[ OK ] Started Getty on tty2. Starting Load/Save RF Kill Switch Status... [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.254' (ECDSA) to the list of known hosts. syzkaller login: [ 57.851900][ T6877] FAULT_INJECTION: forcing a failure. [ 57.851900][ T6877] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 57.865095][ T6877] CPU: 1 PID: 6877 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 57.873745][ T6877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.883818][ T6877] Call Trace: [ 57.887089][ T6877] dump_stack+0x198/0x1fd [ 57.891397][ T6877] should_fail.cold+0x5/0x14 [ 57.895968][ T6877] __alloc_pages_nodemask+0x183/0x790 [ 57.901324][ T6877] ? __alloc_pages_slowpath.constprop.0+0x28c0/0x28c0 [ 57.908068][ T6877] cache_grow_begin+0x71/0x4a0 [ 57.912809][ T6877] cache_alloc_refill+0x27f/0x380 [ 57.917810][ T6877] ? lockdep_hardirqs_off+0x96/0xd0 [ 57.922984][ T6877] ? tomoyo_realpath_from_path+0xc3/0x620 [ 57.928729][ T6877] __kmalloc+0x2f9/0x360 [ 57.932952][ T6877] tomoyo_realpath_from_path+0xc3/0x620 [ 57.938479][ T6877] tomoyo_check_open_permission+0x272/0x380 [ 57.944347][ T6877] ? tomoyo_path_number_perm+0x590/0x590 [ 57.950003][ T6877] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 57.955990][ T6877] ? lock_downgrade+0x830/0x830 [ 57.960815][ T6877] ? do_raw_spin_lock+0x120/0x2b0 [ 57.965818][ T6877] tomoyo_file_open+0xa3/0xd0 [ 57.970469][ T6877] security_file_open+0x52/0x4f0 [ 57.975380][ T6877] ? __mnt_want_write+0x1bc/0x2a0 [ 57.980382][ T6877] do_dentry_open+0x358/0x11b0 [ 57.985121][ T6877] ? may_open+0x1e4/0x400 [ 57.989428][ T6877] path_openat+0x1b9a/0x2730 [ 57.993998][ T6877] ? path_lookupat+0x830/0x830 [ 57.998738][ T6877] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 58.004705][ T6877] ? lock_is_held_type+0xbb/0xf0 [ 58.009631][ T6877] do_filp_open+0x17e/0x3c0 [ 58.014107][ T6877] ? may_open_dev+0xf0/0xf0 [ 58.018590][ T6877] ? do_raw_spin_lock+0x120/0x2b0 [ 58.023599][ T6877] ? rwlock_bug.part.0+0x90/0x90 [ 58.028527][ T6877] ? _raw_spin_unlock+0x24/0x40 [ 58.033349][ T6877] ? __alloc_fd+0x28d/0x600 [ 58.037837][ T6877] do_sys_openat2+0x16d/0x420 [ 58.042498][ T6877] ? build_open_flags+0x650/0x650 [ 58.047500][ T6877] ? blkcg_maybe_throttle_current+0x617/0xf00 [ 58.053557][ T6877] ? check_preemption_disabled+0x50/0x130 [ 58.059248][ T6877] ? call_rcu+0x383/0x7c0 [ 58.063554][ T6877] ? lock_is_held_type+0xbb/0xf0 [ 58.068467][ T6877] __x64_sys_open+0x119/0x1c0 [ 58.073133][ T6877] ? do_sys_open+0x140/0x140 [ 58.077698][ T6877] ? lock_is_held_type+0xbb/0xf0 [ 58.082610][ T6877] ? syscall_enter_from_user_mode+0x1d/0x60 [ 58.088485][ T6877] ? check_preemption_disabled+0x50/0x130 [ 58.094178][ T6877] ? syscall_enter_from_user_mode+0x1d/0x60 [ 58.100060][ T6877] do_syscall_64+0x2d/0x70 [ 58.104451][ T6877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.110330][ T6877] RIP: 0033:0x401600 [ 58.114204][ T6877] Code: 01 f0 ff ff 0f 83 40 0e 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d cd 30 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0e 00 00 c3 48 83 ec 08 e8 7a 03 00 00 [ 58.133780][ T6877] RSP: 002b:00007ffe0cacdfc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 58.142164][ T6877] RAX: ffffffffffffffda RBX: 00007ffe0cacdff1 RCX: 0000000000401600 executing program [ 58.150112][ T6877] RDX: 00007ffe0cacdff6 RSI: 0000000000080001 RDI: 00000000004a2b88 [ 58.158072][ T6877] RBP: 00007ffe0cacdff0 R08: 0000000000000000 R09: 0000000000000001 [ 58.166022][ T6877] R10: 0000000000000032 R11: 0000000000000246 R12: 00000000004a2b88 [ 58.173967][ T6877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 58.191615][ T6878] FAULT_INJECTION: forcing a failure. [ 58.191615][ T6878] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 58.205098][ T6878] CPU: 1 PID: 6878 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 58.213757][ T6878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.223784][ T6878] Call Trace: [ 58.227053][ T6878] dump_stack+0x198/0x1fd [ 58.231367][ T6878] should_fail.cold+0x5/0x14 [ 58.235935][ T6878] __alloc_pages_nodemask+0x183/0x790 [ 58.241283][ T6878] ? __alloc_pages_slowpath.constprop.0+0x28c0/0x28c0 [ 58.248034][ T6878] ? __kernel_text_address+0x9/0x30 [ 58.253222][ T6878] ? unwind_get_return_address+0x51/0x90 [ 58.258851][ T6878] alloc_pages_current+0x191/0x2a0 [ 58.263939][ T6878] ? stack_trace_save+0x8c/0xc0 [ 58.268766][ T6878] stack_depot_save+0x3a0/0x470 [ 58.273593][ T6878] ? tipc_sendmsg+0x4c/0x70 [ 58.278071][ T6878] ? sock_sendmsg+0xcf/0x120 [ 58.282639][ T6878] kasan_save_stack+0x32/0x40 [ 58.287290][ T6878] ? kasan_save_stack+0x1b/0x40 [ 58.292112][ T6878] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 58.297897][ T6878] ? __alloc_skb+0xae/0x550 [ 58.302374][ T6878] ? tipc_buf_acquire+0x28/0xf0 [ 58.307199][ T6878] ? tipc_msg_build+0x6b8/0x10c0 [ 58.312110][ T6878] ? tipc_sendmcast+0x855/0xef0 [ 58.316934][ T6878] ? __tipc_sendmsg+0xee3/0x18a0 [ 58.321842][ T6878] ? tipc_sendmsg+0x4c/0x70 [ 58.326318][ T6878] ? sock_sendmsg+0xcf/0x120 [ 58.330898][ T6878] ? ____sys_sendmsg+0x6e8/0x810 [ 58.335807][ T6878] ? ___sys_sendmsg+0xf3/0x170 [ 58.340555][ T6878] ? __sys_sendmsg+0xe5/0x1b0 [ 58.345206][ T6878] ? do_syscall_64+0x2d/0x70 [ 58.349769][ T6878] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.355812][ T6878] ? lock_downgrade+0x830/0x830 [ 58.360638][ T6878] ? check_preemption_disabled+0x50/0x130 [ 58.366352][ T6878] ? lockdep_hardirqs_on+0x53/0x100 [ 58.371527][ T6878] ? quarantine_reduce+0x1a7/0x200 [ 58.376612][ T6878] ? lock_is_held_type+0xbb/0xf0 [ 58.381522][ T6878] ? __kmalloc_node_track_caller+0x38/0x60 [ 58.387305][ T6878] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 58.392821][ T6878] ? kmem_cache_alloc_node_trace+0x39d/0x430 [ 58.398778][ T6878] ? kasan_unpoison_shadow+0x33/0x40 [ 58.404036][ T6878] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 58.409645][ T6878] __alloc_skb+0xae/0x550 [ 58.413951][ T6878] tipc_buf_acquire+0x28/0xf0 [ 58.418601][ T6878] tipc_msg_build+0x6b8/0x10c0 [ 58.423344][ T6878] ? tipc_nametbl_lookup_dst_nodes+0x1d1/0x2c0 [ 58.429471][ T6878] ? tipc_msg_assemble+0x500/0x500 [ 58.434567][ T6878] ? tipc_nametbl_lookup_dst_nodes+0x1e0/0x2c0 [ 58.440713][ T6878] tipc_sendmcast+0x855/0xef0 [ 58.445378][ T6878] ? tipc_poll+0x760/0x760 [ 58.449771][ T6878] ? lock_release+0x615/0x8f0 [ 58.454436][ T6878] ? lock_downgrade+0x830/0x830 [ 58.459276][ T6878] ? unwind_next_frame+0xe3b/0x1f90 [ 58.464455][ T6878] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.470502][ T6878] ? __init_waitqueue_head+0x110/0x110 [ 58.475951][ T6878] ? kernel_text_address+0xbd/0xf0 [ 58.481050][ T6878] ? __kernel_text_address+0x9/0x30 [ 58.486234][ T6878] ? unwind_get_return_address+0x51/0x90 [ 58.491853][ T6878] ? profile_setup.cold+0xc1/0xc1 [ 58.496873][ T6878] ? __bfs+0x75/0x5a0 [ 58.500834][ T6878] __tipc_sendmsg+0xee3/0x18a0 [ 58.505576][ T6878] ? print_shortest_lock_dependencies+0x80/0x80 [ 58.511791][ T6878] ? stack_trace_consume_entry+0x160/0x160 [ 58.517574][ T6878] ? tipc_sendmcast+0xef0/0xef0 [ 58.522415][ T6878] ? save_trace+0x43/0xba0 [ 58.526817][ T6878] ? tipc_sendmsg+0x3e/0x70 [ 58.531316][ T6878] ? mark_lock+0x8c4/0x1660 [ 58.535803][ T6878] ? mark_held_locks+0x9f/0xe0 [ 58.540546][ T6878] ? lock_sock_nested+0x94/0x110 [ 58.545468][ T6878] ? __local_bh_enable_ip+0x10f/0x1f0 [ 58.550822][ T6878] ? check_preemption_disabled+0x50/0x130 [ 58.556518][ T6878] ? __local_bh_enable_ip+0x10f/0x1f0 [ 58.561951][ T6878] ? lock_sock_nested+0x94/0x110 [ 58.566865][ T6878] tipc_sendmsg+0x4c/0x70 [ 58.571171][ T6878] ? __tipc_sendmsg+0x18a0/0x18a0 [ 58.576172][ T6878] sock_sendmsg+0xcf/0x120 [ 58.580570][ T6878] ____sys_sendmsg+0x6e8/0x810 [ 58.585307][ T6878] ? kernel_sendmsg+0x50/0x50 [ 58.589956][ T6878] ? do_recvmmsg+0x6d0/0x6d0 [ 58.594523][ T6878] ? lock_downgrade+0x830/0x830 [ 58.599348][ T6878] ? _parse_integer+0x132/0x180 [ 58.604173][ T6878] ___sys_sendmsg+0xf3/0x170 [ 58.608739][ T6878] ? sendmsg_copy_msghdr+0x160/0x160 [ 58.614011][ T6878] ? lock_is_held_type+0xbb/0xf0 [ 58.618927][ T6878] ? get_pid_task+0x116/0x200 [ 58.623578][ T6878] ? lock_downgrade+0x830/0x830 [ 58.628459][ T6878] ? vfs_write+0x54f/0x730 [ 58.632859][ T6878] ? lock_is_held_type+0xbb/0xf0 [ 58.637779][ T6878] ? vfs_write+0x397/0x730 [ 58.642175][ T6878] ? lock_downgrade+0x830/0x830 [ 58.646999][ T6878] ? get_pid_task+0x138/0x200 [ 58.651655][ T6878] ? __fget_light+0x215/0x280 [ 58.656313][ T6878] __sys_sendmsg+0xe5/0x1b0 [ 58.660794][ T6878] ? __sys_sendmsg_sock+0xb0/0xb0 [ 58.665828][ T6878] ? check_preemption_disabled+0x50/0x130 [ 58.671523][ T6878] ? syscall_enter_from_user_mode+0x1d/0x60 [ 58.677402][ T6878] do_syscall_64+0x2d/0x70 [ 58.681798][ T6878] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.687669][ T6878] RIP: 0033:0x4419d9 [ 58.691542][ T6878] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.711148][ T6878] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.719534][ T6878] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 58.727480][ T6878] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 58.735428][ T6878] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000402930 [ 58.743374][ T6878] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 executing program [ 58.751320][ T6878] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 58.768709][ T6879] FAULT_INJECTION: forcing a failure. [ 58.768709][ T6879] name failslab, interval 1, probability 0, space 0, times 1 [ 58.781522][ T6879] CPU: 1 PID: 6879 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 58.790193][ T6879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.800239][ T6879] Call Trace: [ 58.803520][ T6879] dump_stack+0x198/0x1fd [ 58.807830][ T6879] should_fail.cold+0x5/0x14 [ 58.812398][ T6879] should_failslab+0x5/0xf [ 58.816789][ T6879] slab_pre_alloc_hook.constprop.0+0xf4/0x1f0 [ 58.822850][ T6879] kmem_cache_alloc_node_trace+0x55/0x430 [ 58.828547][ T6879] ? __alloc_skb+0x71/0x550 [ 58.833023][ T6879] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 58.838542][ T6879] ? kmem_cache_alloc_node+0x38d/0x430 [ 58.843974][ T6879] __kmalloc_node_track_caller+0x38/0x60 [ 58.849580][ T6879] __alloc_skb+0xae/0x550 [ 58.853901][ T6879] tipc_buf_acquire+0x28/0xf0 [ 58.858554][ T6879] tipc_msg_build+0x92e/0x10c0 [ 58.863294][ T6879] ? tipc_msg_assemble+0x500/0x500 [ 58.868386][ T6879] ? tipc_nametbl_lookup_dst_nodes+0x1e0/0x2c0 [ 58.874515][ T6879] tipc_sendmcast+0x855/0xef0 [ 58.879168][ T6879] ? up_write+0x191/0x560 [ 58.883476][ T6879] ? tipc_poll+0x760/0x760 [ 58.887867][ T6879] ? mark_lock+0x82/0x1660 [ 58.892262][ T6879] ? __init_waitqueue_head+0x110/0x110 [ 58.897699][ T6879] ? mark_lock+0x82/0x1660 [ 58.902097][ T6879] ? __lock_acquire+0x164a/0x5780 [ 58.907097][ T6879] __tipc_sendmsg+0xee3/0x18a0 [ 58.911835][ T6879] ? find_held_lock+0x2d/0x110 [ 58.916576][ T6879] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 58.922529][ T6879] ? tipc_sendmcast+0xef0/0xef0 [ 58.927356][ T6879] ? lock_acquire+0x1f3/0xaf0 [ 58.932006][ T6879] ? tipc_sendmsg+0x3e/0x70 [ 58.936487][ T6879] ? mark_lock+0x82/0x1660 [ 58.940887][ T6879] ? lock_downgrade+0x830/0x830 [ 58.945714][ T6879] ? mark_held_locks+0x9f/0xe0 [ 58.950452][ T6879] ? lock_sock_nested+0x94/0x110 [ 58.955369][ T6879] ? __local_bh_enable_ip+0x10f/0x1f0 [ 58.960714][ T6879] ? check_preemption_disabled+0x50/0x130 [ 58.966407][ T6879] ? __local_bh_enable_ip+0x10f/0x1f0 [ 58.971750][ T6879] ? lock_sock_nested+0x94/0x110 [ 58.976663][ T6879] tipc_sendmsg+0x4c/0x70 [ 58.980966][ T6879] ? __tipc_sendmsg+0x18a0/0x18a0 [ 58.985965][ T6879] sock_sendmsg+0xcf/0x120 [ 58.990370][ T6879] ____sys_sendmsg+0x6e8/0x810 [ 58.995109][ T6879] ? kernel_sendmsg+0x50/0x50 [ 58.999758][ T6879] ? do_recvmmsg+0x6d0/0x6d0 [ 59.004328][ T6879] ? lock_downgrade+0x830/0x830 [ 59.009155][ T6879] ? _parse_integer+0x132/0x180 [ 59.013995][ T6879] ___sys_sendmsg+0xf3/0x170 [ 59.018569][ T6879] ? sendmsg_copy_msghdr+0x160/0x160 [ 59.023838][ T6879] ? lock_is_held_type+0xbb/0xf0 [ 59.028750][ T6879] ? get_pid_task+0x116/0x200 [ 59.033402][ T6879] ? lock_downgrade+0x830/0x830 [ 59.038224][ T6879] ? vfs_write+0x54f/0x730 [ 59.042613][ T6879] ? lock_is_held_type+0xbb/0xf0 [ 59.047525][ T6879] ? vfs_write+0x397/0x730 [ 59.051917][ T6879] ? lock_downgrade+0x830/0x830 [ 59.056739][ T6879] ? get_pid_task+0x138/0x200 [ 59.061400][ T6879] ? __fget_light+0x215/0x280 [ 59.066054][ T6879] __sys_sendmsg+0xe5/0x1b0 [ 59.070530][ T6879] ? __sys_sendmsg_sock+0xb0/0xb0 [ 59.075535][ T6879] ? check_preemption_disabled+0x50/0x130 [ 59.081227][ T6879] ? syscall_enter_from_user_mode+0x1d/0x60 [ 59.087098][ T6879] do_syscall_64+0x2d/0x70 [ 59.091488][ T6879] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.097353][ T6879] RIP: 0033:0x4419d9 [ 59.101224][ T6879] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.120800][ T6879] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.129193][ T6879] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 59.137141][ T6879] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 59.145089][ T6879] RBP: 000000000000e34a R08: 0000000000000001 R09: 0000000000402930 executing program [ 59.153046][ T6879] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 [ 59.160992][ T6879] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 59.177159][ T6880] FAULT_INJECTION: forcing a failure. [ 59.177159][ T6880] name failslab, interval 1, probability 0, space 0, times 0 [ 59.190921][ T6880] CPU: 0 PID: 6880 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 59.199583][ T6880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.209611][ T6880] Call Trace: [ 59.212879][ T6880] dump_stack+0x198/0x1fd [ 59.217188][ T6880] should_fail.cold+0x5/0x14 [ 59.221754][ T6880] should_failslab+0x5/0xf [ 59.226146][ T6880] slab_pre_alloc_hook.constprop.0+0xf4/0x1f0 [ 59.232229][ T6880] kmem_cache_alloc_node_trace+0x55/0x430 [ 59.237926][ T6880] ? __alloc_skb+0x71/0x550 [ 59.242407][ T6880] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 59.247926][ T6880] ? kmem_cache_alloc_node+0x38d/0x430 [ 59.253360][ T6880] __kmalloc_node_track_caller+0x38/0x60 [ 59.258968][ T6880] __alloc_skb+0xae/0x550 [ 59.263276][ T6880] tipc_buf_acquire+0x28/0xf0 [ 59.267947][ T6880] tipc_msg_build+0x92e/0x10c0 [ 59.272711][ T6880] ? tipc_msg_assemble+0x500/0x500 [ 59.277803][ T6880] ? tipc_nametbl_lookup_dst_nodes+0x1e0/0x2c0 [ 59.283947][ T6880] tipc_sendmcast+0x855/0xef0 [ 59.288635][ T6880] ? up_write+0x191/0x560 [ 59.292947][ T6880] ? tipc_poll+0x760/0x760 [ 59.297346][ T6880] ? mark_lock+0x82/0x1660 [ 59.301743][ T6880] ? __init_waitqueue_head+0x110/0x110 [ 59.307188][ T6880] ? mark_lock+0x82/0x1660 [ 59.311602][ T6880] ? __lock_acquire+0x164a/0x5780 [ 59.316615][ T6880] __tipc_sendmsg+0xee3/0x18a0 [ 59.321355][ T6880] ? find_held_lock+0x2d/0x110 [ 59.326098][ T6880] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 59.332059][ T6880] ? tipc_sendmcast+0xef0/0xef0 [ 59.336887][ T6880] ? lock_acquire+0x1f3/0xaf0 [ 59.341539][ T6880] ? tipc_sendmsg+0x3e/0x70 [ 59.346018][ T6880] ? mark_lock+0x82/0x1660 [ 59.350409][ T6880] ? lock_downgrade+0x830/0x830 [ 59.355255][ T6880] ? mark_held_locks+0x9f/0xe0 [ 59.360017][ T6880] ? lock_sock_nested+0x94/0x110 [ 59.364929][ T6880] ? __local_bh_enable_ip+0x10f/0x1f0 [ 59.370275][ T6880] ? check_preemption_disabled+0x50/0x130 [ 59.376403][ T6880] ? __local_bh_enable_ip+0x10f/0x1f0 [ 59.381748][ T6880] ? lock_sock_nested+0x94/0x110 [ 59.386663][ T6880] tipc_sendmsg+0x4c/0x70 [ 59.390981][ T6880] ? __tipc_sendmsg+0x18a0/0x18a0 [ 59.395981][ T6880] sock_sendmsg+0xcf/0x120 [ 59.400374][ T6880] ____sys_sendmsg+0x6e8/0x810 [ 59.405113][ T6880] ? kernel_sendmsg+0x50/0x50 [ 59.409763][ T6880] ? do_recvmmsg+0x6d0/0x6d0 [ 59.414346][ T6880] ? lock_downgrade+0x830/0x830 [ 59.419188][ T6880] ? _parse_integer+0x132/0x180 [ 59.424015][ T6880] ___sys_sendmsg+0xf3/0x170 [ 59.428579][ T6880] ? sendmsg_copy_msghdr+0x160/0x160 [ 59.433840][ T6880] ? lock_is_held_type+0xbb/0xf0 [ 59.438754][ T6880] ? get_pid_task+0x116/0x200 [ 59.443406][ T6880] ? lock_downgrade+0x830/0x830 [ 59.448230][ T6880] ? vfs_write+0x54f/0x730 [ 59.452621][ T6880] ? lock_is_held_type+0xbb/0xf0 [ 59.457537][ T6880] ? vfs_write+0x397/0x730 [ 59.461945][ T6880] ? lock_downgrade+0x830/0x830 [ 59.466781][ T6880] ? get_pid_task+0x138/0x200 [ 59.471445][ T6880] ? __fget_light+0x215/0x280 [ 59.476107][ T6880] __sys_sendmsg+0xe5/0x1b0 [ 59.480584][ T6880] ? __sys_sendmsg_sock+0xb0/0xb0 [ 59.485658][ T6880] ? check_preemption_disabled+0x50/0x130 [ 59.491391][ T6880] ? syscall_enter_from_user_mode+0x1d/0x60 [ 59.497263][ T6880] do_syscall_64+0x2d/0x70 [ 59.501662][ T6880] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.507529][ T6880] RIP: 0033:0x4419d9 [ 59.511402][ T6880] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.530985][ T6880] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.539380][ T6880] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 59.547327][ T6880] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 executing program [ 59.555288][ T6880] RBP: 000000000000e58e R08: 0000000000000001 R09: 0000000000402930 [ 59.563236][ T6880] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 [ 59.571183][ T6880] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 59.590689][ T6881] FAULT_INJECTION: forcing a failure. [ 59.590689][ T6881] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 59.603891][ T6881] CPU: 0 PID: 6881 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 59.612545][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.622574][ T6881] Call Trace: [ 59.625843][ T6881] dump_stack+0x198/0x1fd [ 59.630151][ T6881] should_fail.cold+0x5/0x14 [ 59.634716][ T6881] __alloc_pages_nodemask+0x183/0x790 [ 59.640075][ T6881] ? __alloc_pages_slowpath.constprop.0+0x28c0/0x28c0 [ 59.646816][ T6881] ? lock_is_held_type+0xbb/0xf0 [ 59.651793][ T6881] ? fs_reclaim_release+0x90/0xd0 [ 59.656812][ T6881] cache_grow_begin+0x71/0x4a0 [ 59.661563][ T6881] cache_alloc_refill+0x27f/0x380 [ 59.666568][ T6881] ? lockdep_hardirqs_off+0x96/0xd0 [ 59.671745][ T6881] kmem_cache_alloc_node+0x3cb/0x430 [ 59.677061][ T6881] ? copyin+0x10e/0x140 [ 59.681213][ T6881] __alloc_skb+0x71/0x550 [ 59.685522][ T6881] tipc_buf_acquire+0x28/0xf0 [ 59.690176][ T6881] tipc_msg_build+0x92e/0x10c0 [ 59.694918][ T6881] ? tipc_msg_assemble+0x500/0x500 [ 59.700013][ T6881] ? tipc_nametbl_lookup_dst_nodes+0x1e0/0x2c0 [ 59.706145][ T6881] tipc_sendmcast+0x855/0xef0 [ 59.710799][ T6881] ? up_write+0x191/0x560 [ 59.715114][ T6881] ? tipc_poll+0x760/0x760 [ 59.719515][ T6881] ? mark_lock+0x82/0x1660 [ 59.723954][ T6881] ? __init_waitqueue_head+0x110/0x110 [ 59.729410][ T6881] ? mark_lock+0x82/0x1660 [ 59.733806][ T6881] ? __lock_acquire+0x164a/0x5780 [ 59.738807][ T6881] __tipc_sendmsg+0xee3/0x18a0 [ 59.743548][ T6881] ? find_held_lock+0x2d/0x110 [ 59.748288][ T6881] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 59.754239][ T6881] ? tipc_sendmcast+0xef0/0xef0 [ 59.759066][ T6881] ? lock_acquire+0x1f3/0xaf0 [ 59.763718][ T6881] ? tipc_sendmsg+0x3e/0x70 [ 59.768200][ T6881] ? mark_lock+0x82/0x1660 [ 59.772590][ T6881] ? lock_downgrade+0x830/0x830 [ 59.777417][ T6881] ? mark_held_locks+0x9f/0xe0 [ 59.782157][ T6881] ? lock_sock_nested+0x94/0x110 [ 59.787077][ T6881] ? __local_bh_enable_ip+0x10f/0x1f0 [ 59.792426][ T6881] ? check_preemption_disabled+0x50/0x130 [ 59.798121][ T6881] ? __local_bh_enable_ip+0x10f/0x1f0 [ 59.803466][ T6881] ? lock_sock_nested+0x94/0x110 [ 59.808381][ T6881] tipc_sendmsg+0x4c/0x70 [ 59.812685][ T6881] ? __tipc_sendmsg+0x18a0/0x18a0 [ 59.817683][ T6881] sock_sendmsg+0xcf/0x120 [ 59.822123][ T6881] ____sys_sendmsg+0x6e8/0x810 [ 59.826864][ T6881] ? kernel_sendmsg+0x50/0x50 [ 59.831512][ T6881] ? do_recvmmsg+0x6d0/0x6d0 [ 59.836079][ T6881] ? lock_downgrade+0x830/0x830 [ 59.840907][ T6881] ? _parse_integer+0x132/0x180 [ 59.845737][ T6881] ___sys_sendmsg+0xf3/0x170 [ 59.850430][ T6881] ? sendmsg_copy_msghdr+0x160/0x160 [ 59.855692][ T6881] ? lock_is_held_type+0xbb/0xf0 [ 59.860606][ T6881] ? get_pid_task+0x116/0x200 [ 59.865258][ T6881] ? lock_downgrade+0x830/0x830 [ 59.870081][ T6881] ? vfs_write+0x54f/0x730 [ 59.874501][ T6881] ? lock_is_held_type+0xbb/0xf0 [ 59.879415][ T6881] ? vfs_write+0x397/0x730 [ 59.883807][ T6881] ? lock_downgrade+0x830/0x830 [ 59.888630][ T6881] ? get_pid_task+0x138/0x200 [ 59.893281][ T6881] ? __fget_light+0x215/0x280 [ 59.897955][ T6881] __sys_sendmsg+0xe5/0x1b0 [ 59.902433][ T6881] ? __sys_sendmsg_sock+0xb0/0xb0 [ 59.907443][ T6881] ? check_preemption_disabled+0x50/0x130 [ 59.913136][ T6881] ? syscall_enter_from_user_mode+0x1d/0x60 [ 59.919016][ T6881] do_syscall_64+0x2d/0x70 [ 59.923409][ T6881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.929274][ T6881] RIP: 0033:0x4419d9 [ 59.933158][ T6881] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.952735][ T6881] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e executing program [ 59.961207][ T6881] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 59.969153][ T6881] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 59.977102][ T6881] RBP: 000000000000e725 R08: 0000000000000001 R09: 0000000000402930 [ 59.985051][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 [ 59.993010][ T6881] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 60.012400][ T6882] FAULT_INJECTION: forcing a failure. [ 60.012400][ T6882] name