./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2733966745
<...>
DUID 00:04:15:32:48:1d:3b:73:54:4f:46:a6:7d:b2:d0:ec:1f:b1
forked to background, child pid 3177
[ 26.098631][ T3178] 8021q: adding VLAN 0 to HW filter on device bond0
[ 26.114117][ T3178] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts.
execve("./syz-executor2733966745", ["./syz-executor2733966745"], 0x7fff9f813100 /* 10 vars */) = 0
brk(NULL) = 0x5555564a9000
brk(0x5555564a9c40) = 0x5555564a9c40
arch_prctl(ARCH_SET_FS, 0x5555564a9300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2733966745", 4096) = 28
brk(0x5555564cac40) = 0x5555564cac40
brk(0x5555564cb000) = 0x5555564cb000
mprotect(0x7f01e8bb5000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3600 attached
, child_tidptr=0x5555564a95d0) = 3600
[pid 3600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3600] setpgid(0, 0) = 0
[pid 3600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3600] write(3, "1000", 4) = 4
[pid 3600] close(3) = 0
[pid 3600] openat(AT_FDCWD, "/dev/char/2:20", O_RDWR) = 3
[pid 3600] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 3600] write(4, "3", 1) = 1
syzkaller login: [ 48.052404][ T3600] FAULT_INJECTION: forcing a failure.
[ 48.052404][ T3600] name failslab, interval 1, probability 0, space 0, times 1
[ 48.052563][ T3600]
[ 48.052568][ T3600] ======================================================
[ 48.052573][ T3600] WARNING: possible circular locking dependency detected
[ 48.052578][ T3600] 5.18.0-rc7-syzkaller-00119-gb015dcd62b86 #0 Not tainted
[ 48.052588][ T3600] ------------------------------------------------------
[ 48.052593][ T3600] syz-executor273/3600 is trying to acquire lock:
[ 48.052602][ T3600] ffffffff8bc90700 (console_owner){....}-{0:0}, at: console_unlock+0x35e/0xdd0
[ 48.052668][ T3600]
[ 48.052668][ T3600] but task is already holding lock:
[ 48.052672][ T3600] ffff888071f71958 (&port->lock){-...}-{2:2}, at: pty_write+0xea/0x1e0
[ 48.052717][ T3600]
[ 48.052717][ T3600] which lock already depends on the new lock.
[ 48.052717][ T3600]
[ 48.052722][ T3600]
[ 48.052722][ T3600] the existing dependency chain (in reverse order) is:
[ 48.052727][ T3600]
[ 48.052727][ T3600] -> #2 (&port->lock){-...}-{2:2}:
[ 48.052751][ T3600] _raw_spin_lock_irqsave+0x39/0x50
[ 48.052779][ T3600] tty_port_tty_get+0x1f/0x100
[ 48.052800][ T3600] tty_port_default_wakeup+0x11/0x40
[ 48.052821][ T3600] serial8250_tx_chars+0x4f3/0xa50
[ 48.052844][ T3600] serial8250_handle_irq.part.0+0x328/0x3d0
[ 48.052869][ T3600] serial8250_default_handle_irq+0xb2/0x220
[ 48.052894][ T3600] serial8250_interrupt+0xfd/0x200
[ 48.052914][ T3600] __handle_irq_event_percpu+0x22b/0x880
[ 48.052933][ T3600] handle_irq_event+0xa7/0x1e0
[ 48.052951][ T3600] handle_edge_irq+0x25f/0xd00
[ 48.052972][ T3600] __common_interrupt+0x9d/0x210
[ 48.052993][ T3600] common_interrupt+0xa4/0xc0
[ 48.053010][ T3600] asm_common_interrupt+0x1e/0x40
[ 48.053032][ T3600] acpi_idle_do_entry+0x1c6/0x250
[ 48.053053][ T3600] acpi_idle_enter+0x361/0x500
[ 48.053072][ T3600] cpuidle_enter_state+0x1b1/0xc80
[ 48.053091][ T3600] cpuidle_enter+0x4a/0xa0
[ 48.053109][ T3600] do_idle+0x3e8/0x590
[ 48.053127][ T3600] cpu_startup_entry+0x14/0x20
[ 48.053145][ T3600] rest_init+0x169/0x270
[ 48.053164][ T3600] arch_call_rest_init+0xf/0x14
[ 48.053183][ T3600] start_kernel+0x47f/0x4a0
[ 48.053199][ T3600] secondary_startup_64_no_verify+0xc3/0xcb
