pid 3646] close(4) = 0 [pid 3646] close(5) = 0 [pid 3646] close(6) = -1 EBADF (Bad file descriptor) [pid 3646] close(7) = -1 EBADF (Bad file descriptor) [pid 3646] close(8) = -1 EBADF (Bad file descriptor) [pid 3646] close(9) = -1 EBADF (Bad file descriptor) [pid 3646] close(10) = -1 EBADF (Bad file descriptor) [pid 3646] close(11) = -1 EBADF (Bad file descriptor) [pid 3646] close(12) = -1 EBADF (Bad file descriptor) [pid 3646] close(13) = -1 EBADF (Bad file descriptor) [pid 3646] close(14) = -1 EBADF (Bad file descriptor) [pid 3646] close(15) = -1 EBADF (Bad file descriptor) [pid 3646] close(16) = -1 EBADF (Bad file descriptor) [pid 3646] close(17) = -1 EBADF (Bad file descriptor) [pid 3646] close(18) = -1 EBADF (Bad file descriptor) [pid 3646] close(19) = -1 EBADF (Bad file descriptor) [pid 3646] close(20) = -1 EBADF (Bad file descriptor) [pid 3646] close(21) = -1 EBADF (Bad file descriptor) [pid 3646] close(22) = -1 EBADF (Bad file descriptor) [pid 3646] close(23) = -1 EBADF (Bad file descriptor) [pid 3646] close(24) = -1 EBADF (Bad file descriptor) [pid 3646] close(25) = -1 EBADF (Bad file descriptor) [pid 3646] close(26) = -1 EBADF (Bad file descriptor) [pid 3646] close(27) = -1 EBADF (Bad file descriptor) [pid 3646] close(28) = -1 EBADF (Bad file descriptor) [pid 3646] close(29) = -1 EBADF (Bad file descriptor) [pid 3646] exit_group(0 [pid 3648] <... futex resumed>) = ? [pid 3647] <... futex resumed>) = ? [pid 3646] <... exit_group resumed>) = ? [pid 3648] +++ exited with 0 +++ [pid 3647] +++ exited with 0 +++ [pid 3646] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=37} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 37 ./strace-static-x86_64: Process 3649 attached [pid 3649] set_robust_list(0x5555568505e0, 24) = 0 [pid 3649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3649] setpgid(0, 0) = 0 [pid 3649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3649] write(3, "1000", 4) = 4 [pid 3649] close(3) = 0 [pid 3649] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3649] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3649] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3649] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[38], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 38 [pid 3649] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3650 attached [pid 3650] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3650] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3650] write(3, "4", 1) = 1 [ 53.075328][ T3650] FAULT_INJECTION: forcing a failure. [ 53.075328][ T3650] name failslab, interval 1, probability 0, space 0, times 0 [ 53.087991][ T3650] CPU: 0 PID: 3650 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 53.098498][ T3650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.108631][ T3650] Call Trace: [ 53.111982][ T3650] [ 53.114900][ T3650] dump_stack_lvl+0x1e3/0x2cb [ 53.119573][ T3650] ? bfq_pos_tree_add_move+0x436/0x436 [ 53.125024][ T3650] ? panic+0x76e/0x76e [ 53.129081][ T3650] ? validate_chain+0x126/0x65c0 [ 53.134005][ T3650] ? rcu_lock_release+0x5/0x20 [ 53.138757][ T3650] should_fail+0x384/0x4b0 [ 53.143163][ T3650] ? hsr_add_node+0x65/0x830 [ 53.147757][ T3650] should_failslab+0x5/0x20 [ 53.152246][ T3650] kmem_cache_alloc_trace+0x68/0x310 [ 53.157524][ T3650] hsr_add_node+0x65/0x830 [ 53.161929][ T3650] ? hsr_mac_hash+0x1f/0x270 [ 53.166521][ T3650] hsr_forward_skb+0x37f/0x2150 [ 53.171508][ T3650] ? prp_fill_frame_info+0x5b0/0x5b0 [ 53.176803][ T3650] ? hsr_addr_is_self+0x160/0x2b0 [ 53.181830][ T3650] hsr_handle_frame+0x4fd/0x6b0 [ 53.186682][ T3650] ? hsr_port_exists+0x50/0x50 [ 53.191443][ T3650] __netif_receive_skb_core+0x1448/0x3bc0 [ 53.197164][ T3650] ? trace_netif_rx+0x260/0x260 [ 53.202021][ T3650] __netif_receive_skb+0x11a/0x500 [ 53.207122][ T3650] ? read_lock_is_recursive+0x10/0x10 [ 53.212481][ T3650] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 53.217756][ T3650] ? __netif_receive_skb_list_core+0x930/0x930 [ 53.223910][ T3650] netif_receive_skb_internal+0x108/0x360 [ 53.229618][ T3650] ? trace_netif_receive_skb_entry+0x260/0x260 [ 53.235772][ T3650] ? rcu_read_lock_sched_held+0x89/0x130 [ 53.241417][ T3650] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 53.247416][ T3650] netif_receive_skb+0x19/0x30 [ 53.253398][ T3650] tun_rx_batched+0x777/0x920 [ 53.258074][ T3650] ? read_lock_is_recursive+0x10/0x10 [ 53.263447][ T3650] ? local_bh_enable+0x20/0x20 [ 53.268209][ T3650] ? rcu_lock_release+0x5/0x20 [ 53.272983][ T3650] tun_get_user+0x1b5a/0x2540 [ 53.277682][ T3650] ? tun_ring_recv+0xcc0/0xcc0 [ 53.282442][ T3650] ? __lock_acquire+0x1f80/0x1f80 [ 53.287482][ T3650] tun_chr_write_iter+0x10a/0x1e0 [ 53.292508][ T3650] vfs_write+0xa22/0xd40 [ 53.296833][ T3650] ? __lock_acquire+0x1f80/0x1f80 [ 53.301848][ T3650] ? file_end_write+0x230/0x230 [ 53.306684][ T3650] ? print_irqtrace_events+0x220/0x220 [ 53.312131][ T3650] ? __fget_files+0x3d0/0x440 [ 53.316797][ T3650] ? __fdget_pos+0x1d7/0x2e0 [ 53.321368][ T3650] ? ksys_write+0x77/0x2c0 [ 53.325770][ T3650] ksys_write+0x19b/0x2c0 [ 53.330095][ T3650] ? print_irqtrace_events+0x220/0x220 [ 53.335539][ T3650] ? __ia32_sys_read+0x80/0x80 [ 53.340289][ T3650] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 53.346259][ T3650] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 53.352227][ T3650] do_syscall_64+0x2b/0x70 [ 53.356633][ T3650] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.362514][ T3650] RIP: 0033:0x7f6b12c241ff [ 53.366916][ T3650] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 53.386510][ T3650] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 53.394926][ T3650] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 53.402931][ T3650] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 53.410897][ T3650] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 53.418859][ T3650] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3650] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3649] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3650] <... write resumed>) = 14 [pid 3650] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3650] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3649] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3650] <... futex resumed>) = 0 [pid 3649] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3650] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3650] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3649] <... futex resumed>) = 0 [pid 3649] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3649] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... futex resumed>) = 0 [pid 3650] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3650] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3649] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... futex resumed>) = 1 [pid 3650] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3650] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3649] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... futex resumed>) = 1 [pid 3650] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3650] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3649] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... futex resumed>) = 1 [ 53.426813][ T3650] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 53.434780][ T3650] [pid 3650] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3649] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3650] <... sendmsg resumed>) = 64 [pid 3650] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3650] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3649] close(3) = 0 [pid 3649] close(4) = 0 [pid 3649] close(5) = 0 [pid 3649] close(6) = -1 EBADF (Bad file descriptor) [pid 3649] close(7) = -1 EBADF (Bad file descriptor) [pid 3649] close(8) = -1 EBADF (Bad file descriptor) [pid 3649] close(9) = -1 EBADF (Bad file descriptor) [pid 3649] close(10) = -1 EBADF (Bad file descriptor) [pid 3649] close(11) = -1 EBADF (Bad file descriptor) [pid 3649] close(12) = -1 EBADF (Bad file descriptor) [pid 3649] close(13) = -1 EBADF (Bad file descriptor) [pid 3649] close(14) = -1 EBADF (Bad file descriptor) [pid 3649] close(15) = -1 EBADF (Bad file descriptor) [pid 3649] close(16) = -1 EBADF (Bad file descriptor) [pid 3649] close(17) = -1 EBADF (Bad file descriptor) [pid 3649] close(18) = -1 EBADF (Bad file descriptor) [pid 3649] close(19) = -1 EBADF (Bad file descriptor) [pid 3649] close(20) = -1 EBADF (Bad file descriptor) [pid 3649] close(21) = -1 EBADF (Bad file descriptor) [pid 3649] close(22) = -1 EBADF (Bad file descriptor) [pid 3649] close(23) = -1 EBADF (Bad file descriptor) [pid 3649] close(24) = -1 EBADF (Bad file descriptor) [pid 3649] close(25) = -1 EBADF (Bad file descriptor) [pid 3649] close(26) = -1 EBADF (Bad file descriptor) [pid 3649] close(27) = -1 EBADF (Bad file descriptor) [pid 3649] close(28) = -1 EBADF (Bad file descriptor) [pid 3649] close(29) = -1 EBADF (Bad file descriptor) [pid 3649] exit_group(0 [pid 3650] <... futex resumed>) = ? [pid 3649] <... exit_group resumed>) = ? [pid 3650] +++ exited with 0 +++ [pid 3649] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=37} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 39 ./strace-static-x86_64: Process 3651 attached [pid 3651] set_robust_list(0x5555568505e0, 24) = 0 [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3651] setpgid(0, 0) = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3651] write(3, "1000", 4) = 4 [pid 3651] close(3) = 0 [pid 3651] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3651] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3651] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3652 attached , parent_tid=[40], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 40 [pid 3652] set_robust_list(0x7f6b12c119e0, 24 [pid 3651] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] <... set_robust_list resumed>) = 0 [pid 3651] <... futex resumed>) = 0 [pid 3652] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3651] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... openat resumed>) = 3 [pid 3652] write(3, "4", 1) = 1 [ 53.534967][ T3652] FAULT_INJECTION: forcing a failure. [ 53.534967][ T3652] name failslab, interval 1, probability 0, space 0, times 0 [ 53.547646][ T3652] CPU: 1 PID: 3652 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 53.558134][ T3652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.568176][ T3652] Call Trace: [ 53.571442][ T3652] [ 53.574363][ T3652] dump_stack_lvl+0x1e3/0x2cb [ 53.579036][ T3652] ? bfq_pos_tree_add_move+0x436/0x436 [pid 3652] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3651] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3651] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3651] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[41], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 41 [pid 3651] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3653 attached [pid 3653] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3653] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3653] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 1 [pid 3653] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3653] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 1 [pid 3653] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3653] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 1 [pid 3653] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3653] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 1 [ 53.584503][ T3652] ? panic+0x76e/0x76e [ 53.588563][ T3652] ? validate_chain+0x126/0x65c0 [ 53.593511][ T3652] ? rcu_lock_release+0x5/0x20 [ 53.598296][ T3652] should_fail+0x384/0x4b0 [ 53.602817][ T3652] ? hsr_add_node+0x65/0x830 [ 53.607427][ T3652] should_failslab+0x5/0x20 [ 53.611924][ T3652] kmem_cache_alloc_trace+0x68/0x310 [ 53.617227][ T3652] hsr_add_node+0x65/0x830 [ 53.621631][ T3652] ? hsr_mac_hash+0x1f/0x270 [ 53.626214][ T3652] hsr_forward_skb+0x37f/0x2150 [pid 3653] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3651] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 53.631085][ T3652] ? prp_fill_frame_info+0x5b0/0x5b0 [ 53.636375][ T3652] ? hsr_addr_is_self+0x160/0x2b0 [ 53.641509][ T3652] hsr_handle_frame+0x4fd/0x6b0 [ 53.646359][ T3652] ? hsr_port_exists+0x50/0x50 [ 53.651121][ T3652] __netif_receive_skb_core+0x1448/0x3bc0 [ 53.656849][ T3652] ? trace_netif_rx+0x260/0x260 [ 53.661722][ T3652] __netif_receive_skb+0x11a/0x500 [ 53.666829][ T3652] ? read_lock_is_recursive+0x10/0x10 [ 53.672200][ T3652] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 53.677502][ T3652] ? __netif_receive_skb_list_core+0x930/0x930 [ 53.683704][ T3652] netif_receive_skb_internal+0x108/0x360 [ 53.689449][ T3652] ? trace_netif_receive_skb_entry+0x260/0x260 [ 53.695606][ T3652] ? rcu_read_lock_sched_held+0x89/0x130 [ 53.701223][ T3652] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 53.707209][ T3652] netif_receive_skb+0x19/0x30 [ 53.711979][ T3652] tun_rx_batched+0x777/0x920 [ 53.716645][ T3652] ? read_lock_is_recursive+0x10/0x10 [ 53.722002][ T3652] ? local_bh_enable+0x20/0x20 [ 53.726765][ T3652] ? rcu_lock_release+0x5/0x20 [pid 3651] close(3) = 0 [pid 3651] close(4) = 0 [pid 3651] close(5) = 0 [pid 3651] close(6) = -1 EBADF (Bad file descriptor) [ 53.731532][ T3652] tun_get_user+0x1b5a/0x2540 [ 53.736203][ T3652] ? tun_ring_recv+0xcc0/0xcc0 [ 53.740959][ T3652] ? __lock_acquire+0x1f80/0x1f80 [ 53.745996][ T3652] tun_chr_write_iter+0x10a/0x1e0 [ 53.751018][ T3652] vfs_write+0xa22/0xd40 [ 53.755261][ T3652] ? __lock_acquire+0x1f80/0x1f80 [ 53.760281][ T3652] ? file_end_write+0x230/0x230 [ 53.765119][ T3652] ? print_irqtrace_events+0x220/0x220 [ 53.770565][ T3652] ? __fget_files+0x3d0/0x440 [ 53.775234][ T3652] ? __fdget_pos+0x1d7/0x2e0 [ 53.779811][ T3652] ? ksys_write+0x77/0x2c0 [pid 3651] close(7) = -1 EBADF (Bad file descriptor) [pid 3651] close(8) = -1 EBADF (Bad file descriptor) [pid 3651] close(9) = -1 EBADF (Bad file descriptor) [pid 3651] close(10) = -1 EBADF (Bad file descriptor) [pid 3651] close(11) = -1 EBADF (Bad file descriptor) [pid 3651] close(12) = -1 EBADF (Bad file descriptor) [pid 3651] close(13) = -1 EBADF (Bad file descriptor) [pid 3651] close(14) = -1 EBADF (Bad file descriptor) [pid 3651] close(15) = -1 EBADF (Bad file descriptor) [pid 3651] close(16) = -1 EBADF (Bad file descriptor) [pid 3651] close(17) = -1 EBADF (Bad file descriptor) [pid 3651] close(18) = -1 EBADF (Bad file descriptor) [pid 3651] close(19) = -1 EBADF (Bad file descriptor) [pid 3651] close(20) = -1 EBADF (Bad file descriptor) [pid 3651] close(21) = -1 EBADF (Bad file descriptor) [pid 3651] close(22) = -1 EBADF (Bad file descriptor) [pid 3651] close(23) = -1 EBADF (Bad file descriptor) [pid 3651] close(24) = -1 EBADF (Bad file descriptor) [pid 3651] close(25) = -1 EBADF (Bad file descriptor) [pid 3651] close(26) = -1 EBADF (Bad file descriptor) [pid 3651] close(27) = -1 EBADF (Bad file descriptor) [pid 3651] close(28) = -1 EBADF (Bad file descriptor) [pid 3651] close(29) = -1 EBADF (Bad file descriptor) [pid 3651] exit_group(0) = ? [ 53.784246][ T3652] ksys_write+0x19b/0x2c0 [ 53.788595][ T3652] ? print_irqtrace_events+0x220/0x220 [ 53.794070][ T3652] ? __ia32_sys_read+0x80/0x80 [ 53.798868][ T3652] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 53.804866][ T3652] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 53.810863][ T3652] do_syscall_64+0x2b/0x70 [ 53.815270][ T3652] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.821153][ T3652] RIP: 0033:0x7f6b12c241ff [ 53.825574][ T3652] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 53.845183][ T3652] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 53.853611][ T3652] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 53.861583][ T3652] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 53.869539][ T3652] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 53.877495][ T3652] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3652] <... write resumed>) = ? [pid 3652] +++ exited with 0 +++ [ 53.885454][ T3652] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 53.893436][ T3652] [pid 3653] <... sendmsg resumed>) = ? [pid 3653] +++ exited with 0 +++ [pid 3651] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=39} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 42 ./strace-static-x86_64: Process 3654 attached [pid 3654] set_robust_list(0x5555568505e0, 24) = 0 [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3654] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3654] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3654] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3655 attached , parent_tid=[43], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 43 [pid 3654] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3655] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3655] write(3, "4", 1) = 1 [ 53.972663][ T3655] FAULT_INJECTION: forcing a failure. [ 53.972663][ T3655] name failslab, interval 1, probability 0, space 0, times 0 [ 53.985413][ T3655] CPU: 0 PID: 3655 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 53.995903][ T3655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.005951][ T3655] Call Trace: [ 54.009222][ T3655] [ 54.012153][ T3655] dump_stack_lvl+0x1e3/0x2cb [ 54.016887][ T3655] ? bfq_pos_tree_add_move+0x436/0x436 [ 54.022346][ T3655] ? panic+0x76e/0x76e [ 54.026404][ T3655] ? validate_chain+0x126/0x65c0 [ 54.031335][ T3655] ? rcu_lock_release+0x5/0x20 [ 54.036184][ T3655] should_fail+0x384/0x4b0 [ 54.040642][ T3655] ? hsr_add_node+0x65/0x830 [ 54.045246][ T3655] should_failslab+0x5/0x20 [ 54.049733][ T3655] kmem_cache_alloc_trace+0x68/0x310 [ 54.055016][ T3655] hsr_add_node+0x65/0x830 [ 54.059422][ T3655] ? hsr_mac_hash+0x1f/0x270 [ 54.064000][ T3655] hsr_forward_skb+0x37f/0x2150 [ 54.068861][ T3655] ? prp_fill_frame_info+0x5b0/0x5b0 [ 54.074141][ T3655] ? hsr_addr_is_self+0x160/0x2b0 [ 54.079159][ T3655] hsr_handle_frame+0x4fd/0x6b0 [ 54.084005][ T3655] ? hsr_port_exists+0x50/0x50 [ 54.088756][ T3655] __netif_receive_skb_core+0x1448/0x3bc0 [ 54.094477][ T3655] ? trace_netif_rx+0x260/0x260 [ 54.099332][ T3655] __netif_receive_skb+0x11a/0x500 [ 54.104518][ T3655] ? read_lock_is_recursive+0x10/0x10 [ 54.109878][ T3655] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 54.115155][ T3655] ? __netif_receive_skb_list_core+0x930/0x930 [ 54.121403][ T3655] netif_receive_skb_internal+0x108/0x360 [ 54.127125][ T3655] ? trace_netif_receive_skb_entry+0x260/0x260 [ 54.133301][ T3655] ? rcu_read_lock_sched_held+0x89/0x130 [ 54.138947][ T3655] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 54.145112][ T3655] netif_receive_skb+0x19/0x30 [ 54.149869][ T3655] tun_rx_batched+0x777/0x920 [ 54.154538][ T3655] ? read_lock_is_recursive+0x10/0x10 [ 54.159901][ T3655] ? local_bh_enable+0x20/0x20 [ 54.164657][ T3655] ? rcu_lock_release+0x5/0x20 [ 54.169421][ T3655] tun_get_user+0x1b5a/0x2540 [ 54.174100][ T3655] ? tun_ring_recv+0xcc0/0xcc0 [ 54.178851][ T3655] ? __lock_acquire+0x1f80/0x1f80 [ 54.183967][ T3655] tun_chr_write_iter+0x10a/0x1e0 [ 54.188985][ T3655] vfs_write+0xa22/0xd40 [ 54.193310][ T3655] ? __lock_acquire+0x1f80/0x1f80 [ 54.198414][ T3655] ? file_end_write+0x230/0x230 [ 54.203440][ T3655] ? print_irqtrace_events+0x220/0x220 [ 54.208887][ T3655] ? __fget_files+0x3d0/0x440 [ 54.213598][ T3655] ? __fdget_pos+0x1d7/0x2e0 [ 54.218171][ T3655] ? ksys_write+0x77/0x2c0 [ 54.222578][ T3655] ksys_write+0x19b/0x2c0 [ 54.226898][ T3655] ? print_irqtrace_events+0x220/0x220 [ 54.232350][ T3655] ? __ia32_sys_read+0x80/0x80 [ 54.237101][ T3655] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 54.243157][ T3655] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 54.249125][ T3655] do_syscall_64+0x2b/0x70 [ 54.253536][ T3655] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.259416][ T3655] RIP: 0033:0x7f6b12c241ff [ 54.263822][ T3655] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 54.283410][ T3655] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 54.291985][ T3655] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 54.300039][ T3655] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 54.308174][ T3655] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 54.316130][ T3655] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3655] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3654] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3654] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3655] <... write resumed>) = 14 [pid 3654] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3655] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3655] <... futex resumed>) = 0 [pid 3655] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] <... clone resumed>, parent_tid=[44], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 44 ./strace-static-x86_64: Process 3656 attached [pid 3654] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3656] set_robust_list(0x7f6b12bf09e0, 24 [pid 3654] <... futex resumed>) = 0 [pid 3656] <... set_robust_list resumed>) = 0 [pid 