./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3998703044 <...> forked to background, child pid 3190 no interfaces have a carrier [ 27.019570][ T3191] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.031079][ T3191] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.194' (ECDSA) to the list of known hosts. execve("./syz-executor3998703044", ["./syz-executor3998703044"], 0x7fff6eb96e20 /* 10 vars */) = 0 brk(NULL) = 0x555555b07000 brk(0x555555b07c40) = 0x555555b07c40 arch_prctl(ARCH_SET_FS, 0x555555b07300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555b075d0) = 3611 set_robust_list(0x555555b075e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f6828c91f80, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f6828c92650}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f6828c92020, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6828c92650}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3998703044", 4096) = 28 brk(0x555555b28c40) = 0x555555b28c40 brk(0x555555b29000) = 0x555555b29000 mprotect(0x7f6828d52000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 futex(0x7f6828d584ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6828c62000 mprotect(0x7f6828c63000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f6828c823f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3612], tls=0x7f6828c82700, child_tidptr=0x7f6828c829d0) = 3612 futex(0x7f6828d584a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7f6828d584ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3612 attached [pid 3612] set_robust_list(0x7f6828c829e0, 24) = 0 [pid 3612] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 3612] write(3, "1", 1) = 1 [pid 3612] ioctl(-1, TCXONC, TCION) = -1 EBADF (Bad file descriptor) syzkaller login: [ 48.529500][ T3612] FAULT_INJECTION: forcing a failure. [ 48.529500][ T3612] name fail_futex, interval 1, probability 0, space 0, times 1 [ 48.542400][ T3612] CPU: 0 PID: 3612 Comm: syz-executor399 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 [ 48.552413][ T3612] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 48.561768][ T3612] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3612, name: syz-executor399 [ 48.571209][ T3612] preempt_count: 0, expected: 0 [ 48.576041][ T3612] RCU nest depth: 0, expected: 0 [ 48.581090][ T3612] no locks held by syz-executor399/3612. [ 48.586757][ T3612] irq event stamp: 314 [ 48.590804][ T3612] hardirqs last enabled at (313): [] __up_console_sem+0xae/0xc0 [ 48.600086][ T3612] hardirqs last disabled at (314): [] dump_stack_lvl+0x2e/0x134 [ 48.609325][ T3612] softirqs last enabled at (308): [] __irq_exit_rcu+0x123/0x180 [ 48.618616][ T3612] softirqs last disabled at (291): [] __irq_exit_rcu+0x123/0x180 [ 48.627910][ T3612] CPU: 0 PID: 3612 Comm: syz-executor399 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 [ 48.637821][ T3612] syz-executor399[3612] cmdline: ./syz-executor3998703044 [ 48.644929][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 48.654983][ T3612] Call Trace: [ 48.658437][ T3612] [ 48.661368][ T3612] dump_stack_lvl+0xcd/0x134 [ 48.665984][ T3612] __might_resched.cold+0x222/0x26b [ 48.671213][ T3612] down_read_killable+0x75/0x490 [ 48.676169][ T3612] ? down_read+0x450/0x450 [ 48.680613][ T3612] __access_remote_vm+0xac/0x6f0 [ 48.685567][ T3612] ? follow_phys+0x2c0/0x2c0 [ 48.690168][ T3612] ? do_raw_spin_lock+0x120/0x2a0 [ 48.695218][ T3612] ? rwlock_bug.part.0+0x90/0x90 [ 48.700185][ T3612] ? __up_console_sem+0x47/0xc0 [ 48.705061][ T3612] get_mm_cmdline.part.0+0x217/0x620 [ 48.710372][ T3612] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 48.716107][ T3612] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 48.721931][ T3612] get_task_cmdline_kernel+0x1d9/0x220 [ 48.727409][ T3612] dump_stack_print_cmdline.part.0+0x82/0x150 [ 48.733498][ T3612] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 48.739607][ T3612] ? dump_stack_print_info+0xc6/0x190 [ 48.745001][ T3612] dump_stack_print_info+0x185/0x190 [ 48.750342][ T3612] dump_stack_lvl+0xc1/0x134 [ 48.754955][ T3612] should_fail.cold+0x5/0xa [ 48.759477][ T3612] get_futex_key+0x5a8/0x1c30 [ 48.764172][ T3612] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 48.770340][ T3612] ? futex_setup_timer+0xf0/0xf0 [ 48.775298][ T3612] futex_wake+0xe4/0x490 [ 48.779563][ T3612] ? futex_wake_mark+0x1a0/0x1a0 [ 48.784520][ T3612] ? ptrace_stop.part.0+0x5ec/0xa80 [ 48.789731][ T3612] ? do_raw_spin_lock+0x120/0x2a0 [ 48.794769][ T3612] ? rwlock_bug.part.0+0x90/0x90 [ 48.799739][ T3612] ? _raw_spin_lock_irq+0x41/0x50 [ 48.804778][ T3612] do_futex+0x266/0x300 [ 48.808946][ T3612] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 48.814849][ T3612] ? find_held_lock+0x2d/0x110 [ 48.819627][ T3612] __x64_sys_futex+0x1b0/0x4a0 [ 48.824406][ T3612] ? do_futex+0x300/0x300 [ 48.828751][ T3612] ? _raw_spin_unlock_irq+0x1f/0x40 [ 48.833960][ T3612] ? lockdep_hardirqs_on+0x79/0x100 [ 48.839177][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40 [ 48.844391][ T3612] ? ptrace_notify+0xfa/0x140 [ 48.849115][ T3612] do_syscall_64+0x35/0xb0 [ 48.853550][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.859452][ T3612] RIP: 0033:0x7f6828cd0219 [ 48.863870][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 48.883477][ T3612] RSP: 002b:00007f6828c822f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 48.891895][ T3612] RAX: ffffffffffffffda RBX: 00007f6828d584a8 RCX: 00007f6828cd0219 [ 48.899866][ T3612] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6828d584ac [ 48.907840][ T3612] RBP: 00007f6828d584a0 R08: 0000000000000031 R09: 0000000000000031 [ 48.915813][ T3612] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 48.923783][ T3612] R13: 00007f6828c82300 R14: 00007f6828c82400 R15: 0000000000022000 [ 48.931771][ T3612] [ 48.934805][ T3612] syz-executor399[3612] cmdline: ./syz-executor3998703044 [ 48.941910][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 48.951960][ T3612] Call Trace: [ 48.955237][ T3612] [ 48.958167][ T3612] dump_stack_lvl+0xcd/0x134 [ 48.962777][ T3612] should_fail.cold+0x5/0xa [ 48.967308][ T3612] get_futex_key+0x5a8/0x1c30 [ 48.972008][ T3612] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 48.978007][ T3612] ? futex_setup_timer+0xf0/0xf0 [ 48.982962][ T3612] futex_wake+0xe4/0x490 [ 48.987217][ T3612] ? futex_wake_mark+0x1a0/0x1a0 [ 48.992170][ T3612] ? ptrace_stop.part.0+0x5ec/0xa80 [ 48.997384][ T3612] ? do_raw_spin_lock+0x120/0x2a0 [ 49.002420][ T3612] ? rwlock_bug.part.0+0x90/0x90 [ 49.007368][ T3612] ? _raw_spin_lock_irq+0x41/0x50 [ 49.012400][ T3612] do_futex+0x266/0x300 [ 49.016583][ T3612] ? __ia32_sys_get_robust_list+0x3b0/0x3b0 [ 49.022486][ T3612] ? find_held_lock+0x2d/0x110 [ 49.027266][ T3612] __x64_sys_futex+0x1b0/0x4a0 [ 49.032044][ T3612] ? do_futex+0x300/0x300 [ 49.036382][ T3612] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.041588][ T3612] ? lockdep_hardirqs_on+0x79/0x100 [ 49.046801][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40 [ 49.052005][ T3612] ? ptrace_notify+0xfa/0x140 [ 49.056707][ T3612] do_syscall_64+0x35/0xb0 [ 49.061134][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.067032][ T3612] RIP: 0033:0x7f6828cd0219 [ 49.071448][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 49.091068][ T3612] RSP: 002b:00007f6828c822f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 49.099501][ T3612] RAX: ffffffffffffffda RBX: 00007f6828d584a8 RCX: 00007f6828cd0219 [ 49.107482][ T3612] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6828d584ac [ 49.115467][ T3612] RBP: 00007f6828d584a0 R08: 0000000000000031 R09: 0000000000000031 [ 49.123443][ T3612] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [pid 3612] futex(0x7f6828d584ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3612] <... futex resumed>) = -1 EFAULT (Bad address) [pid 3612] futex(0x7f6828d584a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3611] exit_group(0) = ? [pid 3612] <... futex resumed>) = ? [pid 3612] +++ exited with 0 +++ +++ exited with 0 +++ [ 49