./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3718923675 <...> DUID 00:04:66:e4:01:83:27:57:c7:2c:b4:77:89:67:fd:32:a2:9b forked to background, child pid 4658 [ 34.046562][ T4659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.056585][ T4659] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.148' (ECDSA) to the list of known hosts. execve("./syz-executor3718923675", ["./syz-executor3718923675"], 0x7ffd3559da80 /* 10 vars */) = 0 brk(NULL) = 0x55555614c000 brk(0x55555614cc40) = 0x55555614cc40 arch_prctl(ARCH_SET_FS, 0x55555614c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555614c5d0) = 5079 set_robust_list(0x55555614c5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f65d6d13220, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f65d6d138f0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f65d6d132c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65d6d138f0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3718923675", 4096) = 28 brk(0x55555616dc40) = 0x55555616dc40 brk(0x55555616e000) = 0x55555616e000 mprotect(0x7f65d6dd4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5081 ./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5080] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5079] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5082 ./strace-static-x86_64: Process 5082 attached [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached [pid 5079] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5083 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] set_robust_list(0x55555614c5e0, 24 [pid 5082] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5084 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5079] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5085 [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5079] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5087 [pid 5084] <... prctl resumed>) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5083] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5086 ./strace-static-x86_64: Process 5088 attached ./strace-static-x86_64: Process 5085 attached [pid 5081] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5088 [pid 5080] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5089 [pid 5084] <... openat resumed>) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3./strace-static-x86_64: Process 5087 attached [pid 5088] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] set_robust_list(0x55555614c5e0, 24 [pid 5084] <... close resumed>) = 0 [pid 5088] setpgid(0, 0 [pid 5084] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5088] <... setpgid resumed>) = 0 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5085] set_robust_list(0x55555614c5e0, 24./strace-static-x86_64: Process 5086 attached [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5084] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5088] write(3, "1000", 4 [pid 5084] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5088] <... write resumed>) = 4 [pid 5084] <... mprotect resumed>) = 0 [pid 5088] close(3./strace-static-x86_64: Process 5089 attached ) = 0 [pid 5084] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5089] set_robust_list(0x55555614c5e0, 24 [pid 5088] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5089] <... set_robust_list resumed>) = 0 [pid 5084] <... clone resumed>, parent_tid=[5091], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5091 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5088] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5086] set_robust_list(0x55555614c5e0, 24 [pid 5085] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5090 [pid 5084] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5092 attached [pid 5089] <... prctl resumed>) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5089] setpgid(0, 0 [pid 5088] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5087] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5092 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5084] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] set_robust_list(0x55555614c5e0, 24./strace-static-x86_64: Process 5091 attached [pid 5089] <... setpgid resumed>) = 0 [pid 5088] <... mprotect resumed>) = 0 [pid 5091] set_robust_list(0x7f65d6d039e0, 24 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5088] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5090 attached ./strace-static-x86_64: Process 5093 attached [pid 5092] <... set_robust_list resumed>) = 0 [pid 5091] <... set_robust_list resumed>) = 0 [pid 5089] <... openat resumed>) = 3 [pid 5086] <... prctl resumed>) = 0 [pid 5093] set_robust_list(0x7f65d6d039e0, 24 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5091] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5090] set_robust_list(0x55555614c5e0, 24 [pid 5089] write(3, "1000", 4 [pid 5088] <... clone resumed>, parent_tid=[5093], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5093 [pid 5086] setpgid(0, 0 [pid 5092] <... prctl resumed>) = 0 [pid 5091] <... openat resumed>) = 3 [pid 5090] <... set_robust_list resumed>) = 0 [pid 5089] <... write resumed>) = 4 [pid 5088] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] setpgid(0, 0 [pid 5091] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5089] close(3 [pid 5088] <... futex resumed>) = 0 [pid 5086] <... setpgid resumed>) = 0 [pid 5092] <... setpgid resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5090] <... prctl resumed>) = 0 [pid 5089] <... close resumed>) = 0 [pid 5088] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5093] <... set_robust_list resumed>) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5091] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] setpgid(0, 0 [pid 5089] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... openat resumed>) = 3 [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... setpgid resumed>) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5084] <... futex resumed>) = 0 [pid 5092] write(3, "1000", 4 [pid 5091] ioctl(3, FBIO_WAITFORVSYNC [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] write(3, "1000", 4 [pid 5093] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5084] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... write resumed>) = 4 [pid 5090] <... openat resumed>) = 3 [pid 5092] close(3 [pid 5090] write(3, "1000", 4 [pid 5089] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5086] <... write resumed>) = 4 [pid 5092] <... close resumed>) = 0 [pid 5090] <... write resumed>) = 4 [pid 5089] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5086] close(3 [pid 5092] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] close(3 [pid 5092] <... futex resumed>) = 0 [pid 5090] <... close resumed>) = 0 [pid 5089] <... mprotect resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5090] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5094 attached [pid 5092] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5090] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = 0 [pid 5094] set_robust_list(0x7f65d6d039e0, 24 [pid 5092] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5089] <... clone resumed>, parent_tid=[5094], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5094 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5094] <... set_robust_list resumed>) = 0 [pid 5092] <... mprotect resumed>) = 0 [pid 5090] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5089] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5094] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5092] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5090] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5089] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5095 attached [pid 5090] <... mprotect resumed>) = 0 [pid 5089] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5095] set_robust_list(0x7f65d6d039e0, 24 [pid 5092] <... clone resumed>, parent_tid=[5095], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5095 [pid 5090] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5096 attached [pid 5095] <... set_robust_list resumed>) = 0 [pid 5092] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5095] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5092] <... futex resumed>) = 0 [pid 5090] <... clone resumed>, parent_tid=[5096], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5096 [pid 5096] set_robust_list(0x7f65d6d039e0, 24 [pid 5092] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] <... clone resumed>, parent_tid=[5097], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5097 [pid 5096] <... set_robust_list resumed>) = 0 [pid 5090] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5097 attached [pid 5096] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5095] <... openat resumed>) = 3 [pid 5094] <... openat resumed>) = 3 [pid 5093] <... openat resumed>) = 3 [pid 5091] <... ioctl resumed>, 0) = 0 [pid 5086] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... openat resumed>) = 3 [pid 5095] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5096] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 1 [pid 5094] <... futex resumed>) = 1 [pid 5093] <... futex resumed>) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 0 [pid 5086] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 0 [pid 5097] set_robust_list(0x7f65d6d039e0, 24 [pid 5096] <... futex resumed>) = 1 [pid 5095] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = 0 [pid 5089] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... set_robust_list resumed>) = 0 [pid 5096] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5097] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] ioctl(3, FBIO_WAITFORVSYNC [pid 5094] ioctl(3, FBIO_WAITFORVSYNC [pid 5093] ioctl(3, FBIO_WAITFORVSYNC [pid 5092] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5090] <... futex resumed>) = 0 [pid 5089] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... openat resumed>) = 3 [pid 5097] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... openat resumed>) = 4 [pid 5090] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 0 [pid 5097] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] ioctl(3, FBIO_WAITFORVSYNC [pid 5091] write(4, "2", 1 [pid 5086] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... write resumed>) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5097] ioctl(3, FBIO_WAITFORVSYNC [pid 5095] <... ioctl resumed>, 0) = 0 [pid 5091] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5086] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5095] <... futex resumed>) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5091] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5091] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5092] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] exit_group(0 [pid 5095] <... openat resumed>) = 4 [pid 5095] write(4, "2", 1) = 1 [pid 5095] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5095] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... exit_group resumed>) = ? [pid 5086] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) syzkaller login: [ 57.934306][ T5091] FAULT_INJECTION: forcing a failure. [ 57.934306][ T5091] name fail_futex, interval 1, probability 0, space 0, times 1 [ 57.941107][ T5095] FAULT_INJECTION: forcing a failure. [ 57.941107][ T5095] name fail_futex, interval 1, probability 0, space 0, times 1 [ 57.947994][ T5091] CPU: 1 PID: 5091 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 57.970523][ T5091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 57.980946][ T5091] Call Trace: [pid 5086] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5086] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5098], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5098 [pid 5086] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5098 attached [ 57.984241][ T5091] [ 57.987193][ T5091] dump_stack_lvl+0x136/0x150 [ 57.991987][ T5091] should_fail_ex+0x4a3/0x5b0 [ 57.996724][ T5091] get_futex_key+0x5aa/0x1ca0 [ 58.003849][ T5091] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 58.010794][ T5091] ? psi_task_switch+0x2de/0x950 [ 58.015812][ T5091] ? futex_setup_timer+0xf0/0xf0 [ 58.020808][ T5098] FAULT_INJECTION: forcing a failure. [ 58.020808][ T5098] name fail_futex, interval 1, probability 0, space 0, times 1 [pid 5098] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5098] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5098] write(4, "2", 1) = 1 [pid 5098] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5098] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [ 58.020807][ T5091] ? find_held_lock+0x2d/0x110 [ 58.038461][ T5091] futex_wait_setup+0xab/0x230 [ 58.043283][ T5091] ? futex_wait_multiple+0xae0/0xae0 [ 58.048635][ T5091] futex_wait+0x268/0x680 [ 58.053054][ T5091] ? futex_wait_setup+0x230/0x230 [ 58.058150][ T5091] ? do_raw_spin_lock+0x124/0x2b0 [ 58.063212][ T5091] ? spin_bug+0x1c0/0x1c0 [ 58.067590][ T5091] do_futex+0x2e8/0x360 [ 58.071807][ T5091] ? __ia32_sys_get_robust_list+0x400/0x400 [ 58.077739][ T5091] ? find_held_lock+0x2d/0x110 [ 58.082558][ T5091] __x64_sys_futex+0x1ca/0x4d0 [ 58.087483][ T5091] ? do_futex+0x360/0x360 [ 58.091984][ T5091] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.097236][ T5091] ? lockdep_hardirqs_on+0x7d/0x100 [ 58.102576][ T5091] ? _raw_spin_unlock_irq+0x2e/0x50 [ 58.107919][ T5091] ? ptrace_notify+0xfe/0x140 [ 58.112723][ T5091] do_syscall_64+0x39/0xb0 [ 58.117501][ T5091] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.123565][ T5091] RIP: 0033:0x7f65d6d51c49 [ 58.128196][ T5091] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.148918][ T5091] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 58.157462][ T5091] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 58.165644][ T5091] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 58.173727][ T5091] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 58.181851][ T5091] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 58.189849][ T5091] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 58.197867][ T5091] [ 58.200895][ T5098] CPU: 0 PID: 5098 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 58.200908][ C1] vkms_vblank_simulate: vblank timer overrun [ 58.211336][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 58.227422][ T5098] Call Trace: [ 58.230729][ T5098] [ 58.233668][ T5098] dump_stack_lvl+0x136/0x150 [ 58.238387][ T5098] should_fail_ex+0x4a3/0x5b0 [ 58.243190][ T5098] get_futex_key+0x5aa/0x1ca0 [ 58.247900][ T5098] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 58.253905][ T5098] ? psi_task_switch+0x2de/0x950 [ 58.258960][ T5098] ? futex_setup_timer+0xf0/0xf0 [ 58.263921][ T5098] ? find_held_lock+0x2d/0x110 [ 58.268720][ T5098] futex_wait_setup+0xab/0x230 [ 58.273683][ T5098] ? futex_wait_multiple+0xae0/0xae0 [ 58.279004][ T5098] futex_wait+0x268/0x680 [ 58.283359][ T5098] ? futex_wait_setup+0x230/0x230 [ 58.288406][ T5098] ? mark_held_locks+0x9f/0xe0 [ 58.293197][ T5098] ? do_raw_spin_lock+0x124/0x2b0 [ 58.298238][ T5098] ? spin_bug+0x1c0/0x1c0 [ 58.302594][ T5098] do_futex+0x2e8/0x360 [ 58.306773][ T5098] ? __ia32_sys_get_robust_list+0x400/0x400 [ 58.312687][ T5098] ? find_held_lock+0x2d/0x110 [ 58.317487][ T5098] __x64_sys_futex+0x1ca/0x4d0 [ 58.322557][ T5098] ? do_futex+0x360/0x360 [ 58.326917][ T5098] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.332139][ T5098] ? lockdep_hardirqs_on+0x7d/0x100 [ 58.337354][ T5098] ? _raw_spin_unlock_irq+0x2e/0x50 [ 58.342599][ T5098] ? ptrace_notify+0xfe/0x140 [ 58.347395][ T5098] do_syscall_64+0x39/0xb0 [ 58.351870][ T5098] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.357898][ T5098] RIP: 0033:0x7f65d6d51c49 [ 58.362345][ T5098] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5098] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] exit_group(0) = ? [ 58.382006][ T5098] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 58.390583][ T5098] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 58.398567][ T5098] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 58.406546][ T5098] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 58.414525][ T5098] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 58.422609][ T5098] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 58.430602][ T5098] [ 58.435187][ T5095] CPU: 0 PID: 5095 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 58.445638][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 58.455710][ T5095] Call Trace: [ 58.459176][ T5095] [ 58.462205][ T5095] dump_stack_lvl+0x136/0x150 [ 58.466912][ T5095] should_fail_ex+0x4a3/0x5b0 [ 58.471714][ T5095] get_futex_key+0x5aa/0x1ca0 [ 58.477541][ T5095] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 58.483535][ T5095] ? psi_task_switch+0x2de/0x950 [ 58.488506][ T5095] ? futex_setup_timer+0xf0/0xf0 [ 58.493469][ T5095] ? find_held_lock+0x2d/0x110 [ 58.498291][ T5095] futex_wait_setup+0xab/0x230 [ 58.503096][ T5095] ? futex_wait_multiple+0xae0/0xae0 [ 58.508413][ T5095] futex_wait+0x268/0x680 [ 58.512769][ T5095] ? futex_wait_setup+0x230/0x230 [ 58.517813][ T5095] ? mark_held_locks+0x9f/0xe0 [ 58.522696][ T5095] ? do_raw_spin_lock+0x124/0x2b0 [ 58.528030][ T5095] ? spin_bug+0x1c0/0x1c0 [ 58.532581][ T5095] do_futex+0x2e8/0x360 [ 58.536776][ T5095] ? __ia32_sys_get_robust_list+0x400/0x400 [ 58.542786][ T5095] ? find_held_lock+0x2d/0x110 [ 58.547595][ T5095] __x64_sys_futex+0x1ca/0x4d0 [ 58.552473][ T5095] ? do_futex+0x360/0x360 [ 58.556825][ T5095] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.562062][ T5095] ? lockdep_hardirqs_on+0x7d/0x100 [ 58.567301][ T5095] ? _raw_spin_unlock_irq+0x2e/0x50 [ 58.572625][ T5095] ? ptrace_notify+0xfe/0x140 [ 58.577325][ T5095] do_syscall_64+0x39/0xb0 [ 58.581759][ T5095] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.587677][ T5095] RIP: 0033:0x7f65d6d51c49 [ 58.592192][ T5095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.611824][ T5095] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 58.620249][ T5095] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 58.628230][ T5095] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [pid 5094] <... ioctl resumed>, 0) = 0 [pid 5093] <... ioctl resumed>, 0) = 0 [pid 5091] <... futex resumed>) = ? [pid 5090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5088] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5098] <... futex resumed>) = -1 EFAULT (Bad address) [pid 5094] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 0 [pid 5098] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = ? [pid 5094] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5093] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5090] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 0 [pid 5094] <... openat resumed>) = 4 [pid 5093] <... openat resumed>) = 4 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5089] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] write(4, "2", 1 [pid 5093] write(4, "2", 1 [pid 5090] <... mmap resumed>) = 0x7f65d6cc2000 [pid 5094] <... write resumed>) = 1 [pid 5093] <... write resumed>) = 1 [pid 5090] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5094] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5093] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5093] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5096] <... ioctl resumed>, 0) = 0 [pid 5094] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 