3654] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3656] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3656] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3656] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... futex resumed>) = 0 [pid 3655] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3655] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3655] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3655] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3654] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3655] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3655] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 54.324117][ T3655] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 54.332107][ T3655] [pid 3655] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 64 [pid 3655] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = 0 [pid 3654] close(3 [pid 3655] <... futex resumed>) = 1 [pid 3654] <... close resumed>) = 0 [pid 3655] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] close(4) = 0 [pid 3654] close(5) = 0 [pid 3654] close(6) = -1 EBADF (Bad file descriptor) [pid 3654] close(7) = -1 EBADF (Bad file descriptor) [pid 3654] close(8) = -1 EBADF (Bad file descriptor) [pid 3654] close(9) = -1 EBADF (Bad file descriptor) [pid 3654] close(10) = -1 EBADF (Bad file descriptor) [pid 3654] close(11) = -1 EBADF (Bad file descriptor) [pid 3654] close(12) = -1 EBADF (Bad file descriptor) [pid 3654] close(13) = -1 EBADF (Bad file descriptor) [pid 3654] close(14) = -1 EBADF (Bad file descriptor) [pid 3654] close(15) = -1 EBADF (Bad file descriptor) [pid 3654] close(16) = -1 EBADF (Bad file descriptor) [pid 3654] close(17) = -1 EBADF (Bad file descriptor) [pid 3654] close(18) = -1 EBADF (Bad file descriptor) [pid 3654] close(19) = -1 EBADF (Bad file descriptor) [pid 3654] close(20) = -1 EBADF (Bad file descriptor) [pid 3654] close(21) = -1 EBADF (Bad file descriptor) [pid 3654] close(22) = -1 EBADF (Bad file descriptor) [pid 3654] close(23) = -1 EBADF (Bad file descriptor) [pid 3654] close(24) = -1 EBADF (Bad file descriptor) [pid 3654] close(25) = -1 EBADF (Bad file descriptor) [pid 3654] close(26) = -1 EBADF (Bad file descriptor) [pid 3654] close(27) = -1 EBADF (Bad file descriptor) [pid 3654] close(28) = -1 EBADF (Bad file descriptor) [pid 3654] close(29) = -1 EBADF (Bad file descriptor) [pid 3654] exit_group(0 [pid 3656] <... futex resumed>) = ? [pid 3655] <... futex resumed>) = ? [pid 3654] <... exit_group resumed>) = ? [pid 3656] +++ exited with 0 +++ [pid 3655] +++ exited with 0 +++ [pid 3654] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=37} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 45 ./strace-static-x86_64: Process 3657 attached [pid 3657] set_robust_list(0x5555568505e0, 24) = 0 [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3657] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3657] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3658 attached , parent_tid=[46], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 46 [pid 3657] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3658] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3658] write(3, "4", 1) = 1 [ 54.421316][ T3658] FAULT_INJECTION: forcing a failure. [ 54.421316][ T3658] name failslab, interval 1, probability 0, space 0, times 0 [ 54.434111][ T3658] CPU: 0 PID: 3658 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 54.444610][ T3658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.454746][ T3658] Call Trace: [ 54.458018][ T3658] [ 54.460970][ T3658] dump_stack_lvl+0x1e3/0x2cb [ 54.465649][ T3658] ? bfq_pos_tree_add_move+0x436/0x436 [ 54.471118][ T3658] ? panic+0x76e/0x76e [ 54.475191][ T3658] ? validate_chain+0x126/0x65c0 [ 54.480123][ T3658] ? rcu_lock_release+0x5/0x20 [ 54.484875][ T3658] should_fail+0x384/0x4b0 [ 54.489276][ T3658] ? hsr_add_node+0x65/0x830 [ 54.493861][ T3658] should_failslab+0x5/0x20 [ 54.498377][ T3658] kmem_cache_alloc_trace+0x68/0x310 [ 54.503675][ T3658] hsr_add_node+0x65/0x830 [ 54.508081][ T3658] ? hsr_mac_hash+0x1f/0x270 [ 54.512660][ T3658] hsr_forward_skb+0x37f/0x2150 [ 54.517673][ T3658] ? prp_fill_frame_info+0x5b0/0x5b0 [ 54.522968][ T3658] ? hsr_addr_is_self+0x160/0x2b0 [ 54.528002][ T3658] hsr_handle_frame+0x4fd/0x6b0 [ 54.532854][ T3658] ? hsr_port_exists+0x50/0x50 [ 54.537641][ T3658] __netif_receive_skb_core+0x1448/0x3bc0 [ 54.543365][ T3658] ? trace_netif_rx+0x260/0x260 [ 54.548234][ T3658] __netif_receive_skb+0x11a/0x500 [ 54.553351][ T3658] ? read_lock_is_recursive+0x10/0x10 [ 54.558714][ T3658] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 54.563994][ T3658] ? __netif_receive_skb_list_core+0x930/0x930 [ 54.570147][ T3658] netif_receive_skb_internal+0x108/0x360 [ 54.575858][ T3658] ? trace_netif_receive_skb_entry+0x260/0x260 [ 54.582000][ T3658] ? rcu_read_lock_sched_held+0x89/0x130 [ 54.587646][ T3658] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 54.593633][ T3658] netif_receive_skb+0x19/0x30 [ 54.598379][ T3658] tun_rx_batched+0x777/0x920 [ 54.603049][ T3658] ? read_lock_is_recursive+0x10/0x10 [ 54.608427][ T3658] ? local_bh_enable+0x20/0x20 [ 54.613194][ T3658] ? rcu_lock_release+0x5/0x20 [ 54.617945][ T3658] tun_get_user+0x1b5a/0x2540 [ 54.622626][ T3658] ? tun_ring_recv+0xcc0/0xcc0 [ 54.627391][ T3658] ? __lock_acquire+0x1f80/0x1f80 [ 54.632568][ T3658] tun_chr_write_iter+0x10a/0x1e0 [ 54.637605][ T3658] vfs_write+0xa22/0xd40 [ 54.641843][ T3658] ? __lock_acquire+0x1f80/0x1f80 [ 54.646868][ T3658] ? file_end_write+0x230/0x230 [ 54.651723][ T3658] ? print_irqtrace_events+0x220/0x220 [ 54.657185][ T3658] ? __fget_files+0x3d0/0x440 [ 54.661854][ T3658] ? __fdget_pos+0x1d7/0x2e0 [ 54.666431][ T3658] ? ksys_write+0x77/0x2c0 [ 54.670855][ T3658] ksys_write+0x19b/0x2c0 [ 54.675328][ T3658] ? print_irqtrace_events+0x220/0x220 [ 54.680789][ T3658] ? __ia32_sys_read+0x80/0x80 [ 54.685571][ T3658] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 54.691535][ T3658] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 54.697504][ T3658] do_syscall_64+0x2b/0x70 [ 54.701930][ T3658] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.707827][ T3658] RIP: 0033:0x7f6b12c241ff [ 54.712223][ T3658] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 54.731837][ T3658] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 54.740323][ T3658] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 54.748293][ T3658] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 54.756257][ T3658] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 54.764230][ T3658] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3658] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3657] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3657] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3657] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3659 attached [pid 3659] set_robust_list(0x7f6b12bf09e0, 24 [pid 3658] <... write resumed>) = 14 [pid 3657] <... clone resumed>, parent_tid=[47], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 47 [pid 3657] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3659] <... set_robust_list resumed>) = 0 [pid 3657] <... futex resumed>) = 0 [pid 3659] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3657] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3658] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] <... socket resumed>) = 4 [pid 3659] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = 0 [pid 3658] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3659] <... futex resumed>) = 1 [pid 3658] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3659] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = 1 [pid 3658] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3658] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = 1 [pid 3658] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3658] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3657] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.772197][ T3658] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 54.780179][ T3658] [pid 3657] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... sendmsg resumed>) = 64 [pid 3658] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] close(3) = 0 [pid 3657] close(4) = 0 [pid 3657] close(5) = 0 [pid 3657] close(6) = -1 EBADF (Bad file descriptor) [pid 3657] close(7) = -1 EBADF (Bad file descriptor) [pid 3657] close(8) = -1 EBADF (Bad file descriptor) [pid 3657] close(9) = -1 EBADF (Bad file descriptor) [pid 3657] close(10) = -1 EBADF (Bad file descriptor) [pid 3657] close(11) = -1 EBADF (Bad file descriptor) [pid 3657] close(12) = -1 EBADF (Bad file descriptor) [pid 3657] close(13) = -1 EBADF (Bad file descriptor) [pid 3657] close(14) = -1 EBADF (Bad file descriptor) [pid 3657] close(15) = -1 EBADF (Bad file descriptor) [pid 3657] close(16) = -1 EBADF (Bad file descriptor) [pid 3657] close(17) = -1 EBADF (Bad file descriptor) [pid 3657] close(18) = -1 EBADF (Bad file descriptor) [pid 3657] close(19) = -1 EBADF (Bad file descriptor) [pid 3657] close(20) = -1 EBADF (Bad file descriptor) [pid 3657] close(21) = -1 EBADF (Bad file descriptor) [pid 3657] close(22) = -1 EBADF (Bad file descriptor) [pid 3657] close(23) = -1 EBADF (Bad file descriptor) [pid 3657] close(24) = -1 EBADF (Bad file descriptor) [pid 3657] close(25) = -1 EBADF (Bad file descriptor) [pid 3657] close(26) = -1 EBADF (Bad file descriptor) [pid 3657] close(27) = -1 EBADF (Bad file descriptor) [pid 3657] close(28) = -1 EBADF (Bad file descriptor) [pid 3657] close(29) = -1 EBADF (Bad file descriptor) [pid 3657] exit_group(0 [pid 3659] <... futex resumed>) = ? [pid 3658] <... futex resumed>) = ? [pid 3657] <... exit_group resumed>) = ? [pid 3659] +++ exited with 0 +++ [pid 3658] +++ exited with 0 +++ [pid 3657] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=37} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 48 ./strace-static-x86_64: Process 3660 attached [pid 3660] set_robust_list(0x5555568505e0, 24) = 0 [pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3660] setpgid(0, 0) = 0 [pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3660] write(3, "1000", 4) = 4 [pid 3660] close(3) = 0 [pid 3660] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3660] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3660] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3660] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[49], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 49 [pid 3660] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3661 attached [pid 3661] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3661] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3661] write(3, "4", 1) = 1 [ 54.869883][ T3661] FAULT_INJECTION: forcing a failure. [ 54.869883][ T3661] name failslab, interval 1, probability 0, space 0, times 0 [ 54.882719][ T3661] CPU: 1 PID: 3661 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 54.893342][ T3661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.903559][ T3661] Call Trace: [ 54.906837][ T3661] [ 54.909778][ T3661] dump_stack_lvl+0x1e3/0x2cb [ 54.914470][ T3661] ? bfq_pos_tree_add_move+0x436/0x436 [ 54.919932][ T3661] ? panic+0x76e/0x76e [ 54.924008][ T3661] ? validate_chain+0x126/0x65c0 [ 54.928951][ T3661] ? rcu_lock_release+0x5/0x20 [ 54.933699][ T3661] should_fail+0x384/0x4b0 [ 54.938102][ T3661] ? hsr_add_node+0x65/0x830 [ 54.942680][ T3661] should_failslab+0x5/0x20 [ 54.947177][ T3661] kmem_cache_alloc_trace+0x68/0x310 [ 54.952456][ T3661] hsr_add_node+0x65/0x830 [ 54.956861][ T3661] ? hsr_mac_hash+0x1f/0x270 [ 54.961608][ T3661] hsr_forward_skb+0x37f/0x2150 [ 54.966467][ T3661] ? prp_fill_frame_info+0x5b0/0x5b0 [ 54.971747][ T3661] ? hsr_addr_is_self+0x160/0x2b0 [ 54.976770][ T3661] hsr_handle_frame+0x4fd/0x6b0 [ 54.981615][ T3661] ? hsr_port_exists+0x50/0x50 [ 54.986369][ T3661] __netif_receive_skb_core+0x1448/0x3bc0 [ 54.992115][ T3661] ? trace_netif_rx+0x260/0x260 [ 54.996985][ T3661] __netif_receive_skb+0x11a/0x500 [ 55.002087][ T3661] ? read_lock_is_recursive+0x10/0x10 [ 55.007461][ T3661] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 55.012848][ T3661] ? __netif_receive_skb_list_core+0x930/0x930 [ 55.019191][ T3661] netif_receive_skb_internal+0x108/0x360 [ 55.024935][ T3661] ? trace_netif_receive_skb_entry+0x260/0x260 [ 55.031077][ T3661] ? rcu_read_lock_sched_held+0x89/0x130 [ 55.036718][ T3661] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 55.042712][ T3661] netif_receive_skb+0x19/0x30 [ 55.047464][ T3661] tun_rx_batched+0x777/0x920 [ 55.052132][ T3661] ? read_lock_is_recursive+0x10/0x10 [ 55.057509][ T3661] ? local_bh_enable+0x20/0x20 [ 55.062268][ T3661] ? rcu_lock_release+0x5/0x20 [ 55.067205][ T3661] tun_get_user+0x1b5a/0x2540 [ 55.071889][ T3661] ? tun_ring_recv+0xcc0/0xcc0 [ 55.076654][ T3661] ? __lock_acquire+0x1f80/0x1f80 [ 55.081695][ T3661] tun_chr_write_iter+0x10a/0x1e0 [ 55.086729][ T3661] vfs_write+0xa22/0xd40 [ 55.090973][ T3661] ? __lock_acquire+0x1f80/0x1f80 [ 55.095997][ T3661] ? file_end_write+0x230/0x230 [ 55.100851][ T3661] ? print_irqtrace_events+0x220/0x220 [ 55.106295][ T3661] ? __fget_files+0x3d0/0x440 [ 55.110962][ T3661] ? __fdget_pos+0x1d7/0x2e0 [ 55.115536][ T3661] ? ksys_write+0x77/0x2c0 [ 55.119953][ T3661] ksys_write+0x19b/0x2c0 [ 55.124266][ T3661] ? print_irqtrace_events+0x220/0x220 [ 55.129710][ T3661] ? __ia32_sys_read+0x80/0x80 [ 55.134458][ T3661] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 55.140425][ T3661] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 55.146399][ T3661] do_syscall_64+0x2b/0x70 [ 55.150867][ T3661] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 55.156746][ T3661] RIP: 0033:0x7f6b12c241ff [ 55.161153][ T3661] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 55.180743][ T3661] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 55.189147][ T3661] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 55.197129][ T3661] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 55.205089][ T3661] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 55.213238][ T3661] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3661] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [pid 3660] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3661] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = 0 [pid 3660] <... futex resumed>) = 0 [pid 3661] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3660] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3660] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[50], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 50 [pid 3660] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3662 attached [pid 3662] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3662] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3662] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = 0 [pid 3660] <... futex resumed>) = 1 [pid 3661] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3660] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3661] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3660] <... futex resumed>) = 0 [pid 3661] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3660] <... futex resumed>) = 0 [pid 3661] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3660] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... socket resumed>) = 5 [pid 3661] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3660] <... futex resumed>) = 0 [pid 3661] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3660] <... futex resumed>) = 0 [pid 3661] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3660] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3661] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3660] <... futex resumed>) = 0 [pid 3661] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3660] <... futex resumed>) = 0 [pid 3661] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3660] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] <... futex resumed>) = 1 [ 55.221210][ T3661] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 55.229202][ T3661] [pid 3662] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3661] <... sendmsg resumed>) = 64 [pid 3661] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] close(3) = 0 [pid 3660] close(4) = 0 [pid 3660] close(5) = 0 [pid 3660] close(6) = -1 EBADF (Bad file descriptor) [pid 3660] close(7) = -1 EBADF (Bad file descriptor) [pid 3660] close(8) = -1 EBADF (Bad file descriptor) [pid 3660] close(9) = -1 EBADF (Bad file descriptor) [pid 3660] close(10) = -1 EBADF (Bad file descriptor) [pid 3660] close(11) = -1 EBADF (Bad file descriptor) [pid 3660] close(12) = -1 EBADF (Bad file descriptor) [pid 3660] close(13) = -1 EBADF (Bad file descriptor) [pid 3660] close(14) = -1 EBADF (Bad file descriptor) [pid 3660] close(15) = -1 EBADF (Bad file descriptor) [pid 3660] close(16) = -1 EBADF (Bad file descriptor) [pid 3660] close(17) = -1 EBADF (Bad file descriptor) [pid 3660] close(18) = -1 EBADF (Bad file descriptor) [pid 3660] close(19) = -1 EBADF (Bad file descriptor) [pid 3660] close(20) = -1 EBADF (Bad file descriptor) [pid 3660] close(21) = -1 EBADF (Bad file descriptor) [pid 3660] close(22) = -1 EBADF (Bad file descriptor) [pid 3660] close(23) = -1 EBADF (Bad file descriptor) [pid 3660] close(24) = -1 EBADF (Bad file descriptor) [pid 3660] close(25) = -1 EBADF (Bad file descriptor) [pid 3660] close(26) = -1 EBADF (Bad file descriptor) [pid 3660] close(27) = -1 EBADF (Bad file descriptor) [pid 3660] close(28) = -1 EBADF (Bad file descriptor) [pid 3660] close(29) = -1 EBADF (Bad file descriptor) [pid 3660] exit_group(0 [pid 3661] <... futex resumed>) = ? [pid 3660] <... exit_group resumed>) = ? [pid 3662] <... futex resumed>) = ? [pid 3661] +++ exited with 0 +++ [pid 3662] +++ exited with 0 +++ [pid 3660] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=36} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3663 attached , child_tidptr=0x5555568505d0) = 51 [pid 3663] set_robust_list(0x5555568505e0, 24) = 0 [pid 3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3663] setpgid(0, 0) = 0 [pid 3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3663] write(3, "1000", 4) = 4 [pid 3663] close(3) = 0 [pid 3663] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3663] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3663] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3663] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3664 attached , parent_tid=[52], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 52 [pid 3664] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3664] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = 0 [pid 3663] <... futex resumed>) = 1 [pid 3664] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3663] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] write(3, "4", 1) = 1 [ 55.355289][ T3664] FAULT_INJECTION: forcing a failure. [ 55.355289][ T3664] name failslab, interval 1, probability 0, space 0, times 0 [ 55.368041][ T3664] CPU: 1 PID: 3664 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 55.378548][ T3664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.388593][ T3664] Call Trace: [ 55.391859][ T3664] [ 55.394777][ T3664] dump_stack_lvl+0x1e3/0x2cb [ 55.399448][ T3664] ? bfq_pos_tree_add_move+0x436/0x436 [ 55.404897][ T3664] ? panic+0x76e/0x76e [ 55.408965][ T3664] ? validate_chain+0x126/0x65c0 [ 55.413918][ T3664] ? rcu_lock_release+0x5/0x20 [ 55.418687][ T3664] should_fail+0x384/0x4b0 [ 55.423110][ T3664] ? hsr_add_node+0x65/0x830 [ 55.427693][ T3664] should_failslab+0x5/0x20 [ 55.432187][ T3664] kmem_cache_alloc_trace+0x68/0x310 [ 55.437471][ T3664] hsr_add_node+0x65/0x830 [ 55.441876][ T3664] ? hsr_mac_hash+0x1f/0x270 [ 55.446457][ T3664] hsr_forward_skb+0x37f/0x2150 [ 55.451308][ T3664] ? prp_fill_frame_info+0x5b0/0x5b0 [ 55.456589][ T3664] ? hsr_addr_is_self+0x160/0x2b0 [ 55.461602][ T3664] hsr_handle_frame+0x4fd/0x6b0 [ 55.466445][ T3664] ? hsr_port_exists+0x50/0x50 [ 55.471191][ T3664] __netif_receive_skb_core+0x1448/0x3bc0 [ 55.476913][ T3664] ? trace_netif_rx+0x260/0x260 [ 55.481767][ T3664] __netif_receive_skb+0x11a/0x500 [ 55.486870][ T3664] ? read_lock_is_recursive+0x10/0x10 [ 55.492227][ T3664] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 55.497501][ T3664] ? __netif_receive_skb_list_core+0x930/0x930 [ 55.503656][ T3664] netif_receive_skb_internal+0x108/0x360 [ 55.509374][ T3664] ? trace_netif_receive_skb_entry+0x260/0x260 [ 55.515510][ T3664] ? rcu_read_lock_sched_held+0x89/0x130 [ 55.521129][ T3664] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 55.527190][ T3664] netif_receive_skb+0x19/0x30 [ 55.532987][ T3664] tun_rx_batched+0x777/0x920 [ 55.537653][ T3664] ? read_lock_is_recursive+0x10/0x10 [ 55.543011][ T3664] ? local_bh_enable+0x20/0x20 [ 55.547764][ T3664] ? rcu_lock_release+0x5/0x20 [ 55.552521][ T3664] tun_get_user+0x1b5a/0x2540 [ 55.557203][ T3664] ? tun_ring_recv+0xcc0/0xcc0 [ 55.561954][ T3664] ? __lock_acquire+0x1f80/0x1f80 [ 55.566982][ T3664] tun_chr_write_iter+0x10a/0x1e0 [ 55.571995][ T3664] vfs_write+0xa22/0xd40 [ 55.576230][ T3664] ? __lock_acquire+0x1f80/0x1f80 [ 55.581246][ T3664] ? file_end_write+0x230/0x230 [ 55.586080][ T3664] ? print_irqtrace_events+0x220/0x220 [ 55.591536][ T3664] ? __fget_files+0x3d0/0x440 [ 55.596639][ T3664] ? __fdget_pos+0x1d7/0x2e0 [ 55.601212][ T3664] ? ksys_write+0x77/0x2c0 [ 55.605618][ T3664] ksys_write+0x19b/0x2c0 [ 55.609933][ T3664] ? print_irqtrace_events+0x220/0x220 [ 55.615381][ T3664] ? __ia32_sys_read+0x80/0x80 [ 55.620129][ T3664] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 55.626097][ T3664] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 55.632062][ T3664] do_syscall_64+0x2b/0x70 [ 55.636464][ T3664] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 55.642343][ T3664] RIP: 0033:0x7f6b12c241ff [ 55.646747][ T3664] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 55.666333][ T3664] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 55.674732][ T3664] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 55.682698][ T3664] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 55.690653][ T3664] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 55.698608][ T3664] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3664] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3663] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3663] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3663] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3663] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[53], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 53 [pid 3663] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... write resumed>) = 14 [pid 3664] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3665 attached [pid 3665] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3665] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3665] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 0 [pid 3664] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3664] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 1 [pid 3664] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3664] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 1 [pid 3664] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3664] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 1 [pid 3664] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 55.706563][ T3664] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 55.714530][ T3664] [pid 3665] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3664] <... sendmsg resumed>) = 64 [pid 3664] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3664] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] close(3) = 0 [pid 3663] close(4) = 0 [pid 3663] close(5) = 0 [pid 3663] close(6) = -1 EBADF (Bad file descriptor) [pid 3663] close(7) = -1 EBADF (Bad file descriptor) [pid 3663] close(8) = -1 EBADF (Bad file descriptor) [pid 3663] close(9) = -1 EBADF (Bad file descriptor) [pid 3663] close(10) = -1 EBADF (Bad file descriptor) [pid 3663] close(11) = -1 EBADF (Bad file descriptor) [pid 3663] close(12) = -1 EBADF (Bad file descriptor) [pid 3663] close(13) = -1 EBADF (Bad file descriptor) [pid 3663] close(14) = -1 EBADF (Bad file descriptor) [pid 3663] close(15) = -1 EBADF (Bad file descriptor) [pid 3663] close(16) = -1 EBADF (Bad file descriptor) [pid 3663] close(17) = -1 EBADF (Bad file descriptor) [pid 3663] close(18) = -1 EBADF (Bad file descriptor) [pid 3663] close(19) = -1 EBADF (Bad file descriptor) [pid 3663] close(20) = -1 EBADF (Bad file descriptor) [pid 3663] close(21) = -1 EBADF (Bad file descriptor) [pid 3663] close(22) = -1 EBADF (Bad file descriptor) [pid 3663] close(23) = -1 EBADF (Bad file descriptor) [pid 3663] close(24) = -1 EBADF (Bad file descriptor) [pid 3663] close(25) = -1 EBADF (Bad file descriptor) [pid 3663] close(26) = -1 EBADF (Bad file descriptor) [pid 3663] close(27) = -1 EBADF (Bad file descriptor) [pid 3663] close(28) = -1 EBADF (Bad file descriptor) [pid 3663] close(29) = -1 EBADF (Bad file descriptor) [pid 3663] exit_group(0 [pid 3665] <... futex resumed>) = ? [pid 3664] <... futex resumed>) = ? [pid 3663] <... exit_group resumed>) = ? [pid 3665] +++ exited with 0 +++ [pid 3664] +++ exited with 0 +++ [pid 3663] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 54 ./strace-static-x86_64: Process 3666 attached [pid 3666] set_robust_list(0x5555568505e0, 24) = 0 [pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3666] setpgid(0, 0) = 0 [pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3666] write(3, "1000", 4) = 4 [pid 3666] close(3) = 0 [pid 3666] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3666] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3666] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3666] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[55], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 55 [pid 3666] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3667 attached [pid 3667] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3667] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3667] write(3, "4", 1) = 1 [ 55.800060][ T3667] FAULT_INJECTION: forcing a failure. [ 55.800060][ T3667] name failslab, interval 1, probability 0, space 0, times 0 [ 55.812695][ T3667] CPU: 0 PID: 3667 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 55.823179][ T3667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.833316][ T3667] Call Trace: [ 55.836590][ T3667] [ 55.839509][ T3667] dump_stack_lvl+0x1e3/0x2cb [ 55.844181][ T3667] ? bfq_pos_tree_add_move+0x436/0x436 [ 55.849629][ T3667] ? panic+0x76e/0x76e [ 55.853683][ T3667] ? validate_chain+0x126/0x65c0 [ 55.858613][ T3667] ? rcu_lock_release+0x5/0x20 [ 55.863367][ T3667] should_fail+0x384/0x4b0 [ 55.867772][ T3667] ? hsr_add_node+0x65/0x830 [ 55.872350][ T3667] should_failslab+0x5/0x20 [ 55.876840][ T3667] kmem_cache_alloc_trace+0x68/0x310 [ 55.882121][ T3667] hsr_add_node+0x65/0x830 [ 55.886527][ T3667] ? hsr_mac_hash+0x1f/0x270 [ 55.891117][ T3667] hsr_forward_skb+0x37f/0x2150 [ 55.895967][ T3667] ? prp_fill_frame_info+0x5b0/0x5b0 [ 55.901247][ T3667] ? hsr_addr_is_self+0x160/0x2b0 [ 55.906258][ T3667] hsr_handle_frame+0x4fd/0x6b0 [ 55.911098][ T3667] ? hsr_port_exists+0x50/0x50 [ 55.915847][ T3667] __netif_receive_skb_core+0x1448/0x3bc0 [ 55.921563][ T3667] ? trace_netif_rx+0x260/0x260 [ 55.926412][ T3667] __netif_receive_skb+0x11a/0x500 [ 55.931509][ T3667] ? read_lock_is_recursive+0x10/0x10 [ 55.936866][ T3667] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 55.942142][ T3667] ? __netif_receive_skb_list_core+0x930/0x930 [ 55.948283][ T3667] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 55.954261][ T3667] netif_receive_skb_internal+0x108/0x360 [ 55.959967][ T3667] ? trace_netif_receive_skb_entry+0x260/0x260 [ 55.966102][ T3667] ? rcu_read_lock_sched_held+0x89/0x130 [ 55.971722][ T3667] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 55.977685][ T3667] ? trace_netif_receive_skb_entry+0x24/0x260 [ 55.983740][ T3667] ? trace_netif_receive_skb_entry+0x32/0x260 [ 55.989864][ T3667] ? __sanitizer_cov_trace_pc+0x2d/0x60 [ 55.995402][ T3667] netif_receive_skb+0x19/0x30 [ 56.000150][ T3667] tun_rx_batched+0x777/0x920 [ 56.005436][ T3667] ? read_lock_is_recursive+0x10/0x10 [ 56.010816][ T3667] ? local_bh_enable+0x20/0x20 [ 56.015586][ T3667] ? rcu_lock_release+0x5/0x20 [ 56.020357][ T3667] tun_get_user+0x1b5a/0x2540 [ 56.025036][ T3667] ? tun_ring_recv+0xcc0/0xcc0 [ 56.029788][ T3667] ? __lock_acquire+0x1f80/0x1f80 [ 56.034816][ T3667] tun_chr_write_iter+0x10a/0x1e0 [ 56.039830][ T3667] vfs_write+0xa22/0xd40 [ 56.044061][ T3667] ? __lock_acquire+0x1f80/0x1f80 [ 56.049075][ T3667] ? file_end_write+0x230/0x230 [ 56.053911][ T3667] ? print_irqtrace_events+0x220/0x220 [ 56.059358][ T3667] ? __fget_files+0x3d0/0x440 [ 56.064031][ T3667] ? __fdget_pos+0x1d7/0x2e0 [ 56.068603][ T3667] ? ksys_write+0x77/0x2c0 [ 56.073003][ T3667] ksys_write+0x19b/0x2c0 [ 56.077316][ T3667] ? print_irqtrace_events+0x220/0x220 [ 56.082764][ T3667] ? __ia32_sys_read+0x80/0x80 [ 56.087512][ T3667] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 56.093481][ T3667] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 56.099446][ T3667] do_syscall_64+0x2b/0x70 [ 56.103848][ T3667] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.109808][ T3667] RIP: 0033:0x7f6b12c241ff [ 56.114237][ T3667] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 56.133962][ T3667] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 56.142367][ T3667] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [pid 3667] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [pid 3666] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3667] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = 0 [pid 3666] <... futex resumed>) = 0 [pid 3667] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3666] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... socket resumed>) = 4 [pid 3667] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3667] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3666] <... futex resumed>) = 0 [pid 3667] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3666] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3667] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3667] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3666] <... futex resumed>) = 0 [pid 3667] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3666] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... socket resumed>) = 5 [pid 3667] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3667] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3666] <... futex resumed>) = 0 [pid 3667] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3666] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3667] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3667] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3666] <... futex resumed>) = 0 [pid 3667] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 56.150324][ T3667] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 56.158280][ T3667] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 56.166235][ T3667] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 56.174985][ T3667] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 56.183255][ T3667] [pid 3666] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3667] <... sendmsg resumed>) = 64 [pid 3667] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] close(3) = 0 [pid 3666] close(4) = 0 [pid 3666] close(5) = 0 [pid 3666] close(6) = -1 EBADF (Bad file descriptor) [pid 3666] close(7) = -1 EBADF (Bad file descriptor) [pid 3666] close(8) = -1 EBADF (Bad file descriptor) [pid 3666] close(9) = -1 EBADF (Bad file descriptor) [pid 3666] close(10) = -1 EBADF (Bad file descriptor) [pid 3666] close(11) = -1 EBADF (Bad file descriptor) [pid 3666] close(12) = -1 EBADF (Bad file descriptor) [pid 3666] close(13) = -1 EBADF (Bad file descriptor) [pid 3666] close(14) = -1 EBADF (Bad file descriptor) [pid 3666] close(15) = -1 EBADF (Bad file descriptor) [pid 3666] close(16) = -1 EBADF (Bad file descriptor) [pid 3666] close(17) = -1 EBADF (Bad file descriptor) [pid 3666] close(18) = -1 EBADF (Bad file descriptor) [pid 3666] close(19) = -1 EBADF (Bad file descriptor) [pid 3666] close(20) = -1 EBADF (Bad file descriptor) [pid 3666] close(21) = -1 EBADF (Bad file descriptor) [pid 3666] close(22) = -1 EBADF (Bad file descriptor) [pid 3666] close(23) = -1 EBADF (Bad file descriptor) [pid 3666] close(24) = -1 EBADF (Bad file descriptor) [pid 3666] close(25) = -1 EBADF (Bad file descriptor) [pid 3666] close(26) = -1 EBADF (Bad file descriptor) [pid 3666] close(27) = -1 EBADF (Bad file descriptor) [pid 3666] close(28) = -1 EBADF (Bad file descriptor) [pid 3666] close(29) = -1 EBADF (Bad file descriptor) [pid 3666] exit_group(0 [pid 3667] <... futex resumed>) = 231 [pid 3666] <... exit_group resumed>) = ? [pid 3667] +++ exited with 0 +++ [pid 3666] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=40} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3668 attached , child_tidptr=0x5555568505d0) = 56 [pid 3668] set_robust_list(0x5555568505e0, 24) = 0 [pid 3668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3668] setpgid(0, 0) = 0 [pid 3668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3668] write(3, "1000", 4) = 4 [pid 3668] close(3) = 0 [pid 3668] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3668] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3668] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3668] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3669 attached [pid 3669] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3669] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3668] <... clone resumed>, parent_tid=[57], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 57 [pid 3668] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3668] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3669] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3669] write(3, "4", 1) = 1 [pid 3669] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3668] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3668] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3668] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3668] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[58], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 58 [pid 3668] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.305869][ T3669] FAULT_INJECTION: forcing a failure. [ 56.305869][ T3669] name failslab, interval 1, probability 0, space 0, times 0 [ 56.318522][ T3669] CPU: 0 PID: 3669 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 56.329269][ T3669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.339420][ T3669] Call Trace: [ 56.342702][ T3669] [ 56.345648][ T3669] dump_stack_lvl+0x1e3/0x2cb [ 56.350350][ T3669] ? bfq_pos_tree_add_move+0x436/0x436 [pid 3668] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3670 attached [pid 3670] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3670] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3670] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3668] <... futex resumed>) = 0 [pid 3668] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3668] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 1 [pid 3670] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [ 56.355809][ T3669] ? panic+0x76e/0x76e [ 56.359896][ T3669] ? validate_chain+0x126/0x65c0 [ 56.364861][ T3669] ? rcu_lock_release+0x5/0x20 [ 56.369655][ T3669] should_fail+0x384/0x4b0 [ 56.374100][ T3669] ? hsr_add_node+0x65/0x830 [ 56.378707][ T3669] should_failslab+0x5/0x20 [ 56.383202][ T3669] kmem_cache_alloc_trace+0x68/0x310 [ 56.388585][ T3669] hsr_add_node+0x65/0x830 [ 56.392989][ T3669] ? hsr_mac_hash+0x1f/0x270 [ 56.397568][ T3669] hsr_forward_skb+0x37f/0x2150 [ 56.402428][ T3669] ? prp_fill_frame_info+0x5b0/0x5b0 [ 56.407714][ T3669] ? hsr_addr_is_self+0x160/0x2b0 [ 56.412751][ T3669] hsr_handle_frame+0x4fd/0x6b0 [ 56.417597][ T3669] ? hsr_port_exists+0x50/0x50 [ 56.422356][ T3669] __netif_receive_skb_core+0x1448/0x3bc0 [ 56.428116][ T3669] ? trace_netif_rx+0x260/0x260 [ 56.433823][ T3669] __netif_receive_skb+0x11a/0x500 [ 56.439430][ T3669] ? read_lock_is_recursive+0x10/0x10 [ 56.444894][ T3669] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 56.450343][ T3669] ? __netif_receive_skb_list_core+0x930/0x930 [ 56.456514][ T3669] netif_receive_skb_internal+0x108/0x360 [ 56.462335][ T3669] ? trace_netif_receive_skb_entry+0x260/0x260 [ 56.468487][ T3669] ? rcu_read_lock_sched_held+0x89/0x130 [ 56.474117][ T3669] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 56.480105][ T3669] netif_receive_skb+0x19/0x30 [ 56.484862][ T3669] tun_rx_batched+0x777/0x920 [ 56.489551][ T3669] ? read_lock_is_recursive+0x10/0x10 [ 56.495019][ T3669] ? local_bh_enable+0x20/0x20 [ 56.500071][ T3669] ? rcu_lock_release+0x5/0x20 [ 56.504846][ T3669] tun_get_user+0x1b5a/0x2540 [ 56.509534][ T3669] ? tun_ring_recv+0xcc0/0xcc0 [ 56.514384][ T3669] ? __lock_acquire+0x1f80/0x1f80 [ 56.519403][ T3669] tun_chr_write_iter+0x10a/0x1e0 [ 56.524427][ T3669] vfs_write+0xa22/0xd40 [ 56.528668][ T3669] ? __lock_acquire+0x1f80/0x1f80 [ 56.533704][ T3669] ? file_end_write+0x230/0x230 [ 56.538548][ T3669] ? print_irqtrace_events+0x220/0x220 [ 56.544021][ T3669] ? __fget_files+0x3d0/0x440 [ 56.548712][ T3669] ? __fdget_pos+0x1d7/0x2e0 [ 56.553307][ T3669] ? ksys_write+0x77/0x2c0 [ 56.557740][ T3669] ksys_write+0x19b/0x2c0 [ 56.562078][ T3669] ? print_irqtrace_events+0x220/0x220 [ 56.567541][ T3669] ? __ia32_sys_read+0x80/0x80 [ 56.572294][ T3669] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 56.578262][ T3669] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 56.584236][ T3669] do_syscall_64+0x2b/0x70 [ 56.588770][ T3669] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.594666][ T3669] RIP: 0033:0x7f6b12c241ff [ 56.599274][ T3669] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 56.618864][ T3669] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 56.627263][ T3669] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 56.635225][ T3669] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 56.643186][ T3669] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [pid 3670] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3668] <... futex resumed>) = 0 [pid 3668] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3668] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 1 [pid 3670] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3670] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3668] <... futex resumed>) = 0 [pid 3668] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3668] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 1 [pid 3670] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3670] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3668] <... futex resumed>) = 0 [pid 3668] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3668] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 1 [pid 3670] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3668] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3668] close(3) = 0 [pid 3668] close(4) = 0 [pid 3668] close(5) = 0 [pid 3668] close(6) = -1 EBADF (Bad file descriptor) [pid 3668] close(7) = -1 EBADF (Bad file descriptor) [pid 3668] close(8) = -1 EBADF (Bad file descriptor) [pid 3668] close(9) = -1 EBADF (Bad file descriptor) [pid 3668] close(10) = -1 EBADF (Bad file descriptor) [pid 3668] close(11) = -1 EBADF (Bad file descriptor) [pid 3668] close(12) = -1 EBADF (Bad file descriptor) [pid 3668] close(13) = -1 EBADF (Bad file descriptor) [pid 3668] close(14) = -1 EBADF (Bad file descriptor) [pid 3668] close(15) = -1 EBADF (Bad file descriptor) [pid 3668] close(16) = -1 EBADF (Bad file descriptor) [pid 3668] close(17) = -1 EBADF (Bad file descriptor) [pid 3668] close(18) = -1 EBADF (Bad file descriptor) [pid 3668] close(19) = -1 EBADF (Bad file descriptor) [pid 3668] close(20) = -1 EBADF (Bad file descriptor) [pid 3668] close(21) = -1 EBADF (Bad file descriptor) [pid 3668] close(22) = -1 EBADF (Bad file descriptor) [pid 3668] close(23) = -1 EBADF (Bad file descriptor) [pid 3668] close(24) = -1 EBADF (Bad file descriptor) [pid 3668] close(25) = -1 EBADF (Bad file descriptor) [pid 3668] close(26) = -1 EBADF (Bad file descriptor) [pid 3668] close(27) = -1 EBADF (Bad file descriptor) [pid 3668] close(28) = -1 EBADF (Bad file descriptor) [pid 3668] close(29) = -1 EBADF (Bad file descriptor) [pid 3668] exit_group(0) = ? [pid 3669] <... write resumed>) = ? [pid 3669] +++ exited with 0 +++ [pid 3670] <... sendmsg resumed>) = ? [pid 3670] +++ exited with 0 +++ [pid 3668] +++ exited with 0 +++ [ 56.651167][ T3669] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 56.659211][ T3669] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 56.667195][ T3669] [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 59 ./strace-static-x86_64: Process 3671 attached [pid 3671] set_robust_list(0x5555568505e0, 24) = 0 [pid 3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3671] setpgid(0, 0) = 0 [pid 3671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3671] write(3, "1000", 4) = 4 [pid 3671] close(3) = 0 [pid 3671] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3671] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3671] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[60], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 60 [pid 3671] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3672 attached [pid 3672] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3672] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3672] write(3, "4", 1) = 1 [ 56.730155][ T3672] FAULT_INJECTION: forcing a failure. [ 56.730155][ T3672] name failslab, interval 1, probability 0, space 0, times 0 [ 56.742814][ T3672] CPU: 1 PID: 3672 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 56.753304][ T3672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.763359][ T3672] Call Trace: [ 56.766643][ T3672] [ 56.769561][ T3672] dump_stack_lvl+0x1e3/0x2cb [ 56.774229][ T3672] ? bfq_pos_tree_add_move+0x436/0x436 [ 56.779676][ T3672] ? panic+0x76e/0x76e [ 56.783743][ T3672] ? validate_chain+0x126/0x65c0 [ 56.788684][ T3672] ? rcu_lock_release+0x5/0x20 [ 56.793434][ T3672] should_fail+0x384/0x4b0 [ 56.797849][ T3672] ? hsr_add_node+0x65/0x830 [ 56.802444][ T3672] should_failslab+0x5/0x20 [ 56.806936][ T3672] kmem_cache_alloc_trace+0x68/0x310 [ 56.812222][ T3672] hsr_add_node+0x65/0x830 [ 56.816653][ T3672] ? hsr_mac_hash+0x1f/0x270 [ 56.821254][ T3672] hsr_forward_skb+0x37f/0x2150 [ 56.826118][ T3672] ? prp_fill_frame_info+0x5b0/0x5b0 [ 56.831406][ T3672] ? hsr_addr_is_self+0x160/0x2b0 [ 56.836437][ T3672] hsr_handle_frame+0x4fd/0x6b0 [ 56.841291][ T3672] ? hsr_port_exists+0x50/0x50 [ 56.846056][ T3672] __netif_receive_skb_core+0x1448/0x3bc0 [ 56.851778][ T3672] ? trace_netif_rx+0x260/0x260 [ 56.856633][ T3672] __netif_receive_skb+0x11a/0x500 [ 56.861831][ T3672] ? read_lock_is_recursive+0x10/0x10 [ 56.867212][ T3672] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 56.872492][ T3672] ? __netif_receive_skb_list_core+0x930/0x930 [ 56.878651][ T3672] netif_receive_skb_internal+0x108/0x360 [ 56.884371][ T3672] ? trace_netif_receive_skb_entry+0x260/0x260 [ 56.890527][ T3672] ? rcu_read_lock_sched_held+0x89/0x130 [ 56.896151][ T3672] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 56.902131][ T3672] netif_receive_skb+0x19/0x30 [ 56.906892][ T3672] tun_rx_batched+0x777/0x920 [ 56.911605][ T3672] ? read_lock_is_recursive+0x10/0x10 [ 56.916989][ T3672] ? local_bh_enable+0x20/0x20 [ 56.921758][ T3672] ? rcu_lock_release+0x5/0x20 [ 56.926552][ T3672] tun_get_user+0x1b5a/0x2540 [ 56.931225][ T3672] ? tun_ring_recv+0xcc0/0xcc0 [ 56.935990][ T3672] ? __lock_acquire+0x1f80/0x1f80 [ 56.941237][ T3672] tun_chr_write_iter+0x10a/0x1e0 [ 56.946257][ T3672] vfs_write+0xa22/0xd40 [ 56.950578][ T3672] ? __lock_acquire+0x1f80/0x1f80 [ 56.955597][ T3672] ? file_end_write+0x230/0x230 [ 56.960436][ T3672] ? print_irqtrace_events+0x220/0x220 [ 56.965885][ T3672] ? __fget_files+0x3d0/0x440 [ 56.970554][ T3672] ? __fdget_pos+0x1d7/0x2e0 [ 56.975128][ T3672] ? ksys_write+0x77/0x2c0 [ 56.979543][ T3672] ksys_write+0x19b/0x2c0 [ 56.984309][ T3672] ? print_irqtrace_events+0x220/0x220 [ 56.989757][ T3672] ? __ia32_sys_read+0x80/0x80 [ 56.994507][ T3672] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 57.000501][ T3672] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 57.006495][ T3672] do_syscall_64+0x2b/0x70 [ 57.010915][ T3672] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.016792][ T3672] RIP: 0033:0x7f6b12c241ff [ 57.021190][ T3672] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 57.040798][ T3672] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 57.049222][ T3672] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 57.057194][ T3672] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 57.065157][ T3672] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 57.073217][ T3672] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3672] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [pid 3671] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3672] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3671] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = 0 [pid 3671] <... futex resumed>) = 0 [pid 3672] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3671] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] <... socket resumed>) = 4 [pid 3672] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3672] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] <... futex resumed>) = 0 [pid 3672] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3671] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3672] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3672] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] <... futex resumed>) = 0 [pid 3672] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3671] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] <... socket resumed>) = 5 [pid 3672] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3672] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] <... futex resumed>) = 0 [pid 3672] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3671] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3672] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3672] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] <... futex resumed>) = 0 [pid 3672] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 57.081179][ T3672] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 57.089149][ T3672] [pid 3671] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3672] <... sendmsg resumed>) = 64 [pid 3672] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] close(3) = 0 [pid 3671] close(4) = 0 [pid 3671] close(5) = 0 [pid 3671] close(6) = -1 EBADF (Bad file descriptor) [pid 3671] close(7) = -1 EBADF (Bad file descriptor) [pid 3671] close(8) = -1 EBADF (Bad file descriptor) [pid 3671] close(9) = -1 EBADF (Bad file descriptor) [pid 3671] close(10) = -1 EBADF (Bad file descriptor) [pid 3671] close(11) = -1 EBADF (Bad file descriptor) [pid 3671] close(12) = -1 EBADF (Bad file descriptor) [pid 3671] close(13) = -1 EBADF (Bad file descriptor) [pid 3671] close(14) = -1 EBADF (Bad file descriptor) [pid 3671] close(15) = -1 EBADF (Bad file descriptor) [pid 3671] close(16) = -1 EBADF (Bad file descriptor) [pid 3671] close(17) = -1 EBADF (Bad file descriptor) [pid 3671] close(18) = -1 EBADF (Bad file descriptor) [pid 3671] close(19) = -1 EBADF (Bad file descriptor) [pid 3671] close(20) = -1 EBADF (Bad file descriptor) [pid 3671] close(21) = -1 EBADF (Bad file descriptor) [pid 3671] close(22) = -1 EBADF (Bad file descriptor) [pid 3671] close(23) = -1 EBADF (Bad file descriptor) [pid 3671] close(24) = -1 EBADF (Bad file descriptor) [pid 3671] close(25) = -1 EBADF (Bad file descriptor) [pid 3671] close(26) = -1 EBADF (Bad file descriptor) [pid 3671] close(27) = -1 EBADF (Bad file descriptor) [pid 3671] close(28) = -1 EBADF (Bad file descriptor) [pid 3671] close(29) = -1 EBADF (Bad file descriptor) [pid 3671] exit_group(0 [pid 3672] <... futex resumed>) = ? [pid 3671] <... exit_group resumed>) = ? [pid 3672] +++ exited with 0 +++ [pid 3671] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3673 attached , child_tidptr=0x5555568505d0) = 61 [pid 3673] set_robust_list(0x5555568505e0, 24) = 0 [pid 3673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3673] setpgid(0, 0) = 0 [pid 3673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3673] write(3, "1000", 4) = 4 [pid 3673] close(3) = 0 [pid 3673] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3673] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3673] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3673] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3674 attached , parent_tid=[62], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 62 [pid 3674] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3673] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3674] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3674] write(3, "4", 1) = 1 [pid 3674] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3673] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3673] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3673] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3673] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[63], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 63 [pid 3673] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3675 attached [ 57.214452][ T3674] FAULT_INJECTION: forcing a failure. [ 57.214452][ T3674] name failslab, interval 1, probability 0, space 0, times 0 [ 57.227248][ T3674] CPU: 0 PID: 3674 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 57.237742][ T3674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.247803][ T3674] Call Trace: [ 57.251079][ T3674] [ 57.254017][ T3674] dump_stack_lvl+0x1e3/0x2cb [ 57.258707][ T3674] ? bfq_pos_tree_add_move+0x436/0x436 [pid 3675] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3675] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3675] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 0 [pid 3673] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3675] <... futex resumed>) = 1 [pid 3675] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3675] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 0 [pid 3673] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.264166][ T3674] ? panic+0x76e/0x76e [ 57.268256][ T3674] ? validate_chain+0x126/0x65c0 [ 57.273212][ T3674] ? rcu_lock_release+0x5/0x20 [ 57.278002][ T3674] should_fail+0x384/0x4b0 [ 57.282431][ T3674] ? hsr_add_node+0x65/0x830 [ 57.287020][ T3674] should_failslab+0x5/0x20 [ 57.291509][ T3674] kmem_cache_alloc_trace+0x68/0x310 [ 57.296797][ T3674] hsr_add_node+0x65/0x830 [ 57.301312][ T3674] ? hsr_mac_hash+0x1f/0x270 [ 57.305908][ T3674] hsr_forward_skb+0x37f/0x2150 [ 57.310760][ T3674] ? asm_common_interrupt+0x1e/0x40 [ 57.315969][ T3674] ? prp_fill_frame_info+0x5b0/0x5b0 [ 57.321251][ T3674] ? hsr_addr_is_self+0x160/0x2b0 [ 57.326280][ T3674] hsr_handle_frame+0x4fd/0x6b0 [ 57.331142][ T3674] ? hsr_port_exists+0x50/0x50 [ 57.335916][ T3674] __netif_receive_skb_core+0x1448/0x3bc0 [ 57.341646][ T3674] ? trace_netif_rx+0x260/0x260 [ 57.346518][ T3674] __netif_receive_skb+0x11a/0x500 [ 57.352490][ T3674] ? read_lock_is_recursive+0x10/0x10 [ 57.357852][ T3674] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 57.363122][ T3674] ? __netif_receive_skb_list_core+0x930/0x930 [ 57.369277][ T3674] netif_receive_skb_internal+0x108/0x360 [ 57.374986][ T3674] ? trace_netif_receive_skb_entry+0x260/0x260 [ 57.381124][ T3674] ? rcu_read_lock_sched_held+0x89/0x130 [ 57.386744][ T3674] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 57.392739][ T3674] netif_receive_skb+0x19/0x30 [ 57.397616][ T3674] tun_rx_batched+0x777/0x920 [ 57.402298][ T3674] ? read_lock_is_recursive+0x10/0x10 [ 57.407680][ T3674] ? local_bh_enable+0x20/0x20 [ 57.412469][ T3674] ? rcu_lock_release+0x5/0x20 [ 57.417228][ T3674] tun_get_user+0x1b5a/0x2540 [ 57.421903][ T3674] ? tun_ring_recv+0xcc0/0xcc0 [ 57.426663][ T3674] ? __lock_acquire+0x1f80/0x1f80 [ 57.431692][ T3674] tun_chr_write_iter+0x10a/0x1e0 [ 57.436797][ T3674] vfs_write+0xa22/0xd40 [ 57.441034][ T3674] ? __lock_acquire+0x1f80/0x1f80 [ 57.446070][ T3674] ? file_end_write+0x230/0x230 [ 57.450905][ T3674] ? print_irqtrace_events+0x220/0x220 [ 57.456352][ T3674] ? __fget_files+0x3d0/0x440 [ 57.461022][ T3674] ? __fdget_pos+0x1d7/0x2e0 [ 57.465599][ T3674] ? ksys_write+0x77/0x2c0 [ 57.469999][ T3674] ksys_write+0x19b/0x2c0 [ 57.474315][ T3674] ? print_irqtrace_events+0x220/0x220 [ 57.479849][ T3674] ? __ia32_sys_read+0x80/0x80 [ 57.484596][ T3674] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 57.490566][ T3674] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 57.496534][ T3674] do_syscall_64+0x2b/0x70 [ 57.500934][ T3674] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.506811][ T3674] RIP: 0033:0x7f6b12c241ff [ 57.511214][ T3674] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 57.530800][ T3674] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 57.539199][ T3674] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 57.547155][ T3674] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 57.555199][ T3674] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [pid 3673] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3675] <... futex resumed>) = 1 [pid 3675] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3675] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 0 [pid 3673] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3675] <... futex resumed>) = 1 [pid 3675] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3675] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 0 [pid 3673] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] <... futex resumed>) = 1 [pid 3673] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3675] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3673] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3674] <... write resumed>) = 14 [pid 3674] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.563153][ T3674] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 57.571117][ T3674] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 57.579086][ T3674] [pid 3674] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] <... sendmsg resumed>) = 64 [pid 3675] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3673] close(3) = 0 [pid 3673] close(4) = 0 [pid 3673] close(5) = 0 [pid 3673] close(6) = -1 EBADF (Bad file descriptor) [pid 3673] close(7) = -1 EBADF (Bad file descriptor) [pid 3673] close(8) = -1 EBADF (Bad file descriptor) [pid 3673] close(9) = -1 EBADF (Bad file descriptor) [pid 3673] close(10) = -1 EBADF (Bad file descriptor) [pid 3673] close(11) = -1 EBADF (Bad file descriptor) [pid 3673] close(12) = -1 EBADF (Bad file descriptor) [pid 3673] close(13) = -1 EBADF (Bad file descriptor) [pid 3673] close(14) = -1 EBADF (Bad file descriptor) [pid 3673] close(15) = -1 EBADF (Bad file descriptor) [pid 3673] close(16) = -1 EBADF (Bad file descriptor) [pid 3673] close(17) = -1 EBADF (Bad file descriptor) [pid 3673] close(18) = -1 EBADF (Bad file descriptor) [pid 3673] close(19) = -1 EBADF (Bad file descriptor) [pid 3673] close(20) = -1 EBADF (Bad file descriptor) [pid 3673] close(21) = -1 EBADF (Bad file descriptor) [pid 3673] close(22) = -1 EBADF (Bad file descriptor) [pid 3673] close(23) = -1 EBADF (Bad file descriptor) [pid 3673] close(24) = -1 EBADF (Bad file descriptor) [pid 3673] close(25) = -1 EBADF (Bad file descriptor) [pid 3673] close(26) = -1 EBADF (Bad file descriptor) [pid 3673] close(27) = -1 EBADF (Bad file descriptor) [pid 3673] close(28) = -1 EBADF (Bad file descriptor) [pid 3673] close(29) = -1 EBADF (Bad file descriptor) [pid 3673] exit_group(0 [pid 3675] <... futex resumed>) = ? [pid 3674] <... futex resumed>) = ? [pid 3673] <... exit_group resumed>) = ? [pid 3675] +++ exited with 0 +++ [pid 3674] +++ exited with 0 +++ [pid 3673] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=39} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3676 attached , child_tidptr=0x5555568505d0) = 64 [pid 3676] set_robust_list(0x5555568505e0, 24) = 0 [pid 3676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3676] setpgid(0, 0) = 0 [pid 3676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3676] write(3, "1000", 4) = 4 [pid 3676] close(3) = 0 [pid 3676] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3676] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3676] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3676] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3677 attached , parent_tid=[65], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 65 [pid 3677] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3677] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3676] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3677] <... futex resumed>) = 0 [pid 3677] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3676] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3677] <... openat resumed>) = 3 [pid 3677] write(3, "4", 1) = 1 [pid 3677] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3676] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3676] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3676] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3676] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[66], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 66 [ 57.678092][ T3677] FAULT_INJECTION: forcing a failure. [ 57.678092][ T3677] name failslab, interval 1, probability 0, space 0, times 0 [ 57.690743][ T3677] CPU: 0 PID: 3677 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 57.701235][ T3677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.711300][ T3677] Call Trace: [ 57.714674][ T3677] [ 57.717589][ T3677] dump_stack_lvl+0x1e3/0x2cb [ 57.722344][ T3677] ? bfq_pos_tree_add_move+0x436/0x436 [pid 3676] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3678 attached [pid 3678] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3678] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3678] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] <... futex resumed>) = 0 [pid 3676] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3678] <... futex resumed>) = 1 [pid 3678] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3678] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] <... futex resumed>) = 0 [pid 3676] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3678] <... futex resumed>) = 1 [pid 3678] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3678] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] <... futex resumed>) = 0 [pid 3676] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3678] <... futex resumed>) = 1 [pid 3678] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3678] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3676] <... futex resumed>) = 0 [pid 3678] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3676] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.727795][ T3677] ? panic+0x76e/0x76e [ 57.731879][ T3677] ? validate_chain+0x126/0x65c0 [ 57.736834][ T3677] ? rcu_lock_release+0x5/0x20 [ 57.741613][ T3677] should_fail+0x384/0x4b0 [ 57.746022][ T3677] ? hsr_add_node+0x65/0x830 [ 57.750600][ T3677] should_failslab+0x5/0x20 [ 57.755088][ T3677] kmem_cache_alloc_trace+0x68/0x310 [ 57.760361][ T3677] hsr_add_node+0x65/0x830 [ 57.764765][ T3677] ? hsr_mac_hash+0x1f/0x270 [ 57.769352][ T3677] hsr_forward_skb+0x37f/0x2150 [ 57.774219][ T3677] ? prp_fill_frame_info+0x5b0/0x5b0 [ 57.779509][ T3677] ? hsr_addr_is_self+0x160/0x2b0 [ 57.784541][ T3677] hsr_handle_frame+0x4fd/0x6b0 [ 57.789399][ T3677] ? hsr_port_exists+0x50/0x50 [ 57.794176][ T3677] __netif_receive_skb_core+0x1448/0x3bc0 [ 57.799911][ T3677] ? trace_netif_rx+0x260/0x260 [ 57.804755][ T3677] __netif_receive_skb+0x11a/0x500 [ 57.809854][ T3677] ? read_lock_is_recursive+0x10/0x10 [ 57.815216][ T3677] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 57.820505][ T3677] ? __netif_receive_skb_list_core+0x930/0x930 [ 57.826678][ T3677] netif_receive_skb_internal+0x108/0x360 [ 57.832533][ T3677] ? trace_netif_receive_skb_entry+0x260/0x260 [ 57.838697][ T3677] ? rcu_read_lock_sched_held+0x89/0x130 [ 57.844338][ T3677] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 57.850311][ T3677] netif_receive_skb+0x19/0x30 [ 57.855063][ T3677] tun_rx_batched+0x777/0x920 [ 57.859742][ T3677] ? read_lock_is_recursive+0x10/0x10 [ 57.865127][ T3677] ? local_bh_enable+0x20/0x20 [ 57.869896][ T3677] ? rcu_lock_release+0x5/0x20 [ 57.874646][ T3677] tun_get_user+0x1b5a/0x2540 [ 57.879320][ T3677] ? tun_ring_recv+0xcc0/0xcc0 [ 57.884074][ T3677] ? __lock_acquire+0x1f80/0x1f80 [ 57.889109][ T3677] tun_chr_write_iter+0x10a/0x1e0 [ 57.894127][ T3677] vfs_write+0xa22/0xd40 [ 57.898376][ T3677] ? __lock_acquire+0x1f80/0x1f80 [ 57.903404][ T3677] ? file_end_write+0x230/0x230 [ 57.908250][ T3677] ? print_irqtrace_events+0x220/0x220 [ 57.913720][ T3677] ? __fget_files+0x3d0/0x440 [ 57.918406][ T3677] ? __fdget_pos+0x1d7/0x2e0 [ 57.922987][ T3677] ? ksys_write+0x77/0x2c0 [ 57.927417][ T3677] ksys_write+0x19b/0x2c0 [ 57.931760][ T3677] ? print_irqtrace_events+0x220/0x220 [ 57.937229][ T3677] ? __ia32_sys_read+0x80/0x80 [ 57.941980][ T3677] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 57.947954][ T3677] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 57.953944][ T3677] do_syscall_64+0x2b/0x70 [ 57.958347][ T3677] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.964228][ T3677] RIP: 0033:0x7f6b12c241ff [ 57.968627][ T3677] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 57.988222][ T3677] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 57.996647][ T3677] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 58.004624][ T3677] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 58.012606][ T3677] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 58.020574][ T3677] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3676] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3676] close(3) = 0 [pid 3676] close(4) = 0 [pid 3676] close(5) = 0 [pid 3676] close(6) = -1 EBADF (Bad file descriptor) [pid 3676] close(7) = -1 EBADF (Bad file descriptor) [pid 3676] close(8) = -1 EBADF (Bad file descriptor) [pid 3676] close(9) = -1 EBADF (Bad file descriptor) [pid 3676] close(10) = -1 EBADF (Bad file descriptor) [pid 3676] close(11) = -1 EBADF (Bad file descriptor) [pid 3676] close(12) = -1 EBADF (Bad file descriptor) [pid 3676] close(13) = -1 EBADF (Bad file descriptor) [pid 3676] close(14) = -1 EBADF (Bad file descriptor) [pid 3676] close(15) = -1 EBADF (Bad file descriptor) [pid 3676] close(16) = -1 EBADF (Bad file descriptor) [pid 3676] close(17) = -1 EBADF (Bad file descriptor) [pid 3676] close(18) = -1 EBADF (Bad file descriptor) [pid 3676] close(19) = -1 EBADF (Bad file descriptor) [pid 3676] close(20) = -1 EBADF (Bad file descriptor) [pid 3676] close(21) = -1 EBADF (Bad file descriptor) [pid 