[ 48.053217][ T3600]
[ 48.053217][ T3600] -> #1 (&port_lock_key){-...}-{2:2}:
[ 48.053234][ T3600] _raw_spin_lock_irqsave+0x39/0x50
[ 48.053246][ T3600] serial8250_console_write+0x9cb/0xc30
[ 48.053261][ T3600] console_unlock+0x9bc/0xdd0
[ 48.053275][ T3600] vprintk_emit+0x1b4/0x5f0
[ 48.053288][ T3600] vprintk+0x80/0x90
[ 48.053301][ T3600] _printk+0xba/0xed
[ 48.053314][ T3600] register_console+0x410/0x7c0
[ 48.053328][ T3600] univ8250_console_init+0x3a/0x46
[ 48.053343][ T3600] console_init+0x3c1/0x58d
[ 48.053357][ T3600] start_kernel+0x30b/0x4a0
[ 48.053367][ T3600] secondary_startup_64_no_verify+0xc3/0xcb
[ 48.053381][ T3600]
[ 48.053381][ T3600] -> #0 (console_owner){....}-{0:0}:
[ 48.053395][ T3600] __lock_acquire+0x2ac6/0x56c0
[ 48.053409][ T3600] lock_acquire+0x1ab/0x510
[ 48.053422][ T3600] console_unlock+0x3b1/0xdd0
[ 48.053435][ T3600] vprintk_emit+0x1b4/0x5f0
[ 48.053448][ T3600] vprintk+0x80/0x90
[ 48.053461][ T3600] _printk+0xba/0xed
[ 48.053472][ T3600] should_fail+0x472/0x5a0
[ 48.053483][ T3600] should_failslab+0x5/0x10
[ 48.053495][ T3600] __kmalloc+0x7e/0x350
[ 48.053505][ T3600] tty_buffer_alloc+0x23f/0x2a0
[ 48.053517][ T3600] __tty_buffer_request_room+0x156/0x2a0
[ 48.053529][ T3600] tty_insert_flip_string_fixed_flag+0x8c/0x240
[ 48.053543][ T3600] pty_write+0x11c/0x1e0
[ 48.053555][ T3600] n_tty_write+0xa7a/0xfc0
[ 48.053565][ T3600] file_tty_write.constprop.0+0x520/0x900
[ 48.053581][ T3600] new_sync_write+0x38a/0x560
[ 48.053592][ T3600] vfs_write+0x7c0/0xac0
[ 48.053602][ T3600] ksys_write+0x127/0x250
[ 48.053612][ T3600] do_syscall_64+0x35/0xb0
[ 48.053627][ T3600] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 48.053646][ T3600]
[ 48.053646][ T3600] other info that might help us debug this:
[ 48.053646][ T3600]
[ 48.053649][ T3600] Chain exists of:
[ 48.053649][ T3600] console_owner --> &port_lock_key --> &port->lock
[ 48.053649][ T3600]
[ 48.053665][ T3600] Possible unsafe locking scenario:
[ 48.053665][ T3600]
[ 48.053667][ T3600] CPU0 CPU1
[ 48.053669][ T3600] ---- ----
[ 48.053672][ T3600] lock(&port->lock);
[ 48.053678][ T3600] lock(&port_lock_key);
[ 48.053684][ T3600] lock(&port->lock);
[ 48.053691][ T3600] lock(console_owner);
[ 48.053697][ T3600]
[ 48.053697][ T3600] *** DEADLOCK ***
[ 48.053697][ T3600]
[ 48.053699][ T3600] 6 locks held by syz-executor273/3600:
[ 48.053706][ T3600] #0: ffff88807770f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80
[ 48.053734][ T3600] #1: ffff88807770f130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x299/0x900
[ 48.053766][ T3600] #2: ffff88807770f2e8 (&tty->termios_rwsem){++++}-{3:3}, at: n_tty_write+0x1bf/0xfc0
[ 48.053792][ T3600] #3: ffffc900013e8378 (&ldata->output_lock){+.+.}-{3:3}, at: n_tty_write+0xa47/0xfc0
[ 48.053818][ T3600] #4: ffff888071f71958 (&port->lock){-...}-{2:2}, at: pty_write+0xea/0x1e0
[ 48.053846][ T3600] #5: ffffffff8bd70b40 (console_lock){+.+.}-{0:0}, at: vprintk+0x80/0x90
[ 48.053875][ T3600]
[ 48.053875][ T3600] stack backtrace:
[ 48.053878][ T3600] CPU: 0 PID: 3600 Comm: syz-executor273 Not tainted 5.18.0-rc7-syzkaller-00119-gb015dcd62b86 #0
[ 48.053892][ T3600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 48.053899][ T3600] Call Trace:
[ 48.053903][ T3600]
[ 48.053908][ T3600] dump_stack_lvl+0xcd/0x134
[ 48.053924][ T3600] check_noncircular+0x25f/0x2e0
[ 48.053939][ T3600] ? filter_irq_stacks+0x90/0x90