58.636209][ T5095] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 58.644189][ T5095] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 58.652169][ T5095] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 58.660167][ T5095] [ 58.682042][ T5093] FAULT_INJECTION: forcing a failure. [pid 5093] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... mprotect resumed>) = 0 [pid 5088] exit_group(0 [pid 5096] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5088] <... exit_group resumed>) = ? [pid 5096] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5096] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] exit_group(0 [pid 5090] <... clone resumed>, parent_tid=[5099], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5099 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x7f65d6ce29e0, 24) = 0 [ 58.682042][ T5093] name fail_futex, interval 1, probability 0, space 0, times 0 [ 58.697349][ T5094] FAULT_INJECTION: forcing a failure. [ 58.697349][ T5094] name fail_futex, interval 1, probability 0, space 0, times 0 [ 58.698160][ T5093] CPU: 0 PID: 5093 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 58.720689][ T5093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 58.730853][ T5093] Call Trace: [ 58.734146][ T5093] [ 58.737085][ T5093] dump_stack_lvl+0x136/0x150 [ 58.741801][ T5093] should_fail_ex+0x4a3/0x5b0 [ 58.746595][ T5093] get_futex_key+0x5aa/0x1ca0 [ 58.751299][ T5093] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 58.757307][ T5093] ? psi_task_switch+0x2de/0x950 [ 58.762277][ T5093] ? futex_setup_timer+0xf0/0xf0 [ 58.767238][ T5093] ? find_held_lock+0x2d/0x110 [ 58.772059][ T5093] futex_wait_setup+0xab/0x230 [ 58.776854][ T5093] ? futex_wait_multiple+0xae0/0xae0 [ 58.782226][ T5093] futex_wait+0x268/0x680 [ 58.786584][ T5093] ? futex_wait_setup+0x230/0x230 [ 58.791634][ T5093] ? mark_held_locks+0x9f/0xe0 [ 58.796447][ T5093] ? do_raw_spin_lock+0x124/0x2b0 [ 58.801503][ T5093] ? spin_bug+0x1c0/0x1c0 [ 58.805853][ T5093] do_futex+0x2e8/0x360 [ 58.810037][ T5093] ? __ia32_sys_get_robust_list+0x400/0x400 [ 58.815950][ T5093] ? find_held_lock+0x2d/0x110 [ 58.820749][ T5093] __x64_sys_futex+0x1ca/0x4d0 [ 58.825543][ T5093] ? do_futex+0x360/0x360 [ 58.829918][ T5093] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.835148][ T5093] ? lockdep_hardirqs_on+0x7d/0x100 [ 58.840367][ T5093] ? _raw_spin_unlock_irq+0x2e/0x50 [ 58.845589][ T5093] ? ptrace_notify+0xfe/0x140 [ 58.850283][ T5093] do_syscall_64+0x39/0xb0 [ 58.854712][ T5093] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.860686][ T5093] RIP: 0033:0x7f65d6d51c49 [ 58.865112][ T5093] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5099] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] <... ioctl resumed>, 0) = 0 [pid 5095] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ [pid 5090] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... exit_group resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5099] <... futex resumed>) = 0 [pid 5097] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 1 [pid 5086] exit_group(0 [pid 5099] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5099] <... openat resumed>) = 4 [pid 5098] <... futex resumed>) = ? [pid 5097] <... futex resumed>) = ? [pid 5090] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... exit_group resumed>) = ? [pid 5099] write(4, "2", 1 [pid 5087] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5100 [pid 5099] <... write resumed>) = 1 [pid 5082] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5101 [pid 5099] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5098] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ [pid 5099] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5099] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 58.884825][ T5093] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 58.893250][ T5093] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 58.901257][ T5093] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 58.909237][ T5093] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 58.917216][ T5093] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 58.925194][ T5093] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 58.933206][ T5093] [pid 5099] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] +++ exited with 0 +++ ./strace-static-x86_64: Process 5100 attached [pid 5090] <... futex resumed>) = 0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 58.945780][ T5099] FAULT_INJECTION: forcing a failure. [ 58.945780][ T5099] name fail_futex, interval 1, probability 0, space 0, times 0 [ 58.960049][ T5094] CPU: 0 PID: 5094 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 58.970597][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 58.980675][ T5094] Call Trace: [ 58.983987][ T5094] [ 58.986932][ T5094] dump_stack_lvl+0x136/0x150 [ 58.991636][ T5094] should_fail_ex+0x4a3/0x5b0 [ 58.996341][ T5094] get_futex_key+0x5aa/0x1ca0 [ 59.001077][ T5094] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.007105][ T5094] ? psi_task_switch+0x2de/0x950 [ 59.012095][ T5094] ? futex_setup_timer+0xf0/0xf0 [ 59.017090][ T5094] ? find_held_lock+0x2d/0x110 [ 59.021918][ T5094] futex_wait_setup+0xab/0x230 [ 59.026732][ T5094] ? futex_wait_multiple+0xae0/0xae0 [ 59.032083][ T5094] futex_wait+0x268/0x680 [ 59.036463][ T5094] ? futex_wait_setup+0x230/0x230 [ 59.041523][ T5094] ? mark_held_locks+0x9f/0xe0 [ 59.046326][ T5094] ? do_raw_spin_lock+0x124/0x2b0 [ 59.051386][ T5094] ? spin_bug+0x1c0/0x1c0 [ 59.055745][ T5094] do_futex+0x2e8/0x360 [ 59.059936][ T5094] ? __ia32_sys_get_robust_list+0x400/0x400 [ 59.065879][ T5094] ? find_held_lock+0x2d/0x110 [ 59.070679][ T5094] __x64_sys_futex+0x1ca/0x4d0 [ 59.075471][ T5094] ? do_futex+0x360/0x360 [ 59.079925][ T5094] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.085157][ T5094] ? lockdep_hardirqs_on+0x7d/0x100 [ 59.090374][ T5094] ? _raw_spin_unlock_irq+0x2e/0x50 [ 59.095605][ T5094] ? ptrace_notify+0xfe/0x140 [ 59.100309][ T5094] do_syscall_64+0x39/0xb0 [ 59.104754][ T5094] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.110696][ T5094] RIP: 0033:0x7f65d6d51c49 [ 59.115146][ T5094] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.135386][ T5094] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca ./strace-static-x86_64: Process 5101 attached [ 59.143831][ T5094] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 59.151814][ T5094] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 59.159792][ T5094] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 59.167774][ T5094] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 59.175839][ T5094] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 59.183840][ T5094] [ 59.188029][ T5099] CPU: 0 PID: 5099 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 59.198493][ T5099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 59.208579][ T5099] Call Trace: [ 59.212073][ T5099] [ 59.215059][ T5099] dump_stack_lvl+0x136/0x150 [ 59.219849][ T5099] should_fail_ex+0x4a3/0x5b0 [ 59.224573][ T5099] get_futex_key+0x5aa/0x1ca0 [ 59.229296][ T5099] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.235324][ T5099] ? psi_task_switch+0x2de/0x950 [ 59.240312][ T5099] ? futex_setup_timer+0xf0/0xf0 [ 59.245286][ T5099] ? find_held_lock+0x2d/0x110 [ 59.250099][ T5099] futex_wait_setup+0xab/0x230 [ 59.254923][ T5099] ? futex_wait_multiple+0xae0/0xae0 [ 59.260263][ T5099] futex_wait+0x268/0x680 [ 59.264620][ T5099] ? futex_wait_setup+0x230/0x230 [ 59.269764][ T5099] ? mark_held_locks+0x9f/0xe0 [ 59.274561][ T5099] ? do_raw_spin_lock+0x124/0x2b0 [ 59.279610][ T5099] ? spin_bug+0x1c0/0x1c0 [ 59.284055][ T5099] do_futex+0x2e8/0x360 [ 59.288240][ T5099] ? __ia32_sys_get_robust_list+0x400/0x400 [ 59.294189][ T5099] ? find_held_lock+0x2d/0x110 [ 59.298997][ T5099] __x64_sys_futex+0x1ca/0x4d0 [ 59.303892][ T5099] ? do_futex+0x360/0x360 [ 59.308279][ T5099] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.313514][ T5099] ? lockdep_hardirqs_on+0x7d/0x100 [ 59.318742][ T5099] ? _raw_spin_unlock_irq+0x2e/0x50 [ 59.324069][ T5099] ? ptrace_notify+0xfe/0x140 [ 59.328827][ T5099] do_syscall_64+0x39/0xb0 [ 59.333284][ T5099] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.339235][ T5099] RIP: 0033:0x7f65d6d51c49 [ 59.343665][ T5099] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.363288][ T5099] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 59.371717][ T5099] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 59.379788][ T5099] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 59.387852][ T5099] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [pid 5100] set_robust_list(0x55555614c5e0, 24 [pid 5093] <... futex resumed>) = ? [pid 5090] exit_group(0 [pid 5101] set_robust_list(0x55555614c5e0, 24 [pid 5100] <... set_robust_list resumed>) = 0 [pid 5096] <... futex resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5090] <... exit_group resumed>) = ? [pid 5088] +++ exited with 0 +++ [pid 5101] <... set_robust_list resumed>) = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5096] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5100] <... prctl resumed>) = 0 [pid 5101] <... prctl resumed>) = 0 [pid 5100] setpgid(0, 0 [pid 5101] setpgid(0, 0 [pid 5100] <... setpgid resumed>) = 0 [pid 5101] <... setpgid resumed>) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5100] <... openat resumed>) = 3 [pid 5101] <... openat resumed>) = 3 [pid 5100] write(3, "1000", 4 [pid 5101] write(3, "1000", 4 [pid 5100] <... write resumed>) = 4 [pid 5101] <... write resumed>) = 4 [pid 5100] close(3 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5101] close(3 [pid 5100] <... close resumed>) = 0 [pid 5101] <... close resumed>) = 0 [pid 5100] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5102 [pid 5101] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5100] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5101] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5100] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5101] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5100] <... mprotect resumed>) = 0 [pid 5101] <... mprotect resumed>) = 0 [pid 5100] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5101] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5100] <... clone resumed>, parent_tid=[5103], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5103 [pid 5101] <... clone resumed>, parent_tid=[5104], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5104 [pid 5100] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5100] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x7f65d6d039e0, 24 [pid 5102] <... openat resumed>) = 3 [pid 5104] <... set_robust_list resumed>) = 0 [pid 5102] write(3, "1000", 4 [pid 5104] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5102] <... write resumed>) = 4 [pid 5104] <... openat resumed>) = 3 [pid 5102] close(3 [pid 5104] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... close resumed>) = 0 [pid 5104] <... futex resumed>) = 1 [pid 5102] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5104] ioctl(3, FBIO_WAITFORVSYNC [pid 5102] <... futex resumed>) = 0 [pid 5101] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5101] <... futex resumed>) = 0 [pid 5102] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5101] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5105], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5105 [pid 5102] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5105] openat(AT_FDCWD, "/dev/fb0", O_RDONLY./strace-static-x86_64: Process 5103 attached [pid 5104] <... ioctl resumed>, 0) = 0 [pid 5102] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5101] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5100] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5099] <... futex resumed>) = ? [pid 5094] <... futex resumed>) = ? [pid 5105] <... openat resumed>) = 3 [pid 5102] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] set_robust_list(0x7f65d6d039e0, 24 [pid 5102] <... futex resumed>) = 0 [pid 5101] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ [pid 5105] <... futex resumed>) = 0 [pid 5104] <... futex resumed>) = 0 [pid 5103] <... set_robust_list resumed>) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5101] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5105] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5102] <... mmap resumed>) = 0x7f65d6cc2000 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5080] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5103] <... openat resumed>) = 3 [pid 5102] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5101] <... mmap resumed>) = 0x7f65d6cc2000 [pid 5100] <... mmap resumed>) = 0x7f65d6cc2000 [pid 5103] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... mprotect resumed>) = 0 [pid 5101] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5100] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5106 [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5103] <... futex resumed>) = 0 [pid 5102] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5101] <... mprotect resumed>) = 0 [pid 5100] <... mprotect resumed>) = 0 [pid 5103] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5100] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5102] <... clone resumed>, parent_tid=[5107], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5107 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5102] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... clone resumed>, parent_tid=[5108], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5108 [pid 5100] <... clone resumed>, parent_tid=[5110], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5110 [pid 5102] <... futex resumed>) = 0 [pid 5101] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 0 [pid 5101] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5109 ./strace-static-x86_64: Process 5106 attached [pid 5085] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5111 [pid 5106] set_robust_list(0x55555614c5e0, 24) = 0 ./strace-static-x86_64: Process 5110 attached [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5110] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5110] ioctl(3, FBIO_WAITFORVSYNC [pid 5106] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5108 attached [pid 5106] setpgid(0, 0./strace-static-x86_64: Process 5107 attached [pid 5108] set_robust_list(0x7f65d6ce29e0, 24 [pid 5106] <... setpgid resumed>) = 0 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5107] set_robust_list(0x7f65d6ce29e0, 24 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5108] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5107] <... set_robust_list resumed>) = 0 [pid 5106] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5111 attached ./strace-static-x86_64: Process 5109 attached [pid 5108] <... openat resumed>) = 4 [pid 5107] ioctl(3, FBIO_WAITFORVSYNC [pid 5106] write(3, "1000", 4 [pid 5108] write(4, "2", 1 [pid 5106] <... write resumed>) = 4 [pid 5108] <... write resumed>) = 1 [pid 5106] close(3 [pid 5108] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5106] <... close resumed>) = 0 [pid 5108] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5106] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5101] <... futex resumed>) = 0 [ 59.395832][ T5099] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 59.403828][ T5099] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 59.411998][ T5099] [pid 5108] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5101] exit_group(0 [pid 5111] set_robust_list(0x55555614c5e0, 24 [pid 5109] set_robust_list(0x55555614c5e0, 24 [pid 5111] <... set_robust_list resumed>) = 0 [pid 5109] <... set_robust_list resumed>) = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5111] <... prctl resumed>) = 0 [pid 5109] <... prctl resumed>) = 0 [pid 5111] setpgid(0, 0 [pid 5109] setpgid(0, 0 [pid 5111] <... setpgid resumed>) = 0 [pid 5109] <... setpgid resumed>) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5111] <... openat resumed>) = 3 [pid 5109] <... openat resumed>) = 3 [pid 5111] write(3, "1000", 4 [pid 5109] write(3, "1000", 4 [pid 5111] <... write resumed>) = 4 [pid 5110] <... ioctl resumed>, 0) = 0 [pid 5109] <... write resumed>) = 4 [pid 5106] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5104] <... futex resumed>) = ? [pid 5101] <... exit_group resumed>) = ? [pid 5111] close(3 [pid 5110] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] close(3 [pid 5106] <... mprotect resumed>) = 0 [pid 5111] <... close resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5109] <... close resumed>) = 0 [pid 5106] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5104] +++ exited with 0 +++ [pid 5100] <... futex resumed>) = 0 [pid 5111] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5109] <... futex resumed>) = 0 [pid 5106] <... clone resumed>, parent_tid=[5112], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5112 [pid 5103] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5106] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5100] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5109] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5106] <... futex resumed>) = 0 [pid 5103] <... openat resumed>) = 4 [pid 5111] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5109] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5106] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] write(4, "2", 1) = 1 [pid 5111] <... mprotect resumed>) = 0 [pid 5103] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5103] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5111] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5109] <... mprotect resumed>) = 0 [pid 5103] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] exit_group(0./strace-static-x86_64: Process 5112 attached [pid 5109] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5112] set_robust_list(0x7f65d6d039e0, 24 [pid 5111] <... clone resumed>, parent_tid=[5113], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5113 [pid 5112] <... set_robust_list resumed>) = 0 [pid 5111] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... clone resumed>, parent_tid=[5114], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5114 [pid 5112] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5111] <... futex resumed>) = 0 [pid 5109] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... futex resumed>) = 0 [ 59.440421][ T5108] FAULT_INJECTION: forcing a failure. [ 59.440421][ T5108] name fail_futex, interval 1, probability 0, space 0, times 0 [ 59.460741][ T5103] FAULT_INJECTION: forcing a failure. [ 59.460741][ T5103] name fail_futex, interval 1, probability 0, space 0, times 0 [ 59.471735][ T5108] CPU: 1 PID: 5108 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 59.484586][ T5108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 59.494697][ T5108] Call Trace: [ 59.497994][ T5108] [ 59.501020][ T5108] dump_stack_lvl+0x136/0x150 [ 59.505734][ T5108] should_fail_ex+0x4a3/0x5b0 [ 59.510447][ T5108] get_futex_key+0x5aa/0x1ca0 [ 59.515175][ T5108] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.521176][ T5108] ? psi_task_switch+0x2de/0x950 [ 59.526166][ T5108] ? futex_setup_timer+0xf0/0xf0 [ 59.531127][ T5108] ? find_held_lock+0x2d/0x110 [ 59.535924][ T5108] futex_wait_setup+0xab/0x230 [ 59.540717][ T5108] ? futex_wait_multiple+0xae0/0xae0 [ 59.546035][ T5108] futex_wait+0x268/0x680 [ 59.550394][ T5108] ? futex_wait_setup+0x230/0x230 [ 59.555794][ T5108] ? mark_held_locks+0x9f/0xe0 [ 59.560595][ T5108] ? do_raw_spin_lock+0x124/0x2b0 [ 59.565645][ T5108] ? spin_bug+0x1c0/0x1c0 [ 59.569993][ T5108] do_futex+0x2e8/0x360 [ 59.574174][ T5108] ? __ia32_sys_get_robust_list+0x400/0x400 [ 59.580089][ T5108] ? find_held_lock+0x2d/0x110 [ 59.584987][ T5108] __x64_sys_futex+0x1ca/0x4d0 [ 59.589798][ T5108] ? do_futex+0x360/0x360 [ 59.594146][ T5108] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.599560][ T5108] ? lockdep_hardirqs_on+0x7d/0x100 [ 59.605141][ T5108] ? _raw_spin_unlock_irq+0x2e/0x50 [ 59.610374][ T5108] ? ptrace_notify+0xfe/0x140 [ 59.615074][ T5108] do_syscall_64+0x39/0xb0 [ 59.619536][ T5108] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.625463][ T5108] RIP: 0033:0x7f65d6d51c49 [ 59.629890][ T5108] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.649507][ T5108] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 59.657954][ T5108] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 59.665959][ T5108] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 59.673943][ T5108] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 59.681924][ T5108] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [pid 5109] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5114 attached ./strace-static-x86_64: Process 5113 attached [pid 5112] <... openat resumed>) = 3 [pid 5110] <... futex resumed>) = ? [pid 5107] <... ioctl resumed>, 0) = 0 [pid 5106] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5102] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5100] <... exit_group resumed>) = ? [pid 5114] set_robust_list(0x7f65d6d039e0, 24 [pid 5113] set_robust_list(0x7f65d6d039e0, 24 [pid 5112] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] +++ exited with 0 +++ [pid 5107] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... set_robust_list resumed>) = 0 [pid 5113] <... set_robust_list resumed>) = 0 [pid 5112] <... futex resumed>) = 0 [pid 5107] <... futex resumed>) = 0 [pid 5106] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5114] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5113] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5112] ioctl(3, FBIO_WAITFORVSYNC [pid 5107] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5102] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... openat resumed>) = 3 [pid 5113] <... openat resumed>) = 3 [pid 5105] <... openat resumed>) = 4 [pid 5114] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] write(4, "2", 1 [pid 5114] <... futex resumed>) = 1 [pid 5113] <... futex resumed>) = 1 [pid 5105] <... write resumed>) = 1 [pid 5114] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5105] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [ 59.689937][ T5108] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 59.697946][ T5108] [ 59.701097][ C1] vkms_vblank_simulate: vblank timer overrun [ 59.707766][ T5105] FAULT_INJECTION: forcing a failure. [ 59.707766][ T5105] name fail_futex, interval 1, probability 0, space 0, times 0 [ 59.709111][ T5103] CPU: 1 PID: 5103 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 59.730996][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 59.741064][ T5103] Call Trace: [ 59.744365][ T5103] [ 59.747305][ T5103] dump_stack_lvl+0x136/0x150 [ 59.752008][ T5103] should_fail_ex+0x4a3/0x5b0 [ 59.756726][ T5103] get_futex_key+0x5aa/0x1ca0 [ 59.761437][ T5103] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.765091][ T5115] FAULT_INJECTION: forcing a failure. [ 59.765091][ T5115] name fail_futex, interval 1, probability 0, space 0, times 0 [ 59.767424][ T5103] ? psi_task_switch+0x2de/0x950 [ 59.785687][ T5103] ? futex_setup_timer+0xf0/0xf0 [ 59.790663][ T5103] ? find_held_lock+0x2d/0x110 [ 59.795475][ T5103] futex_wait_setup+0xab/0x230 [ 59.800295][ T5103] ? futex_wait_multiple+0xae0/0xae0 [ 59.805730][ T5103] futex_wait+0x268/0x680 [ 59.810096][ T5103] ? futex_wait_setup+0x230/0x230 [ 59.815163][ T5103] ? mark_held_locks+0x9f/0xe0 [ 59.819976][ T5103] ? do_raw_spin_lock+0x124/0x2b0 [ 59.825022][ T5103] ? spin_bug+0x1c0/0x1c0 [ 59.829401][ T5103] do_futex+0x2e8/0x360 [ 59.833668][ T5103] ? __ia32_sys_get_robust_list+0x400/0x400 [ 59.839624][ T5103] ? find_held_lock+0x2d/0x110 [ 59.844490][ T5103] __x64_sys_futex+0x1ca/0x4d0 [ 59.849293][ T5103] ? do_futex+0x360/0x360 [ 59.853651][ T5103] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.858972][ T5103] ? lockdep_hardirqs_on+0x7d/0x100 [ 59.864211][ T5103] ? _raw_spin_unlock_irq+0x2e/0x50 [ 59.869554][ T5103] ? ptrace_notify+0xfe/0x140 [ 59.874264][ T5103] do_syscall_64+0x39/0xb0 [ 59.878707][ T5103] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.884726][ T5103] RIP: 0033:0x7f65d6d51c49 [ 59.889154][ T5103] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.908791][ T5103] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 59.917320][ T5103] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 59.925506][ T5103] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 59.933678][ T5103] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [pid 5105] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] exit_group(0 [pid 5112] <... ioctl resumed>, 0) = 0 [pid 5111] <... futex resumed>) = 0 [pid 5109] <... futex resumed>) = 0 [pid 5107] <... futex resumed>) = ? [pid 5102] <... exit_group resumed>) = ? [pid 5107] +++ exited with 0 +++ [pid 5106] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5106] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5106] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5115], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5115 [pid 5106] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5115] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5115] write(4, "2", 1) = 1 [pid 5115] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5115] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5115] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] exit_group(0) = ? [pid 5111] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = ? [pid 5103] <... futex resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5111] <... futex resumed>) = 1 [pid 5109] <... futex resumed>) = 1 [pid 5108] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ [pid 5111] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5116 [ 59.941673][ T5103] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 59.949678][ T5103] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 59.957692][ T5103] [ 59.960726][ T5115] CPU: 0 PID: 5115 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 59.960778][ C1] vkms_vblank_simulate: vblank timer overrun [ 59.971177][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 59.987334][ T5115] Call Trace: [pid 5103] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5117 [pid 5111] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5109] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5111] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5109] <... futex resumed>) = 0 [ 59.990635][ T5115] [ 59.993603][ T5115] dump_stack_lvl+0x136/0x150 [ 59.998336][ T5115] should_fail_ex+0x4a3/0x5b0 [ 60.003157][ T5115] get_futex_key+0x5aa/0x1ca0 [ 60.007885][ T5115] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 60.013901][ T5115] ? psi_task_switch+0x2de/0x950 [ 60.018884][ T5115] ? futex_setup_timer+0xf0/0xf0 [ 60.023860][ T5115] ? find_held_lock+0x2d/0x110 [ 60.028676][ T5115] futex_wait_setup+0xab/0x230 [ 60.033501][ T5115] ? futex_wait_multiple+0xae0/0xae0 [ 60.038940][ T5115] futex_wait+0x268/0x680 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5111] <... mmap resumed>) = 0x7f65d6cc2000 [pid 5109] <... mmap resumed>) = 0x7f65d6cc2000 [pid 5111] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5109] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5111] <... mprotect resumed>) = 0 [pid 5109] <... mprotect resumed>) = 0 [pid 5111] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5109] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5111] <... clone resumed>, parent_tid=[5118], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5118 [pid 5109] <... clone resumed>, parent_tid=[5119], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5119 [pid 5111] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5109] <... futex resumed>) = 0 [pid 5111] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5119] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5119] write(4, "2", 1) = 1 [pid 5119] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5119] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [ 60.043325][ T5115] ? futex_wait_setup+0x230/0x230 [ 60.048485][ T5115] ? mark_held_locks+0x9f/0xe0 [ 60.053317][ T5115] ? do_raw_spin_lock+0x124/0x2b0 [ 60.058391][ T5115] ? spin_bug+0x1c0/0x1c0 [ 60.062761][ T5115] do_futex+0x2e8/0x360 [ 60.066980][ T5115] ? __ia32_sys_get_robust_list+0x400/0x400 [ 60.072943][ T5115] ? find_held_lock+0x2d/0x110 [ 60.077766][ T5115] __x64_sys_futex+0x1ca/0x4d0 [ 60.081350][ T5119] FAULT_INJECTION: forcing a failure. [pid 5119] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 60.081350][ T5119] name fail_futex, interval 1, probability 0, space 0, times 0 [ 60.082565][ T5115] ? do_futex+0x360/0x360 [ 60.082602][ T5115] ? _raw_spin_unlock_irq+0x23/0x50 [ 60.082641][ T5115] ? lockdep_hardirqs_on+0x7d/0x100 [ 60.082674][ T5115] ? _raw_spin_unlock_irq+0x2e/0x50 [ 60.115476][ T5115] ? ptrace_notify+0xfe/0x140 [ 60.120329][ T5115] do_syscall_64+0x39/0xb0 [ 60.124787][ T5115] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.130721][ T5115] RIP: 0033:0x7f65d6d51c49 [ 60.135156][ T5115] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.154795][ T5115] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 60.163226][ T5115] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 60.171292][ T5115] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 60.179274][ T5115] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 ./strace-static-x86_64: Process 5117 attached ./strace-static-x86_64: Process 5116 attached [pid 5114] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 0 [pid 5114] ioctl(3, FBIO_WAITFORVSYNC [ 60.187268][ T5115] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 60.195268][ T5115] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 60.203430][ T5115] [ 60.206906][ T5105] CPU: 0 PID: 5105 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 60.217367][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 60.227450][ T5105] Call Trace: [ 60.230740][ T5105] [ 60.233678][ T5105] dump_stack_lvl+0x136/0x150 [ 60.238382][ T5105] should_fail_ex+0x4a3/0x5b0 [ 60.243172][ T5105] get_futex_key+0x5aa/0x1ca0 [ 60.247872][ T5105] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 60.253864][ T5105] ? psi_task_switch+0x2de/0x950 [ 60.258825][ T5105] ? futex_setup_timer+0xf0/0xf0 [ 60.263781][ T5105] ? find_held_lock+0x2d/0x110 [ 60.268605][ T5105] futex_wait_setup+0xab/0x230 [ 60.273404][ T5105] ? futex_wait_multiple+0xae0/0xae0 [ 60.278722][ T5105] futex_wait+0x268/0x680 [ 60.283083][ T5105] ? futex_wait_setup+0x230/0x230 [ 60.288131][ T5105] ? mark_held_locks+0x9f/0xe0 [ 60.292926][ T5105] ? do_raw_spin_lock+0x124/0x2b0 [ 60.298164][ T5105] ? spin_bug+0x1c0/0x1c0 [ 60.302515][ T5105] do_futex+0x2e8/0x360 [ 60.306731][ T5105] ? __ia32_sys_get_robust_list+0x400/0x400 [ 60.312646][ T5105] ? find_held_lock+0x2d/0x110 [ 60.317446][ T5105] __x64_sys_futex+0x1ca/0x4d0 [ 60.322239][ T5105] ? do_futex+0x360/0x360 [ 60.326591][ T5105] ? _raw_spin_unlock_irq+0x23/0x50 [ 60.331819][ T5105] ? lockdep_hardirqs_on+0x7d/0x100 [ 60.337043][ T5105] ? _raw_spin_unlock_irq+0x2e/0x50 [ 60.342262][ T5105] ? ptrace_notify+0xfe/0x140 [ 60.346958][ T5105] do_syscall_64+0x39/0xb0 [ 60.351418][ T5105] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.357338][ T5105] RIP: 0033:0x7f65d6d51c49 [ 60.361765][ T5105] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.381414][ T5105] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [pid 5113] ioctl(3, FBIO_WAITFORVSYNC [pid 5114] <... ioctl resumed>, 0) = 0 [pid 5114] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] exit_group(0 [pid 5117] set_robust_list(0x55555614c5e0, 24 [pid 5109] <... exit_group resumed>) = ? [pid 5114] <... futex resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5116] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5117] <... set_robust_list resumed>) = 0 [ 60.389928][ T5105] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 60.397911][ T5105] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 60.405890][ T5105] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 60.413873][ T5105] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 60.421867][ T5105] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 60.429863][ T5105] [ 60.442731][ T5119] CPU: 0 PID: 5119 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 60.453206][ T5119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 60.463282][ T5119] Call Trace: [ 60.467176][ T5119] [ 60.470112][ T5119] dump_stack_lvl+0x136/0x150 [ 60.474835][ T5119] should_fail_ex+0x4a3/0x5b0 [ 60.479539][ T5119] get_futex_key+0x5aa/0x1ca0 [ 60.484239][ T5119] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 60.490239][ T5119] ? psi_task_switch+0x2de/0x950 [ 60.495200][ T5119] ? futex_setup_timer+0xf0/0xf0 [ 60.500157][ T5119] ? find_held_lock+0x2d/0x110 [ 60.504956][ T5119] futex_wait_setup+0xab/0x230 [ 60.509767][ T5119] ? futex_wait_multiple+0xae0/0xae0 [ 60.515087][ T5119] futex_wait+0x268/0x680 [ 60.519452][ T5119] ? futex_wait_setup+0x230/0x230 [ 60.524499][ T5119] ? mark_held_locks+0x9f/0xe0 [ 60.529294][ T5119] ? do_raw_spin_lock+0x124/0x2b0 [ 60.534334][ T5119] ? spin_bug+0x1c0/0x1c0 [ 60.538689][ T5119] do_futex+0x2e8/0x360 [ 60.542872][ T5119] ? __ia32_sys_get_robust_list+0x400/0x400 [ 60.548858][ T5119] ? find_held_lock+0x2d/0x110 [ 60.553655][ T5119] __x64_sys_futex+0x1ca/0x4d0 [ 60.558444][ T5119] ? do_futex+0x360/0x360 [ 60.562795][ T5119] ? _raw_spin_unlock_irq+0x23/0x50 [ 60.568033][ T5119] ? lockdep_hardirqs_on+0x7d/0x100 [ 60.573254][ T5119] ? _raw_spin_unlock_irq+0x2e/0x50 [ 60.578481][ T5119] ? ptrace_notify+0xfe/0x140 [ 60.583177][ T5119] do_syscall_64+0x39/0xb0 [ 60.587608][ T5119] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.593526][ T5119] RIP: 0033:0x7f65d6d51c49 [ 60.597963][ T5119] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.618774][ T5119] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 60.627210][ T5119] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 60.635193][ T5119] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5118 attached [pid 5113] <... ioctl resumed>, 0) = 0 [pid 5119] <... futex resumed>) = ? [pid 5117] <... prctl resumed>) = 0 [pid 5116] <... prctl resumed>) = 0 [pid 5115] <... futex resumed>) = ? [pid 5105] <... futex resumed>) = ? [pid 5119] +++ exited with 0 +++ [pid 5118] set_robust_list(0x7f65d6ce29e0, 24 [pid 5117] setpgid(0, 0 [pid 5116] setpgid(0, 0 [pid 5115] +++ exited with 0 +++ [pid 5113] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] +++ exited with 0 +++ [pid 5106] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ [pid 5102] +++ exited with 0 +++ [pid 5118] <... set_robust_list resumed>) = 0 [pid 5117] <... setpgid resumed>) = 0 [pid 5116] <... setpgid resumed>) = 0 [pid 5118] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5113] <... futex resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- [pid 5080] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5118] <... openat resumed>) = 4 [pid 5117] <... openat resumed>) = 3 [pid 5116] <... openat resumed>) = 3 [pid 5113] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5120 attached ./strace-static-x86_64: Process 5121 attached [pid 5118] write(4, "2", 1 [pid 5117] write(3, "1000", 4 [pid 5116] write(3, "1000", 4 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5118] <... write resumed>) = 1 [pid 5117] <... write resumed>) = 4 [pid 5116] <... write resumed>) = 4 [pid 5081] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5120 [pid 5080] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5121 [pid 5118] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5117] close(3 [pid 5116] close(3 [pid 5118] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5117] <... close resumed>) = 0 [pid 5116] <... close resumed>) = 0 [pid 5118] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 0 [ 60.643170][ T5119] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 60.651148][ T5119] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 60.659127][ T5119] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 60.667143][ T5119] [pid 5118] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5122 attached [pid 5121] set_robust_list(0x55555614c5e0, 24 [pid 5120] set_robust_list(0x55555614c5e0, 24 [pid 5122] set_robust_list(0x55555614c5e0, 24 [pid 5121] <... set_robust_list resumed>) = 0 [pid 5120] <... set_robust_list resumed>) = 0 [pid 5111] exit_group(0 [pid 5083] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5122 [pid 5122] <... set_robust_list resumed>) = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5117] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5116] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5113] <... futex resumed>) = ? [pid 5111] <... exit_group resumed>) = ? [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5121] <... prctl resumed>) = 0 [pid 5120] <... prctl resumed>) = 0 [pid 5113] +++ exited with 0 +++ [pid 5122] <... prctl resumed>) = 0 [pid 5121] setpgid(0, 0 [pid 5120] setpgid(0, 0 [pid 5122] setpgid(0, 0 [pid 5121] <... setpgid resumed>) = 0 [pid 5120] <... setpgid resumed>) = 0 [pid 5122] <... setpgid resumed>) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5121] <... openat resumed>) = 3 [pid 5120] <... openat resumed>) = 3 [pid 5122] <... openat resumed>) = 3 [pid 5121] write(3, "1000", 4 [pid 5120] write(3, "1000", 4 [pid 5122] write(3, "1000", 4 [pid 5121] <... write resumed>) = 4 [pid 5120] <... write resumed>) = 4 [pid 5122] <... write resumed>) = 4 [pid 5121] close(3 [pid 5120] close(3 [pid 5122] close(3 [pid 5121] <... close resumed>) = 0 [pid 5120] <... close resumed>) = 0 [pid 5122] <... close resumed>) = 0 [pid 5121] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5121] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5120] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5122] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5121] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5120] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5122] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5121] <... mprotect resumed>) = 0 [pid 5120] <... mprotect resumed>) = 0 [pid 5122] <... mprotect resumed>) = 0 [pid 5121] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5120] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5122] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5121] <... clone resumed>, parent_tid=[5123], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5123 [pid 5120] <... clone resumed>, parent_tid=[5124], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5124 [pid 5122] <... clone resumed>, parent_tid=[5125], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5125 [pid 5121] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 0 [pid 5121] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 