failslab, interval 1, probability 0, space 0, times 0 [ 60.025131][ T6882] CPU: 0 PID: 6882 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 60.033792][ T6882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.043821][ T6882] Call Trace: [ 60.047100][ T6882] dump_stack+0x198/0x1fd [ 60.051408][ T6882] should_fail.cold+0x5/0x14 [ 60.055992][ T6882] should_failslab+0x5/0xf [ 60.060397][ T6882] slab_pre_alloc_hook.constprop.0+0xf4/0x1f0 [ 60.066441][ T6882] kmem_cache_alloc_node_trace+0x55/0x430 [ 60.072137][ T6882] ? __alloc_skb+0x71/0x550 [ 60.076616][ T6882] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 60.082132][ T6882] ? kmem_cache_alloc_node+0x38d/0x430 [ 60.087566][ T6882] __kmalloc_node_track_caller+0x38/0x60 [ 60.093172][ T6882] __alloc_skb+0xae/0x550 [ 60.097481][ T6882] tipc_buf_acquire+0x28/0xf0 [ 60.102132][ T6882] tipc_msg_build+0x92e/0x10c0 [ 60.106888][ T6882] ? tipc_msg_assemble+0x500/0x500 [ 60.111982][ T6882] ? tipc_nametbl_lookup_dst_nodes+0x1e0/0x2c0 [ 60.118113][ T6882] tipc_sendmcast+0x855/0xef0 [ 60.122766][ T6882] ? up_write+0x191/0x560 [ 60.127078][ T6882] ? tipc_poll+0x760/0x760 [ 60.131470][ T6882] ? mark_lock+0x82/0x1660 [ 60.135865][ T6882] ? __init_waitqueue_head+0x110/0x110 [ 60.141300][ T6882] ? mark_lock+0x82/0x1660 [ 60.145695][ T6882] ? __lock_acquire+0x164a/0x5780 [ 60.150696][ T6882] __tipc_sendmsg+0xee3/0x18a0 [ 60.155435][ T6882] ? find_held_lock+0x2d/0x110 [ 60.160174][ T6882] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 60.166128][ T6882] ? tipc_sendmcast+0xef0/0xef0 [ 60.170954][ T6882] ? lock_acquire+0x1f3/0xaf0 [ 60.175613][ T6882] ? tipc_sendmsg+0x3e/0x70 [ 60.180091][ T6882] ? mark_lock+0x82/0x1660 [ 60.184482][ T6882] ? lock_downgrade+0x830/0x830 [ 60.189309][ T6882] ? mark_held_locks+0x9f/0xe0 [ 60.194054][ T6882] ? lock_sock_nested+0x94/0x110 [ 60.198986][ T6882] ? __local_bh_enable_ip+0x10f/0x1f0 [ 60.204349][ T6882] ? check_preemption_disabled+0x50/0x130 [ 60.210044][ T6882] ? __local_bh_enable_ip+0x10f/0x1f0 [ 60.215393][ T6882] ? lock_sock_nested+0x94/0x110 [ 60.220307][ T6882] tipc_sendmsg+0x4c/0x70 [ 60.224634][ T6882] ? __tipc_sendmsg+0x18a0/0x18a0 [ 60.229634][ T6882] sock_sendmsg+0xcf/0x120 [ 60.234028][ T6882] ____sys_sendmsg+0x6e8/0x810 [ 60.238780][ T6882] ? kernel_sendmsg+0x50/0x50 [ 60.243429][ T6882] ? do_recvmmsg+0x6d0/0x6d0 [ 60.247999][ T6882] ? lock_downgrade+0x830/0x830 [ 60.252851][ T6882] ? _parse_integer+0x132/0x180 [ 60.257692][ T6882] ___sys_sendmsg+0xf3/0x170 [ 60.262266][ T6882] ? sendmsg_copy_msghdr+0x160/0x160 [ 60.267528][ T6882] ? lock_is_held_type+0xbb/0xf0 [ 60.272449][ T6882] ? get_pid_task+0x116/0x200 [ 60.277104][ T6882] ? lock_downgrade+0x830/0x830 [ 60.281929][ T6882] ? vfs_write+0x54f/0x730 [ 60.286322][ T6882] ? lock_is_held_type+0xbb/0xf0 [ 60.291236][ T6882] ? vfs_write+0x397/0x730 [ 60.295640][ T6882] ? lock_downgrade+0x830/0x830 [ 60.300463][ T6882] ? get_pid_task+0x138/0x200 [ 60.305116][ T6882] ? __fget_light+0x215/0x280 [ 60.309769][ T6882] __sys_sendmsg+0xe5/0x1b0 [ 60.314245][ T6882] ? __sys_sendmsg_sock+0xb0/0xb0 [ 60.319250][ T6882] ? check_preemption_disabled+0x50/0x130 [ 60.324942][ T6882] ? syscall_enter_from_user_mode+0x1d/0x60 [ 60.330814][ T6882] do_syscall_64+0x2d/0x70 [ 60.335208][ T6882] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.341074][ T6882] RIP: 0033:0x4419d9 executing program [ 60.344946][ T6882] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.364532][ T6882] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 60.373018][ T6882] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 60.381013][ T6882] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 60.388971][ T6882] RBP: 000000000000e8c4 R08: 0000000000000001 R09: 0000000000402930 [ 60.396923][ T6882] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 [ 60.404918][ T6882] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 60.423261][ T6883] FAULT_INJECTION: forcing a failure. [ 60.423261][ T6883] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 60.436463][ T6883] CPU: 0 PID: 6883 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 60.445119][ T6883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.455149][ T6883] Call Trace: [ 60.458417][ T6883] dump_stack+0x198/0x1fd [ 60.462742][ T6883] should_fail.cold+0x5/0x14 [ 60.467318][ T6883] __alloc_pages_nodemask+0x183/0x790 [ 60.472680][ T6883] ? __alloc_pages_slowpath.constprop.0+0x28c0/0x28c0 [ 60.479439][ T6883] ? lock_is_held_type+0xbb/0xf0 [ 60.484359][ T6883] ? fs_reclaim_release+0x90/0xd0 [ 60.489376][ T6883] cache_grow_begin+0x71/0x4a0 [ 60.494119][ T6883] cache_alloc_refill+0x27f/0x380 [ 60.499123][ T6883] ? lockdep_hardirqs_off+0x96/0xd0 [ 60.504309][ T6883] kmem_cache_alloc_node+0x3cb/0x430 [ 60.509592][ T6883] ? copyin+0x10e/0x140 [ 60.513739][ T6883] __alloc_skb+0x71/0x550 [ 60.518050][ T6883] tipc_buf_acquire+0x28/0xf0 [ 60.522700][ T6883] tipc_msg_build+0x92e/0x10c0 [ 60.527446][ T6883] ? tipc_msg_assemble+0x500/0x500 [ 60.532538][ T6883] ? tipc_nametbl_lookup_dst_nodes+0x1e0/0x2c0 [ 60.538669][ T6883] tipc_sendmcast+0x855/0xef0 [ 60.543332][ T6883] ? lock_is_held_type+0xbb/0xf0 [ 60.548248][ T6883] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 60.553768][ T6883] ? tipc_poll+0x760/0x760 [ 60.558160][ T6883] ? lock_is_held_type+0xbb/0xf0 [ 60.563076][ T6883] ? __init_waitqueue_head+0x110/0x110 [ 60.568513][ T6883] ? lock_downgrade+0x830/0x830 [ 60.573340][ T6883] ? mark_lock+0x82/0x1660 [ 60.577736][ T6883] ? __lock_acquire+0x164a/0x5780 [ 60.582839][ T6883] __tipc_sendmsg+0xee3/0x18a0 [ 60.587583][ T6883] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 60.593537][ T6883] ? tipc_sendmcast+0xef0/0xef0 [ 60.598366][ T6883] ? lock_acquire+0x1f3/0xaf0 [ 60.603016][ T6883] ? tipc_sendmsg+0x3e/0x70 [ 60.607513][ T6883] ? mark_lock+0x82/0x1660 [ 60.611905][ T6883] ? lock_downgrade+0x830/0x830 [ 60.616733][ T6883] ? mark_held_locks+0x9f/0xe0 [ 60.621470][ T6883] ? lock_sock_nested+0x94/0x110 [ 60.626396][ T6883] ? __local_bh_enable_ip+0x10f/0x1f0 [ 60.631793][ T6883] ? check_preemption_disabled+0x50/0x130 [ 60.637494][ T6883] ? __local_bh_enable_ip+0x10f/0x1f0 [ 60.642841][ T6883] ? lock_sock_nested+0x94/0x110 [ 60.647759][ T6883] tipc_sendmsg+0x4c/0x70 [ 60.652066][ T6883] ? __tipc_sendmsg+0x18a0/0x18a0 [ 60.657206][ T6883] sock_sendmsg+0xcf/0x120 [ 60.661602][ T6883] ____sys_sendmsg+0x6e8/0x810 [ 60.666383][ T6883] ? kernel_sendmsg+0x50/0x50 [ 60.671034][ T6883] ? do_recvmmsg+0x6d0/0x6d0 [ 60.675602][ T6883] ? lock_downgrade+0x830/0x830 [ 60.680428][ T6883] ? _parse_integer+0x132/0x180 [ 60.685270][ T6883] ___sys_sendmsg+0xf3/0x170 [ 60.689838][ T6883] ? sendmsg_copy_msghdr+0x160/0x160 [ 60.695100][ T6883] ? lock_is_held_type+0xbb/0xf0 [ 60.700015][ T6883] ? get_pid_task+0x116/0x200 [ 60.704695][ T6883] ? lock_downgrade+0x830/0x830 [ 60.709524][ T6883] ? vfs_write+0x54f/0x730 [ 60.713917][ T6883] ? lock_is_held_type+0xbb/0xf0 [ 60.718832][ T6883] ? vfs_write+0x397/0x730 [ 60.723224][ T6883] ? lock_downgrade+0x830/0x830 [ 60.728051][ T6883] ? get_pid_task+0x138/0x200 [ 60.732703][ T6883] ? __fget_light+0x215/0x280 [ 60.737361][ T6883] __sys_sendmsg+0xe5/0x1b0 [ 60.741839][ T6883] ? __sys_sendmsg_sock+0xb0/0xb0 [ 60.746848][ T6883] ? check_preemption_disabled+0x50/0x130 [ 60.752542][ T6883] ? syscall_enter_from_user_mode+0x1d/0x60 [ 60.758414][ T6883] do_syscall_64+0x2d/0x70 [ 60.762820][ T6883] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.768688][ T6883] RIP: 0033:0x4419d9 [ 60.772559][ T6883] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.792141][ T6883] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 60.800536][ T6883] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 60.808486][ T6883] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 60.816434][ T6883] RBP: 000000000000ea69 R08: 0000000000000001 R09: 0000000000402930 executing program [ 60.824384][ T6883] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 [ 60.832341][ T6883] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 60.850268][ T6884] FAULT_INJECTION: forcing a failure. [ 60.850268][ T6884] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 60.863473][ T6884] CPU: 1 PID: 6884 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 60.872130][ T6884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.882159][ T6884] Call Trace: [ 60.885426][ T6884] dump_stack+0x198/0x1fd [ 60.889730][ T6884] should_fail.cold+0x5/0x14 [ 60.894296][ T6884] __alloc_pages_nodemask+0x183/0x790 [ 60.899651][ T6884] ? __alloc_pages_slowpath.constprop.0+0x28c0/0x28c0 [ 60.906388][ T6884] ? lock_is_held_type+0xbb/0xf0 [ 60.911303][ T6884] ? fs_reclaim_release+0x90/0xd0 [ 60.916305][ T6884] cache_grow_begin+0x71/0x4a0 [ 60.921045][ T6884] cache_alloc_refill+0x27f/0x380 [ 60.926046][ T6884] ? lockdep_hardirqs_off+0x96/0xd0 [ 60.931220][ T6884] kmem_cache_alloc_node+0x3cb/0x430 [ 60.936480][ T6884] ? copyin+0x10e/0x140 [ 60.940616][ T6884] __alloc_skb+0x71/0x550 [ 60.944971][ T6884] tipc_buf_acquire+0x28/0xf0 [ 60.949626][ T6884] tipc_msg_build+0x92e/0x10c0 [ 60.954397][ T6884] ? tipc_msg_assemble+0x500/0x500 [ 60.959510][ T6884] ? tipc_nametbl_lookup_dst_nodes+0x1e0/0x2c0 [ 60.965642][ T6884] tipc_sendmcast+0x855/0xef0 [ 60.970295][ T6884] ? up_write+0x191/0x560 [ 60.974603][ T6884] ? tipc_poll+0x760/0x760 [ 60.979003][ T6884] ? mark_lock+0x82/0x1660 [ 60.983398][ T6884] ? __init_waitqueue_head+0x110/0x110 [ 60.988848][ T6884] ? mark_lock+0x82/0x1660 [ 60.993256][ T6884] ? __lock_acquire+0x164a/0x5780 [ 60.998258][ T6884] __tipc_sendmsg+0xee3/0x18a0 [ 61.003002][ T6884] ? find_held_lock+0x2d/0x110 [ 61.007740][ T6884] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 61.013695][ T6884] ? tipc_sendmcast+0xef0/0xef0 [ 61.018522][ T6884] ? lock_acquire+0x1f3/0xaf0 [ 61.023172][ T6884] ? tipc_sendmsg+0x3e/0x70 [ 61.027650][ T6884] ? mark_lock+0x82/0x1660 [ 61.032052][ T6884] ? lock_downgrade+0x830/0x830 [ 61.036877][ T6884] ? mark_held_locks+0x9f/0xe0 [ 61.041618][ T6884] ? lock_sock_nested+0x94/0x110 [ 61.046530][ T6884] ? __local_bh_enable_ip+0x10f/0x1f0 [ 61.051876][ T6884] ? check_preemption_disabled+0x50/0x130 [ 61.057588][ T6884] ? __local_bh_enable_ip+0x10f/0x1f0 [ 61.062934][ T6884] ? lock_sock_nested+0x94/0x110 [ 61.067851][ T6884] tipc_sendmsg+0x4c/0x70 [ 61.072154][ T6884] ? __tipc_sendmsg+0x18a0/0x18a0 [ 61.077151][ T6884] sock_sendmsg+0xcf/0x120 [ 61.081543][ T6884] ____sys_sendmsg+0x6e8/0x810 [ 61.086287][ T6884] ? kernel_sendmsg+0x50/0x50 [ 61.090935][ T6884] ? do_recvmmsg+0x6d0/0x6d0 [ 61.095506][ T6884] ? lock_downgrade+0x830/0x830 [ 61.100334][ T6884] ? _parse_integer+0x132/0x180 [ 61.105177][ T6884] ___sys_sendmsg+0xf3/0x170 [ 61.109743][ T6884] ? sendmsg_copy_msghdr+0x160/0x160 [ 61.115013][ T6884] ? lock_is_held_type+0xbb/0xf0 [ 61.119927][ T6884] ? get_pid_task+0x116/0x200 [ 61.124577][ T6884] ? lock_downgrade+0x830/0x830 [ 61.129403][ T6884] ? vfs_write+0x54f/0x730 [ 61.133793][ T6884] ? lock_is_held_type+0xbb/0xf0 [ 61.138719][ T6884] ? vfs_write+0x397/0x730 [ 61.143118][ T6884] ? lock_downgrade+0x830/0x830 [ 61.147941][ T6884] ? get_pid_task+0x138/0x200 [ 61.152595][ T6884] ? __fget_light+0x215/0x280 [ 61.157253][ T6884] __sys_sendmsg+0xe5/0x1b0 [ 61.161730][ T6884] ? __sys_sendmsg_sock+0xb0/0xb0 [ 61.166738][ T6884] ? check_preemption_disabled+0x50/0x130 [ 61.172441][ T6884] ? syscall_enter_from_user_mode+0x1d/0x60 [ 61.178310][ T6884] do_syscall_64+0x2d/0x70 [ 61.182700][ T6884] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.188566][ T6884] RIP: 0033:0x4419d9 [ 61.192435][ T6884] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.212024][ T6884] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e executing program [ 61.220408][ T6884] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 61.228352][ T6884] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 61.236296][ T6884] RBP: 000000000000ec05 R08: 0000000000000001 R09: 0000000000402930 [ 61.244241][ T6884] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 [ 61.252186][ T6884] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 61.268123][ T6885] FAULT_INJECTION: forcing a failure. [ 61.268123][ T6885] name failslab, interval 1, probability 0, space 0, times 0 [ 61.282897][ T6885] CPU: 1 PID: 6885 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 61.291570][ T6885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.301621][ T6885] Call Trace: [ 61.304916][ T6885] dump_stack+0x198/0x1fd [ 61.309247][ T6885] should_fail.cold+0x5/0x14 [ 61.313837][ T6885] should_failslab+0x5/0xf [ 61.318250][ T6885] slab_pre_alloc_hook.constprop.0+0xf4/0x1f0 [ 61.324335][ T6885] kmem_cache_alloc_node_trace+0x55/0x430 [ 61.330035][ T6885] ? __alloc_skb+0x71/0x550 [ 61.334514][ T6885] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 61.340035][ T6885] ? kmem_cache_alloc_node+0x38d/0x430 [ 61.345470][ T6885] __kmalloc_node_track_caller+0x38/0x60 [ 61.351095][ T6885] __alloc_skb+0xae/0x550 [ 61.355407][ T6885] tipc_buf_acquire+0x28/0xf0 [ 61.360059][ T6885] tipc_msg_build+0x92e/0x10c0 [ 61.364805][ T6885] ? tipc_msg_assemble+0x500/0x500 [ 61.369895][ T6885] ? tipc_nametbl_lookup_dst_nodes+0x1e0/0x2c0 [ 61.376026][ T6885] tipc_sendmcast+0x855/0xef0 [ 61.380683][ T6885] ? up_write+0x191/0x560 [ 61.384992][ T6885] ? tipc_poll+0x760/0x760 [ 61.389386][ T6885] ? mark_lock+0x82/0x1660 [ 61.393782][ T6885] ? __init_waitqueue_head+0x110/0x110 [ 61.399229][ T6885] ? mark_lock+0x82/0x1660 [ 61.403624][ T6885] ? __lock_acquire+0x164a/0x5780 [ 61.408625][ T6885] __tipc_sendmsg+0xee3/0x18a0 [ 61.413364][ T6885] ? find_held_lock+0x2d/0x110 [ 61.418104][ T6885] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 61.424074][ T6885] ? tipc_sendmcast+0xef0/0xef0 [ 61.428903][ T6885] ? lock_acquire+0x1f3/0xaf0 [ 61.433568][ T6885] ? tipc_sendmsg+0x3e/0x70 [ 61.438082][ T6885] ? mark_lock+0x82/0x1660 [ 61.442476][ T6885] ? lock_downgrade+0x830/0x830 [ 61.447306][ T6885] ? mark_held_locks+0x9f/0xe0 [ 61.452047][ T6885] ? lock_sock_nested+0x94/0x110 [ 61.456966][ T6885] ? __local_bh_enable_ip+0x10f/0x1f0 [ 61.462323][ T6885] ? check_preemption_disabled+0x50/0x130 [ 61.468036][ T6885] ? __local_bh_enable_ip+0x10f/0x1f0 [ 61.473392][ T6885] ? lock_sock_nested+0x94/0x110 [ 61.478322][ T6885] tipc_sendmsg+0x4c/0x70 [ 61.482632][ T6885] ? __tipc_sendmsg+0x18a0/0x18a0 [ 61.487635][ T6885] sock_sendmsg+0xcf/0x120 [ 61.492056][ T6885] ____sys_sendmsg+0x6e8/0x810 [ 61.496797][ T6885] ? kernel_sendmsg+0x50/0x50 [ 61.501452][ T6885] ? do_recvmmsg+0x6d0/0x6d0 [ 61.506034][ T6885] ? lock_downgrade+0x830/0x830 [ 61.510872][ T6885] ? _parse_integer+0x132/0x180 [ 61.515705][ T6885] ___sys_sendmsg+0xf3/0x170 [ 61.520273][ T6885] ? sendmsg_copy_msghdr+0x160/0x160 [ 61.525586][ T6885] ? lock_is_held_type+0xbb/0xf0 [ 61.530501][ T6885] ? get_pid_task+0x116/0x200 [ 61.535156][ T6885] ? lock_downgrade+0x830/0x830 [ 61.539980][ T6885] ? vfs_write+0x54f/0x730 [ 61.544373][ T6885] ? lock_is_held_type+0xbb/0xf0 [ 61.549300][ T6885] ? vfs_write+0x397/0x730 [ 61.553800][ T6885] ? lock_downgrade+0x830/0x830 [ 61.558654][ T6885] ? get_pid_task+0x138/0x200 [ 61.563310][ T6885] ? __fget_light+0x215/0x280 [ 61.568023][ T6885] __sys_sendmsg+0xe5/0x1b0 [ 61.572507][ T6885] ? __sys_sendmsg_sock+0xb0/0xb0 [ 61.577551][ T6885] ? check_preemption_disabled+0x50/0x130 [ 61.583247][ T6885] ? syscall_enter_from_user_mode+0x1d/0x60 [ 61.589121][ T6885] do_syscall_64+0x2d/0x70 [ 61.593518][ T6885] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.599389][ T6885] RIP: 0033:0x4419d9 [ 61.603264][ T6885] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 executing program [ 61.622854][ T6885] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.631249][ T6885] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 61.639199][ T6885] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 61.647148][ T6885] RBP: 000000000000edb1 R08: 0000000000000001 R09: 0000000000402930 [ 61.655097][ T6885] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 [ 61.663044][ T6885] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 61.682176][ T6886] FAULT_INJECTION: forcing a failure. [ 61.682176][ T6886] name failslab, interval 1, probability 0, space 0, times 0 [ 61.699802][ T6886] CPU: 1 PID: 6886 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 61.708493][ T6886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.718544][ T6886] Call Trace: [ 61.721835][ T6886] dump_stack+0x198/0x1fd [ 61.726203][ T6886] should_fail.cold+0x5/0x14 [ 61.730919][ T6886] should_failslab+0x5/0xf [ 61.735315][ T6886] slab_pre_alloc_hook.constprop.0+0xf4/0x1f0 [ 61.741364][ T6886] kmem_cache_alloc_node_trace+0x55/0x430 [ 61.747098][ T6886] ? __alloc_skb+0x71/0x550 [ 61.751585][ T6886] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 61.757109][ T6886] ? kmem_cache_alloc_node+0x38d/0x430 [ 61.762551][ T6886] __kmalloc_node_track_caller+0x38/0x60 [ 61.768169][ T6886] __alloc_skb+0xae/0x550 [ 61.772480][ T6886] tipc_buf_acquire+0x28/0xf0 [ 61.777150][ T6886] tipc_msg_build+0x92e/0x10c0 [ 61.781896][ T6886] ? tipc_msg_assemble+0x500/0x500 [ 61.786991][ T6886] ? tipc_nametbl_lookup_dst_nodes+0x1e0/0x2c0 [ 61.793123][ T6886] tipc_sendmcast+0x855/0xef0 [ 61.797786][ T6886] ? up_write+0x191/0x560 [ 61.802096][ T6886] ? tipc_poll+0x760/0x760 [ 61.806489][ T6886] ? mark_lock+0x82/0x1660 [ 61.810885][ T6886] ? __init_waitqueue_head+0x110/0x110 [ 61.816333][ T6886] ? mark_lock+0x82/0x1660 [ 61.820741][ T6886] ? __lock_acquire+0x164a/0x5780 [ 61.825746][ T6886] __tipc_sendmsg+0xee3/0x18a0 [ 61.830488][ T6886] ? find_held_lock+0x2d/0x110 [ 61.835247][ T6886] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 61.841201][ T6886] ? tipc_sendmcast+0xef0/0xef0 [ 61.846042][ T6886] ? lock_acquire+0x1f3/0xaf0 [ 61.850696][ T6886] ? tipc_sendmsg+0x3e/0x70 [ 61.855179][ T6886] ? mark_lock+0x82/0x1660 [ 61.859574][ T6886] ? lock_downgrade+0x830/0x830 [ 61.864403][ T6886] ? mark_held_locks+0x9f/0xe0 [ 61.869155][ T6886] ? lock_sock_nested+0x94/0x110 [ 61.874073][ T6886] ? __local_bh_enable_ip+0x10f/0x1f0 [ 61.879427][ T6886] ? check_preemption_disabled+0x50/0x130 [ 61.885135][ T6886] ? __local_bh_enable_ip+0x10f/0x1f0 [ 61.890480][ T6886] ? lock_sock_nested+0x94/0x110 [ 61.895422][ T6886] tipc_sendmsg+0x4c/0x70 [ 61.899730][ T6886] ? __tipc_sendmsg+0x18a0/0x18a0 [ 61.904730][ T6886] sock_sendmsg+0xcf/0x120 [ 61.909124][ T6886] ____sys_sendmsg+0x6e8/0x810 [ 61.913883][ T6886] ? kernel_sendmsg+0x50/0x50 [ 61.918535][ T6886] ? do_recvmmsg+0x6d0/0x6d0 [ 61.923119][ T6886] ? lock_downgrade+0x830/0x830 [ 61.927949][ T6886] ? _parse_integer+0x132/0x180 [ 61.932779][ T6886] ___sys_sendmsg+0xf3/0x170 [ 61.937350][ T6886] ? sendmsg_copy_msghdr+0x160/0x160 [ 61.942625][ T6886] ? lock_is_held_type+0xbb/0xf0 [ 61.947565][ T6886] ? get_pid_task+0x116/0x200 [ 61.952228][ T6886] ? lock_downgrade+0x830/0x830 [ 61.957054][ T6886] ? vfs_write+0x54f/0x730 [ 61.961447][ T6886] ? lock_is_held_type+0xbb/0xf0 [ 61.966378][ T6886] ? vfs_write+0x397/0x730 [ 61.970773][ T6886] ? lock_downgrade+0x830/0x830 [ 61.975599][ T6886] ? get_pid_task+0x138/0x200 [ 61.980265][ T6886] ? __fget_light+0x215/0x280 [ 61.984929][ T6886] __sys_sendmsg+0xe5/0x1b0 [ 61.989409][ T6886] ? __sys_sendmsg_sock+0xb0/0xb0 [ 61.994432][ T6886] ? check_preemption_disabled+0x50/0x130 [ 62.000136][ T6886] ? syscall_enter_from_user_mode+0x1d/0x60 [ 62.006011][ T6886] do_syscall_64+0x2d/0x70 [ 62.010405][ T6886] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.016273][ T6886] RIP: 0033:0x4419d9 [ 62.020148][ T6886] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.039734][ T6886] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 62.048135][ T6886] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 62.056082][ T6886] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 62.064043][ T6886] RBP: 000000000000ef53 R08: 0000000000000001 R09: 0000000000402930 [ 62.072008][ T6886] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 executing program [ 62.079957][ T6886] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 62.120788][ T6887] FAULT_INJECTION: forcing a failure. [ 62.120788][ T6887] name failslab, interval 1, probability 0, space 0, times 0 [ 62.134453][ T6887] CPU: 1 PID: 6887 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 62.143127][ T6887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.153159][ T6887] Call Trace: [ 62.156431][ T6887] dump_stack+0x198/0x1fd [ 62.160756][ T6887] should_fail.cold+0x5/0x14 [ 62.165326][ T6887] should_failslab+0x5/0xf [ 62.169717][ T6887] slab_pre_alloc_hook.constprop.0+0x3d/0x1f0 [ 62.175761][ T6887] kmem_cache_alloc_node+0x50/0x430 [ 62.180941][ T6887] __alloc_skb+0x71/0x550 [ 62.185250][ T6887] skb_copy+0x137/0x2f0 [ 62.189380][ T6887] ? ___sys_sendmsg+0xf3/0x170 [ 62.194138][ T6887] tipc_buf_append+0x91c/0xcf0 [ 62.198896][ T6887] ? tipc_msg_validate+0x480/0x480 [ 62.203981][ T6887] ? memcpy+0x39/0x60 [ 62.207940][ T6887] ? __skb_clone+0x586/0x770 [ 62.212532][ T6887] tipc_msg_reassemble+0x175/0x4f0 [ 62.217621][ T6887] ? tipc_msg_build+0x10c0/0x10c0 [ 62.222709][ T6887] ? lockdep_init_map_waits+0x26a/0x8a0 [ 62.228234][ T6887] tipc_mcast_xmit+0x699/0x1170 [ 62.233065][ T6887] ? __phys_addr_symbol+0x2c/0x70 [ 62.238079][ T6887] ? tipc_mcast_send_sync+0x9b0/0x9b0 [ 62.243444][ T6887] ? lock_is_held_type+0xbb/0xf0 [ 62.248362][ T6887] tipc_sendmcast+0xaaf/0xef0 [ 62.253025][ T6887] ? up_write+0x191/0x560 [ 62.257341][ T6887] ? tipc_poll+0x760/0x760 [ 62.261735][ T6887] ? mark_lock+0x82/0x1660 [ 62.266150][ T6887] ? __init_waitqueue_head+0x110/0x110 [ 62.271604][ T6887] ? mark_lock+0x82/0x1660 [ 62.276001][ T6887] ? __lock_acquire+0x164a/0x5780 [ 62.281005][ T6887] __tipc_sendmsg+0xee3/0x18a0 [ 62.285747][ T6887] ? find_held_lock+0x2d/0x110 [ 62.290501][ T6887] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 62.296462][ T6887] ? tipc_sendmcast+0xef0/0xef0 [ 62.301294][ T6887] ? lock_acquire+0x1f3/0xaf0 [ 62.305962][ T6887] ? tipc_sendmsg+0x3e/0x70 [ 62.310445][ T6887] ? mark_lock+0x82/0x1660 [ 62.314854][ T6887] ? lock_downgrade+0x830/0x830 [ 62.319685][ T6887] ? mark_held_locks+0x9f/0xe0 [ 62.324426][ T6887] ? lock_sock_nested+0x94/0x110 [ 62.329356][ T6887] ? __local_bh_enable_ip+0x10f/0x1f0 [ 62.334720][ T6887] ? check_preemption_disabled+0x50/0x130 [ 62.340510][ T6887] ? __local_bh_enable_ip+0x10f/0x1f0 [ 62.345878][ T6887] ? lock_sock_nested+0x94/0x110 [ 62.350813][ T6887] tipc_sendmsg+0x4c/0x70 [ 62.355142][ T6887] ? __tipc_sendmsg+0x18a0/0x18a0 [ 62.360183][ T6887] sock_sendmsg+0xcf/0x120 [ 62.364582][ T6887] ____sys_sendmsg+0x6e8/0x810 [ 62.369332][ T6887] ? kernel_sendmsg+0x50/0x50 [ 62.373984][ T6887] ? do_recvmmsg+0x6d0/0x6d0 [ 62.378560][ T6887] ? lock_downgrade+0x830/0x830 [ 62.383388][ T6887] ? _parse_integer+0x132/0x180 [ 62.388235][ T6887] ___sys_sendmsg+0xf3/0x170 [ 62.392817][ T6887] ? sendmsg_copy_msghdr+0x160/0x160 [ 62.398114][ T6887] ? lock_is_held_type+0xbb/0xf0 [ 62.403095][ T6887] ? get_pid_task+0x116/0x200 [ 62.407758][ T6887] ? lock_downgrade+0x830/0x830 [ 62.412591][ T6887] ? vfs_write+0x54f/0x730 [ 62.416991][ T6887] ? lock_is_held_type+0xbb/0xf0 [ 62.421907][ T6887] ? vfs_write+0x397/0x730 [ 62.426310][ T6887] ? lock_downgrade+0x830/0x830 [ 62.431166][ T6887] ? get_pid_task+0x138/0x200 [ 62.435826][ T6887] ? __fget_light+0x215/0x280 [ 62.440485][ T6887] __sys_sendmsg+0xe5/0x1b0 [ 62.444967][ T6887] ? __sys_sendmsg_sock+0xb0/0xb0 [ 62.449977][ T6887] ? check_preemption_disabled+0x50/0x130 [ 62.455689][ T6887] ? syscall_enter_from_user_mode+0x1d/0x60 [ 62.461561][ T6887] do_syscall_64+0x2d/0x70 [ 62.465956][ T6887] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.471835][ T6887] RIP: 0033:0x4419d9 [ 62.475725][ T6887] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.495304][ T6887] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 62.503696][ T6887] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 62.511652][ T6887] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 62.519616][ T6887] RBP: 000000000000f0ee R08: 0000000000000001 R09: 0000000000402930 [ 62.527566][ T6887] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 [ 62.535513][ T6887] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 62.555283][ T6887] tipc: Failed do clone local mcast rcv buffer [ 62.561607][ T6887] ================================================================== [ 62.569819][ T6887] BUG: KASAN: use-after-free in tipc_mcast_xmit+0xfaa/0x1170 [ 62.577191][ T6887] Read of size 8 at addr ffff8880a73e2040 by task syz-executor657/6887 [ 62.585397][ T6887] [ 62.587717][ T6887] CPU: 1 PID: 6887 Comm: syz-executor657 Not tainted 5.9.0-rc6-syzkaller #0 [ 62.596367][ T6887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.606396][ T6887] Call Trace: [ 62.609677][ T6887] dump_stack+0x198/0x1fd [ 62.613989][ T6887] ? tipc_mcast_xmit+0xfaa/0x1170 [ 62.619003][ T6887] ? tipc_mcast_xmit+0xfaa/0x1170 [ 62.624007][ T6887] print_address_description.constprop.0.cold+0xae/0x497 [ 62.631014][ T6887] ? tipc_mcast_xmit+0xfaa/0x1170 [ 62.636018][ T6887] ? lockdep_hardirqs_off+0x96/0xd0 [ 62.641200][ T6887] ? vprintk_func+0x95/0x1d4 [ 62.645769][ T6887] ? tipc_mcast_xmit+0xfaa/0x1170 [ 62.650786][ T6887] ? tipc_mcast_xmit+0xfaa/0x1170 [ 62.655794][ T6887] kasan_report.cold+0x1f/0x37 [ 62.660537][ T6887] ? tipc_mcast_xmit+0xfaa/0x1170 [ 62.665541][ T6887] tipc_mcast_xmit+0xfaa/0x1170 [ 62.670400][ T6887] ? __phys_addr_symbol+0x2c/0x70 [ 62.675412][ T6887] ? tipc_mcast_send_sync+0x9b0/0x9b0 [ 62.680782][ T6887] ? lock_is_held_type+0xbb/0xf0 [ 62.685710][ T6887] tipc_sendmcast+0xaaf/0xef0 [ 62.690370][ T6887] ? up_write+0x191/0x560 [ 62.694680][ T6887] ? tipc_poll+0x760/0x760 [ 62.699083][ T6887] ? mark_lock+0x82/0x1660 [ 62.703497][ T6887] ? __init_waitqueue_head+0x110/0x110 [ 62.708966][ T6887] ? mark_lock+0x82/0x1660 [ 62.713364][ T6887] ? __lock_acquire+0x164a/0x5780 [ 62.718371][ T6887] __tipc_sendmsg+0xee3/0x18a0 [ 62.723115][ T6887] ? find_held_lock+0x2d/0x110 [ 62.727947][ T6887] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 62.733906][ T6887] ? tipc_sendmcast+0xef0/0xef0 [ 62.738738][ T6887] ? lock_acquire+0x1f3/0xaf0 [ 62.743392][ T6887] ? tipc_sendmsg+0x3e/0x70 [ 62.747874][ T6887] ? mark_lock+0x82/0x1660 [ 62.752269][ T6887] ? lock_downgrade+0x830/0x830 [ 62.757116][ T6887] ? mark_held_locks+0x9f/0xe0 [ 62.761859][ T6887] ? lock_sock_nested+0x94/0x110 [ 62.766773][ T6887] ? __local_bh_enable_ip+0x10f/0x1f0 [ 62.772134][ T6887] ? check_preemption_disabled+0x50/0x130 [ 62.777855][ T6887] ? __local_bh_enable_ip+0x10f/0x1f0 [ 62.783207][ T6887] ? lock_sock_nested+0x94/0x110 [ 62.788124][ T6887] tipc_sendmsg+0x4c/0x70 [ 62.792432][ T6887] ? __tipc_sendmsg+0x18a0/0x18a0 [ 62.797436][ T6887] sock_sendmsg+0xcf/0x120 [ 62.801846][ T6887] ____sys_sendmsg+0x6e8/0x810 [ 62.806599][ T6887] ? kernel_sendmsg+0x50/0x50 [ 62.811249][ T6887] ? do_recvmmsg+0x6d0/0x6d0 [ 62.815833][ T6887] ? lock_downgrade+0x830/0x830 [ 62.820660][ T6887] ? _parse_integer+0x132/0x180 [ 62.825491][ T6887] ___sys_sendmsg+0xf3/0x170 [ 62.830060][ T6887] ? sendmsg_copy_msghdr+0x160/0x160 [ 62.835336][ T6887] ? lock_is_held_type+0xbb/0xf0 [ 62.840269][ T6887] ? get_pid_task+0x116/0x200 [ 62.844932][ T6887] ? lock_downgrade+0x830/0x830 [ 62.849759][ T6887] ? vfs_write+0x54f/0x730 [ 62.854152][ T6887] ? lock_is_held_type+0xbb/0xf0 [ 62.859070][ T6887] ? vfs_write+0x397/0x730 [ 62.863495][ T6887] ? lock_downgrade+0x830/0x830 [ 62.868328][ T6887] ? get_pid_task+0x138/0x200 [ 62.872997][ T6887] ? __fget_light+0x215/0x280 [ 62.877655][ T6887] __sys_sendmsg+0xe5/0x1b0 [ 62.882140][ T6887] ? __sys_sendmsg_sock+0xb0/0xb0 [ 62.887165][ T6887] ? check_preemption_disabled+0x50/0x130 [ 62.892860][ T6887] ? syscall_enter_from_user_mode+0x1d/0x60 [ 62.898743][ T6887] do_syscall_64+0x2d/0x70 [ 62.903152][ T6887] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.909026][ T6887] RIP: 0033:0x4419d9 [ 62.912899][ T6887] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.932477][ T6887] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 62.940865][ T6887] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 62.948811][ T6887] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 62.956758][ T6887] RBP: 000000000000f0ee R08: 0000000000000001 R09: 0000000000402930 [ 62.964734][ T6887] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 [ 62.972688][ T6887] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 62.980644][ T6887] [ 62.982949][ T6887] Allocated by task 6887: [ 62.987257][ T6887] kasan_save_stack+0x1b/0x40 [ 62.991934][ T6887] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.997539][ T6887] kmem_cache_alloc_node+0x136/0x430 [ 63.002800][ T6887] __alloc_skb+0x71/0x550 [ 63.007105][ T6887] tipc_buf_acquire+0x28/0xf0 [ 63.011759][ T6887] tipc_msg_build+0x6b8/0x10c0 [ 63.016498][ T6887] tipc_sendmcast+0x855/0xef0 [ 63.021150][ T6887] __tipc_sendmsg+0xee3/0x18a0 [ 63.025886][ T6887] tipc_sendmsg+0x4c/0x70 [ 63.030190][ T6887] sock_sendmsg+0xcf/0x120 [ 63.034580][ T6887] ____sys_sendmsg+0x6e8/0x810 [ 63.039330][ T6887] ___sys_sendmsg+0xf3/0x170 [ 63.043899][ T6887] __sys_sendmsg+0xe5/0x1b0 [ 63.048406][ T6887] do_syscall_64+0x2d/0x70 [ 63.052799][ T6887] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.058658][ T6887] [ 63.060963][ T6887] Freed by task 6887: [ 63.064925][ T6887] kasan_save_stack+0x1b/0x40 [ 63.069573][ T6887] kasan_set_track+0x1c/0x30 [ 63.074138][ T6887] kasan_set_free_info+0x1b/0x30 [ 63.079048][ T6887] __kasan_slab_free+0xd8/0x120 [ 63.083872][ T6887] kmem_cache_free.part.0+0x74/0x1e0 [ 63.089147][ T6887] kfree_skbmem+0x166/0x1b0 [ 63.093640][ T6887] kfree_skb+0x7d/0x100 [ 63.097774][ T6887] tipc_buf_append+0x6dc/0xcf0 [ 63.102511][ T6887] tipc_msg_reassemble+0x175/0x4f0 [ 63.107596][ T6887] tipc_mcast_xmit+0x699/0x1170 [ 63.112436][ T6887] tipc_sendmcast+0xaaf/0xef0 [ 63.117097][ T6887] __tipc_sendmsg+0xee3/0x18a0 [ 63.121836][ T6887] tipc_sendmsg+0x4c/0x70 [ 63.126154][ T6887] sock_sendmsg+0xcf/0x120 [ 63.130546][ T6887] ____sys_sendmsg+0x6e8/0x810 [ 63.135288][ T6887] ___sys_sendmsg+0xf3/0x170 [ 63.139860][ T6887] __sys_sendmsg+0xe5/0x1b0 [ 63.144351][ T6887] do_syscall_64+0x2d/0x70 [ 63.148752][ T6887] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.154616][ T6887] [ 63.156939][ T6887] The buggy address belongs to the object at ffff8880a73e2040 [ 63.156939][ T6887] which belongs to the cache skbuff_fclone_cache of size 456 [ 63.171663][ T6887] The buggy address is located 0 bytes inside of [ 63.171663][ T6887] 456-byte region [ffff8880a73e2040, ffff8880a73e2208) [ 63.184740][ T6887] The buggy address belongs to the page: [ 63.190364][ T6887] page:000000001368f319 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa73e2 [ 63.200485][ T6887] flags: 0xfffe0000000200(slab) [ 63.205314][ T6887] raw: 00fffe0000000200 ffff8880a9050f50 ffffea00028ff188 ffff8880a903dc00 [ 63.213872][ T6887] raw: 0000000000000000 ffff8880a73e2040 0000000100000006 0000000000000000 [ 63.222423][ T6887] page dumped because: kasan: bad access detected [ 63.228805][ T6887] [ 63.231108][ T6887] Memory state around the buggy address: [ 63.236721][ T6887] ffff8880a73e1f00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 63.244758][ T6887] ffff8880a73e1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.252823][ T6887] >ffff8880a73e2000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 63.260864][ T6887] ^ [ 63.267001][ T6887] ffff8880a73e2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.275051][ T6887] ffff8880a73e2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.283080][ T6887] ================================================================== [ 63.291125][ T6887] Disabling lock debugging due to kernel taint [ 63.297973][ T6887] Kernel panic - not syncing: panic_on_warn set ... [ 63.304555][ T6887] CPU: 1 PID: 6887 Comm: syz-executor657 Tainted: G B 5.9.0-rc6-syzkaller #0 [ 63.314599][ T6887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.324638][ T6887] Call Trace: [ 63.327923][ T6887] dump_stack+0x198/0x1fd [ 63.332248][ T6887] ? tipc_mcast_xmit+0xf40/0x1170 [ 63.337259][ T6887] panic+0x382/0x7fb [ 63.341126][ T6887] ? __warn_printk+0xf3/0xf3 [ 63.345687][ T6887] ? tipc_mcast_xmit+0xfaa/0x1170 [ 63.350706][ T6887] ? trace_hardirqs_on+0x55/0x220 [ 63.355703][ T6887] ? tipc_mcast_xmit+0xfaa/0x1170 [ 63.360713][ T6887] ? tipc_mcast_xmit+0xfaa/0x1170 [ 63.365707][ T6887] end_report+0x4d/0x53 [ 63.369936][ T6887] kasan_report.cold+0xd/0x37 [ 63.374583][ T6887] ? tipc_mcast_xmit+0xfaa/0x1170 [ 63.379576][ T6887] tipc_mcast_xmit+0xfaa/0x1170 [ 63.384398][ T6887] ? __phys_addr_symbol+0x2c/0x70 [ 63.389393][ T6887] ? tipc_mcast_send_sync+0x9b0/0x9b0 [ 63.394741][ T6887] ? lock_is_held_type+0xbb/0xf0 [ 63.399662][ T6887] tipc_sendmcast+0xaaf/0xef0 [ 63.404327][ T6887] ? up_write+0x191/0x560 [ 63.408628][ T6887] ? tipc_poll+0x760/0x760 [ 63.413016][ T6887] ? mark_lock+0x82/0x1660 [ 63.417403][ T6887] ? __init_waitqueue_head+0x110/0x110 [ 63.422842][ T6887] ? mark_lock+0x82/0x1660 [ 63.427243][ T6887] ? __lock_acquire+0x164a/0x5780 [ 63.432243][ T6887] __tipc_sendmsg+0xee3/0x18a0 [ 63.436983][ T6887] ? find_held_lock+0x2d/0x110 [ 63.441724][ T6887] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 63.447673][ T6887] ? tipc_sendmcast+0xef0/0xef0 [ 63.452496][ T6887] ? lock_acquire+0x1f3/0xaf0 [ 63.457157][ T6887] ? tipc_sendmsg+0x3e/0x70 [ 63.461632][ T6887] ? mark_lock+0x82/0x1660 [ 63.466035][ T6887] ? lock_downgrade+0x830/0x830 [ 63.470859][ T6887] ? mark_held_locks+0x9f/0xe0 [ 63.475594][ T6887] ? lock_sock_nested+0x94/0x110 [ 63.480500][ T6887] ? __local_bh_enable_ip+0x10f/0x1f0 [ 63.485850][ T6887] ? check_preemption_disabled+0x50/0x130 [ 63.491543][ T6887] ? __local_bh_enable_ip+0x10f/0x1f0 [ 63.496884][ T6887] ? lock_sock_nested+0x94/0x110 [ 63.501801][ T6887] tipc_sendmsg+0x4c/0x70 [ 63.506104][ T6887] ? __tipc_sendmsg+0x18a0/0x18a0 [ 63.511112][ T6887] sock_sendmsg+0xcf/0x120 [ 63.515533][ T6887] ____sys_sendmsg+0x6e8/0x810 [ 63.520271][ T6887] ? kernel_sendmsg+0x50/0x50 [ 63.524950][ T6887] ? do_recvmmsg+0x6d0/0x6d0 [ 63.529514][ T6887] ? lock_downgrade+0x830/0x830 [ 63.534348][ T6887] ? _parse_integer+0x132/0x180 [ 63.539169][ T6887] ___sys_sendmsg+0xf3/0x170 [ 63.543733][ T6887] ? sendmsg_copy_msghdr+0x160/0x160 [ 63.548992][ T6887] ? lock_is_held_type+0xbb/0xf0 [ 63.553911][ T6887] ? get_pid_task+0x116/0x200 [ 63.558564][ T6887] ? lock_downgrade+0x830/0x830 [ 63.563389][ T6887] ? vfs_write+0x54f/0x730 [ 63.567780][ T6887] ? lock_is_held_type+0xbb/0xf0 [ 63.572702][ T6887] ? vfs_write+0x397/0x730 [ 63.577093][ T6887] ? lock_downgrade+0x830/0x830 [ 63.581913][ T6887] ? get_pid_task+0x138/0x200 [ 63.586562][ T6887] ? __fget_light+0x215/0x280 [ 63.591209][ T6887] __sys_sendmsg+0xe5/0x1b0 [ 63.595685][ T6887] ? __sys_sendmsg_sock+0xb0/0xb0 [ 63.600686][ T6887] ? check_preemption_disabled+0x50/0x130 [ 63.606376][ T6887] ? syscall_enter_from_user_mode+0x1d/0x60 [ 63.612260][ T6887] do_syscall_64+0x2d/0x70 [ 63.616664][ T6887] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.622524][ T6887] RIP: 0033:0x4419d9 [ 63.626392][ T6887] Code: e8 cc ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.645981][ T6887] RSP: 002b:00007ffe0cace4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.654370][ T6887] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9 [ 63.662320][ T6887] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 63.670268][ T6887] RBP: 000000000000f0ee R08: 0000000000000001 R09: 0000000000402930 [ 63.678254][ T6887] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004028a0 [ 63.686201][ T6887] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 63.695555][ T6887] Kernel Offset: disabled [ 63.699911][ T6887] Rebooting in 86400 seconds..