[ 48.053954][ T3600] ? print_circular_bug+0x1e0/0x1e0
[ 48.053968][ T3600] ? pointer+0x950/0x950
[ 48.053983][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 48.053997][ T3600] ? add_lock_to_list.constprop.0+0x185/0x370
[ 48.054014][ T3600] __lock_acquire+0x2ac6/0x56c0
[ 48.054030][ T3600] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 48.054046][ T3600] ? msg_add_ext_text+0x1d0/0x1d0
[ 48.054062][ T3600] lock_acquire+0x1ab/0x510
[ 48.054076][ T3600] ? console_unlock+0x35e/0xdd0
[ 48.054090][ T3600] ? lock_release+0x720/0x720
[ 48.054104][ T3600] ? lock_downgrade+0x6e0/0x6e0
[ 48.054117][ T3600] ? do_raw_spin_lock+0x120/0x2a0
[ 48.054132][ T3600] ? rwlock_bug.part.0+0x90/0x90
[ 48.054147][ T3600] ? prb_final_commit+0x64/0xa0
[ 48.054163][ T3600] console_unlock+0x3b1/0xdd0
[ 48.054177][ T3600] ? console_unlock+0x35e/0xdd0
[ 48.054194][ T3600] ? devkmsg_read+0x730/0x730
[ 48.054216][ T3600] ? lock_release+0x720/0x720
[ 48.054245][ T3600] ? vprintk+0x80/0x90
[ 48.054269][ T3600] vprintk_emit+0x1b4/0x5f0
[ 48.054294][ T3600] ? add_lock_to_list.constprop.0+0x185/0x370
[ 48.054321][ T3600] vprintk+0x80/0x90
[ 48.054346][ T3600] _printk+0xba/0xed
[ 48.054368][ T3600] ? record_print_text.cold+0x16/0x16
[ 48.054396][ T3600] ? ___ratelimit+0x222/0x4b0
[ 48.054419][ T3600] should_fail+0x472/0x5a0
[ 48.054441][ T3600] should_failslab+0x5/0x10
[ 48.054461][ T3600] __kmalloc+0x7e/0x350
[ 48.054474][ T3600] ? tty_buffer_alloc+0x23f/0x2a0
[ 48.054487][ T3600] tty_buffer_alloc+0x23f/0x2a0
[ 48.054501][ T3600] __tty_buffer_request_room+0x156/0x2a0
[ 48.054515][ T3600] tty_insert_flip_string_fixed_flag+0x8c/0x240
[ 48.054532][ T3600] pty_write+0x11c/0x1e0
[ 48.054546][ T3600] n_tty_write+0xa7a/0xfc0
[ 48.054558][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 48.054571][ T3600] ? _copy_from_iter+0x12b/0x15a0
[ 48.054585][ T3600] ? n_tty_check_unthrottle+0x440/0x440
[ 48.054597][ T3600] ? rcu_read_lock_sched_held+0x3a/0x70
[ 48.054613][ T3600] ? __init_waitqueue_head+0xd0/0xd0
[ 48.054627][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 48.054645][ T3600] ? __phys_addr+0xc4/0x140
[ 48.054660][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 48.054673][ T3600] ? __phys_addr_symbol+0x2c/0x70
[ 48.054687][ T3600] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 48.054699][ T3600] ? __check_object_size+0x16c/0x4f0
[ 48.054713][ T3600] file_tty_write.constprop.0+0x520/0x900
[ 48.054729][ T3600] ? n_tty_check_unthrottle+0x440/0x440
[ 48.054743][ T3600] new_sync_write+0x38a/0x560
[ 48.054755][ T3600] ? new_sync_read+0x5f0/0x5f0
[ 48.054766][ T3600] ? _raw_spin_lock_irq+0x41/0x50
[ 48.054781][ T3600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 48.054794][ T3600] ? security_file_permission+0xab/0xd0
[ 48.054810][ T3600] vfs_write+0x7c0/0xac0
[ 48.054822][ T3600] ksys_write+0x127/0x250
[ 48.054834][ T3600] ? __ia32_sys_read+0xb0/0xb0
[ 48.054845][ T3600] ? lockdep_hardirqs_on+0x79/0x100
[ 48.054858][ T3600] ? _raw_spin_unlock_irq+0x2a/0x40
[ 48.054871][ T3600] ? ptrace_notify+0xfa/0x140
[ 48.054888][ T3600] do_syscall_64+0x35/0xb0
[ 48.054903][ T3600] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 48.054918][ T3600] RIP: 0033:0x7f01e8b48109
[ 48.054928][ T3600] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 48.054940][ T3600] RSP: 002b:00007ffeb1412db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 48.054952][ T3600] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01e8b48109