60.686485][ T5118] FAULT_INJECTION: forcing a failure. [ 60.686485][ T5118] name fail_futex, interval 1, probability 0, space 0, times 0 [ 60.699957][ T5118] CPU: 0 PID: 5118 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 60.710422][ T5118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 60.720596][ T5118] Call Trace: [ 60.723901][ T5118] [ 60.726863][ T5118] dump_stack_lvl+0x136/0x150 [ 60.731595][ T5118] should_fail_ex+0x4a3/0x5b0 [pid 5122] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5125] openat(AT_FDCWD, "/dev/fb0", O_RDONLY./strace-static-x86_64: Process 5124 attached ) = 3 [pid 5125] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] set_robust_list(0x7f65d6d039e0, 24 [pid 5125] <... futex resumed>) = 1 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5122] <... futex resumed>) = 0 [pid 5125] ioctl(3, FBIO_WAITFORVSYNC [pid 5124] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5122] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... ioctl resumed>, 0) = 0 [pid 5124] <... openat resumed>) = 3 [pid 5125] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 1 [pid 5124] <... futex resumed>) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5125] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5125] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5124] ioctl(3, FBIO_WAITFORVSYNC [pid 5122] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... openat resumed>) = 4 [pid 5125] write(4, "2", 1) = 1 [pid 5125] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5125] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5125] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] exit_group(0 [pid 5124] <... ioctl resumed>, 0) = 0 [pid 5122] <... exit_group resumed>) = ? [pid 5124] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5124] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5124] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5120] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... openat resumed>) = 4 [pid 5124] write(4, "2", 1) = 1 [pid 5124] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5124] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 60.736447][ T5118] get_futex_key+0x5aa/0x1ca0 [ 60.741177][ T5118] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 60.747895][ T5118] ? psi_task_switch+0x2de/0x950 [ 60.752883][ T5118] ? futex_setup_timer+0xf0/0xf0 [ 60.757875][ T5118] ? find_held_lock+0x2d/0x110 [ 60.762598][ T5125] FAULT_INJECTION: forcing a failure. [ 60.762598][ T5125] name fail_futex, interval 1, probability 0, space 0, times 0 [ 60.762682][ T5118] futex_wait_setup+0xab/0x230 [ 60.780264][ T5118] ? futex_wait_multiple+0xae0/0xae0 [pid 5121] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5120] <... futex resumed>) = 0 [pid 5124] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] exit_group(0 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... exit_group resumed>) = ? [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5121] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5126], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5126 [pid 5121] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5126] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5126] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5126] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5121] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... openat resumed>) = 3 [pid 5121] <... futex resumed>) = 0 [pid 5126] write(3, "2", 1 [pid 5121] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... write resumed>) = 1 [pid 5126] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5126] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [ 60.785717][ T5118] futex_wait+0x268/0x680 [ 60.787328][ T5124] FAULT_INJECTION: forcing a failure. [ 60.787328][ T5124] name fail_futex, interval 1, probability 0, space 0, times 0 [ 60.790079][ T5118] ? futex_wait_setup+0x230/0x230 [ 60.807973][ T5118] ? mark_held_locks+0x9f/0xe0 [ 60.812945][ T5118] ? do_raw_spin_lock+0x124/0x2b0 [ 60.818373][ T5118] ? spin_bug+0x1c0/0x1c0 [ 60.823176][ T5118] do_futex+0x2e8/0x360 [ 60.827833][ T5118] ? __ia32_sys_get_robust_list+0x400/0x400 [ 60.829684][ T5126] FAULT_INJECTION: forcing a failure. [ 60.829684][ T5126] name fail_futex, interval 1, probability 0, space 0, times 0 [ 60.833767][ T5118] ? find_held_lock+0x2d/0x110 [ 60.833819][ T5118] __x64_sys_futex+0x1ca/0x4d0 [ 60.833859][ T5118] ? do_futex+0x360/0x360 [ 60.860841][ T5118] ? _raw_spin_unlock_irq+0x23/0x50 [ 60.866173][ T5118] ? lockdep_hardirqs_on+0x7d/0x100 [ 60.871534][ T5118] ? _raw_spin_unlock_irq+0x2e/0x50 [ 60.876876][ T5118] ? ptrace_notify+0xfe/0x140 [ 60.881779][ T5118] do_syscall_64+0x39/0xb0 [ 60.886318][ T5118] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.892611][ T5118] RIP: 0033:0x7f65d6d51c49 [ 60.897053][ T5118] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.917051][ T5118] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 60.925509][ T5118] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [pid 5126] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5116] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5123 attached [pid 5118] <... futex resumed>) = ? [ 60.933514][ T5118] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 60.941615][ T5118] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 60.949613][ T5118] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 60.957631][ T5118] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 60.965643][ T5118] [ 60.970512][ T5126] CPU: 0 PID: 5126 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 60.980978][ T5126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 60.991157][ T5126] Call Trace: [ 60.994455][ T5126] [ 60.997406][ T5126] dump_stack_lvl+0x136/0x150 [ 61.002124][ T5126] should_fail_ex+0x4a3/0x5b0 [ 61.006846][ T5126] get_futex_key+0x5aa/0x1ca0 [ 61.011654][ T5126] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 61.017702][ T5126] ? psi_task_switch+0x2de/0x950 [ 61.022686][ T5126] ? futex_setup_timer+0xf0/0xf0 [ 61.027662][ T5126] ? find_held_lock+0x2d/0x110 [ 61.032475][ T5126] futex_wait_setup+0xab/0x230 [pid 5117] <... mprotect resumed>) = 0 [ 61.037274][ T5126] ? futex_wait_multiple+0xae0/0xae0 [ 61.042600][ T5126] futex_wait+0x268/0x680 [ 61.046973][ T5126] ? futex_wait_setup+0x230/0x230 [ 61.052038][ T5126] ? mark_held_locks+0x9f/0xe0 [ 61.056850][ T5126] ? do_raw_spin_lock+0x124/0x2b0 [ 61.061906][ T5126] ? spin_bug+0x1c0/0x1c0 [ 61.066280][ T5126] do_futex+0x2e8/0x360 [ 61.070473][ T5126] ? __ia32_sys_get_robust_list+0x400/0x400 [ 61.076396][ T5126] ? find_held_lock+0x2d/0x110 [ 61.081222][ T5126] __x64_sys_futex+0x1ca/0x4d0 [pid 5117] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5127], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5127 [pid 5117] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.086027][ T5126] ? do_futex+0x360/0x360 [ 61.090411][ T5126] ? _raw_spin_unlock_irq+0x23/0x50 [ 61.095739][ T5126] ? lockdep_hardirqs_on+0x7d/0x100 [ 61.100988][ T5126] ? _raw_spin_unlock_irq+0x2e/0x50 [ 61.106249][ T5126] ? ptrace_notify+0xfe/0x140 [ 61.111058][ T5126] do_syscall_64+0x39/0xb0 [ 61.115517][ T5126] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.121475][ T5126] RIP: 0033:0x7f65d6d51c49 [pid 5117] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... mprotect resumed>) = 0 [pid 5116] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5128], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5128 [pid 5117] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5116] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 0 [pid 5116] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5117] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5129], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5129 [pid 5117] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5129] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5129] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5129] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 61.125946][ T5126] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.145687][ T5126] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 61.154950][ T5126] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 61.163050][ T5126] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 61.171140][ T5126] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 61.179156][ T5126] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [pid 5117] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5129] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5117] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... openat resumed>) = 3 [ 61.187425][ T5126] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 61.195551][ T5126] [ 61.201616][ T5124] CPU: 1 PID: 5124 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 61.212114][ T5124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 61.222187][ T5124] Call Trace: [ 61.225476][ T5124] [ 61.228423][ T5124] dump_stack_lvl+0x136/0x150 [ 61.233128][ T5124] should_fail_ex+0x4a3/0x5b0 [ 61.237839][ T5124] get_futex_key+0x5aa/0x1ca0 [ 61.242648][ T5124] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 61.248674][ T5124] ? psi_task_switch+0x2de/0x950 [ 61.253912][ T5124] ? futex_setup_timer+0xf0/0xf0 [ 61.259120][ T5124] ? find_held_lock+0x2d/0x110 [ 61.264127][ T5124] futex_wait_setup+0xab/0x230 [ 61.269168][ T5124] ? futex_wait_multiple+0xae0/0xae0 [ 61.274539][ T5124] futex_wait+0x268/0x680 [ 61.279018][ T5124] ? futex_wait_setup+0x230/0x230 [ 61.284179][ T5124] ? mark_held_locks+0x9f/0xe0 [ 61.288993][ T5124] ? do_raw_spin_lock+0x124/0x2b0 [ 61.294067][ T5124] ? spin_bug+0x1c0/0x1c0 [ 61.298597][ T5124] do_futex+0x2e8/0x360 [ 61.302793][ T5124] ? __ia32_sys_get_robust_list+0x400/0x400 [ 61.308741][ T5124] ? find_held_lock+0x2d/0x110 [ 61.313552][ T5124] __x64_sys_futex+0x1ca/0x4d0 [ 61.318368][ T5124] ? do_futex+0x360/0x360 [ 61.322770][ T5124] ? _raw_spin_unlock_irq+0x23/0x50 [ 61.328029][ T5124] ? lockdep_hardirqs_on+0x7d/0x100 [ 61.333629][ T5124] ? _raw_spin_unlock_irq+0x2e/0x50 [ 61.338894][ T5124] ? ptrace_notify+0xfe/0x140 [ 61.343601][ T5124] do_syscall_64+0x39/0xb0 [ 61.348051][ T5124] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.353988][ T5124] RIP: 0033:0x7f65d6d51c49 [ 61.358460][ T5124] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.378113][ T5124] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [pid 5129] write(3, "2", 1 [pid 5123] set_robust_list(0x7f65d6d039e0, 24./strace-static-x86_64: Process 5128 attached ./strace-static-x86_64: Process 5127 attached [pid 5126] <... futex resumed>) = -1 EFAULT (Bad address) [pid 5123] <... set_robust_list resumed>) = 0 [pid 5118] +++ exited with 0 +++ [pid 5116] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5111] +++ exited with 0 +++ [pid 5128] set_robust_list(0x7f65d6d039e0, 24 [pid 5127] set_robust_list(0x7f65d6d039e0, 24 [pid 5126] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5128] <... set_robust_list resumed>) = 0 [pid 5127] <... set_robust_list resumed>) = 0 [pid 5123] <... openat resumed>) = 4 [pid 5128] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5127] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5123] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... openat resumed>) = 3 [pid 5127] <... openat resumed>) = 4 [pid 5123] <... futex resumed>) = 0 [pid 5128] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = 0 [pid 5128] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 61.386556][ T5124] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 61.394537][ T5124] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 61.402516][ T5124] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 61.410497][ T5124] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 61.418472][ T5124] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 61.426477][ T5124] [ 61.429581][ C1] vkms_vblank_simulate: vblank timer overrun [pid 5127] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... write resumed>) = 1 [pid 5124] <... futex resumed>) = ? [pid 5117] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5116] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5129] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5121] exit_group(0 [pid 5116] <... futex resumed>) = 1 [pid 5129] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5121] <... exit_group resumed>) = ? [pid 5116] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5129] <... futex resumed>) = 0 [pid 5117] exit_group(0) = ? [pid 5085] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5130 [pid 5124] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5081] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5131 [ 61.429937][ T5125] CPU: 0 PID: 5125 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 61.446017][ T5125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 61.449601][ T5129] FAULT_INJECTION: forcing a failure. [ 61.449601][ T5129] name fail_futex, interval 1, probability 0, space 0, times 0 [ 61.456086][ T5125] Call Trace: [ 61.456095][ T5125] [ 61.456104][ T5125] dump_stack_lvl+0x136/0x150 [ 61.456138][ T5125] should_fail_ex+0x4a3/0x5b0 [ 61.456175][ T5125] get_futex_key+0x5aa/0x1ca0 [pid 5116] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5116] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5116] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5132], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5132 [pid 5116] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5132] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5132] write(4, "2", 1) = 1 [pid 5132] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5132] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = ? [pid 5126] <... futex resumed>) = ? [pid 5123] <... futex resumed>) = ? [ 61.489265][ T5125] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 61.495281][ T5125] ? psi_task_switch+0x2de/0x950 [ 61.500274][ T5125] ? futex_setup_timer+0xf0/0xf0 [ 61.505253][ T5125] ? find_held_lock+0x2d/0x110 [ 61.510077][ T5125] futex_wait_setup+0xab/0x230 [ 61.514905][ T5125] ? futex_wait_multiple+0xae0/0xae0 [ 61.520332][ T5125] futex_wait+0x268/0x680 [ 61.524712][ T5125] ? futex_wait_setup+0x230/0x230 [ 61.529881][ T5125] ? mark_held_locks+0x9f/0xe0 [ 61.535059][ T5125] ? do_raw_spin_lock+0x124/0x2b0 [pid 5116] <... futex resumed>) = 0 [pid 5132] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] ioctl(3, FBIO_WAITFORVSYNC [pid 5127] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ [pid 5080] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5128] <... ioctl resumed>, 0) = 0 [pid 5080] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5133 [pid 5128] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] exit_group(0) = ? [pid 5128] +++ exited with 0 +++ [ 61.540219][ T5125] ? spin_bug+0x1c0/0x1c0 [ 61.543813][ T5132] FAULT_INJECTION: forcing a failure. [ 61.543813][ T5132] name fail_futex, interval 1, probability 0, space 0, times 0 [ 61.544743][ T5125] do_futex+0x2e8/0x360 [ 61.544785][ T5125] ? __ia32_sys_get_robust_list+0x400/0x400 [ 61.544821][ T5125] ? find_held_lock+0x2d/0x110 [ 61.544876][ T5125] __x64_sys_futex+0x1ca/0x4d0 [ 61.577422][ T5125] ? do_futex+0x360/0x360 [ 61.581783][ T5125] ? _raw_spin_unlock_irq+0x23/0x50 [ 61.587108][ T5125] ? lockdep_hardirqs_on+0x7d/0x100 [ 61.592536][ T5125] ? _raw_spin_unlock_irq+0x2e/0x50 [ 61.598491][ T5125] ? ptrace_notify+0xfe/0x140 [ 61.603475][ T5125] do_syscall_64+0x39/0xb0 [ 61.607923][ T5125] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.614294][ T5125] RIP: 0033:0x7f65d6d51c49 [ 61.618988][ T5125] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.639498][ T5125] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 61.647957][ T5125] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 61.656409][ T5125] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 61.664506][ T5125] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 61.673313][ T5125] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 61.681301][ T5125] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 ./strace-static-x86_64: Process 5133 attached ./strace-static-x86_64: Process 5131 attached ./strace-static-x86_64: Process 5130 attached [pid 5125] <... futex resumed>) = ? [pid 5133] set_robust_list(0x55555614c5e0, 24 [pid 5131] set_robust_list(0x55555614c5e0, 24 [pid 5133] <... set_robust_list resumed>) = 0 [pid 5131] <... set_robust_list resumed>) = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5133] <... prctl resumed>) = 0 [pid 5131] <... prctl resumed>) = 0 [pid 5133] setpgid(0, 0 [pid 5131] setpgid(0, 0 [pid 5133] <... setpgid resumed>) = 0 [pid 5131] <... setpgid resumed>) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5133] <... openat resumed>) = 3 [pid 5131] <... openat resumed>) = 3 [pid 5133] write(3, "1000", 4 [pid 5131] write(3, "1000", 4 [pid 5133] <... write resumed>) = 4 [pid 5131] <... write resumed>) = 4 [pid 5133] close(3 [pid 5131] close(3 [ 61.689309][ T5125] [ 61.693620][ T5129] CPU: 0 PID: 5129 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 61.704094][ T5129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 61.714533][ T5129] Call Trace: [ 61.717833][ T5129] [ 61.720785][ T5129] dump_stack_lvl+0x136/0x150 [ 61.725592][ T5129] should_fail_ex+0x4a3/0x5b0 [ 61.730324][ T5129] get_futex_key+0x5aa/0x1ca0 [ 61.735146][ T5129] ? __lock_acquire+0x18bc/0x5d40 [pid 5133] <... close resumed>) = 0 [pid 5131] <... close resumed>) = 0 [pid 5133] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 0 [pid 5133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5133] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5131] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5133] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5131] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5133] <... mprotect resumed>) = 0 [pid 5131] <... mprotect resumed>) = 0 [pid 5133] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5131] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5133] <... clone resumed>, parent_tid=[5134], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5134 [pid 5131] <... clone resumed>, parent_tid=[5135], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5135 [pid 5133] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 0 [pid 5133] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5134] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5134] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] ioctl(3, FBIO_WAITFORVSYNC [pid 5133] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] <... ioctl resumed>, 0) = 0 [pid 5133] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5133] <... futex resumed>) = 0 [pid 5134] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5133] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... openat resumed>) = 4 [pid 5134] write(4, "2", 1) = 1 [ 61.740312][ T5129] ? futex_setup_timer+0xf0/0xf0 [ 61.745329][ T5129] futex_wake+0xe8/0x490 [ 61.749636][ T5129] ? futex_wake_mark+0x1a0/0x1a0 [ 61.754657][ T5129] ? find_held_lock+0x2d/0x110 [ 61.759497][ T5129] do_futex+0x268/0x360 [ 61.763703][ T5129] ? __ia32_sys_get_robust_list+0x400/0x400 [ 61.769667][ T5129] mm_release+0x256/0x2e0 [ 61.774039][ T5129] do_exit+0x891/0x2960 [ 61.778251][ T5129] ? find_held_lock+0x2d/0x110 [ 61.783077][ T5129] ? get_signal+0x89d/0x25b0 [pid 