3676] close(22) = -1 EBADF (Bad file descriptor) [pid 3676] close(23) = -1 EBADF (Bad file descriptor) [pid 3676] close(24) = -1 EBADF (Bad file descriptor) [pid 3676] close(25) = -1 EBADF (Bad file descriptor) [pid 3676] close(26) = -1 EBADF (Bad file descriptor) [pid 3676] close(27) = -1 EBADF (Bad file descriptor) [pid 3676] close(28) = -1 EBADF (Bad file descriptor) [pid 3676] close(29) = -1 EBADF (Bad file descriptor) [pid 3676] exit_group(0) = ? [pid 3677] <... write resumed>) = ? [pid 3677] +++ exited with 0 +++ [ 58.028535][ T3677] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 58.036513][ T3677] [pid 3678] <... sendmsg resumed>) = ? [pid 3678] +++ exited with 0 +++ [pid 3676] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3679 attached , child_tidptr=0x5555568505d0) = 67 [pid 3679] set_robust_list(0x5555568505e0, 24) = 0 [pid 3679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3679] setpgid(0, 0) = 0 [pid 3679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3679] write(3, "1000", 4) = 4 [pid 3679] close(3) = 0 [pid 3679] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3679] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3679] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3679] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3680 attached , parent_tid=[68], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 68 [pid 3679] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3680] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3680] write(3, "4", 1) = 1 [ 58.114773][ T3680] FAULT_INJECTION: forcing a failure. [ 58.114773][ T3680] name failslab, interval 1, probability 0, space 0, times 0 [ 58.127521][ T3680] CPU: 0 PID: 3680 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 58.138091][ T3680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.148142][ T3680] Call Trace: [ 58.151416][ T3680] [ 58.154339][ T3680] dump_stack_lvl+0x1e3/0x2cb [ 58.159027][ T3680] ? bfq_pos_tree_add_move+0x436/0x436 [ 58.164502][ T3680] ? panic+0x76e/0x76e [ 58.168570][ T3680] ? validate_chain+0x126/0x65c0 [ 58.173520][ T3680] ? rcu_lock_release+0x5/0x20 [ 58.178281][ T3680] should_fail+0x384/0x4b0 [ 58.182693][ T3680] ? hsr_add_node+0x65/0x830 [ 58.187275][ T3680] should_failslab+0x5/0x20 [ 58.191769][ T3680] kmem_cache_alloc_trace+0x68/0x310 [ 58.197047][ T3680] hsr_add_node+0x65/0x830 [ 58.201456][ T3680] ? hsr_mac_hash+0x1f/0x270 [ 58.206033][ T3680] hsr_forward_skb+0x37f/0x2150 [ 58.210884][ T3680] ? prp_fill_frame_info+0x5b0/0x5b0 [ 58.216165][ T3680] ? hsr_addr_is_self+0x160/0x2b0 [ 58.221180][ T3680] hsr_handle_frame+0x4fd/0x6b0 [ 58.226057][ T3680] ? hsr_port_exists+0x50/0x50 [ 58.230829][ T3680] __netif_receive_skb_core+0x1448/0x3bc0 [ 58.236559][ T3680] ? trace_netif_rx+0x260/0x260 [ 58.241601][ T3680] __netif_receive_skb+0x11a/0x500 [ 58.246703][ T3680] ? read_lock_is_recursive+0x10/0x10 [ 58.252062][ T3680] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 58.257334][ T3680] ? __netif_receive_skb_list_core+0x930/0x930 [ 58.263488][ T3680] netif_receive_skb_internal+0x108/0x360 [ 58.269197][ T3680] ? trace_netif_receive_skb_entry+0x260/0x260 [ 58.275333][ T3680] ? rcu_read_lock_sched_held+0x89/0x130 [ 58.280951][ T3680] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 58.287031][ T3680] netif_receive_skb+0x19/0x30 [ 58.291799][ T3680] tun_rx_batched+0x777/0x920 [ 58.296488][ T3680] ? read_lock_is_recursive+0x10/0x10 [ 58.301875][ T3680] ? local_bh_enable+0x20/0x20 [ 58.306637][ T3680] ? rcu_lock_release+0x5/0x20 [ 58.311398][ T3680] tun_get_user+0x1b5a/0x2540 [ 58.316081][ T3680] ? tun_ring_recv+0xcc0/0xcc0 [ 58.320845][ T3680] ? __lock_acquire+0x1f80/0x1f80 [ 58.325897][ T3680] tun_chr_write_iter+0x10a/0x1e0 [ 58.330958][ T3680] vfs_write+0xa22/0xd40 [ 58.335197][ T3680] ? __lock_acquire+0x1f80/0x1f80 [ 58.340326][ T3680] ? file_end_write+0x230/0x230 [ 58.345166][ T3680] ? print_irqtrace_events+0x220/0x220 [ 58.350628][ T3680] ? __fget_files+0x3d0/0x440 [ 58.355320][ T3680] ? __fdget_pos+0x1d7/0x2e0 [ 58.359905][ T3680] ? ksys_write+0x77/0x2c0 [ 58.364327][ T3680] ksys_write+0x19b/0x2c0 [ 58.368648][ T3680] ? print_irqtrace_events+0x220/0x220 [ 58.374097][ T3680] ? __ia32_sys_read+0x80/0x80 [ 58.378845][ T3680] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 58.384815][ T3680] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 58.390781][ T3680] do_syscall_64+0x2b/0x70 [ 58.395183][ T3680] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 58.401073][ T3680] RIP: 0033:0x7f6b12c241ff [ 58.405560][ T3680] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 58.425159][ T3680] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 58.433585][ T3680] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 58.441558][ T3680] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 58.449521][ T3680] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 58.457485][ T3680] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3680] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3679] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3679] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3679] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3679] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[69], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 69 [pid 3679] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3681 attached [pid 3680] <... write resumed>) = 14 [pid 3681] set_robust_list(0x7f6b12bf09e0, 24 [pid 3680] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3681] <... set_robust_list resumed>) = 0 [pid 3680] <... futex resumed>) = 0 [pid 3681] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3680] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] <... socket resumed>) = 4 [pid 3681] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3679] <... futex resumed>) = 0 [pid 3681] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3679] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3680] <... futex resumed>) = 0 [pid 3679] <... futex resumed>) = 1 [pid 3680] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3679] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3680] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3679] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3680] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3679] <... futex resumed>) = 0 [pid 3680] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3679] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] <... socket resumed>) = 5 [pid 3680] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3679] <... futex resumed>) = 0 [pid 3680] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3679] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3680] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3679] <... futex resumed>) = 0 [pid 3680] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3679] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3680] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3679] <... futex resumed>) = 0 [pid 3680] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3679] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3680] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3679] <... futex resumed>) = 0 [pid 3680] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 58.465441][ T3680] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 58.473410][ T3680] [pid 3679] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] <... sendmsg resumed>) = 64 [pid 3680] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... futex resumed>) = 0 [pid 3680] <... futex resumed>) = 1 [pid 3679] close(3 [pid 3680] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3679] <... close resumed>) = 0 [pid 3679] close(4) = 0 [pid 3679] close(5) = 0 [pid 3679] close(6) = -1 EBADF (Bad file descriptor) [pid 3679] close(7) = -1 EBADF (Bad file descriptor) [pid 3679] close(8) = -1 EBADF (Bad file descriptor) [pid 3679] close(9) = -1 EBADF (Bad file descriptor) [pid 3679] close(10) = -1 EBADF (Bad file descriptor) [pid 3679] close(11) = -1 EBADF (Bad file descriptor) [pid 3679] close(12) = -1 EBADF (Bad file descriptor) [pid 3679] close(13) = -1 EBADF (Bad file descriptor) [pid 3679] close(14) = -1 EBADF (Bad file descriptor) [pid 3679] close(15) = -1 EBADF (Bad file descriptor) [pid 3679] close(16) = -1 EBADF (Bad file descriptor) [pid 3679] close(17) = -1 EBADF (Bad file descriptor) [pid 3679] close(18) = -1 EBADF (Bad file descriptor) [pid 3679] close(19) = -1 EBADF (Bad file descriptor) [pid 3679] close(20) = -1 EBADF (Bad file descriptor) [pid 3679] close(21) = -1 EBADF (Bad file descriptor) [pid 3679] close(22) = -1 EBADF (Bad file descriptor) [pid 3679] close(23) = -1 EBADF (Bad file descriptor) [pid 3679] close(24) = -1 EBADF (Bad file descriptor) [pid 3679] close(25) = -1 EBADF (Bad file descriptor) [pid 3679] close(26) = -1 EBADF (Bad file descriptor) [pid 3679] close(27) = -1 EBADF (Bad file descriptor) [pid 3679] close(28) = -1 EBADF (Bad file descriptor) [pid 3679] close(29) = -1 EBADF (Bad file descriptor) [pid 3679] exit_group(0 [pid 3680] <... futex resumed>) = ? [pid 3679] <... exit_group resumed>) = ? [pid 3681] <... futex resumed>) = 231 [pid 3680] +++ exited with 0 +++ [pid 3681] +++ exited with 0 +++ [pid 3679] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3682 attached , child_tidptr=0x5555568505d0) = 70 [pid 3682] set_robust_list(0x5555568505e0, 24) = 0 [pid 3682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3682] setpgid(0, 0) = 0 [pid 3682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3682] write(3, "1000", 4) = 4 [pid 3682] close(3) = 0 [pid 3682] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3682] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3682] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3682] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3683 attached , parent_tid=[71], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 71 [pid 3683] set_robust_list(0x7f6b12c119e0, 24 [pid 3682] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3683] <... set_robust_list resumed>) = 0 [pid 3683] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3682] <... futex resumed>) = 0 [pid 3683] <... openat resumed>) = 3 [pid 3682] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3683] write(3, "4", 1) = 1 [pid 3683] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3682] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3682] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.598801][ T3683] FAULT_INJECTION: forcing a failure. [ 58.598801][ T3683] name failslab, interval 1, probability 0, space 0, times 0 [ 58.611473][ T3683] CPU: 1 PID: 3683 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 58.621959][ T3683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.632001][ T3683] Call Trace: [ 58.635271][ T3683] [ 58.638202][ T3683] dump_stack_lvl+0x1e3/0x2cb [ 58.642891][ T3683] ? bfq_pos_tree_add_move+0x436/0x436 [pid 3682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3682] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3682] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[72], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 72 [pid 3682] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3684 attached [pid 3684] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3684] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3684] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3682] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3684] <... futex resumed>) = 1 [pid 3684] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3684] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3682] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3684] <... futex resumed>) = 1 [pid 3684] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3684] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3682] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3684] <... futex resumed>) = 1 [pid 3684] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3684] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3682] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3684] <... futex resumed>) = 1 [ 58.648343][ T3683] ? panic+0x76e/0x76e [ 58.652426][ T3683] ? validate_chain+0x126/0x65c0 [ 58.657380][ T3683] ? rcu_lock_release+0x5/0x20 [ 58.662163][ T3683] should_fail+0x384/0x4b0 [ 58.666594][ T3683] ? hsr_add_node+0x65/0x830 [ 58.671303][ T3683] should_failslab+0x5/0x20 [ 58.675790][ T3683] kmem_cache_alloc_trace+0x68/0x310 [ 58.681071][ T3683] hsr_add_node+0x65/0x830 [ 58.685495][ T3683] ? hsr_mac_hash+0x1f/0x270 [ 58.690077][ T3683] hsr_forward_skb+0x37f/0x2150 [pid 3684] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3682] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 58.694940][ T3683] ? prp_fill_frame_info+0x5b0/0x5b0 [ 58.700235][ T3683] ? hsr_addr_is_self+0x160/0x2b0 [ 58.705249][ T3683] hsr_handle_frame+0x4fd/0x6b0 [ 58.710094][ T3683] ? hsr_port_exists+0x50/0x50 [ 58.714850][ T3683] __netif_receive_skb_core+0x1448/0x3bc0 [ 58.720590][ T3683] ? trace_netif_rx+0x260/0x260 [ 58.725443][ T3683] __netif_receive_skb+0x11a/0x500 [ 58.730551][ T3683] ? read_lock_is_recursive+0x10/0x10 [ 58.735936][ T3683] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 58.741239][ T3683] ? __netif_receive_skb_list_core+0x930/0x930 [ 58.747427][ T3683] netif_receive_skb_internal+0x108/0x360 [ 58.753135][ T3683] ? trace_netif_receive_skb_entry+0x260/0x260 [ 58.759271][ T3683] ? rcu_read_lock_sched_held+0x89/0x130 [ 58.764895][ T3683] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 58.770964][ T3683] netif_receive_skb+0x19/0x30 [ 58.775732][ T3683] tun_rx_batched+0x777/0x920 [ 58.780397][ T3683] ? read_lock_is_recursive+0x10/0x10 [ 58.785754][ T3683] ? local_bh_enable+0x20/0x20 [ 58.790591][ T3683] ? rcu_lock_release+0x5/0x20 [ 58.795356][ T3683] tun_get_user+0x1b5a/0x2540 [ 58.800044][ T3683] ? tun_ring_recv+0xcc0/0xcc0 [ 58.804794][ T3683] ? __lock_acquire+0x1f80/0x1f80 [ 58.809836][ T3683] tun_chr_write_iter+0x10a/0x1e0 [ 58.814867][ T3683] vfs_write+0xa22/0xd40 [ 58.819092][ T3683] ? __lock_acquire+0x1f80/0x1f80 [ 58.824134][ T3683] ? file_end_write+0x230/0x230 [ 58.828983][ T3683] ? print_irqtrace_events+0x220/0x220 [ 58.834426][ T3683] ? __fget_files+0x3d0/0x440 [ 58.839095][ T3683] ? __fdget_pos+0x1d7/0x2e0 [ 58.843666][ T3683] ? ksys_write+0x77/0x2c0 [pid 3682] close(3) = 0 [pid 3682] close(4) = 0 [pid 3682] close(5) = 0 [pid 3682] close(6) = -1 EBADF (Bad file descriptor) [pid 3682] close(7) = -1 EBADF (Bad file descriptor) [pid 3682] close(8) = -1 EBADF (Bad file descriptor) [pid 3682] close(9) = -1 EBADF (Bad file descriptor) [pid 3682] close(10) = -1 EBADF (Bad file descriptor) [pid 3682] close(11) = -1 EBADF (Bad file descriptor) [pid 3682] close(12) = -1 EBADF (Bad file descriptor) [pid 3682] close(13) = -1 EBADF (Bad file descriptor) [pid 3682] close(14) = -1 EBADF (Bad file descriptor) [pid 3682] close(15) = -1 EBADF (Bad file descriptor) [pid 3682] close(16) = -1 EBADF (Bad file descriptor) [pid 3682] close(17) = -1 EBADF (Bad file descriptor) [pid 3682] close(18) = -1 EBADF (Bad file descriptor) [pid 3682] close(19) = -1 EBADF (Bad file descriptor) [pid 3682] close(20) = -1 EBADF (Bad file descriptor) [pid 3682] close(21) = -1 EBADF (Bad file descriptor) [pid 3682] close(22) = -1 EBADF (Bad file descriptor) [pid 3682] close(23) = -1 EBADF (Bad file descriptor) [pid 3682] close(24) = -1 EBADF (Bad file descriptor) [pid 3682] close(25) = -1 EBADF (Bad file descriptor) [pid 3682] close(26) = -1 EBADF (Bad file descriptor) [pid 3682] close(27) = -1 EBADF (Bad file descriptor) [pid 3682] close(28) = -1 EBADF (Bad file descriptor) [pid 3682] close(29) = -1 EBADF (Bad file descriptor) [pid 3682] exit_group(0) = ? [ 58.848072][ T3683] ksys_write+0x19b/0x2c0 [ 58.852403][ T3683] ? print_irqtrace_events+0x220/0x220 [ 58.857871][ T3683] ? __ia32_sys_read+0x80/0x80 [ 58.862641][ T3683] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 58.868726][ T3683] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 58.874724][ T3683] do_syscall_64+0x2b/0x70 [ 58.879155][ T3683] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 58.885056][ T3683] RIP: 0033:0x7f6b12c241ff [ 58.889460][ T3683] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 58.909158][ T3683] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 58.917572][ T3683] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 58.925535][ T3683] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 58.933673][ T3683] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 58.941647][ T3683] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3683] <... write resumed>) = ? [pid 3683] +++ exited with 0 +++ [pid 3684] <... sendmsg resumed>) = ? [pid 3684] +++ exited with 0 +++ [pid 3682] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=70, si_uid=0, si_status=0, si_utime=0, si_stime=39} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3685 attached [ 58.949611][ T3683] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 58.957590][ T3683] , child_tidptr=0x5555568505d0) = 73 [pid 3685] set_robust_list(0x5555568505e0, 24) = 0 [pid 3685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3685] setpgid(0, 0) = 0 [pid 3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3685] write(3, "1000", 4) = 4 [pid 3685] close(3) = 0 [pid 3685] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3685] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3685] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3685] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[74], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 74 [pid 3685] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3686 attached [pid 3686] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3686] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3686] write(3, "4", 1) = 1 [ 59.021948][ T3686] FAULT_INJECTION: forcing a failure. [ 59.021948][ T3686] name failslab, interval 1, probability 0, space 0, times 0 [ 59.034611][ T3686] CPU: 1 PID: 3686 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 59.045109][ T3686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.055169][ T3686] Call Trace: [ 59.058454][ T3686] [ 59.061373][ T3686] dump_stack_lvl+0x1e3/0x2cb [ 59.066050][ T3686] ? bfq_pos_tree_add_move+0x436/0x436 [ 59.071500][ T3686] ? panic+0x76e/0x76e [ 59.075902][ T3686] ? validate_chain+0x126/0x65c0 [ 59.080833][ T3686] ? rcu_lock_release+0x5/0x20 [ 59.085600][ T3686] should_fail+0x384/0x4b0 [ 59.090013][ T3686] ? hsr_add_node+0x65/0x830 [ 59.094608][ T3686] should_failslab+0x5/0x20 [ 59.099097][ T3686] kmem_cache_alloc_trace+0x68/0x310 [ 59.104495][ T3686] hsr_add_node+0x65/0x830 [ 59.108932][ T3686] ? hsr_mac_hash+0x1f/0x270 [ 59.113513][ T3686] hsr_forward_skb+0x37f/0x2150 [ 59.118364][ T3686] ? prp_fill_frame_info+0x5b0/0x5b0 [ 59.123646][ T3686] ? hsr_addr_is_self+0x160/0x2b0 [ 59.128667][ T3686] hsr_handle_frame+0x4fd/0x6b0 [ 59.133528][ T3686] ? hsr_port_exists+0x50/0x50 [ 59.138290][ T3686] __netif_receive_skb_core+0x1448/0x3bc0 [ 59.144041][ T3686] ? trace_netif_rx+0x260/0x260 [ 59.148906][ T3686] __netif_receive_skb+0x11a/0x500 [ 59.154008][ T3686] ? read_lock_is_recursive+0x10/0x10 [ 59.159387][ T3686] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 59.164677][ T3686] ? __netif_receive_skb_list_core+0x930/0x930 [ 59.170836][ T3686] netif_receive_skb_internal+0x108/0x360 [ 59.176547][ T3686] ? trace_netif_receive_skb_entry+0x260/0x260 [ 59.182690][ T3686] ? rcu_read_lock_sched_held+0x89/0x130 [ 59.188323][ T3686] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 59.194317][ T3686] netif_receive_skb+0x19/0x30 [ 59.199074][ T3686] tun_rx_batched+0x777/0x920 [ 59.203869][ T3686] ? read_lock_is_recursive+0x10/0x10 [ 59.209257][ T3686] ? local_bh_enable+0x20/0x20 [ 59.214042][ T3686] ? rcu_lock_release+0x5/0x20 [ 59.218918][ T3686] tun_get_user+0x1b5a/0x2540 [ 59.223613][ T3686] ? tun_ring_recv+0xcc0/0xcc0 [ 59.228392][ T3686] ? __lock_acquire+0x1f80/0x1f80 [ 59.233422][ T3686] tun_chr_write_iter+0x10a/0x1e0 [ 59.238453][ T3686] vfs_write+0xa22/0xd40 [ 59.242682][ T3686] ? __lock_acquire+0x1f80/0x1f80 [ 59.247705][ T3686] ? file_end_write+0x230/0x230 [ 59.252616][ T3686] ? print_irqtrace_events+0x220/0x220 [ 59.258076][ T3686] ? __fget_files+0x3d0/0x440 [ 59.262753][ T3686] ? __fdget_pos+0x1d7/0x2e0 [ 59.267339][ T3686] ? ksys_write+0x77/0x2c0 [ 59.271778][ T3686] ksys_write+0x19b/0x2c0 [ 59.276213][ T3686] ? print_irqtrace_events+0x220/0x220 [ 59.281685][ T3686] ? __ia32_sys_read+0x80/0x80 [ 59.286454][ T3686] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 59.293041][ T3686] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 59.299027][ T3686] do_syscall_64+0x2b/0x70 [ 59.303442][ T3686] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 59.309504][ T3686] RIP: 0033:0x7f6b12c241ff [ 59.313917][ T3686] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 59.333597][ T3686] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 59.342010][ T3686] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 