[ 48.054960][ T3600] RDX: 0000000000000060 RSI: 0000000020000380 RDI: 0000000000000003
[ 48.054968][ T3600] RBP: 00007ffeb1412dd0 R08: 0000000000000001 R09: 0000000000000001
[ 48.054975][ T3600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 48.054983][ T3600] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 48.054994][ T3600]
[ 49.014726][ T3600] CPU: 0 PID: 3600 Comm: syz-executor273 Not tainted 5.18.0-rc7-syzkaller-00119-gb015dcd62b86 #0
[ 49.025295][ T3600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.035332][ T3600] Call Trace:
[ 49.038607][ T3600]
[ 49.041524][ T3600] dump_stack_lvl+0xcd/0x134
[ 49.046110][ T3600] should_fail.cold+0x5/0xa
[ 49.050606][ T3600] should_failslab+0x5/0x10
[ 49.055096][ T3600] __kmalloc+0x7e/0x350
[ 49.059237][ T3600] ? tty_buffer_alloc+0x23f/0x2a0
[ 49.065814][ T3600] tty_buffer_alloc+0x23f/0x2a0
[ 49.070654][ T3600] __tty_buffer_request_room+0x156/0x2a0
[ 49.076280][ T3600] tty_insert_flip_string_fixed_flag+0x8c/0x240
[ 49.082514][ T3600] pty_write+0x11c/0x1e0
[ 49.086754][ T3600] n_tty_write+0xa7a/0xfc0
[ 49.091159][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.097388][ T3600] ? _copy_from_iter+0x12b/0x15a0
[ 49.102404][ T3600] ? n_tty_check_unthrottle+0x440/0x440
[ 49.107937][ T3600] ? rcu_read_lock_sched_held+0x3a/0x70
[ 49.113476][ T3600] ? __init_waitqueue_head+0xd0/0xd0
[ 49.118751][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.124977][ T3600] ? __phys_addr+0xc4/0x140
[ 49.129474][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.135701][ T3600] ? __phys_addr_symbol+0x2c/0x70
[ 49.140718][ T3600] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 49.146423][ T3600] ? __check_object_size+0x16c/0x4f0
[ 49.151701][ T3600] file_tty_write.constprop.0+0x520/0x900
[ 49.157415][ T3600] ? n_tty_check_unthrottle+0x440/0x440
[ 49.162950][ T3600] new_sync_write+0x38a/0x560
[ 49.167616][ T3600] ? new_sync_read+0x5f0/0x5f0
[ 49.172367][ T3600] ? _raw_spin_lock_irq+0x41/0x50
[ 49.177388][ T3600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.183624][ T3600] ? security_file_permission+0xab/0xd0
[ 49.189161][ T3600] vfs_write+0x7c0/0xac0
[ 49.193392][ T3600] ksys_write+0x127/0x250
[ 49.197708][ T3600] ? __ia32_sys_read+0xb0/0xb0
[ 49.202458][ T3600] ? lockdep_hardirqs_on+0x79/0x100
[ 49.207652][ T3600] ? _raw_spin_unlock_irq+0x2a/0x40
[ 49.212838][ T3600] ? ptrace_notify+0xfa/0x140
[ 49.217508][ T3600] do_syscall_64+0x35/0xb0
[ 49.221916][ T3600] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 49.227800][ T3600] RIP: 0033:0x7f01e8b48109
[ 49.232201][ T3600] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.251886][ T3600] RSP: 002b:00007ffeb1412db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 49.260287][ T3600] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01e8b48109
[ 49.268249][ T3600] RDX: 0000000000000060 RSI: 0000000020000380 RDI: 0000000000000003
[ 49.277245][ T3600] RBP: 00007ffeb1412dd0 R08: 0000000000000001 R09: 0000000000000001
[ 49.285201][ T3600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 49.293157][ T3600] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 49.301125][ T3600]
[pid 3600] write(3, "\x60\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 96
[pid 3599] kill(-3600, SIGKILL) = 0
[pid 3600] <... write resumed>) = ?