5134] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5134] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] exit_group(0) = ? [pid 5131] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5131] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5131] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [ 61.787707][ T5129] ? mm_update_next_owner+0x7b0/0x7b0 [ 61.793214][ T5129] ? do_raw_spin_lock+0x124/0x2b0 [ 61.795859][ T5134] FAULT_INJECTION: forcing a failure. [ 61.795859][ T5134] name fail_futex, interval 1, probability 0, space 0, times 0 [ 61.798268][ T5129] ? spin_bug+0x1c0/0x1c0 [ 61.798310][ T5129] do_group_exit+0xd4/0x2a0 [ 61.819968][ T5129] get_signal+0x2315/0x25b0 [ 61.824517][ T5129] ? __task_pid_nr_ns+0x16c/0x500 [ 61.829620][ T5129] ? exit_signals+0x910/0x910 [ 61.834324][ T5129] ? from_kuid+0xc0/0xc0 [pid 5131] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5136], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5136 [pid 5131] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5136] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5136] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5136] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5136] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5131] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... openat resumed>) = 3 [pid 5136] write(3, "2", 1) = 1 [pid 5136] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5136] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [ 61.838594][ T5129] ? find_held_lock+0x2d/0x110 [ 61.843406][ T5129] arch_do_signal_or_restart+0x79/0x5c0 [ 61.849000][ T5129] ? get_sigframe_size+0x10/0x10 [ 61.853984][ T5129] ? lock_downgrade+0x690/0x690 [ 61.858886][ T5129] ? _raw_spin_unlock_irq+0x23/0x50 [ 61.864223][ T5129] exit_to_user_mode_prepare+0x11f/0x240 [ 61.869917][ T5129] syscall_exit_to_user_mode+0x1d/0x50 [ 61.875430][ T5129] do_syscall_64+0x46/0xb0 [ 61.877273][ T5136] FAULT_INJECTION: forcing a failure. [ 61.877273][ T5136] name fail_futex, interval 1, probability 0, space 0, times 0 [ 61.879865][ T5129] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.879909][ T5129] RIP: 0033:0x7f65d6d51c49 [ 61.879930][ T5129] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.879953][ T5129] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 61.879979][ T5129] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 61.879996][ T5129] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 61.880012][ T5129] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 61.880029][ T5129] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 61.880046][ T5129] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 61.880078][ T5129] [ 61.975109][ T5134] CPU: 1 PID: 5134 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 61.985561][ T5134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 61.995645][ T5134] Call Trace: [ 61.998947][ T5134] [ 62.001890][ T5134] dump_stack_lvl+0x136/0x150 [ 62.006604][ T5134] should_fail_ex+0x4a3/0x5b0 [ 62.011310][ T5134] get_futex_key+0x5aa/0x1ca0 [ 62.016025][ T5134] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 62.022017][ T5134] ? psi_task_switch+0x2de/0x950 [ 62.026978][ T5134] ? futex_setup_timer+0xf0/0xf0 [ 62.031934][ T5134] ? find_held_lock+0x2d/0x110 [ 62.036733][ T5134] futex_wait_setup+0xab/0x230 [ 62.041527][ T5134] ? futex_wait_multiple+0xae0/0xae0 [ 62.046850][ T5134] futex_wait+0x268/0x680 [ 62.051213][ T5134] ? futex_wait_setup+0x230/0x230 [ 62.056261][ T5134] ? mark_held_locks+0x9f/0xe0 [ 62.061076][ T5134] ? do_raw_spin_lock+0x124/0x2b0 [ 62.066144][ T5134] ? spin_bug+0x1c0/0x1c0 [ 62.070505][ T5134] do_futex+0x2e8/0x360 [ 62.074695][ T5134] ? __ia32_sys_get_robust_list+0x400/0x400 [ 62.080619][ T5134] ? find_held_lock+0x2d/0x110 [ 62.085419][ T5134] __x64_sys_futex+0x1ca/0x4d0 [ 62.090234][ T5134] ? do_futex+0x360/0x360 [ 62.094595][ T5134] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.100663][ T5134] ? lockdep_hardirqs_on+0x7d/0x100 [ 62.105991][ T5134] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.111266][ T5134] ? ptrace_notify+0xfe/0x140 [ 62.115994][ T5134] do_syscall_64+0x39/0xb0 [ 62.120432][ T5134] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.126359][ T5134] RIP: 0033:0x7f65d6d51c49 [ 62.130781][ T5134] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.150492][ T5134] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 62.158936][ T5134] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 62.166926][ T5134] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 62.174909][ T5134] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 62.182903][ T5134] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [pid 5136] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5135 attached [pid 5130] set_robust_list(0x55555614c5e0, 24 [pid 5125] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ [pid 5135] set_robust_list(0x7f65d6d039e0, 24 [pid 5130] <... set_robust_list resumed>) = 0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- [pid 5135] <... set_robust_list resumed>) = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5129] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ [pid 5083] restart_syscall(<... resuming interrupted clone ...> [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5083] <... restart_syscall resumed>) = 0 [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5137 [pid 5087] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5138 ./strace-static-x86_64: Process 5138 attached [ 62.190975][ T5134] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 62.199021][ T5134] [ 62.202128][ C1] vkms_vblank_simulate: vblank timer overrun [ 62.214002][ T5136] CPU: 0 PID: 5136 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 62.224486][ T5136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 62.234659][ T5136] Call Trace: [ 62.237950][ T5136] [pid 5138] set_robust_list(0x55555614c5e0, 24./strace-static-x86_64: Process 5137 attached ) = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5137] set_robust_list(0x55555614c5e0, 24 [pid 5138] <... prctl resumed>) = 0 [pid 5137] <... set_robust_list resumed>) = 0 [pid 5138] setpgid(0, 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5138] <... setpgid resumed>) = 0 [pid 5137] <... prctl resumed>) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5137] setpgid(0, 0 [pid 5138] <... openat resumed>) = 3 [pid 5137] <... setpgid resumed>) = 0 [pid 5138] write(3, "1000", 4 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5138] <... write resumed>) = 4 [pid 5137] <... openat resumed>) = 3 [pid 5138] close(3 [pid 5137] write(3, "1000", 4 [pid 5138] <... close resumed>) = 0 [pid 5137] <... write resumed>) = 4 [pid 5138] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] close(3 [pid 5138] <... futex resumed>) = 0 [pid 5137] <... close resumed>) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5137] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5137] <... futex resumed>) = 0 [pid 5138] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5138] <... mprotect resumed>) = 0 [pid 5137] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5138] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5137] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] <... clone resumed>, parent_tid=[5139], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5139 [pid 5137] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5138] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] <... clone resumed>, parent_tid=[5140], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5140 [pid 5138] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.240894][ T5136] dump_stack_lvl+0x136/0x150 [ 62.245612][ T5136] should_fail_ex+0x4a3/0x5b0 [ 62.250410][ T5136] get_futex_key+0x5aa/0x1ca0 [ 62.255143][ T5136] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 62.261171][ T5136] ? psi_task_switch+0x2de/0x950 [ 62.266175][ T5136] ? futex_setup_timer+0xf0/0xf0 [ 62.271204][ T5136] ? find_held_lock+0x2d/0x110 [ 62.276374][ T5136] futex_wait_setup+0xab/0x230 [ 62.281247][ T5136] ? futex_wait_multiple+0xae0/0xae0 [ 62.286708][ T5136] futex_wait+0x268/0x680 [pid 5137] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5140] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5140] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5140] ioctl(3, FBIO_WAITFORVSYNC [pid 5137] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... ioctl resumed>, 0) = 0 [pid 5140] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5140] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5140] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5138] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5137] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... openat resumed>) = 4 [pid 5138] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] write(4, "2", 1 [pid 5138] <... futex resumed>) = 0 [pid 5140] <... write resumed>) = 1 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 62.291079][ T5136] ? futex_wait_setup+0x230/0x230 [ 62.296177][ T5136] ? mark_held_locks+0x9f/0xe0 [ 62.301001][ T5136] ? do_raw_spin_lock+0x124/0x2b0 [ 62.306066][ T5136] ? spin_bug+0x1c0/0x1c0 [ 62.310436][ T5136] do_futex+0x2e8/0x360 [ 62.314644][ T5136] ? __ia32_sys_get_robust_list+0x400/0x400 [ 62.320681][ T5136] ? find_held_lock+0x2d/0x110 [ 62.325525][ T5136] __x64_sys_futex+0x1ca/0x4d0 [ 62.330544][ T5136] ? do_futex+0x360/0x360 [ 62.335434][ T5136] ? _raw_spin_unlock_irq+0x23/0x50 [pid 5140] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5138] <... mmap resumed>) = 0x7f65d6cc2000 [pid 5140] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5138] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5140] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... mprotect resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5138] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5137] <... futex resumed>) = 0 [ 62.340698][ T5136] ? lockdep_hardirqs_on+0x7d/0x100 [ 62.345958][ T5136] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.351258][ T5136] ? ptrace_notify+0xfe/0x140 [ 62.352987][ T5140] FAULT_INJECTION: forcing a failure. [ 62.352987][ T5140] name fail_futex, interval 1, probability 0, space 0, times 0 [ 62.355953][ T5136] do_syscall_64+0x39/0xb0 [ 62.355984][ T5136] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.356021][ T5136] RIP: 0033:0x7f65d6d51c49 [pid 5140] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] exit_group(0./strace-static-x86_64: Process 5139 attached [pid 5138] <... clone resumed>, parent_tid=[5141], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5141 [pid 5137] <... exit_group resumed>) = ? [pid 5136] <... futex resumed>) = -1 EFAULT (Bad address) [pid 5135] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5134] <... futex resumed>) = ? [pid 5130] <... prctl resumed>) = 0 [pid 5138] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5135] <... openat resumed>) = 4 [pid 5141] ioctl(-1, FBIO_WAITFORVSYNC [pid 5135] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... ioctl resumed>, 0) = -1 EBADF (Bad file descriptor) [pid 5135] <... futex resumed>) = 0 [pid 5141] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... futex resumed>) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5141] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5138] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... openat resumed>) = 3 [pid 5138] <... futex resumed>) = 0 [pid 5141] write(3, "2", 1 [pid 5138] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... write resumed>) = 1 [pid 5141] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5141] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5141] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] set_robust_list(0x7f65d6d039e0, 24 [ 62.356042][ T5136] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.356068][ T5136] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 62.356095][ T5136] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 62.356114][ T5136] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 62.356132][ T5136] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 62.356149][ T5136] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [pid 5131] exit_group(0 [pid 5139] <... set_robust_list resumed>) = 0 [pid 5135] <... futex resumed>) = ? [pid 5131] <... exit_group resumed>) = ? [pid 5139] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5135] +++ exited with 0 +++ [pid 5139] <... openat resumed>) = 4 [pid 5139] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] exit_group(0 [pid 5139] <... futex resumed>) = ? [pid 5138] <... exit_group resumed>) = ? [pid 5139] +++ exited with 0 +++ [ 62.356165][ T5136] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 62.356195][ T5136] [ 62.384143][ T5132] CPU: 0 PID: 5132 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 62.428153][ T5141] FAULT_INJECTION: forcing a failure. [ 62.428153][ T5141] name fail_futex, interval 1, probability 0, space 0, times 0 [ 62.428595][ T5132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 62.488990][ T5132] Call Trace: [ 62.492281][ T5132] [ 62.495316][ T5132] dump_stack_lvl+0x136/0x150 [ 62.500288][ T5132] should_fail_ex+0x4a3/0x5b0 [ 62.505011][ T5132] get_futex_key+0x5aa/0x1ca0 [ 62.509729][ T5132] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 62.515840][ T5132] ? psi_task_switch+0x2de/0x950 [ 62.520840][ T5132] ? futex_setup_timer+0xf0/0xf0 [ 62.526004][ T5132] ? find_held_lock+0x2d/0x110 [ 62.531000][ T5132] futex_wait_setup+0xab/0x230 [ 62.535810][ T5132] ? futex_wait_multiple+0xae0/0xae0 [ 62.541582][ T5132] futex_wait+0x268/0x680 [ 62.546005][ T5132] ? futex_wait_setup+0x230/0x230 [ 62.551083][ T5132] ? mark_held_locks+0x9f/0xe0 [ 62.555905][ T5132] ? do_raw_spin_lock+0x124/0x2b0 [ 62.560968][ T5132] ? spin_bug+0x1c0/0x1c0 [ 62.565331][ T5132] do_futex+0x2e8/0x360 [ 62.569531][ T5132] ? __ia32_sys_get_robust_list+0x400/0x400 [ 62.575466][ T5132] ? find_held_lock+0x2d/0x110 [ 62.580319][ T5132] __x64_sys_futex+0x1ca/0x4d0 [ 62.585128][ T5132] ? do_futex+0x360/0x360 [ 62.589497][ T5132] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.594749][ T5132] ? lockdep_hardirqs_on+0x7d/0x100 [ 62.600004][ T5132] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.605360][ T5132] ? ptrace_notify+0xfe/0x140 [ 62.610342][ T5132] do_syscall_64+0x39/0xb0 [ 62.614814][ T5132] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.620772][ T5132] RIP: 0033:0x7f65d6d51c49 [ 62.625297][ T5132] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5130] setpgid(0, 0) = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5130] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5142], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5142 [pid 5130] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.645127][ T5132] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 62.653672][ T5132] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 62.661811][ T5132] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 62.669845][ T5132] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 62.677858][ T5132] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 62.685950][ T5132] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [pid 5130] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5142 attached [pid 5134] +++ exited with 0 +++ [pid 5133] +++ exited with 0 +++ [pid 5132] <... futex resumed>) = ? [pid 5080] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5143 ./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5143] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5144], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5144 [pid 5143] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 62.694050][ T5132] [ 62.698998][ T5141] CPU: 0 PID: 5141 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 62.709550][ T5141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 62.719723][ T5141] Call Trace: [ 62.723027][ T5141] [ 62.725985][ T5141] dump_stack_lvl+0x136/0x150 [ 62.730714][ T5141] should_fail_ex+0x4a3/0x5b0 [ 62.735454][ T5141] get_futex_key+0x5aa/0x1ca0 [ 62.740272][ T5141] ? lockdep_hardirqs_on_prepare+0x410/0x410 [pid 5130] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5130] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 5144 attached [pid 5130] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5144] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5130] <... clone resumed>, parent_tid=[5145], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5145 [pid 5144] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5130] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... openat resumed>) = 3 [pid 5130] <... futex resumed>) = 0 [pid 5144] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5144] ioctl(3, FBIO_WAITFORVSYNC [pid 5143] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... ioctl resumed>, 0) = 0 [pid 5144] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5144] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5143] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... openat resumed>) = 4 [pid 5144] write(4, "2", 1) = 1 [pid 5144] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5144] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [ 62.746311][ T5141] ? psi_task_switch+0x2de/0x950 [ 62.751297][ T5141] ? futex_setup_timer+0xf0/0xf0 [ 62.756277][ T5141] ? find_held_lock+0x2d/0x110 [ 62.761116][ T5141] futex_wait_setup+0xab/0x230 [ 62.765965][ T5141] ? futex_wait_multiple+0xae0/0xae0 [ 62.771402][ T5141] futex_wait+0x268/0x680 [ 62.775962][ T5141] ? futex_wait_setup+0x230/0x230 [ 62.781109][ T5141] ? mark_held_locks+0x9f/0xe0 [ 62.786025][ T5141] ? do_raw_spin_lock+0x124/0x2b0 [ 62.791271][ T5141] ? spin_bug+0x1c0/0x1c0 [pid 5144] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] exit_group(0) = ? [pid 5130] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5130] futex(0x7f65d6dda4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ca1000 [pid 5130] mprotect(0x7f65d6ca2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] clone(child_stack=0x7f65d6cc13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5146], tls=0x7f65d6cc1700, child_tidptr=0x7f65d6cc19d0) = 5146 [pid 5130] futex(0x7f65d6dda4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] futex(0x7f65d6dda4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x7f65d6cc19e0, 24) = 0 [pid 5146] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5146] write(3, "2", 1) = 1 [pid 5146] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5146] futex(0x7f65d6dda4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [ 62.795998][ T5141] do_futex+0x2e8/0x360 [ 62.797344][ T5144] FAULT_INJECTION: forcing a failure. [ 62.797344][ T5144] name fail_futex, interval 1, probability 0, space 0, times 0 [ 62.800541][ T5141] ? __ia32_sys_get_robust_list+0x400/0x400 [ 62.800582][ T5141] ? find_held_lock+0x2d/0x110 [ 62.800629][ T5141] __x64_sys_futex+0x1ca/0x4d0 [ 62.800669][ T5141] ? do_futex+0x360/0x360 [ 62.800701][ T5141] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.839285][ T5141] ? lockdep_hardirqs_on+0x7d/0x100 [ 62.844539][ T5141] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.846417][ T5146] FAULT_INJECTION: forcing a failure. [ 62.846417][ T5146] name fail_futex, interval 1, probability 0, space 0, times 0 [ 62.849858][ T5141] ? ptrace_notify+0xfe/0x140 [ 62.849895][ T5141] do_syscall_64+0x39/0xb0 [ 62.849922][ T5141] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.877916][ T5141] RIP: 0033:0x7f65d6d51c49 [ 62.882528][ T5141] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.902335][ T5141] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 62.910788][ T5141] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 62.918867][ T5141] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 62.926892][ T5141] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 62.934971][ T5141] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [pid 5146] futex(0x7f65d6dda4c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 62.942990][ T5141] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 62.951044][ T5141] [ 62.956331][ T5144] CPU: 1 PID: 5144 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 62.966833][ T5144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 62.976902][ T5144] Call Trace: [ 62.980196][ T5144] [ 62.983137][ T5144] dump_stack_lvl+0x136/0x150 [ 62.987842][ T5144] should_fail_ex+0x4a3/0x5b0 [ 62.992546][ T5144] get_futex_key+0x5aa/0x1ca0 [ 62.997252][ T5144] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 63.003249][ T5144] ? psi_task_switch+0x2de/0x950 [ 63.008218][ T5144] ? futex_setup_timer+0xf0/0xf0 [ 63.013187][ T5144] ? find_held_lock+0x2d/0x110 [ 63.017989][ T5144] futex_wait_setup+0xab/0x230 [ 63.022783][ T5144] ? futex_wait_multiple+0xae0/0xae0 [ 63.028194][ T5144] futex_wait+0x268/0x680 [ 63.032575][ T5144] ? futex_wait_setup+0x230/0x230 [ 63.037659][ T5144] ? mark_held_locks+0x9f/0xe0 [ 63.042494][ T5144] ? do_raw_spin_lock+0x124/0x2b0 [ 63.047551][ T5144] ? spin_bug+0x1c0/0x1c0 [ 63.052091][ T5144] do_futex+0x2e8/0x360 [ 63.056290][ T5144] ? __ia32_sys_get_robust_list+0x400/0x400 [ 63.062313][ T5144] ? find_held_lock+0x2d/0x110 [ 63.067117][ T5144] __x64_sys_futex+0x1ca/0x4d0 [ 63.071935][ T5144] ? do_futex+0x360/0x360 [ 63.076303][ T5144] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.081570][ T5144] ? lockdep_hardirqs_on+0x7d/0x100 [ 63.086841][ T5144] ? _raw_spin_unlock_irq+0x2e/0x50 [ 63.092113][ T5144] ? ptrace_notify+0xfe/0x140 [ 63.096874][ T5144] do_syscall_64+0x39/0xb0 [ 63.101384][ T5144] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.107349][ T5144] RIP: 0033:0x7f65d6d51c49 [ 63.111871][ T5144] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.131521][ T5144] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 63.140092][ T5144] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 63.148091][ T5144] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 63.156085][ T5144] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 63.164084][ T5144] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 63.172178][ T5144] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 63.180199][ T5144] [ 63.183293][ T5140] CPU: 0 PID: 5140 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [pid 5142] set_robust_list(0x7f65d6d039e0, 24./strace-static-x86_64: Process 5145 attached ) = 0 [pid 5141] <... futex resumed>) = ? [pid 5136] +++ exited with 0 +++ [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5147 [pid 5081] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5148 [ 63.183327][ C1] vkms_vblank_simulate: vblank timer overrun [ 63.193987][ T5140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 63.210055][ T5140] Call Trace: [ 63.213362][ T5140] [ 63.216307][ T5140] dump_stack_lvl+0x136/0x150 [ 63.221018][ T5140] should_fail_ex+0x4a3/0x5b0 [ 63.225749][ T5140] get_futex_key+0x5aa/0x1ca0 [ 63.230534][ T5140] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 63.236584][ T5140] ? psi_task_switch+0x2de/0x950 [ 63.241656][ T5140] ? futex_setup_timer+0xf0/0xf0 [pid 5145] set_robust_list(0x7f65d6ce29e0, 24 [pid 5142] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5141] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ [pid 5145] <... set_robust_list resumed>) = 0 [pid 5142] <... openat resumed>) = 4 [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5145] ioctl(-1, FBIO_WAITFORVSYNC [pid 5142] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... ioctl resumed>, 0) = -1 EBADF (Bad file descriptor) [pid 5142] <... futex resumed>) = 0 [pid 5145] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] exit_group(0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5145] <... futex resumed>) = ? [ 63.246717][ T5140] ? find_held_lock+0x2d/0x110 [ 63.251801][ T5140] futex_wait_setup+0xab/0x230 [ 63.256809][ T5140] ? futex_wait_multiple+0xae0/0xae0 [ 63.262679][ T5140] futex_wait+0x268/0x680 [ 63.267153][ T5140] ? futex_wait_setup+0x230/0x230 [ 63.272463][ T5140] ? mark_held_locks+0x9f/0xe0 [ 63.277320][ T5140] ? do_raw_spin_lock+0x124/0x2b0 [ 63.282479][ T5140] ? spin_bug+0x1c0/0x1c0 [ 63.287158][ T5140] do_futex+0x2e8/0x360 [ 63.291586][ T5140] ? __ia32_sys_get_robust_list+0x400/0x400 [pid 5142] <... futex resumed>) = ? [pid 5130] <... exit_group resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ [pid 5087] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5149 [ 63.297702][ T5140] ? find_held_lock+0x2d/0x110 [ 63.302519][ T5140] __x64_sys_futex+0x1ca/0x4d0 [ 63.307420][ T5140] ? do_futex+0x360/0x360 [ 63.311791][ T5140] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.317127][ T5140] ? lockdep_hardirqs_on+0x7d/0x100 [ 63.322451][ T5140] ? _raw_spin_unlock_irq+0x2e/0x50 [ 63.327695][ T5140] ? ptrace_notify+0xfe/0x140 [ 63.332483][ T5140] do_syscall_64+0x39/0xb0 [ 63.336927][ T5140] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.343210][ T5140] RIP: 0033:0x7f65d6d51c49 [ 63.347691][ T5140] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.367332][ T5140] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 63.375785][ T5140] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 63.383781][ T5140] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 ./strace-static-x86_64: Process 5149 attached ./strace-static-x86_64: Process 5148 attached ./strace-static-x86_64: Process 5147 attached [pid 5144] <... futex resumed>) = ? [pid 5140] <... futex resumed>) = ? [pid 5149] set_robust_list(0x55555614c5e0, 24 [pid 5148] set_robust_list(0x55555614c5e0, 24 [pid 5149] <... set_robust_list resumed>) = 0 [pid 5148] <... set_robust_list resumed>) = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5149] <... prctl resumed>) = 0 [pid 5148] <... prctl resumed>) = 0 [pid 5149] setpgid(0, 0 [pid 5148] setpgid(0, 0 [pid 5149] <... setpgid resumed>) = 0 [pid 5148] <... setpgid resumed>) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5149] <... openat resumed>) = 3 [pid 5148] <... openat resumed>) = 3 [pid 5149] write(3, "1000", 4 [pid 5148] write(3, "1000", 4 [pid 5149] <... write resumed>) = 4 [ 63.391773][ T5140] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 63.399854][ T5140] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 63.407955][ T5140] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 63.416072][ T5140] [ 63.419983][ T5146] CPU: 0 PID: 5146 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 63.430480][ T5146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 63.441004][ T5146] Call Trace: [ 63.444325][ T5146] [pid 5148] <... write resumed>) = 4 [pid 5149] close(3 [pid 5148] close(3 [pid 5149] <... close resumed>) = 0 [pid 5148] <... close resumed>) = 0 [pid 5149] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5148] <... futex resumed>) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5149] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5148] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5149] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5148] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5149] <... mprotect resumed>) = 0 [pid 5148] <... mprotect resumed>) = 0 [pid 5149] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5148] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5149] <... clone resumed>, parent_tid=[5150], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5150 [pid 5148] <... clone resumed>, parent_tid=[5151], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5151 [pid 5149] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5148] <... futex resumed>) = 0 [pid 5149] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5151] openat(AT_FDCWD, "/dev/fb0", O_RDONLY./strace-static-x86_64: Process 5150 attached ) = 3 [pid 5151] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] set_robust_list(0x7f65d6d039e0, 24 [pid 5151] <... futex resumed>) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5151] ioctl(3, FBIO_WAITFORVSYNC [pid 5150] <... set_robust_list resumed>) = 0 [pid 5148] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5148] <... futex resumed>) = 0 [pid 5151] <... ioctl resumed>, 0) = 0 [pid 5150] <... openat resumed>) = 3 [pid 5148] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5148] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5150] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5151] <... openat resumed>) = 4 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] <... futex resumed>) = 0 [pid 5148] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] write(4, "2", 1 [pid 5150] ioctl(3, FBIO_WAITFORVSYNC [pid 5149] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... write resumed>) = 1 [pid 5151] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5151] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [ 63.447286][ T5146] dump_stack_lvl+0x136/0x150 [ 63.452016][ T5146] should_fail_ex+0x4a3/0x5b0 [ 63.456783][ T5146] get_futex_key+0x5aa/0x1ca0 [ 63.462042][ T5146] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 63.468160][ T5146] ? psi_task_switch+0x2de/0x950 [ 63.473181][ T5146] ? futex_setup_timer+0xf0/0xf0 [ 63.478168][ T5146] ? find_held_lock+0x2d/0x110 [ 63.483012][ T5146] futex_wait_setup+0xab/0x230 [ 63.487882][ T5146] ? futex_wait_multiple+0xae0/0xae0 [ 63.493338][ T5146] futex_wait+0x268/0x680 [pid 5151] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... ioctl resumed>, 0) = 0 [pid 5148] exit_group(0 [pid 5150] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... exit_group resumed>) = ? [pid 5150] <... futex resumed>) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] <... futex resumed>) = 0 [pid 5150] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5149] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... openat resumed>) = 4 [pid 5150] write(4, "2", 1) = 1 [pid 5150] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5150] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] exit_group(0) = ? [ 63.497733][ T5146] ? futex_wait_setup+0x230/0x230 [ 63.498505][ T5151] FAULT_INJECTION: forcing a failure. [ 63.498505][ T5151] name fail_futex, interval 1, probability 0, space 0, times 0 [ 63.502810][ T5146] ? mark_held_locks+0x9f/0xe0 [ 63.502859][ T5146] ? do_raw_spin_lock+0x124/0x2b0 [ 63.525653][ T5146] ? spin_bug+0x1c0/0x1c0 [ 63.530036][ T5146] do_futex+0x2e8/0x360 [ 63.530295][ T5150] FAULT_INJECTION: forcing a failure. [ 63.530295][ T5150] name fail_futex, interval 1, probability 0, space 0, times 0 [ 63.534263][ T5146] ? __ia32_sys_get_robust_list+0x400/0x400 [ 63.534305][ T5146] ? find_held_lock+0x2d/0x110 [ 63.534350][ T5146] __x64_sys_futex+0x1ca/0x4d0 [ 63.534390][ T5146] ? do_futex+0x360/0x360 [ 63.567086][ T5146] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.572338][ T5146] ? lockdep_hardirqs_on+0x7d/0x100 [ 63.577589][ T5146] ? _raw_spin_unlock_irq+0x2e/0x50 [ 63.582915][ T5146] ? ptrace_notify+0xfe/0x140 [ 63.587639][ T5146] do_syscall_64+0x39/0xb0 [ 63.592072][ T5146] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.598103][ T5146] RIP: 0033:0x7f65d6d51c49 [ 63.602552][ T5146] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.622447][ T5146] RSP: 002b:00007f65d6cc12f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 63.630884][ T5146] RAX: ffffffffffffffda RBX: 00007f65d6dda4c8 RCX: 00007f65d6d51c49 [ 63.639406][ T5146] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4c8 [pid 5147] set_robust_list(0x55555614c5e0, 24) = 0 [ 63.647569][ T5146] RBP: 00007f65d6dda4c0 R08: 0000000000000032 R09: 0000000000000032 [ 63.655656][ T5146] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 63.664461][ T5146] R13: 00007f65d6cc1300 R14: 0000000000000001 R15: 0000000000022000 [ 63.672593][ T5146] [ 63.675647][ T5151] CPU: 1 PID: 5151 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 63.686217][ T5151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 63.696344][ T5151] Call Trace: [ 63.699649][ T5151] [ 63.702590][ T5151] dump_stack_lvl+0x136/0x150 [ 63.707299][ T5151] should_fail_ex+0x4a3/0x5b0 [ 63.712120][ T5151] get_futex_key+0x5aa/0x1ca0 [ 63.716829][ T5151] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 63.722826][ T5151] ? psi_task_switch+0x2de/0x950 [ 63.727815][ T5151] ? futex_setup_timer+0xf0/0xf0 [ 63.732770][ T5151] ? find_held_lock+0x2d/0x110 [ 63.737691][ T5151] futex_wait_setup+0xab/0x230 [ 63.742861][ T5151] ? futex_wait_multiple+0xae0/0xae0 [ 63.748190][ T5151] futex_wait+0x268/0x680 [ 63.752552][ T5151] ? futex_wait_setup+0x230/0x230 [ 63.757609][ T5151] ? mark_held_locks+0x9f/0xe0 [ 63.762414][ T5151] ? do_raw_spin_lock+0x124/0x2b0 [ 63.767456][ T5151] ? spin_bug+0x1c0/0x1c0 [ 63.771804][ T5151] do_futex+0x2e8/0x360 [ 63.775986][ T5151] ? __ia32_sys_get_robust_list+0x400/0x400 [ 63.781913][ T5151] ? find_held_lock+0x2d/0x110 [ 63.786733][ T5151] __x64_sys_futex+0x1ca/0x4d0 [ 63.791524][ T5151] ? do_futex+0x360/0x360 [ 63.795869][ T5151] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.801164][ T5151] ? lockdep_hardirqs_on+0x7d/0x100 [ 63.806418][ T5151] ? _raw_spin_unlock_irq+0x2e/0x50 [ 63.811657][ T5151] ? ptrace_notify+0xfe/0x140 [ 63.816365][ T5151] do_syscall_64+0x39/0xb0 [ 63.820817][ T5151] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.826831][ T5151] RIP: 0033:0x7f65d6d51c49 [ 63.831257][ T5151] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.851499][ T5151] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 63.860114][ T5151] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 63.868290][ T5151] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 63.876986][ T5151] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 63.884991][ T5151] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 63.892982][ T5151] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5144] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ [pid 5147] <... prctl resumed>) = 0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5080] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5147] <... close resumed>) = 0 [pid 5147] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5152 [pid 5080] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5153 [pid 5147] <... futex resumed>) = 0 [pid 5147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 ./strace-static-x86_64: Process 5152 attached [pid 5147] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5152] set_robust_list(0x55555614c5e0, 24 [pid 5147] <... mprotect resumed>) = 0 [pid 5152] <... set_robust_list resumed>) = 0 [pid 5147] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] <... clone resumed>, parent_tid=[5154], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5154 [pid 5152] setpgid(0, 0 [pid 5147] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... setpgid resumed>) = 0 [pid 5147] <... futex resumed>) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5147] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5154 attached [ 63.901940][ T5151] [ 63.904985][ C1] vkms_vblank_simulate: vblank timer overrun [ 63.905273][ T5150] CPU: 0 PID: 5150 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 63.921513][ T5150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 63.931690][ T5150] Call Trace: [ 63.935012][ T5150] [ 63.937972][ T5150] dump_stack_lvl+0x136/0x150 [ 63.942698][ T5150] should_fail_ex+0x4a3/0x5b0 [ 63.947438][ T5150] get_futex_key+0x5aa/0x1ca0 [pid 5152] write(3, "1000", 4 [pid 5154] set_robust_list(0x7f65d6d039e0, 24 [pid 5152] <... write resumed>) = 4 [pid 5154] <... set_robust_list resumed>) = 0 [pid 5152] close(3 [pid 5154] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5152] <... close resumed>) = 0 [pid 5154] <... openat resumed>) = 3 [pid 5152] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5147] <... futex resumed>) = 0 [pid 5154] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5147] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5147] <... futex resumed>) = 0 [pid 5154] ioctl(3, FBIO_WAITFORVSYNC [pid 5152] <... mprotect resumed>) = 0 [pid 5147] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5155], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5155 [pid 5152] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = ? [pid 5151] <... futex resumed>) = ? [pid 5154] <... ioctl resumed>, 0) = 0 [pid 5154] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5154] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5154] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5147] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... openat resumed>) = 4 [pid 5154] write(4, "2", 1) = 1 [pid 5154] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5146] +++ exited with 0 +++ [pid 5130] +++ exited with 0 +++ [pid 5154] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- [ 63.952345][ T5150] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 63.958377][ T5150] ? psi_task_switch+0x2de/0x950 [ 63.963383][ T5150] ? futex_setup_timer+0xf0/0xf0 [ 63.968408][ T5150] ? find_held_lock+0x2d/0x110 [ 63.973250][ T5150] futex_wait_setup+0xab/0x230 [ 63.978081][ T5150] ? futex_wait_multiple+0xae0/0xae0 [ 63.983613][ T5150] futex_wait+0x268/0x680 [ 63.988008][ T5150] ? futex_wait_setup+0x230/0x230 [ 63.993086][ T5150] ? mark_held_locks+0x9f/0xe0 [pid 5154] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] +++ exited with 0 +++ [pid 5148] +++ exited with 0 +++ [pid 5147] exit_group(0 [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5147] <... exit_group resumed>) = ? [pid 5085] <... restart_syscall resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5152] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5152] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5156 [pid 5152] <... futex resumed>) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5157 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 ./strace-static-x86_64: Process 5156 attached [pid 5152] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5156] set_robust_list(0x55555614c5e0, 24 [pid 5152] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5157 attached [pid 5156] <... set_robust_list resumed>) = 0 [pid 5152] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5157] set_robust_list(0x55555614c5e0, 24 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5157] <... set_robust_list resumed>) = 0 [pid 5156] <... prctl resumed>) = 0 [pid 5152] <... clone resumed>, parent_tid=[5158], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5158 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5156] setpgid(0, 0 [pid 5152] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... prctl resumed>) = 0 [pid 5156] <... setpgid resumed>) = 0 [pid 5152] <... futex resumed>) = 0 [pid 5157] setpgid(0, 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5152] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5158 attached [pid 5157] <... setpgid resumed>) = 0 [pid 5156] <... openat resumed>) = 3 [pid 5158] set_robust_list(0x7f65d6ce29e0, 