59.350108][ T3686] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 59.358080][ T3686] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [pid 3686] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3685] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3685] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... write resumed>) = 14 [pid 3685] <... futex resumed>) = 0 [pid 3686] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3685] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3685] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3687 attached , parent_tid=[75], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 75 [pid 3685] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] set_robust_list(0x7f6b12bf09e0, 24 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... set_robust_list resumed>) = 0 [pid 3687] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3687] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... futex resumed>) = 0 [pid 3687] <... futex resumed>) = 1 [pid 3686] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3687] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3686] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3686] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3686] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3686] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 59.366059][ T3686] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 59.374020][ T3686] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 59.382011][ T3686] [pid 3686] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3685] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3686] <... sendmsg resumed>) = 64 [pid 3686] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] close(3) = 0 [pid 3685] close(4) = 0 [pid 3685] close(5) = 0 [pid 3685] close(6) = -1 EBADF (Bad file descriptor) [pid 3685] close(7) = -1 EBADF (Bad file descriptor) [pid 3685] close(8) = -1 EBADF (Bad file descriptor) [pid 3685] close(9) = -1 EBADF (Bad file descriptor) [pid 3685] close(10) = -1 EBADF (Bad file descriptor) [pid 3685] close(11) = -1 EBADF (Bad file descriptor) [pid 3685] close(12) = -1 EBADF (Bad file descriptor) [pid 3685] close(13) = -1 EBADF (Bad file descriptor) [pid 3685] close(14) = -1 EBADF (Bad file descriptor) [pid 3685] close(15) = -1 EBADF (Bad file descriptor) [pid 3685] close(16) = -1 EBADF (Bad file descriptor) [pid 3685] close(17) = -1 EBADF (Bad file descriptor) [pid 3685] close(18) = -1 EBADF (Bad file descriptor) [pid 3685] close(19) = -1 EBADF (Bad file descriptor) [pid 3685] close(20) = -1 EBADF (Bad file descriptor) [pid 3685] close(21) = -1 EBADF (Bad file descriptor) [pid 3685] close(22) = -1 EBADF (Bad file descriptor) [pid 3685] close(23) = -1 EBADF (Bad file descriptor) [pid 3685] close(24) = -1 EBADF (Bad file descriptor) [pid 3685] close(25) = -1 EBADF (Bad file descriptor) [pid 3685] close(26) = -1 EBADF (Bad file descriptor) [pid 3685] close(27) = -1 EBADF (Bad file descriptor) [pid 3685] close(28) = -1 EBADF (Bad file descriptor) [pid 3685] close(29) = -1 EBADF (Bad file descriptor) [pid 3685] exit_group(0) = ? [pid 3687] <... futex resumed>) = ? [pid 3687] +++ exited with 0 +++ [pid 3686] <... futex resumed>) = ? [pid 3686] +++ exited with 0 +++ [pid 3685] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=73, si_uid=0, si_status=0, si_utime=0, si_stime=39} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 76 ./strace-static-x86_64: Process 3688 attached [pid 3688] set_robust_list(0x5555568505e0, 24) = 0 [pid 3688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3688] setpgid(0, 0) = 0 [pid 3688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3688] write(3, "1000", 4) = 4 [pid 3688] close(3) = 0 [pid 3688] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3688] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3688] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3688] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3689 attached , parent_tid=[77], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 77 [pid 3689] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3688] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3689] write(3, "4", 1) = 1 [ 59.477806][ T3689] FAULT_INJECTION: forcing a failure. [ 59.477806][ T3689] name failslab, interval 1, probability 0, space 0, times 0 [ 59.490475][ T3689] CPU: 1 PID: 3689 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 59.501062][ T3689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.511106][ T3689] Call Trace: [ 59.514378][ T3689] [ 59.517304][ T3689] dump_stack_lvl+0x1e3/0x2cb [ 59.521982][ T3689] ? bfq_pos_tree_add_move+0x436/0x436 [ 59.527434][ T3689] ? panic+0x76e/0x76e [ 59.531496][ T3689] ? validate_chain+0x126/0x65c0 [ 59.536423][ T3689] ? rcu_lock_release+0x5/0x20 [ 59.541178][ T3689] should_fail+0x384/0x4b0 [ 59.545591][ T3689] ? hsr_add_node+0x65/0x830 [ 59.550167][ T3689] should_failslab+0x5/0x20 [ 59.554658][ T3689] kmem_cache_alloc_trace+0x68/0x310 [ 59.559938][ T3689] hsr_add_node+0x65/0x830 [ 59.564365][ T3689] ? hsr_mac_hash+0x1f/0x270 [ 59.568945][ T3689] hsr_forward_skb+0x37f/0x2150 [ 59.573798][ T3689] ? prp_fill_frame_info+0x5b0/0x5b0 [ 59.579077][ T3689] ? hsr_addr_is_self+0x160/0x2b0 [ 59.584088][ T3689] hsr_handle_frame+0x4fd/0x6b0 [ 59.588927][ T3689] ? hsr_port_exists+0x50/0x50 [ 59.593687][ T3689] __netif_receive_skb_core+0x1448/0x3bc0 [ 59.599407][ T3689] ? trace_netif_rx+0x260/0x260 [ 59.604261][ T3689] __netif_receive_skb+0x11a/0x500 [ 59.609359][ T3689] ? read_lock_is_recursive+0x10/0x10 [ 59.614716][ T3689] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 59.619991][ T3689] ? __netif_receive_skb_list_core+0x930/0x930 [ 59.626148][ T3689] netif_receive_skb_internal+0x108/0x360 [ 59.631866][ T3689] ? trace_netif_receive_skb_entry+0x260/0x260 [ 59.638006][ T3689] ? rcu_read_lock_sched_held+0x89/0x130 [ 59.643631][ T3689] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 59.649607][ T3689] netif_receive_skb+0x19/0x30 [ 59.654356][ T3689] tun_rx_batched+0x777/0x920 [ 59.659023][ T3689] ? read_lock_is_recursive+0x10/0x10 [ 59.664384][ T3689] ? local_bh_enable+0x20/0x20 [ 59.669224][ T3689] ? rcu_lock_release+0x5/0x20 [ 59.673980][ T3689] tun_get_user+0x1b5a/0x2540 [ 59.678663][ T3689] ? tun_ring_recv+0xcc0/0xcc0 [ 59.683413][ T3689] ? __lock_acquire+0x1f80/0x1f80 [ 59.688440][ T3689] tun_chr_write_iter+0x10a/0x1e0 [ 59.693454][ T3689] vfs_write+0xa22/0xd40 [ 59.697683][ T3689] ? __lock_acquire+0x1f80/0x1f80 [ 59.702706][ T3689] ? file_end_write+0x230/0x230 [ 59.707635][ T3689] ? print_irqtrace_events+0x220/0x220 [ 59.713088][ T3689] ? __fget_files+0x3d0/0x440 [ 59.717756][ T3689] ? __fdget_pos+0x1d7/0x2e0 [ 59.722329][ T3689] ? ksys_write+0x77/0x2c0 [ 59.726731][ T3689] ksys_write+0x19b/0x2c0 [ 59.731044][ T3689] ? print_irqtrace_events+0x220/0x220 [ 59.736496][ T3689] ? __ia32_sys_read+0x80/0x80 [ 59.741249][ T3689] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 59.747218][ T3689] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 59.753185][ T3689] do_syscall_64+0x2b/0x70 [ 59.757586][ T3689] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 59.763466][ T3689] RIP: 0033:0x7f6b12c241ff [ 59.767868][ T3689] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 59.787632][ T3689] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 59.796032][ T3689] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 59.804856][ T3689] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 59.812810][ T3689] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 59.820768][ T3689] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3689] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [pid 3689] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3689] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... futex resumed>) = 0 [pid 3689] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3689] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... futex resumed>) = 1 [pid 3689] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3689] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... futex resumed>) = 1 [pid 3689] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3689] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3689] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3689] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3688] <... futex resumed>) = 0 [pid 3689] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3688] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3689] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3689] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3689] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3688] <... futex resumed>) = 0 [pid 3689] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 59.828724][ T3689] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 59.836691][ T3689] [pid 3688] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... sendmsg resumed>) = 64 [pid 3689] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3689] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] close(3) = 0 [pid 3688] close(4) = 0 [pid 3688] close(5) = 0 [pid 3688] close(6) = -1 EBADF (Bad file descriptor) [pid 3688] close(7) = -1 EBADF (Bad file descriptor) [pid 3688] close(8) = -1 EBADF (Bad file descriptor) [pid 3688] close(9) = -1 EBADF (Bad file descriptor) [pid 3688] close(10) = -1 EBADF (Bad file descriptor) [pid 3688] close(11) = -1 EBADF (Bad file descriptor) [pid 3688] close(12) = -1 EBADF (Bad file descriptor) [pid 3688] close(13) = -1 EBADF (Bad file descriptor) [pid 3688] close(14) = -1 EBADF (Bad file descriptor) [pid 3688] close(15) = -1 EBADF (Bad file descriptor) [pid 3688] close(16) = -1 EBADF (Bad file descriptor) [pid 3688] close(17) = -1 EBADF (Bad file descriptor) [pid 3688] close(18) = -1 EBADF (Bad file descriptor) [pid 3688] close(19) = -1 EBADF (Bad file descriptor) [pid 3688] close(20) = -1 EBADF (Bad file descriptor) [pid 3688] close(21) = -1 EBADF (Bad file descriptor) [pid 3688] close(22) = -1 EBADF (Bad file descriptor) [pid 3688] close(23) = -1 EBADF (Bad file descriptor) [pid 3688] close(24) = -1 EBADF (Bad file descriptor) [pid 3688] close(25) = -1 EBADF (Bad file descriptor) [pid 3688] close(26) = -1 EBADF (Bad file descriptor) [pid 3688] close(27) = -1 EBADF (Bad file descriptor) [pid 3688] close(28) = -1 EBADF (Bad file descriptor) [pid 3688] close(29) = -1 EBADF (Bad file descriptor) [pid 3688] exit_group(0 [pid 3689] <... futex resumed>) = ? [pid 3688] <... exit_group resumed>) = ? [pid 3689] +++ exited with 0 +++ [pid 3688] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=76, si_uid=0, si_status=0, si_utime=0, si_stime=37} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 78 ./strace-static-x86_64: Process 3690 attached [pid 3690] set_robust_list(0x5555568505e0, 24) = 0 [pid 3690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3690] setpgid(0, 0) = 0 [pid 3690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3690] write(3, "1000", 4) = 4 [pid 3690] close(3) = 0 [pid 3690] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3690] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3690] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3690] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3691 attached , parent_tid=[79], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 79 [pid 3690] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3691] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3691] write(3, "4", 1) = 1 [ 59.934918][ T3691] FAULT_INJECTION: forcing a failure. [ 59.934918][ T3691] name failslab, interval 1, probability 0, space 0, times 0 [ 59.947573][ T3691] CPU: 1 PID: 3691 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 59.958055][ T3691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.968100][ T3691] Call Trace: [ 59.971368][ T3691] [ 59.974306][ T3691] dump_stack_lvl+0x1e3/0x2cb [ 59.978989][ T3691] ? bfq_pos_tree_add_move+0x436/0x436 [ 59.984434][ T3691] ? panic+0x76e/0x76e [ 59.988491][ T3691] ? validate_chain+0x126/0x65c0 [ 59.993417][ T3691] ? rcu_lock_release+0x5/0x20 [ 59.998173][ T3691] should_fail+0x384/0x4b0 [ 60.002578][ T3691] ? hsr_add_node+0x65/0x830 [ 60.007158][ T3691] should_failslab+0x5/0x20 [ 60.011649][ T3691] kmem_cache_alloc_trace+0x68/0x310 [ 60.016926][ T3691] hsr_add_node+0x65/0x830 [ 60.021335][ T3691] ? hsr_mac_hash+0x1f/0x270 [ 60.025914][ T3691] hsr_forward_skb+0x37f/0x2150 [ 60.030763][ T3691] ? prp_fill_frame_info+0x5b0/0x5b0 [ 60.036044][ T3691] ? hsr_addr_is_self+0x160/0x2b0 [ 60.041144][ T3691] hsr_handle_frame+0x4fd/0x6b0 [ 60.045988][ T3691] ? hsr_port_exists+0x50/0x50 [ 60.050735][ T3691] __netif_receive_skb_core+0x1448/0x3bc0 [ 60.056451][ T3691] ? trace_netif_rx+0x260/0x260 [ 60.061309][ T3691] __netif_receive_skb+0x11a/0x500 [ 60.066408][ T3691] ? read_lock_is_recursive+0x10/0x10 [ 60.071856][ T3691] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 60.077127][ T3691] ? __netif_receive_skb_list_core+0x930/0x930 [ 60.083284][ T3691] netif_receive_skb_internal+0x108/0x360 [ 60.088993][ T3691] ? trace_netif_receive_skb_entry+0x260/0x260 [ 60.095130][ T3691] ? rcu_read_lock_sched_held+0x89/0x130 [ 60.100745][ T3691] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 60.106721][ T3691] netif_receive_skb+0x19/0x30 [ 60.111471][ T3691] tun_rx_batched+0x777/0x920 [ 60.116135][ T3691] ? read_lock_is_recursive+0x10/0x10 [ 60.121497][ T3691] ? local_bh_enable+0x20/0x20 [ 60.126249][ T3691] ? rcu_lock_release+0x5/0x20 [ 60.131006][ T3691] tun_get_user+0x1b5a/0x2540 [ 60.135774][ T3691] ? tun_ring_recv+0xcc0/0xcc0 [ 60.140523][ T3691] ? __lock_acquire+0x1f80/0x1f80 [ 60.145568][ T3691] tun_chr_write_iter+0x10a/0x1e0 [ 60.150609][ T3691] vfs_write+0xa22/0xd40 [ 60.154861][ T3691] ? __lock_acquire+0x1f80/0x1f80 [ 60.159880][ T3691] ? file_end_write+0x230/0x230 [ 60.164806][ T3691] ? print_irqtrace_events+0x220/0x220 [ 60.170253][ T3691] ? __fget_files+0x3d0/0x440 [ 60.174923][ T3691] ? __fdget_pos+0x1d7/0x2e0 [ 60.179495][ T3691] ? ksys_write+0x77/0x2c0 [ 60.183897][ T3691] ksys_write+0x19b/0x2c0 [ 60.188210][ T3691] ? print_irqtrace_events+0x220/0x220 [ 60.193656][ T3691] ? __ia32_sys_read+0x80/0x80 [ 60.198403][ T3691] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 60.204373][ T3691] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 60.210346][ T3691] do_syscall_64+0x2b/0x70 [ 60.214748][ T3691] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 60.220625][ T3691] RIP: 0033:0x7f6b12c241ff [ 60.225029][ T3691] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 60.244618][ T3691] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 60.253016][ T3691] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 60.260971][ T3691] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 60.268981][ T3691] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 60.277130][ T3691] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3691] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [pid 3691] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] <... futex resumed>) = 0 [pid 3690] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] <... futex resumed>) = 0 [pid 3691] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3690] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... socket resumed>) = 4 [pid 3691] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3690] <... futex resumed>) = 0 [pid 3690] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3691] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3690] <... futex resumed>) = 0 [pid 3691] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3690] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... socket resumed>) = 5 [pid 3690] <... futex resumed>) = 0 [pid 3691] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... futex resumed>) = 0 [pid 3690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3691] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3690] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3690] <... futex resumed>) = 0 [pid 3691] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3690] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3690] <... futex resumed>) = 0 [ 60.285104][ T3691] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 60.293177][ T3691] [pid 3690] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... sendmsg resumed>) = 64 [pid 3691] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] <... futex resumed>) = 0 [pid 3691] <... futex resumed>) = 1 [pid 3691] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] close(3) = 0 [pid 3690] close(4) = 0 [pid 3690] close(5) = 0 [pid 3690] close(6) = -1 EBADF (Bad file descriptor) [pid 3690] close(7) = -1 EBADF (Bad file descriptor) [pid 3690] close(8) = -1 EBADF (Bad file descriptor) [pid 3690] close(9) = -1 EBADF (Bad file descriptor) [pid 3690] close(10) = -1 EBADF (Bad file descriptor) [pid 3690] close(11) = -1 EBADF (Bad file descriptor) [pid 3690] close(12) = -1 EBADF (Bad file descriptor) [pid 3690] close(13) = -1 EBADF (Bad file descriptor) [pid 3690] close(14) = -1 EBADF (Bad file descriptor) [pid 3690] close(15) = -1 EBADF (Bad file descriptor) [pid 3690] close(16) = -1 EBADF (Bad file descriptor) [pid 3690] close(17) = -1 EBADF (Bad file descriptor) [pid 3690] close(18) = -1 EBADF (Bad file descriptor) [pid 3690] close(19) = -1 EBADF (Bad file descriptor) [pid 3690] close(20) = -1 EBADF (Bad file descriptor) [pid 3690] close(21) = -1 EBADF (Bad file descriptor) [pid 3690] close(22) = -1 EBADF (Bad file descriptor) [pid 3690] close(23) = -1 EBADF (Bad file descriptor) [pid 3690] close(24) = -1 EBADF (Bad file descriptor) [pid 3690] close(25) = -1 EBADF (Bad file descriptor) [pid 3690] close(26) = -1 EBADF (Bad file descriptor) [pid 3690] close(27) = -1 EBADF (Bad file descriptor) [pid 3690] close(28) = -1 EBADF (Bad file descriptor) [pid 3690] close(29) = -1 EBADF (Bad file descriptor) [pid 3690] exit_group(0 [pid 3691] <... futex resumed>) = ? [pid 3690] <... exit_group resumed>) = ? [pid 3691] +++ exited with 0 +++ [pid 3690] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=78, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 80 ./strace-static-x86_64: Process 3692 attached [pid 3692] set_robust_list(0x5555568505e0, 24) = 0 [pid 3692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3692] setpgid(0, 0) = 0 [pid 3692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3692] write(3, "1000", 4) = 4 [pid 3692] close(3) = 0 [pid 3692] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3692] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3692] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3692] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[81], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 81 [pid 3692] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3693 attached [pid 3693] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3693] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3693] write(3, "4", 1) = 1 [ 60.373704][ T3693] FAULT_INJECTION: forcing a failure. [ 60.373704][ T3693] name failslab, interval 1, probability 0, space 0, times 0 [ 60.386443][ T3693] CPU: 0 PID: 3693 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 60.396958][ T3693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.407013][ T3693] Call Trace: [ 60.410294][ T3693] [ 60.413212][ T3693] dump_stack_lvl+0x1e3/0x2cb [ 60.417878][ T3693] ? bfq_pos_tree_add_move+0x436/0x436 [ 60.423327][ T3693] ? panic+0x76e/0x76e [ 60.427388][ T3693] ? validate_chain+0x126/0x65c0 [ 60.432339][ T3693] ? rcu_lock_release+0x5/0x20 [ 60.437104][ T3693] should_fail+0x384/0x4b0 [ 60.441506][ T3693] ? hsr_add_node+0x65/0x830 [ 60.446078][ T3693] should_failslab+0x5/0x20 [ 60.450567][ T3693] kmem_cache_alloc_trace+0x68/0x310 [ 60.455880][ T3693] hsr_add_node+0x65/0x830 [ 60.460287][ T3693] ? hsr_mac_hash+0x1f/0x270 [ 60.464863][ T3693] hsr_forward_skb+0x37f/0x2150 [ 60.469799][ T3693] ? prp_fill_frame_info+0x5b0/0x5b0 [ 60.475093][ T3693] ? hsr_addr_is_self+0x160/0x2b0 [ 60.480128][ T3693] hsr_handle_frame+0x4fd/0x6b0 [ 60.484968][ T3693] ? hsr_port_exists+0x50/0x50 [ 60.489724][ T3693] __netif_receive_skb_core+0x1448/0x3bc0 [ 60.495442][ T3693] ? trace_netif_rx+0x260/0x260 [ 60.500286][ T3693] __netif_receive_skb+0x11a/0x500 [ 60.505392][ T3693] ? read_lock_is_recursive+0x10/0x10 [ 60.510768][ T3693] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 60.516055][ T3693] ? __netif_receive_skb_list_core+0x930/0x930 [ 60.522196][ T3693] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 60.528185][ T3693] netif_receive_skb_internal+0x108/0x360 [ 60.534145][ T3693] ? trace_netif_receive_skb_entry+0x260/0x260 [ 60.540289][ T3693] ? rcu_read_lock_sched_held+0x89/0x130 [ 60.545911][ T3693] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 60.551895][ T3693] netif_receive_skb+0x19/0x30 [ 60.556664][ T3693] tun_rx_batched+0x777/0x920 [ 60.561327][ T3693] ? read_lock_is_recursive+0x10/0x10 [ 60.566691][ T3693] ? local_bh_enable+0x20/0x20 [ 60.571479][ T3693] ? rcu_lock_release+0x5/0x20 [ 60.576242][ T3693] tun_get_user+0x1b5a/0x2540 [ 60.580928][ T3693] ? tun_ring_recv+0xcc0/0xcc0 [ 60.585683][ T3693] ? __lock_acquire+0x1f80/0x1f80 [ 60.590731][ T3693] tun_chr_write_iter+0x10a/0x1e0 [ 60.595761][ T3693] vfs_write+0xa22/0xd40 [ 60.599991][ T3693] ? __lock_acquire+0x1f80/0x1f80 [ 60.605010][ T3693] ? file_end_write+0x230/0x230 [ 60.609847][ T3693] ? print_irqtrace_events+0x220/0x220 [ 60.615300][ T3693] ? __fget_files+0x3d0/0x440 [ 60.619965][ T3693] ? __fdget_pos+0x1d7/0x2e0 [ 60.624542][ T3693] ? ksys_write+0x77/0x2c0 [ 60.629050][ T3693] ksys_write+0x19b/0x2c0 [ 60.633372][ T3693] ? print_irqtrace_events+0x220/0x220 [ 60.638817][ T3693] ? __ia32_sys_read+0x80/0x80 [ 60.643577][ T3693] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 60.649559][ T3693] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 60.655535][ T3693] do_syscall_64+0x2b/0x70 [ 60.659942][ T3693] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 60.666015][ T3693] RIP: 0033:0x7f6b12c241ff [ 60.670419][ T3693] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 60.690278][ T3693] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 60.698679][ T3693] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 60.706658][ T3693] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 60.714629][ T3693] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [pid 3693] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [pid 3692] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3693] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3692] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] <... futex resumed>) = 0 [pid 3692] <... futex resumed>) = 0 [pid 3693] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3692] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3692] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[82], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 82 [pid 3692] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3694 attached [pid 3694] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3694] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3694] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3692] <... futex resumed>) = 0 [pid 3692] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... futex resumed>) = 1 [pid 3693] <... futex resumed>) = 0 [pid 3692] <... futex resumed>) = 1 [pid 3693] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3692] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3693] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3692] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3692] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] <... futex resumed>) = 0 [pid 3692] <... futex resumed>) = 1 [pid 3693] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3692] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3693] <... socket resumed>) = 5 [pid 3693] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3692] <... futex resumed>) = 0 [pid 3693] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3692] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3692] <... futex resumed>) = 0 [pid 3693] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3692] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3693] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3693] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3692] <... futex resumed>) = 0 [pid 3693] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3692] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3692] <... futex resumed>) = 0 [pid 3693] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 60.722585][ T3693] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 60.730542][ T3693] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 60.738512][ T3693] [pid 3692] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3693] <... sendmsg resumed>) = 64 [pid 3693] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3692] <... futex resumed>) = 0 [pid 3693] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3692] close(3) = 0 [pid 3692] close(4) = 0 [pid 3692] close(5) = 0 [pid 3692] close(6) = -1 EBADF (Bad file descriptor) [pid 3692] close(7) = -1 EBADF (Bad file descriptor) [pid 3692] close(8) = -1 EBADF (Bad file descriptor) [pid 3692] close(9) = -1 EBADF (Bad file descriptor) [pid 3692] close(10) = -1 EBADF (Bad file descriptor) [pid 3692] close(11) = -1 EBADF (Bad file descriptor) [pid 3692] close(12) = -1 EBADF (Bad file descriptor) [pid 3692] close(13) = -1 EBADF (Bad file descriptor) [pid 3692] close(14) = -1 EBADF (Bad file descriptor) [pid 3692] close(15) = -1 EBADF (Bad file descriptor) [pid 3692] close(16) = -1 EBADF (Bad file descriptor) [pid 3692] close(17) = -1 EBADF (Bad file descriptor) [pid 3692] close(18) = -1 EBADF (Bad file descriptor) [pid 3692] close(19) = -1 EBADF (Bad file descriptor) [pid 3692] close(20) = -1 EBADF (Bad file descriptor) [pid 3692] close(21) = -1 EBADF (Bad file descriptor) [pid 3692] close(22) = -1 EBADF (Bad file descriptor) [pid 3692] close(23) = -1 EBADF (Bad file descriptor) [pid 3692] close(24) = -1 EBADF (Bad file descriptor) [pid 3692] close(25) = -1 EBADF (Bad file descriptor) [pid 3692] close(26) = -1 EBADF (Bad file descriptor) [pid 3692] close(27) = -1 EBADF (Bad file descriptor) [pid 3692] close(28) = -1 EBADF (Bad file descriptor) [pid 3692] close(29) = -1 EBADF (Bad file descriptor) [pid 3692] exit_group(0 [pid 3694] <... futex resumed>) = ? [pid 3693] <... futex resumed>) = ? [pid 3692] <... exit_group resumed>) = ? [pid 3694] +++ exited with 0 +++ [pid 3693] +++ exited with 0 +++ [pid 3692] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=80, si_uid=0, si_status=0, si_utime=0, si_stime=38} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 83 ./strace-static-x86_64: Process 3695 attached [pid 3695] set_robust_list(0x5555568505e0, 24) = 0 [pid 3695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3695] setpgid(0, 0) = 0 [pid 3695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3695] write(3, "1000", 4) = 4 [pid 3695] close(3) = 0 [pid 3695] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3695] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3695] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3695] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3696 attached , parent_tid=[84], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 84 [pid 3695] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3696] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3696] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3696] write(3, "4", 1) = 1 [ 60.826895][ T3696] FAULT_INJECTION: forcing a failure. [ 60.826895][ T3696] name failslab, interval 1, probability 0, space 0, times 0 [ 60.839555][ T3696] CPU: 0 PID: 3696 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 60.850039][ T3696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.860084][ T3696] Call Trace: [ 60.863373][ T3696] [ 60.866293][ T3696] dump_stack_lvl+0x1e3/0x2cb [ 60.870973][ T3696] ? bfq_pos_tree_add_move+0x436/0x436 [ 60.876429][ T3696] ? panic+0x76e/0x76e [ 60.880484][ T3696] ? validate_chain+0x126/0x65c0 [ 60.885410][ T3696] ? rcu_lock_release+0x5/0x20 [ 60.890191][ T3696] should_fail+0x384/0x4b0 [ 60.894599][ T3696] ? hsr_add_node+0x65/0x830 [ 60.899178][ T3696] should_failslab+0x5/0x20 [ 60.903665][ T3696] kmem_cache_alloc_trace+0x68/0x310 [ 60.908944][ T3696] hsr_add_node+0x65/0x830 [ 60.913350][ T3696] ? hsr_mac_hash+0x1f/0x270 [ 60.917926][ T3696] hsr_forward_skb+0x37f/0x2150 [ 60.922779][ T3696] ? prp_fill_frame_info+0x5b0/0x5b0 [ 60.928056][ T3696] ? hsr_addr_is_self+0x160/0x2b0 [ 60.933071][ T3696] hsr_handle_frame+0x4fd/0x6b0 [ 60.937917][ T3696] ? hsr_port_exists+0x50/0x50 [ 60.943185][ T3696] __netif_receive_skb_core+0x1448/0x3bc0 [ 60.948905][ T3696] ? trace_netif_rx+0x260/0x260 [ 60.953760][ T3696] __netif_receive_skb+0x11a/0x500 [ 60.958857][ T3696] ? read_lock_is_recursive+0x10/0x10 [ 60.964344][ T3696] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 60.969616][ T3696] ? __netif_receive_skb_list_core+0x930/0x930 [ 60.975772][ T3696] netif_receive_skb_internal+0x108/0x360 [ 60.981488][ T3696] ? trace_netif_receive_skb_entry+0x260/0x260 [ 60.987632][ T3696] ? rcu_read_lock_sched_held+0x89/0x130 [ 60.993253][ T3696] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 60.999232][ T3696] netif_receive_skb+0x19/0x30 [ 61.003987][ T3696] tun_rx_batched+0x777/0x920 [ 61.008655][ T3696] ? read_lock_is_recursive+0x10/0x10 [ 61.014033][ T3696] ? local_bh_enable+0x20/0x20 [ 61.018790][ T3696] ? rcu_lock_release+0x5/0x20 [ 61.023546][ T3696] tun_get_user+0x1b5a/0x2540 [ 61.028217][ T3696] ? tun_ring_recv+0xcc0/0xcc0 [ 61.032967][ T3696] ? __lock_acquire+0x1f80/0x1f80 [ 61.037993][ T3696] tun_chr_write_iter+0x10a/0x1e0 [ 61.043007][ T3696] vfs_write+0xa22/0xd40 [ 61.047239][ T3696] ? __lock_acquire+0x1f80/0x1f80 [ 61.052252][ T3696] ? file_end_write+0x230/0x230 [ 61.057087][ T3696] ? print_irqtrace_events+0x220/0x220 [ 61.062548][ T3696] ? __fget_files+0x3d0/0x440 [ 61.067217][ T3696] ? __fdget_pos+0x1d7/0x2e0 [ 61.071794][ T3696] ? ksys_write+0x77/0x2c0 [ 61.076199][ T3696] ksys_write+0x19b/0x2c0 [ 61.080734][ T3696] ? print_irqtrace_events+0x220/0x220 [ 61.086212][ T3696] ? __ia32_sys_read+0x80/0x80 [ 61.090960][ T3696] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 61.096928][ T3696] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 61.102895][ T3696] do_syscall_64+0x2b/0x70 [ 61.107304][ T3696] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 61.113190][ T3696] RIP: 0033:0x7f6b12c241ff [ 61.117599][ T3696] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 61.137192][ T3696] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 61.145596][ T3696] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 61.153555][ T3696] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 61.161509][ T3696] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 61.169474][ T3696] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [pid 3696] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3695] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3695] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3695] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3695] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[85], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 85 [pid 3695] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3697 attached [pid 3697] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3697] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3696] <... write resumed>) = 14 [pid 3696] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3697] <... socket resumed>) = 4 [pid 3697] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3695] <... futex resumed>) = 0 [pid 3695] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... futex resumed>) = 0 [pid 3695] <... futex resumed>) = 1 [pid 3696] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3695] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3696] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3696] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3695] <... futex resumed>) = 0 [pid 3696] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3695] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... socket resumed>) = 5 [pid 3695] <... futex resumed>) = 0 [pid 3696] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3695] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3696] <... futex resumed>) = 0 [pid 3695] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3696] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3695] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3695] <... futex resumed>) = 0 [pid 3696] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3695] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3696] <... futex resumed>) = 0 [pid 3695] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3696] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3695] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3695] <... futex resumed>) = 0 [pid 3696] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3695] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3697] <... futex resumed>) = 1 [ 61.177445][ T3696] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 61.185430][ T3696] [pid 3697] futex(0x7f6b12cec4f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3696] <... sendmsg resumed>) = 64 [pid 3696] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3695] <... futex resumed>) = 0 [pid 3696] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3695] close(3) = 0 [pid 3695] close(4) = 0 [pid 3695] close(5) = 0 [pid 3695] close(6) = -1 EBADF (Bad file descriptor) [pid 3695] close(7) = -1 EBADF (Bad file descriptor) [pid 3695] close(8) = -1 EBADF (Bad file descriptor) [pid 3695] close(9) = -1 EBADF (Bad file descriptor) [pid 3695] close(10) = -1 EBADF (Bad file descriptor) [pid 3695] close(11) = -1 EBADF (Bad file descriptor) [pid 3695] close(12) = -1 EBADF (Bad file descriptor) [pid 3695] close(13) = -1 EBADF (Bad file descriptor) [pid 3695] close(14) = -1 EBADF (Bad file descriptor) [pid 3695] close(15) = -1 EBADF (Bad file descriptor) [pid 3695] close(16) = -1 EBADF (Bad file descriptor) [pid 3695] close(17) = -1 EBADF (Bad file descriptor) [pid 3695] close(18) = -1 EBADF (Bad file descriptor) [pid 3695] close(19) = -1 EBADF (Bad file descriptor) [pid 3695] close(20) = -1 EBADF (Bad file descriptor) [pid 3695] close(21) = -1 EBADF (Bad file descriptor) [pid 3695] close(22) = -1 EBADF (Bad file descriptor) [pid 3695] close(23) = -1 EBADF (Bad file descriptor) [pid 3695] close(24) = -1 EBADF (Bad file descriptor) [pid 3695] close(25) = -1 EBADF (Bad file descriptor) [pid 3695] close(26) = -1 EBADF (Bad file descriptor) [pid 3695] close(27) = -1 EBADF (Bad file descriptor) [pid 3695] close(28) = -1 EBADF (Bad file descriptor) [pid 3695] close(29) = -1 EBADF (Bad file descriptor) [pid 3695] exit_group(0) = ? [pid 3696] <... futex resumed>) = 230 [pid 3696] +++ exited with 0 +++ [pid 3697] <... futex resumed>) = ? [pid 3697] +++ exited with 0 +++ [pid 3695] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=83, si_uid=0, si_status=0, si_utime=0, si_stime=37} --- [pid 3597] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3698 attached , child_tidptr=0x5555568505d0) = 86 [pid 3698] set_robust_list(0x5555568505e0, 24) = 0 [pid 3698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3698] setpgid(0, 0) = 0 [pid 3698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3698] write(3, "1000", 4) = 4 [pid 3698] close(3) = 0 [pid 3698] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3698] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3698] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3698] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3699 attached , parent_tid=[87], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 87 [pid 3698] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] set_robust_list(0x7f6b12c119e0, 24 [pid 3698] <... futex resumed>) = 0 [pid 3698] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] <... set_robust_list resumed>) = 0 [pid 3699] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3699] write(3, "4", 1) = 1 [ 61.285907][ T3699] FAULT_INJECTION: forcing a failure. [ 61.285907][ T3699] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 61.300364][ T3699] CPU: 0 PID: 3699 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 61.310889][ T3699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.320945][ T3699] Call Trace: [ 61.324216][ T3699] [ 61.327134][ T3699] dump_stack_lvl+0x1e3/0x2cb [ 61.331806][ T3699] ? bfq_pos_tree_add_move+0x436/0x436 [ 61.337252][ T3699] ? panic+0x76e/0x76e [ 61.341314][ T3699] ? mark_lock+0x98/0x350 [ 61.345634][ T3699] should_fail+0x384/0x4b0 [ 61.350044][ T3699] prepare_alloc_pages+0x1d7/0x5a0 [ 61.355149][ T3699] __alloc_pages+0x14d/0x5f0 [ 61.359729][ T3699] ? __rmqueue_pcplist+0x1cb0/0x1cb0 [ 61.365024][ T3699] ? alloc_pages+0x43d/0x690 [ 61.369801][ T3699] alloc_slab_page+0x70/0xf0 [ 61.374382][ T3699] allocate_slab+0x5e/0x560 [ 61.378875][ T3699] ___slab_alloc+0x41e/0xcd0 [ 61.383495][ T3699] ? __build_skb+0x25/0x2f0 [ 61.387985][ T3699] ? __build_skb+0x25/0x2f0 [ 61.392475][ T3699] kmem_cache_alloc+0x246/0x2f0 [ 61.397310][ T3699] ? __build_skb+0x25/0x2f0 [ 61.401889][ T3699] __build_skb+0x25/0x2f0 [ 61.406221][ T3699] build_skb+0x1f/0x240 [ 61.410373][ T3699] tun_build_skb+0x40b/0x1510 [ 61.415036][ T3699] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 61.421022][ T3699] ? mark_lock+0x98/0x350 [ 61.425355][ T3699] ? tun_get_user+0x2540/0x2540 [ 61.430209][ T3699] ? rcu_lock_release+0x5/0x20 [ 61.434975][ T3699] ? rcu_read_lock_sched_held+0x89/0x130 [ 61.440600][ T3699] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 61.446570][ T3699] tun_get_user+0x7b7/0x2540 [ 61.451249][ T3699] ? tun_ring_recv+0xcc0/0xcc0 [ 61.455998][ T3699] ? __lock_acquire+0x1f80/0x1f80 [ 61.461023][ T3699] tun_chr_write_iter+0x10a/0x1e0 [ 61.466046][ T3699] vfs_write+0xa22/0xd40 [ 61.470361][ T3699] ? __lock_acquire+0x1f80/0x1f80 [ 61.475393][ T3699] ? file_end_write+0x230/0x230 [ 61.480235][ T3699] ? print_irqtrace_events+0x220/0x220 [ 61.485699][ T3699] ? __fget_files+0x3d0/0x440 [ 61.490376][ T3699] ? __fdget_pos+0x1d7/0x2e0 [ 61.494947][ T3699] ? ksys_write+0x77/0x2c0 [ 61.499352][ T3699] ksys_write+0x19b/0x2c0 [ 61.503841][ T3699] ? print_irqtrace_events+0x220/0x220 [ 61.509377][ T3699] ? __ia32_sys_read+0x80/0x80 [ 61.514127][ T3699] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 61.520104][ T3699] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 61.526071][ T3699] do_syscall_64+0x2b/0x70 [ 61.530491][ T3699] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 61.536373][ T3699] RIP: 0033:0x7f6b12c241ff [ 61.540776][ T3699] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 61.560364][ T3699] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 61.568775][ T3699] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 61.576729][ T3699] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [pid 3699] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [pid 3699] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3699] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] <... futex resumed>) = 0 [pid 3698] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3698] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] <... futex resumed>) = 0 [pid 3699] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3699] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3699] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] <... futex resumed>) = 0 [pid 3698] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3698] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] <... futex resumed>) = 0 [pid 3699] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3699] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3698] <... futex resumed>) = 0 [pid 3698] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] <... futex resumed>) = 1 [pid 3699] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3699] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3698] <... futex resumed>) = 0 [pid 3698] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] <... futex resumed>) = 1 [pid 3699] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3699] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3698] <... futex resumed>) = 0 [pid 3698] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] <... futex resumed>) = 1 [ 61.585118][ T3699] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 61.593080][ T3699] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 61.601043][ T3699] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 61.609016][ T3699] [pid 3699] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 64 [pid 3699] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3698] <... futex resumed>) = 0 [pid 3698] close(3) = 0 [pid 3698] close(4) = 0 [pid 3698] close(5) = 0 [pid 3698] close(6) = -1 EBADF (Bad file descriptor) [pid 3698] close(7) = -1 EBADF (Bad file descriptor) [pid 3698] close(8) = -1 EBADF (Bad file descriptor) [pid 3698] close(9) = -1 EBADF (Bad file descriptor) [pid 3698] close(10) = -1 EBADF (Bad file descriptor) [pid 3698] close(11 [pid 3699] <... futex resumed>) = 1 [pid 3698] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3699] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] close(12) = -1 EBADF (Bad file descriptor) [pid 3698] close(13) = -1 EBADF (Bad file descriptor) [pid 3698] close(14) = -1 EBADF (Bad file descriptor) [pid 3698] close(15) = -1 EBADF (Bad file descriptor) [pid 3698] close(16) = -1 EBADF (Bad file descriptor) [pid 3698] close(17) = -1 EBADF (Bad file descriptor) [pid 3698] close(18) = -1 EBADF (Bad file descriptor) [pid 3698] close(19) = -1 EBADF (Bad file descriptor) [pid 3698] close(20) = -1 EBADF (Bad file descriptor) [pid 3698] close(21) = -1 EBADF (Bad file descriptor) [pid 3698] close(22) = -1 EBADF (Bad file descriptor) [pid 3698] close(23) = -1 EBADF (Bad file descriptor) [pid 