[pid 3599] kill(3600, SIGKILL
[pid 3600] +++ killed by SIGKILL +++
<... kill resumed>) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3600, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=126} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564a95d0) = 3601
./strace-static-x86_64: Process 3601 attached
[pid 3601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3601] setpgid(0, 0) = 0
[pid 3601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3601] write(3, "1000", 4) = 4
[pid 3601] close(3) = 0
[pid 3601] openat(AT_FDCWD, "/dev/char/2:20", O_RDWR) = 3
[pid 3601] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 3601] write(4, "3", 1) = 1
[ 53.054868][ T3601] FAULT_INJECTION: forcing a failure.
[ 53.054868][ T3601] name failslab, interval 1, probability 0, space 0, times 0
[ 53.067461][ T3601] CPU: 0 PID: 3601 Comm: syz-executor273 Not tainted 5.18.0-rc7-syzkaller-00119-gb015dcd62b86 #0
[ 53.077945][ T3601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 53.087989][ T3601] Call Trace:
[ 53.091249][ T3601]
[ 53.094160][ T3601] dump_stack_lvl+0xcd/0x134
[ 53.098739][ T3601] should_fail.cold+0x5/0xa
[ 53.103226][ T3601] should_failslab+0x5/0x10
[ 53.107707][ T3601] __kmalloc+0x7e/0x350
[ 53.111842][ T3601] ? tty_buffer_alloc+0x23f/0x2a0
[ 53.116852][ T3601] tty_buffer_alloc+0x23f/0x2a0
[ 53.121684][ T3601] __tty_buffer_request_room+0x156/0x2a0
[ 53.127302][ T3601] tty_insert_flip_string_fixed_flag+0x8c/0x240
[ 53.133528][ T3601] pty_write+0x11c/0x1e0
[ 53.137753][ T3601] n_tty_write+0xa7a/0xfc0
[ 53.142149][ T3601] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 53.148369][ T3601] ? _copy_from_iter+0x12b/0x15a0
[ 53.153377][ T3601] ? n_tty_check_unthrottle+0x440/0x440
[ 53.158907][ T3601] ? rcu_read_lock_sched_held+0xd/0x70
[ 53.164355][ T3601] ? __init_waitqueue_head+0xd0/0xd0
[ 53.169634][ T3601] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 53.175864][ T3601] ? __phys_addr+0xc4/0x140
[ 53.180450][ T3601] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 53.186674][ T3601] ? __phys_addr_symbol+0x2c/0x70
[ 53.191688][ T3601] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 53.197393][ T3601] ? __check_object_size+0x16c/0x4f0
[ 53.202666][ T3601] file_tty_write.constprop.0+0x520/0x900
[ 53.208377][ T3601] ? n_tty_check_unthrottle+0x440/0x440
[ 53.213998][ T3601] new_sync_write+0x38a/0x560
[ 53.218662][ T3601] ? new_sync_read+0x5f0/0x5f0
[ 53.223417][ T3601] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 53.229643][ T3601] ? security_file_permission+0xab/0xd0
[ 53.235176][ T3601] vfs_write+0x7c0/0xac0
[ 53.239404][ T3601] ksys_write+0x127/0x250
[ 53.243720][ T3601] ? __ia32_sys_read+0xb0/0xb0
[ 53.248470][ T3601] ? _raw_spin_unlock_irq+0x2a/0x40
[ 53.253656][ T3601] ? ptrace_notify+0xfa/0x140
[ 53.258325][ T3601] do_syscall_64+0x35/0xb0
[ 53.262730][ T3601] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 53.268612][ T3601] RIP: 0033:0x7f01e8b48109
[ 53.273011][ T3601] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.292602][ T3601] RSP: 002b:00007ffeb1412db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.300998][ T3601] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01e8b48109
[ 53.308954][ T3601] RDX: 0000000000000060 RSI: 0000000020000380 RDI: 0000000000000003
[ 53.316910][ T3601] RBP: 00007ffeb1412dd0 R08: 0000000000000001 R09: 0000000000000001
[ 53.324864][ T3601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 53.332819][ T3601] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 53.340779][ T3601]
[pid 3601] write(3, "\x60\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 96
[pid 3599] kill(-3601, SIGKILL) = 0
[pid 3601] <... write resumed>) = ?
[pid 3599] kill(3601, SIGKILL) = 0
[pid 3601] +++ killed by SIGKILL +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3601, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=29} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564a95d0) = 3602
./strace-static-x86_64: Process 3602 attached
[pid 3602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3602] setpgid(0, 0) = 0
[pid 3602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3602] write(3, "1000", 4) = 4
[pid 3602] close(3) = 0
[pid 3602] openat(AT_FDCWD, "/dev/char/2:20", O_RDWR) = 3
[pid 3602] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 3602] write(4, "3", 1) = 1