24 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5156] write(3, "1000", 4 [pid 5158] <... set_robust_list resumed>) = 0 [pid 5157] <... openat resumed>) = 3 [pid 5156] <... write resumed>) = 4 [pid 5158] ioctl(-1, FBIO_WAITFORVSYNC [pid 5157] write(3, "1000", 4 [pid 5156] close(3 [pid 5158] <... ioctl resumed>, 0) = -1 EBADF (Bad file descriptor) [pid 5157] <... write resumed>) = 4 [pid 5156] <... close resumed>) = 0 [pid 5158] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] close(3 [pid 5156] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 1 [pid 5157] <... close resumed>) = 0 [pid 5156] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 0 [pid 5158] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 63.997909][ T5150] ? do_raw_spin_lock+0x124/0x2b0 [ 63.999109][ T5154] FAULT_INJECTION: forcing a failure. [ 63.999109][ T5154] name fail_futex, interval 1, probability 0, space 0, times 0 [ 64.003043][ T5150] ? spin_bug+0x1c0/0x1c0 [ 64.003079][ T5150] do_futex+0x2e8/0x360 [ 64.003115][ T5150] ? __ia32_sys_get_robust_list+0x400/0x400 [ 64.003148][ T5150] ? find_held_lock+0x2d/0x110 [ 64.003194][ T5150] __x64_sys_futex+0x1ca/0x4d0 [ 64.003234][ T5150] ? do_futex+0x360/0x360 [ 64.003266][ T5150] ? _raw_spin_unlock_irq+0x23/0x50 [pid 5157] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5152] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] <... futex resumed>) = 0 [pid 5156] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5152] <... futex resumed>) = 0 [pid 5158] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5156] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5152] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... openat resumed>) = 3 [pid 5157] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5156] <... mprotect resumed>) = 0 [pid 5158] write(3, "2", 1 [pid 5157] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5156] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5158] <... write resumed>) = 1 [pid 5157] <... mprotect resumed>) = 0 [pid 5158] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5157] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5156] <... clone resumed>, parent_tid=[5159], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5159 [pid 5158] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5156] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... clone resumed>, parent_tid=[5160], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5160 [pid 5156] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = 1 [pid 5157] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5159 attached [pid 5158] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] <... futex resumed>) = 0 [pid 5159] set_robust_list(0x7f65d6d039e0, 24 [pid 5157] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... set_robust_list resumed>) = 0 [ 64.049754][ T5150] ? lockdep_hardirqs_on+0x7d/0x100 [ 64.055015][ T5150] ? _raw_spin_unlock_irq+0x2e/0x50 [ 64.060288][ T5150] ? ptrace_notify+0xfe/0x140 [ 64.065010][ T5150] do_syscall_64+0x39/0xb0 [ 64.069470][ T5150] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 64.075504][ T5150] RIP: 0033:0x7f65d6d51c49 [ 64.078757][ T5158] FAULT_INJECTION: forcing a failure. [ 64.078757][ T5158] name fail_futex, interval 1, probability 0, space 0, times 0 [pid 5159] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5159] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5159] ioctl(3, FBIO_WAITFORVSYNC [pid 5156] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... ioctl resumed>, 0) = 0 [pid 5159] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5159] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5159] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5156] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... openat resumed>) = 4 [pid 5159] write(4, "2", 1) = 1 [pid 5159] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5159] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [ 64.079932][ T5150] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.112846][ T5150] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 64.121736][ T5150] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 64.129758][ T5150] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 64.137417][ T5159] FAULT_INJECTION: forcing a failure. [ 64.137417][ T5159] name fail_futex, interval 1, probability 0, space 0, times 0 [pid 5159] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] exit_group(0./strace-static-x86_64: Process 5160 attached ./strace-static-x86_64: Process 5155 attached ./strace-static-x86_64: Process 5153 attached [pid 5157] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5156] <... exit_group resumed>) = ? [pid 5150] <... futex resumed>) = ? [pid 5157] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5157] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5161], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5161 [pid 5157] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5161 attached [ 64.137734][ T5150] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 64.137754][ T5150] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 64.137770][ T5150] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 64.137803][ T5150] [ 64.167208][ T5158] CPU: 0 PID: 5158 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 64.188571][ T5158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 64.198659][ T5158] Call Trace: [pid 5161] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5161] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5161] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5161] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] <... futex resumed>) = 0 [pid 5161] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5157] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... openat resumed>) = 3 [pid 5161] write(3, "2", 1) = 1 [pid 5161] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5161] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [ 64.201967][ T5158] [ 64.204923][ T5158] dump_stack_lvl+0x136/0x150 [ 64.209734][ T5158] should_fail_ex+0x4a3/0x5b0 [ 64.214472][ T5158] get_futex_key+0x5aa/0x1ca0 [ 64.219194][ T5158] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 64.222767][ T5161] FAULT_INJECTION: forcing a failure. [ 64.222767][ T5161] name fail_futex, interval 1, probability 0, space 0, times 0 [ 64.225278][ T5158] ? psi_task_switch+0x2de/0x950 [ 64.225323][ T5158] ? futex_setup_timer+0xf0/0xf0 [ 64.225358][ T5158] ? find_held_lock+0x2d/0x110 [ 64.225404][ T5158] futex_wait_setup+0xab/0x230 [ 64.225444][ T5158] ? futex_wait_multiple+0xae0/0xae0 [ 64.225492][ T5158] futex_wait+0x268/0x680 [ 64.267525][ T5158] ? futex_wait_setup+0x230/0x230 [ 64.272653][ T5158] ? mark_held_locks+0x9f/0xe0 [ 64.277466][ T5158] ? do_raw_spin_lock+0x124/0x2b0 [ 64.282536][ T5158] ? spin_bug+0x1c0/0x1c0 [ 64.286896][ T5158] do_futex+0x2e8/0x360 [ 64.291089][ T5158] ? __ia32_sys_get_robust_list+0x400/0x400 [ 64.297016][ T5158] ? find_held_lock+0x2d/0x110 [ 64.301822][ T5158] __x64_sys_futex+0x1ca/0x4d0 [ 64.306708][ T5158] ? do_futex+0x360/0x360 [ 64.311058][ T5158] ? _raw_spin_unlock_irq+0x23/0x50 [ 64.316485][ T5158] ? lockdep_hardirqs_on+0x7d/0x100 [ 64.321803][ T5158] ? _raw_spin_unlock_irq+0x2e/0x50 [ 64.327232][ T5158] ? ptrace_notify+0xfe/0x140 [ 64.331949][ T5158] do_syscall_64+0x39/0xb0 [ 64.336423][ T5158] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 64.342366][ T5158] RIP: 0033:0x7f65d6d51c49 [ 64.346884][ T5158] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.366531][ T5158] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 64.374978][ T5158] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 64.383145][ T5158] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 64.391132][ T5158] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [pid 5161] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] set_robust_list(0x7f65d6d039e0, 24 [pid 5155] set_robust_list(0x7f65d6d039e0, 24 [pid 5153] set_robust_list(0x55555614c5e0, 24 [pid 5150] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ [pid 5158] <... futex resumed>) = -1 EFAULT (Bad address) [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5162 ./strace-static-x86_64: Process 5162 attached [pid 5162] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [ 64.399120][ T5158] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 64.407115][ T5158] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 64.415138][ T5158] [ 64.420156][ T5159] CPU: 0 PID: 5159 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 64.430705][ T5159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 64.440785][ T5159] Call Trace: [ 64.444089][ T5159] [ 64.447040][ T5159] dump_stack_lvl+0x136/0x150 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [ 64.451754][ T5159] should_fail_ex+0x4a3/0x5b0 [ 64.456468][ T5159] get_futex_key+0x5aa/0x1ca0 [ 64.461170][ T5159] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 64.467181][ T5159] ? psi_task_switch+0x2de/0x950 [ 64.472172][ T5159] ? futex_setup_timer+0xf0/0xf0 [ 64.477148][ T5159] ? find_held_lock+0x2d/0x110 [ 64.481952][ T5159] futex_wait_setup+0xab/0x230 [ 64.486746][ T5159] ? futex_wait_multiple+0xae0/0xae0 [ 64.492096][ T5159] futex_wait+0x268/0x680 [ 64.496451][ T5159] ? futex_wait_setup+0x230/0x230 [ 64.501499][ T5159] ? mark_held_locks+0x9f/0xe0 [ 64.506297][ T5159] ? do_raw_spin_lock+0x124/0x2b0 [ 64.511338][ T5159] ? spin_bug+0x1c0/0x1c0 [ 64.515716][ T5159] do_futex+0x2e8/0x360 [ 64.519893][ T5159] ? __ia32_sys_get_robust_list+0x400/0x400 [ 64.525826][ T5159] ? find_held_lock+0x2d/0x110 [ 64.531059][ T5159] __x64_sys_futex+0x1ca/0x4d0 [ 64.535936][ T5159] ? do_futex+0x360/0x360 [ 64.540465][ T5159] ? _raw_spin_unlock_irq+0x23/0x50 [ 64.545777][ T5159] ? lockdep_hardirqs_on+0x7d/0x100 [ 64.551094][ T5159] ? _raw_spin_unlock_irq+0x2e/0x50 [ 64.556451][ T5159] ? ptrace_notify+0xfe/0x140 [ 64.561142][ T5159] do_syscall_64+0x39/0xb0 [ 64.565578][ T5159] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 64.571504][ T5159] RIP: 0033:0x7f65d6d51c49 [ 64.575936][ T5159] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.595744][ T5159] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [pid 5162] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] <... set_robust_list resumed>) = 0 [pid 5159] <... futex resumed>) = ? [ 64.604187][ T5159] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 64.612298][ T5159] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 64.620280][ T5159] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 64.629038][ T5159] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 64.637148][ T5159] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 64.645358][ T5159] [pid 5158] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... set_robust_list resumed>) = 0 [pid 5153] <... set_robust_list resumed>) = 0 [pid 5162] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5163], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5163 [pid 5162] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5163] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5163] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5163] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5162] <... futex resumed>) = 0 [pid 5163] ioctl(3, FBIO_WAITFORVSYNC [ 64.649167][ T5154] CPU: 0 PID: 5154 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 64.659707][ T5154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 64.669919][ T5154] Call Trace: [ 64.673220][ T5154] [ 64.676205][ T5154] dump_stack_lvl+0x136/0x150 [ 64.680928][ T5154] should_fail_ex+0x4a3/0x5b0 [ 64.685651][ T5154] get_futex_key+0x5aa/0x1ca0 [ 64.690358][ T5154] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 64.696369][ T5154] ? psi_task_switch+0x2de/0x950 [pid 5162] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... ioctl resumed>, 0) = 0 [pid 5152] exit_group(0 [pid 5163] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... exit_group resumed>) = ? [pid 5163] <... futex resumed>) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5163] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5162] <... futex resumed>) = 0 [pid 5163] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5162] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... openat resumed>) = 4 [pid 5163] write(4, "2", 1) = 1 [pid 5163] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5163] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [ 64.701356][ T5154] ? futex_setup_timer+0xf0/0xf0 [ 64.706516][ T5154] ? find_held_lock+0x2d/0x110 [ 64.711352][ T5154] futex_wait_setup+0xab/0x230 [ 64.716371][ T5154] ? futex_wait_multiple+0xae0/0xae0 [ 64.721727][ T5154] futex_wait+0x268/0x680 [ 64.726162][ T5154] ? futex_wait_setup+0x230/0x230 [ 64.731264][ T5154] ? mark_held_locks+0x9f/0xe0 [ 64.736166][ T5154] ? do_raw_spin_lock+0x124/0x2b0 [ 64.742030][ T5154] ? spin_bug+0x1c0/0x1c0 [ 64.743189][ T5163] FAULT_INJECTION: forcing a failure. [pid 5163] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] exit_group(0) = ? [pid 5160] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5157] exit_group(0 [pid 5160] <... openat resumed>) = ? [pid 5157] <... exit_group resumed>) = ? [pid 5160] +++ exited with 0 +++ [ 64.743189][ T5163] name fail_futex, interval 1, probability 0, space 0, times 0 [ 64.746374][ T5154] do_futex+0x2e8/0x360 [ 64.746413][ T5154] ? __ia32_sys_get_robust_list+0x400/0x400 [ 64.746448][ T5154] ? find_held_lock+0x2d/0x110 [ 64.746497][ T5154] __x64_sys_futex+0x1ca/0x4d0 [ 64.779034][ T5154] ? do_futex+0x360/0x360 [ 64.783411][ T5154] ? _raw_spin_unlock_irq+0x23/0x50 [ 64.788649][ T5154] ? lockdep_hardirqs_on+0x7d/0x100 [ 64.793881][ T5154] ? _raw_spin_unlock_irq+0x2e/0x50 [ 64.799217][ T5154] ? ptrace_notify+0xfe/0x140 [ 64.805233][ T5154] do_syscall_64+0x39/0xb0 [ 64.809679][ T5154] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 64.815612][ T5154] RIP: 0033:0x7f65d6d51c49 [ 64.820053][ T5154] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.839800][ T5154] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [pid 5159] +++ exited with 0 +++ [pid 5156] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5164 ./strace-static-x86_64: Process 5164 attached [pid 5158] <... futex resumed>) = ? [pid 5154] <... futex resumed>) = ? [ 64.849027][ T5154] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 64.857122][ T5154] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 64.865200][ T5154] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 64.873193][ T5154] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 64.881198][ T5154] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 64.889226][ T5154] [ 64.893084][ T5163] CPU: 0 PID: 5163 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5164] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5164] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5165], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5165 [pid 5164] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5165] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5165] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 64.903543][ T5163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 64.913625][ T5163] Call Trace: [ 64.916924][ T5163] [ 64.919880][ T5163] dump_stack_lvl+0x136/0x150 [ 64.924601][ T5163] should_fail_ex+0x4a3/0x5b0 [ 64.929328][ T5163] get_futex_key+0x5aa/0x1ca0 [ 64.934059][ T5163] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 64.940104][ T5163] ? psi_task_switch+0x2de/0x950 [ 64.945090][ T5163] ? futex_setup_timer+0xf0/0xf0 [ 64.950149][ T5163] ? find_held_lock+0x2d/0x110 [pid 5164] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] <... futex resumed>) = 0 [pid 5165] ioctl(3, FBIO_WAITFORVSYNC [pid 5164] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... ioctl resumed>, 0) = 0 [pid 5165] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5164] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... openat resumed>) = 4 [pid 5164] <... futex resumed>) = 0 [pid 5165] write(4, "2", 1 [pid 5164] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... write resumed>) = 1 [pid 5165] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5165] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] +++ exited with 0 +++ [pid 5165] <... futex resumed>) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] exit_group(0) = ? [ 64.954977][ T5163] futex_wait_setup+0xab/0x230 [ 64.959828][ T5163] ? futex_wait_multiple+0xae0/0xae0 [ 64.965167][ T5163] futex_wait+0x268/0x680 [ 64.969550][ T5163] ? futex_wait_setup+0x230/0x230 [ 64.974627][ T5163] ? mark_held_locks+0x9f/0xe0 [ 64.975762][ T5165] FAULT_INJECTION: forcing a failure. [ 64.975762][ T5165] name fail_futex, interval 1, probability 0, space 0, times 0 [ 64.979429][ T5163] ? do_raw_spin_lock+0x124/0x2b0 [ 64.997243][ T5163] ? spin_bug+0x1c0/0x1c0 [ 65.001613][ T5163] do_futex+0x2e8/0x360 [ 65.005807][ T5163] ? __ia32_sys_get_robust_list+0x400/0x400 [ 65.011738][ T5163] ? find_held_lock+0x2d/0x110 [ 65.016594][ T5163] __x64_sys_futex+0x1ca/0x4d0 [ 65.021408][ T5163] ? do_futex+0x360/0x360 [ 65.025798][ T5163] ? _raw_spin_unlock_irq+0x23/0x50 [ 65.031036][ T5163] ? lockdep_hardirqs_on+0x7d/0x100 [ 65.036273][ T5163] ? _raw_spin_unlock_irq+0x2e/0x50 [ 65.041534][ T5163] ? ptrace_notify+0xfe/0x140 [ 65.046255][ T5163] do_syscall_64+0x39/0xb0 [ 65.050722][ T5163] entry_SYSCALL_64_after_hwframe+0x63/0xcd [pid 5155] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5083] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5166 [ 65.056651][ T5163] RIP: 0033:0x7f65d6d51c49 [ 65.061079][ T5163] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 65.080758][ T5163] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 65.089203][ T5163] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 65.097290][ T5163] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 ./strace-static-x86_64: Process 5166 attached [pid 5154] +++ exited with 0 +++ [pid 5153] <... prctl resumed>) = 0 [pid 5147] +++ exited with 0 +++ [pid 5163] <... futex resumed>) = ? [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5167 [ 65.105279][ T5163] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 65.113267][ T5163] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 65.121262][ T5163] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 65.129271][ T5163] [ 65.134311][ T5165] CPU: 0 PID: 5165 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 65.144794][ T5165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 ./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5167] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5168], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5168 [pid 5167] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5168 attached [pid 5168] set_robust_list(0x7f65d6d039e0, 24) = 0 [ 65.154905][ T5165] Call Trace: [ 65.158209][ T5165] [ 65.161343][ T5165] dump_stack_lvl+0x136/0x150 [ 65.166084][ T5165] should_fail_ex+0x4a3/0x5b0 [ 65.170885][ T5165] get_futex_key+0x5aa/0x1ca0 [ 65.175602][ T5165] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 65.181661][ T5165] ? psi_task_switch+0x2de/0x950 [ 65.186745][ T5165] ? futex_setup_timer+0xf0/0xf0 [ 65.191729][ T5165] ? find_held_lock+0x2d/0x110 [ 65.196636][ T5165] futex_wait_setup+0xab/0x230 [ 65.201541][ T5165] ? futex_wait_multiple+0xae0/0xae0 [pid 