3698] close(24) = -1 EBADF (Bad file descriptor) [pid 3698] close(25) = -1 EBADF (Bad file descriptor) [pid 3698] close(26) = -1 EBADF (Bad file descriptor) [pid 3698] close(27) = -1 EBADF (Bad file descriptor) [pid 3698] close(28) = -1 EBADF (Bad file descriptor) [pid 3698] close(29) = -1 EBADF (Bad file descriptor) [pid 3698] exit_group(0 [pid 3699] <... futex resumed>) = ? [pid 3698] <... exit_group resumed>) = ? [pid 3699] +++ exited with 0 +++ [pid 3698] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=86, si_uid=0, si_status=0, si_utime=0, si_stime=33} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 88 ./strace-static-x86_64: Process 3700 attached [pid 3700] set_robust_list(0x5555568505e0, 24) = 0 [pid 3700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3700] setpgid(0, 0) = 0 [pid 3700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3700] write(3, "1000", 4) = 4 [pid 3700] close(3) = 0 [pid 3700] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3700] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3700] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3700] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[89], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 89 [pid 3700] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3701 attached [pid 3701] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3701] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3701] write(3, "4", 1) = 1 [pid 3701] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14) = 14 [ 61.704254][ T3701] FAULT_INJECTION: forcing a failure. [ 61.704254][ T3701] name fail_futex, interval 1, probability 0, space 0, times 1 [ 61.717846][ T3701] CPU: 1 PID: 3701 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 61.728371][ T3701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.738422][ T3701] Call Trace: [ 61.741711][ T3701] [ 61.744654][ T3701] dump_stack_lvl+0x1e3/0x2cb [ 61.749441][ T3701] ? bfq_pos_tree_add_move+0x436/0x436 [ 61.755046][ T3701] ? panic+0x76e/0x76e [ 61.759124][ T3701] should_fail+0x384/0x4b0 [ 61.763798][ T3701] get_futex_key+0x1d1/0x10a0 [ 61.768562][ T3701] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 61.774535][ T3701] ? futex_setup_timer+0xc0/0xc0 [ 61.779462][ T3701] ? ptrace_notify+0x24a/0x350 [ 61.784234][ T3701] ? rcu_read_lock_sched_held+0x89/0x130 [ 61.789858][ T3701] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 61.795827][ T3701] futex_wake+0x13d/0x5b0 [ 61.800150][ T3701] ? futex_wake_mark+0x170/0x170 [ 61.805077][ T3701] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 61.811063][ T3701] do_futex+0x370/0x490 [ 61.815235][ T3701] ? __ia32_sys_get_robust_list+0x80/0x80 [ 61.820962][ T3701] ? _raw_spin_unlock_irq+0x2a/0x40 [ 61.826194][ T3701] __se_sys_futex+0x413/0x4a0 [ 61.830980][ T3701] ? __x64_sys_futex+0xf0/0xf0 [ 61.835768][ T3701] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 61.841754][ T3701] ? __x64_sys_futex+0x1d/0xf0 [ 61.846528][ T3701] do_syscall_64+0x2b/0x70 [ 61.850951][ T3701] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 61.856844][ T3701] RIP: 0033:0x7f6b12c64029 [ 61.861256][ T3701] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.880851][ T3701] RSP: 002b:00007f6b12c112e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 61.889253][ T3701] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c64029 [ 61.897206][ T3701] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6b12cec4ec [pid 3701] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = -1 EFAULT (Bad address) [pid 3700] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3701] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3700] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3700] <... futex resumed>) = 0 [pid 3701] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3700] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3701] <... socket resumed>) = 4 [pid 3701] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3700] <... futex resumed>) = 0 [pid 3701] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3700] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3700] <... futex resumed>) = 0 [pid 3701] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0" [pid 3700] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3701] <... ioctl resumed>, ifr_ifindex=41}) = 0 [pid 3701] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3700] <... futex resumed>) = 0 [pid 3701] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3700] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3700] <... futex resumed>) = 0 [pid 3701] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3700] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3701] <... socket resumed>) = 5 [pid 3701] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3700] <... futex resumed>) = 0 [pid 3701] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3700] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3700] <... futex resumed>) = 0 [pid 3701] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 3700] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3701] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3701] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3700] <... futex resumed>) = 0 [pid 3701] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3700] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3700] <... futex resumed>) = 0 [pid 3701] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 61.905161][ T3701] RBP: 00007f6b12cb96cc R08: 0000000000000001 R09: 0000000000000034 [ 61.913127][ T3701] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6b12cec4ec [ 61.921086][ T3701] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 61.929055][ T3701] [pid 3700] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3701] <... sendmsg resumed>) = 64 [pid 3701] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] futex(0x7f6b12cec4e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3700] close(3) = 0 [pid 3700] close(4) = 0 [pid 3700] close(5) = 0 [pid 3700] close(6) = -1 EBADF (Bad file descriptor) [pid 3700] close(7) = -1 EBADF (Bad file descriptor) [pid 3700] close(8) = -1 EBADF (Bad file descriptor) [pid 3700] close(9) = -1 EBADF (Bad file descriptor) [pid 3700] close(10) = -1 EBADF (Bad file descriptor) [pid 3700] close(11) = -1 EBADF (Bad file descriptor) [pid 3700] close(12) = -1 EBADF (Bad file descriptor) [pid 3700] close(13) = -1 EBADF (Bad file descriptor) [pid 3700] close(14) = -1 EBADF (Bad file descriptor) [pid 3700] close(15) = -1 EBADF (Bad file descriptor) [pid 3700] close(16) = -1 EBADF (Bad file descriptor) [pid 3700] close(17) = -1 EBADF (Bad file descriptor) [pid 3700] close(18) = -1 EBADF (Bad file descriptor) [pid 3700] close(19) = -1 EBADF (Bad file descriptor) [pid 3700] close(20) = -1 EBADF (Bad file descriptor) [pid 3700] close(21) = -1 EBADF (Bad file descriptor) [pid 3700] close(22) = -1 EBADF (Bad file descriptor) [pid 3700] close(23) = -1 EBADF (Bad file descriptor) [pid 3700] close(24) = -1 EBADF (Bad file descriptor) [pid 3700] close(25) = -1 EBADF (Bad file descriptor) [pid 3700] close(26) = -1 EBADF (Bad file descriptor) [pid 3700] close(27) = -1 EBADF (Bad file descriptor) [pid 3700] close(28) = -1 EBADF (Bad file descriptor) [pid 3700] close(29) = -1 EBADF (Bad file descriptor) [pid 3700] exit_group(0 [pid 3701] <... futex resumed>) = 231 [pid 3700] <... exit_group resumed>) = ? [pid 3701] +++ exited with 0 +++ [pid 3700] +++ exited with 0 +++ [pid 3597] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=88, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568505d0) = 90 ./strace-static-x86_64: Process 3702 attached [pid 3702] set_robust_list(0x5555568505e0, 24) = 0 [pid 3702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3702] setpgid(0, 0) = 0 [pid 3702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3702] write(3, "1000", 4) = 4 [pid 3702] close(3) = 0 [pid 3702] read(200, 0x7ffd708025c0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 3702] futex(0x7f6b12cec4ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bf1000 [pid 3702] mprotect(0x7f6b12bf2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3702] clone(child_stack=0x7f6b12c113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[91], tls=0x7f6b12c11700, child_tidptr=0x7f6b12c119d0) = 91 [pid 3702] futex(0x7f6b12cec4e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f6b12cec4ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3703 attached [pid 3703] set_robust_list(0x7f6b12c119e0, 24) = 0 [pid 3703] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3703] write(3, "4", 1) = 1 [ 62.031000][ T3703] FAULT_INJECTION: forcing a failure. [ 62.031000][ T3703] name failslab, interval 1, probability 0, space 0, times 0 [ 62.043913][ T3703] CPU: 1 PID: 3703 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 62.054434][ T3703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.064512][ T3703] Call Trace: [ 62.067818][ T3703] [ 62.070762][ T3703] dump_stack_lvl+0x1e3/0x2cb [ 62.075455][ T3703] ? bfq_pos_tree_add_move+0x436/0x436 [ 62.080970][ T3703] ? panic+0x76e/0x76e [ 62.085092][ T3703] ? mark_lock+0x98/0x350 [ 62.089437][ T3703] should_fail+0x384/0x4b0 [ 62.093963][ T3703] ? __alloc_skb+0xd2/0x590 [ 62.098468][ T3703] should_failslab+0x5/0x20 [ 62.102960][ T3703] kmem_cache_alloc_node+0x6c/0x340 [ 62.108157][ T3703] __alloc_skb+0xd2/0x590 [ 62.112506][ T3703] __pskb_copy_fclone+0xac/0x1320 [ 62.117539][ T3703] ? rcu_read_lock_bh_held+0x7a/0x110 [ 62.122900][ T3703] ? skb_pull+0x8b/0x130 [ 62.127137][ T3703] hsr_get_untagged_frame+0x10c/0x590 [ 62.132512][ T3703] ? hsr_register_frame_out+0x1d3/0x330 [ 62.138062][ T3703] ? hsr_drop_frame+0x7c/0x150 [ 62.142833][ T3703] hsr_forward_skb+0xf14/0x2150 [ 62.147700][ T3703] ? prp_fill_frame_info+0x5b0/0x5b0 [ 62.153001][ T3703] ? hsr_addr_is_self+0x160/0x2b0 [ 62.158022][ T3703] hsr_handle_frame+0x4fd/0x6b0 [ 62.162872][ T3703] ? hsr_port_exists+0x50/0x50 [ 62.167625][ T3703] __netif_receive_skb_core+0x1448/0x3bc0 [ 62.173339][ T3703] ? trace_netif_rx+0x260/0x260 [ 62.178195][ T3703] __netif_receive_skb+0x11a/0x500 [ 62.183306][ T3703] ? read_lock_is_recursive+0x10/0x10 [ 62.188682][ T3703] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 62.193956][ T3703] ? __netif_receive_skb_list_core+0x930/0x930 [ 62.200115][ T3703] netif_receive_skb_internal+0x108/0x360 [ 62.205828][ T3703] ? trace_netif_receive_skb_entry+0x260/0x260 [ 62.211973][ T3703] ? rcu_read_lock_sched_held+0x89/0x130 [ 62.217624][ T3703] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 62.223785][ T3703] netif_receive_skb+0x19/0x30 [ 62.228540][ T3703] tun_rx_batched+0x777/0x920 [ 62.233218][ T3703] ? read_lock_is_recursive+0x10/0x10 [ 62.238595][ T3703] ? local_bh_enable+0x20/0x20 [ 62.243374][ T3703] ? rcu_lock_release+0x5/0x20 [ 62.248144][ T3703] tun_get_user+0x1b5a/0x2540 [ 62.252840][ T3703] ? tun_ring_recv+0xcc0/0xcc0 [ 62.257594][ T3703] ? __lock_acquire+0x1f80/0x1f80 [ 62.262620][ T3703] tun_chr_write_iter+0x10a/0x1e0 [ 62.267640][ T3703] vfs_write+0xa22/0xd40 [ 62.271889][ T3703] ? __lock_acquire+0x1f80/0x1f80 [ 62.276918][ T3703] ? file_end_write+0x230/0x230 [ 62.281762][ T3703] ? print_irqtrace_events+0x220/0x220 [ 62.287410][ T3703] ? __fget_files+0x3d0/0x440 [ 62.292086][ T3703] ? __fdget_pos+0x1d7/0x2e0 [ 62.296674][ T3703] ? ksys_write+0x77/0x2c0 [ 62.301095][ T3703] ksys_write+0x19b/0x2c0 [ 62.305413][ T3703] ? print_irqtrace_events+0x220/0x220 [ 62.310859][ T3703] ? __ia32_sys_read+0x80/0x80 [ 62.315792][ T3703] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 62.321787][ T3703] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 62.327771][ T3703] do_syscall_64+0x2b/0x70 [ 62.332177][ T3703] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 62.338066][ T3703] RIP: 0033:0x7f6b12c241ff [ 62.342480][ T3703] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 62.362199][ T3703] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 62.370611][ T3703] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [pid 3703] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x89\x2f", 14 [pid 3702] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3702] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6b12bd0000 [pid 3702] mprotect(0x7f6b12bd1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3702] clone(child_stack=0x7f6b12bf03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[92], tls=0x7f6b12bf0700, child_tidptr=0x7f6b12bf09d0) = 92 [pid 3702] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3704 attached [pid 3704] set_robust_list(0x7f6b12bf09e0, 24) = 0 [pid 3704] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3704] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] <... futex resumed>) = 1 [pid 3704] ioctl(4, SIOCGIFINDEX, {ifr_name="batadv_slave_0", ifr_ifindex=41}) = 0 [pid 3704] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] <... futex resumed>) = 1 [pid 3704] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3704] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] <... futex resumed>) = 1 [pid 3704] ioctl(5, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 3704] futex(0x7f6b12cec4fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f6b12cec4f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.378577][ T3703] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 62.386645][ T3703] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 62.394613][ T3703] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 62.402573][ T3703] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 62.410557][ T3703] [ 62.413741][ T3703] stack segment: 0000 [#1] PREEMPT SMP KASAN [ 62.419727][ T3703] CPU: 1 PID: 3703 Comm: syz-executor273 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [pid 3702] futex(0x7f6b12cec4fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] <... futex resumed>) = 1 [pid 3704] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x40\x00\x00\x00\x10\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x12\x80\x08\x00\x01\x00\x68\x73\x72\x00\x14\x00\x02\x80\x08\x00\x02\x00\x29\x00\x00\x00\x08\x00\x01\x00\x0b\x00\x00\x00", iov_len=64}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [ 62.430474][ T3703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.440526][ T3703] RIP: 0010:skb_clone+0xd0/0x370 [ 62.445745][ T3703] Code: 03 42 80 3c 28 00 74 08 48 89 df e8 8a 0c b7 f9 48 83 3b 00 0f 85 3b 01 00 00 e8 bb 24 66 f9 4d 8d 77 7e 4c 89 f5 48 c1 ed 03 <42> 8a 44 2d 00 84 c0 0f 85 cf 01 00 00 41 0f b6 1e 83 e3 0c bf 04 [ 62.465429][ T3703] RSP: 0018:ffffc900032df320 EFLAGS: 00010207 [ 62.471857][ T3703] RAX: ffffffff881ff01a RBX: 0000000000000004 RCX: ffff8880235f3b00 [pid 3702] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 62.479819][ T3703] RDX: 0000000000000000 RSI: 0000000000000a20 RDI: 0000000000000000 [ 62.487781][ T3703] RBP: 000000000000000f R08: 0000000000000a20 R09: 00000000ffffffff [ 62.495927][ T3703] R10: fffffbfff197fc8b R11: 1ffffffff197fc8a R12: ffff88814bffbd00 [ 62.503884][ T3703] R13: dffffc0000000000 R14: 000000000000007e R15: 0000000000000000 [ 62.511851][ T3703] FS: 00007f6b12c11700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 62.520767][ T3703] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.527421][ T3703] CR2: 00007f6b12cd1364 CR3: 000000007108e000 CR4: 00000000003506e0 [ 62.535386][ T3703] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.543539][ T3703] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.551793][ T3703] Call Trace: [ 62.555076][ T3703] [ 62.557998][ T3703] hsr_forward_skb+0xf14/0x2150 [ 62.562859][ T3703] ? prp_fill_frame_info+0x5b0/0x5b0 [ 62.568130][ T3703] ? hsr_addr_is_self+0x160/0x2b0 [ 62.573165][ T3703] hsr_handle_frame+0x4fd/0x6b0 [ 62.578115][ T3703] ? hsr_port_exists+0x50/0x50 [pid 3702] close(3) = 0 [pid 3702] close(4) = 0 [pid 3702] close(5) = 0 [pid 3702] close(6) = -1 EBADF (Bad file descriptor) [pid 3702] close(7) = -1 EBADF (Bad file descriptor) [pid 3702] close(8) = -1 EBADF (Bad file descriptor) [pid 3702] close(9) = -1 EBADF (Bad file descriptor) [pid 3702] close(10) = -1 EBADF (Bad file descriptor) [pid 3702] close(11) = -1 EBADF (Bad file descriptor) [pid 3702] close(12) = -1 EBADF (Bad file descriptor) [pid 3702] close(13) = -1 EBADF (Bad file descriptor) [pid 3702] close(14) = -1 EBADF (Bad file descriptor) [pid 3702] close(15) = -1 EBADF (Bad file descriptor) [pid 3702] close(16) = -1 EBADF (Bad file descriptor) [pid 3702] close(17) = -1 EBADF (Bad file descriptor) [pid 3702] close(18) = -1 EBADF (Bad file descriptor) [pid 3702] close(19) = -1 EBADF (Bad file descriptor) [pid 3702] close(20) = -1 EBADF (Bad file descriptor) [pid 3702] close(21) = -1 EBADF (Bad file descriptor) [pid 3702] close(22) = -1 EBADF (Bad file descriptor) [pid 3702] close(23) = -1 EBADF (Bad file descriptor) [pid 3702] close(24) = -1 EBADF (Bad file descriptor) [pid 3702] close(25) = -1 EBADF (Bad file descriptor) [pid 3702] close(26) = -1 EBADF (Bad file descriptor) [pid 3702] close(27) = -1 EBADF (Bad file descriptor) [pid 3702] close(28) = -1 EBADF (Bad file descriptor) [pid 3702] close(29) = -1 EBADF (Bad file descriptor) [pid 3702] exit_group(0) = ? [ 62.582883][ T3703] __netif_receive_skb_core+0x1448/0x3bc0 [ 62.588591][ T3703] ? trace_netif_rx+0x260/0x260 [ 62.593437][ T3703] __netif_receive_skb+0x11a/0x500 [ 62.598537][ T3703] ? read_lock_is_recursive+0x10/0x10 [ 62.604088][ T3703] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 62.609394][ T3703] ? __netif_receive_skb_list_core+0x930/0x930 [ 62.615575][ T3703] netif_receive_skb_internal+0x108/0x360 [ 62.621303][ T3703] ? trace_netif_receive_skb_entry+0x260/0x260 [ 62.627447][ T3703] ? rcu_read_lock_sched_held+0x89/0x130 [ 62.633069][ T3703] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 62.639056][ T3703] netif_receive_skb+0x19/0x30 [ 62.643812][ T3703] tun_rx_batched+0x777/0x920 [ 62.648474][ T3703] ? read_lock_is_recursive+0x10/0x10 [ 62.653839][ T3703] ? local_bh_enable+0x20/0x20 [ 62.658602][ T3703] ? rcu_lock_release+0x5/0x20 [ 62.663350][ T3703] tun_get_user+0x1b5a/0x2540 [ 62.668021][ T3703] ? tun_ring_recv+0xcc0/0xcc0 [ 62.672875][ T3703] ? __lock_acquire+0x1f80/0x1f80 [ 62.677888][ T3703] tun_chr_write_iter+0x10a/0x1e0 [ 62.682903][ T3703] vfs_write+0xa22/0xd40 [ 62.687168][ T3703] ? __lock_acquire+0x1f80/0x1f80 [ 62.692262][ T3703] ? file_end_write+0x230/0x230 [ 62.697093][ T3703] ? print_irqtrace_events+0x220/0x220 [ 62.702620][ T3703] ? __fget_files+0x3d0/0x440 [ 62.707368][ T3703] ? __fdget_pos+0x1d7/0x2e0 [ 62.711939][ T3703] ? ksys_write+0x77/0x2c0 [ 62.716339][ T3703] ksys_write+0x19b/0x2c0 [ 62.720673][ T3703] ? print_irqtrace_events+0x220/0x220 [ 62.726114][ T3703] ? __ia32_sys_read+0x80/0x80 [ 62.730870][ T3703] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 62.736843][ T3703] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 62.742803][ T3703] do_syscall_64+0x2b/0x70 [ 62.747222][ T3703] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 62.753184][ T3703] RIP: 0033:0x7f6b12c241ff [ 62.757581][ T3703] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 62.777166][ T3703] RSP: 002b:00007f6b12c112c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 62.785737][ T3703] RAX: ffffffffffffffda RBX: 00007f6b12cec4e0 RCX: 00007f6b12c241ff [ 62.793693][ T3703] RDX: 000000000000000e RSI: 0000000020000100 RDI: 00000000000000c8 [ 62.801645][ T3703] RBP: 00007f6b12cb96cc R08: 0000000000000000 R09: 0000000000000001 [ 62.809686][ T3703] R10: 00007f6b12c11087 R11: 0000000000000293 R12: 00007f6b12cec4ec [ 62.817662][ T3703] R13: 00007f6b12c112f0 R14: 00007f6b12cec4e8 R15: 0000000000000001 [ 62.825629][ T3703] [ 62.828639][ T3703] Modules linked in: [ 62.832564][ T3703] ---[ end trace 0000000000000000 ]--- [ 62.838046][ T3703] RIP: 0010:skb_clone+0xd0/0x370 [ 62.842987][ T3703] Code: 03 42 80 3c 28 00 74 08 48 89 df e8 8a 0c b7 f9 48 83 3b 00 0f 85 3b 01 00 00 e8 bb 24 66 f9 4d 8d 77 7e 4c 89 f5 48 c1 ed 03 <42> 8a 44 2d 00 84 c0 0f 85 cf 01 00 00 41 0f b6 1e 83 e3 0c bf 04 [ 62.862624][ T3703] RSP: 0018:ffffc900032df320 EFLAGS: 00010207 [ 62.868726][ T3703] RAX: ffffffff881ff01a RBX: 0000000000000004 RCX: ffff8880235f3b00 [ 62.876722][ T3703] RDX: 0000000000000000 RSI: 0000000000000a20 RDI: 0000000000000000 [ 62.884689][ T3703] RBP: 000000000000000f R08: 0000000000000a20 R09: 00000000ffffffff [ 62.892687][ T3703] R10: fffffbfff197fc8b R11: 1ffffffff197fc8a R12: ffff88814bffbd00 [ 62.900685][ T3703] R13: dffffc0000000000 R14: 000000000000007e R15: 0000000000000000 [ 62.908705][ T3703] FS: 00007f6b12c11700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 62.917667][ T3703] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.924244][ T3703] CR2: 00007f6b12cd1364 CR3: 000000007108e000 CR4: 00000000003506e0 [ 62.932258][ T3703] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.940245][ T3703] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.948245][ T3703] Kernel panic - not syncing: Fatal exception in interrupt [ 62.955709][ T3703] Kernel Offset: disabled [ 62.960025][ T3703] Rebooting in 86400 seconds..