5168] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5168] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5168] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [pid 5168] ioctl(3, FBIO_WAITFORVSYNC [pid 5167] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... ioctl resumed>, 0) = 0 [pid 5168] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5168] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [pid 5168] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5167] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... openat resumed>) = 4 [pid 5168] write(4, "2", 1) = 1 [pid 5168] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5168] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [ 65.206875][ T5165] futex_wait+0x268/0x680 [ 65.211243][ T5165] ? futex_wait_setup+0x230/0x230 [ 65.216307][ T5165] ? mark_held_locks+0x9f/0xe0 [ 65.221131][ T5165] ? do_raw_spin_lock+0x124/0x2b0 [ 65.226186][ T5165] ? spin_bug+0x1c0/0x1c0 [ 65.230553][ T5165] do_futex+0x2e8/0x360 [ 65.234751][ T5165] ? __ia32_sys_get_robust_list+0x400/0x400 [ 65.240702][ T5165] ? find_held_lock+0x2d/0x110 [ 65.245535][ T5165] __x64_sys_futex+0x1ca/0x4d0 [ 65.250342][ T5165] ? do_futex+0x360/0x360 [pid 5168] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] exit_group(0) = ? [ 65.254064][ T5168] FAULT_INJECTION: forcing a failure. [ 65.254064][ T5168] name fail_futex, interval 1, probability 0, space 0, times 0 [ 65.254731][ T5165] ? _raw_spin_unlock_irq+0x23/0x50 [ 65.254775][ T5165] ? lockdep_hardirqs_on+0x7d/0x100 [ 65.254810][ T5165] ? _raw_spin_unlock_irq+0x2e/0x50 [ 65.254848][ T5165] ? ptrace_notify+0xfe/0x140 [ 65.254881][ T5165] do_syscall_64+0x39/0xb0 [ 65.292679][ T5165] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.298650][ T5165] RIP: 0033:0x7f65d6d51c49 [ 65.303269][ T5165] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 65.324730][ T5165] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 65.333192][ T5165] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 65.341182][ T5165] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 65.349268][ T5165] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [pid 5166] set_robust_list(0x55555614c5e0, 24 [pid 5165] <... futex resumed>) = ? [pid 5163] +++ exited with 0 +++ [pid 5162] +++ exited with 0 +++ [pid 5153] setpgid(0, 0 [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5169 ./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.357274][ T5165] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 65.365370][ T5165] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 65.373507][ T5165] [ 65.378342][ T5168] CPU: 0 PID: 5168 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 65.388851][ T5168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 65.398937][ T5168] Call Trace: [ 65.402250][ T5168] [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5169] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5170], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5170 [pid 5169] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5170] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5170] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] <... futex resumed>) = 0 [pid 5170] ioctl(3, FBIO_WAITFORVSYNC [pid 5169] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... ioctl resumed>, 0) = 0 [pid 5170] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] <... futex resumed>) = 0 [pid 5170] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5169] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... openat resumed>) = 4 [ 65.405209][ T5168] dump_stack_lvl+0x136/0x150 [ 65.409939][ T5168] should_fail_ex+0x4a3/0x5b0 [ 65.414668][ T5168] get_futex_key+0x5aa/0x1ca0 [ 65.419395][ T5168] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 65.425429][ T5168] ? psi_task_switch+0x2de/0x950 [ 65.430414][ T5168] ? futex_setup_timer+0xf0/0xf0 [ 65.435420][ T5168] ? find_held_lock+0x2d/0x110 [ 65.440265][ T5168] futex_wait_setup+0xab/0x230 [ 65.445088][ T5168] ? futex_wait_multiple+0xae0/0xae0 [ 65.450450][ T5168] futex_wait+0x268/0x680 [pid 5170] write(4, "2", 1) = 1 [pid 5170] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5170] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] exit_group(0) = ? [ 65.454837][ T5168] ? futex_wait_setup+0x230/0x230 [ 65.460176][ T5168] ? mark_held_locks+0x9f/0xe0 [ 65.464817][ T5170] FAULT_INJECTION: forcing a failure. [ 65.464817][ T5170] name fail_futex, interval 1, probability 0, space 0, times 0 [ 65.464978][ T5168] ? do_raw_spin_lock+0x124/0x2b0 [ 65.465021][ T5168] ? spin_bug+0x1c0/0x1c0 [ 65.465056][ T5168] do_futex+0x2e8/0x360 [ 65.492540][ T5168] ? __ia32_sys_get_robust_list+0x400/0x400 [ 65.498654][ T5168] ? find_held_lock+0x2d/0x110 [ 65.503494][ T5168] __x64_sys_futex+0x1ca/0x4d0 [ 65.508328][ T5168] ? do_futex+0x360/0x360 [ 65.512715][ T5168] ? _raw_spin_unlock_irq+0x23/0x50 [ 65.517947][ T5168] ? lockdep_hardirqs_on+0x7d/0x100 [ 65.523167][ T5168] ? _raw_spin_unlock_irq+0x2e/0x50 [ 65.528396][ T5168] ? ptrace_notify+0xfe/0x140 [ 65.533093][ T5168] do_syscall_64+0x39/0xb0 [ 65.537538][ T5168] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.543454][ T5168] RIP: 0033:0x7f65d6d51c49 [ 65.547882][ T5168] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 65.567588][ T5168] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 65.576114][ T5168] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 65.584878][ T5168] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 65.592884][ T5168] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 65.600862][ T5168] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [pid 5166] <... set_robust_list resumed>) = 0 [pid 5165] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ [pid 5153] <... setpgid resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5171 ./strace-static-x86_64: Process 5171 attached [pid 5171] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [ 65.608941][ T5168] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 65.618460][ T5168] [ 65.623238][ T5161] CPU: 0 PID: 5161 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 65.633966][ T5161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 65.644237][ T5161] Call Trace: [ 65.647587][ T5161] [ 65.650628][ T5161] dump_stack_lvl+0x136/0x150 [ 65.655435][ T5161] should_fail_ex+0x4a3/0x5b0 [pid 5171] close(3) = 0 [pid 5171] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5171] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5172], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5172 [pid 5171] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5172 attached [pid 5172] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5172] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5172] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] <... futex resumed>) = 0 [pid 5172] ioctl(3, FBIO_WAITFORVSYNC [pid 5171] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... ioctl resumed>, 0) = 0 [pid 5172] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 65.660187][ T5161] get_futex_key+0x5aa/0x1ca0 [ 65.665253][ T5161] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 65.671552][ T5161] ? psi_task_switch+0x2de/0x950 [ 65.676538][ T5161] ? futex_setup_timer+0xf0/0xf0 [ 65.681562][ T5161] ? find_held_lock+0x2d/0x110 [ 65.686390][ T5161] futex_wait_setup+0xab/0x230 [ 65.691202][ T5161] ? futex_wait_multiple+0xae0/0xae0 [ 65.696540][ T5161] futex_wait+0x268/0x680 [ 65.700957][ T5161] ? futex_wait_setup+0x230/0x230 [ 65.706023][ T5161] ? mark_held_locks+0x9f/0xe0 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] <... futex resumed>) = 0 [pid 5172] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5171] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... openat resumed>) = 4 [pid 5172] write(4, "2", 1) = 1 [pid 5172] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5172] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] exit_group(0) = ? [ 65.710824][ T5161] ? do_raw_spin_lock+0x124/0x2b0 [ 65.715876][ T5161] ? spin_bug+0x1c0/0x1c0 [ 65.720248][ T5161] do_futex+0x2e8/0x360 [ 65.724451][ T5161] ? __ia32_sys_get_robust_list+0x400/0x400 [ 65.724658][ T5172] FAULT_INJECTION: forcing a failure. [ 65.724658][ T5172] name fail_futex, interval 1, probability 0, space 0, times 0 [ 65.730364][ T5161] ? find_held_lock+0x2d/0x110 [ 65.730421][ T5161] __x64_sys_futex+0x1ca/0x4d0 [ 65.730461][ T5161] ? do_futex+0x360/0x360 [ 65.730493][ T5161] ? _raw_spin_unlock_irq+0x23/0x50 [ 65.730535][ T5161] ? lockdep_hardirqs_on+0x7d/0x100 [ 65.767936][ T5161] ? _raw_spin_unlock_irq+0x2e/0x50 [ 65.773181][ T5161] ? ptrace_notify+0xfe/0x140 [ 65.777891][ T5161] do_syscall_64+0x39/0xb0 [ 65.782343][ T5161] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.788275][ T5161] RIP: 0033:0x7f65d6d51c49 [ 65.792716][ T5161] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 65.812609][ T5161] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 65.821390][ T5161] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 65.829386][ T5161] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 65.837380][ T5161] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 65.845419][ T5161] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [pid 5168] <... futex resumed>) = ? [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5161] <... futex resumed>) = ? [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5168] +++ exited with 0 +++ [pid 5167] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] <... prctl resumed>) = 0 [pid 5173] setpgid(0, 0 [pid 5166] setpgid(0, 0 [pid 5173] <... setpgid resumed>) = 0 [pid 5166] <... setpgid resumed>) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5173] <... openat resumed>) = 3 [pid 5166] <... openat resumed>) = 3 [pid 5173] write(3, "1000", 4 [ 65.853856][ T5161] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 65.861855][ T5161] [ 65.866212][ T5172] CPU: 0 PID: 5172 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 65.876694][ T5172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 65.886780][ T5172] Call Trace: [ 65.890079][ T5172] [ 65.893030][ T5172] dump_stack_lvl+0x136/0x150 [ 65.897748][ T5172] should_fail_ex+0x4a3/0x5b0 [ 65.902460][ T5172] get_futex_key+0x5aa/0x1ca0 [pid 5166] write(3, "1000", 4 [pid 5173] <... write resumed>) = 4 [pid 5166] <... write resumed>) = 4 [pid 5173] close(3 [pid 5166] close(3 [pid 5173] <... close resumed>) = 0 [pid 5166] <... close resumed>) = 0 [pid 5173] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5173] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5166] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5173] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5166] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5173] <... mprotect resumed>) = 0 [pid 5166] <... mprotect resumed>) = 0 [pid 5173] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5166] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5173] <... clone resumed>, parent_tid=[5174], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5174 [pid 5166] <... clone resumed>, parent_tid=[5175], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5175 [pid 5173] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 0 [pid 5173] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5174] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5174] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] ioctl(3, FBIO_WAITFORVSYNC [pid 5173] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.907177][ T5172] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 65.913207][ T5172] ? psi_task_switch+0x2de/0x950 [ 65.918298][ T5172] ? futex_setup_timer+0xf0/0xf0 [ 65.923330][ T5172] ? find_held_lock+0x2d/0x110 [ 65.928154][ T5172] futex_wait_setup+0xab/0x230 [ 65.932992][ T5172] ? futex_wait_multiple+0xae0/0xae0 [ 65.938519][ T5172] futex_wait+0x268/0x680 [ 65.942897][ T5172] ? futex_wait_setup+0x230/0x230 [ 65.947981][ T5172] ? mark_held_locks+0x9f/0xe0 [ 65.952811][ T5172] ? do_raw_spin_lock+0x124/0x2b0 [pid 5173] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... ioctl resumed>, 0) = 0 [pid 5174] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5173] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... openat resumed>) = 4 [pid 5173] <... futex resumed>) = 0 [pid 5174] write(4, "2", 1 [pid 5173] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... write resumed>) = 1 [pid 5174] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5174] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] exit_group(0) = ? [pid 5166] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5166] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5166] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5176], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5176 [pid 5166] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5176 attached [pid 5176] set_robust_list(0x7f65d6ce29e0, 24) = 0 [ 65.957876][ T5172] ? spin_bug+0x1c0/0x1c0 [ 65.962248][ T5172] do_futex+0x2e8/0x360 [ 65.966445][ T5172] ? __ia32_sys_get_robust_list+0x400/0x400 [ 65.972405][ T5172] ? find_held_lock+0x2d/0x110 [ 65.973771][ T5174] FAULT_INJECTION: forcing a failure. [ 65.973771][ T5174] name fail_futex, interval 1, probability 0, space 0, times 0 [ 65.977210][ T5172] __x64_sys_futex+0x1ca/0x4d0 [ 65.994865][ T5172] ? do_futex+0x360/0x360 [ 65.999254][ T5172] ? _raw_spin_unlock_irq+0x23/0x50 [ 66.004505][ T5172] ? lockdep_hardirqs_on+0x7d/0x100 [pid 5176] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5176] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5176] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5166] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... openat resumed>) = 3 [pid 5166] <... futex resumed>) = 0 [pid 5176] write(3, "2", 1 [pid 5166] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... write resumed>) = 1 [pid 5176] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5176] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [ 66.009749][ T5172] ? _raw_spin_unlock_irq+0x2e/0x50 [ 66.015088][ T5172] ? ptrace_notify+0xfe/0x140 [ 66.019794][ T5172] do_syscall_64+0x39/0xb0 [ 66.024245][ T5172] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.030186][ T5172] RIP: 0033:0x7f65d6d51c49 [ 66.033659][ T5176] FAULT_INJECTION: forcing a failure. [ 66.033659][ T5176] name fail_futex, interval 1, probability 0, space 0, times 0 [ 66.034606][ T5172] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.067111][ T5172] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 66.075573][ T5172] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 66.083571][ T5172] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 66.091561][ T5172] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 66.099555][ T5172] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 66.107628][ T5172] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 66.115677][ T5172] [ 66.118717][ T5176] CPU: 1 PID: 5176 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 66.130824][ T5176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 66.140903][ T5176] Call Trace: [ 66.144207][ T5176] [ 66.147154][ T5176] dump_stack_lvl+0x136/0x150 [ 66.151902][ T5176] should_fail_ex+0x4a3/0x5b0 [ 66.156608][ T5176] get_futex_key+0x5aa/0x1ca0 [ 66.161309][ T5176] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 66.167324][ T5176] ? psi_task_switch+0x2de/0x950 [ 66.172290][ T5176] ? futex_setup_timer+0xf0/0xf0 [ 66.177249][ T5176] ? find_held_lock+0x2d/0x110 [ 66.182047][ T5176] futex_wait_setup+0xab/0x230 [ 66.186839][ T5176] ? futex_wait_multiple+0xae0/0xae0 [ 66.192241][ T5176] futex_wait+0x268/0x680 [ 66.196604][ T5176] ? futex_wait_setup+0x230/0x230 [ 66.201650][ T5176] ? mark_held_locks+0x9f/0xe0 [ 66.206459][ T5176] ? do_raw_spin_lock+0x124/0x2b0 [ 66.211501][ T5176] ? spin_bug+0x1c0/0x1c0 [ 66.216110][ T5176] do_futex+0x2e8/0x360 [ 66.220298][ T5176] ? __ia32_sys_get_robust_list+0x400/0x400 [ 66.226214][ T5176] ? find_held_lock+0x2d/0x110 [ 66.231018][ T5176] __x64_sys_futex+0x1ca/0x4d0 [ 66.236588][ T5176] ? do_futex+0x360/0x360 [ 66.240935][ T5176] ? _raw_spin_unlock_irq+0x23/0x50 [ 66.246245][ T5176] ? lockdep_hardirqs_on+0x7d/0x100 [ 66.251465][ T5176] ? _raw_spin_unlock_irq+0x2e/0x50 [ 66.256719][ T5176] ? ptrace_notify+0xfe/0x140 [ 66.261418][ T5176] do_syscall_64+0x39/0xb0 [ 66.265853][ T5176] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.271862][ T5176] RIP: 0033:0x7f65d6d51c49 [ 66.276291][ T5176] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.296516][ T5176] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [pid 5176] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5175 attached [pid 5161] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ [pid 5153] <... openat resumed>) = 3 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 66.307082][ T5176] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 66.315168][ T5176] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 66.323248][ T5176] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 66.331227][ T5176] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 66.339203][ T5176] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 66.347200][ T5176] [ 66.350379][ C1] vkms_vblank_simulate: vblank timer overrun [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5177 ./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5177] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5178], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5178 [pid 5177] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.356694][ T5170] CPU: 0 PID: 5170 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 66.367162][ T5170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 66.377355][ T5170] Call Trace: [ 66.380674][ T5170] [ 66.383627][ T5170] dump_stack_lvl+0x136/0x150 [ 66.388349][ T5170] should_fail_ex+0x4a3/0x5b0 [ 66.393060][ T5170] get_futex_key+0x5aa/0x1ca0 [ 66.397780][ T5170] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 66.403802][ T5170] ? psi_task_switch+0x2de/0x950 [ 66.408779][ T5170] ? futex_setup_timer+0xf0/0xf0 [pid 5177] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... futex resumed>) = ? [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3 [pid 5177] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5172] +++ exited with 0 +++ [pid 5171] +++ exited with 0 +++ [pid 5153] <... close resumed>) = 0 [pid 5177] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5177] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5177] <... mmap resumed>) = 0x7f65d6cc2000 [pid 5153] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5177] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [ 66.413749][ T5170] ? find_held_lock+0x2d/0x110 [ 66.418571][ T5170] futex_wait_setup+0xab/0x230 [ 66.423383][ T5170] ? futex_wait_multiple+0xae0/0xae0 [ 66.428718][ T5170] futex_wait+0x268/0x680 [ 66.433091][ T5170] ? futex_wait_setup+0x230/0x230 [ 66.438154][ T5170] ? mark_held_locks+0x9f/0xe0 [ 66.443060][ T5170] ? do_raw_spin_lock+0x124/0x2b0 [ 66.448128][ T5170] ? spin_bug+0x1c0/0x1c0 [ 66.452498][ T5170] do_futex+0x2e8/0x360 [ 66.456699][ T5170] ? __ia32_sys_get_robust_list+0x400/0x400 [pid 5153] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5177] <... mprotect resumed>) = 0 [pid 5153] <... mprotect resumed>) = 0 [pid 5177] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5153] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5177] <... clone resumed>, parent_tid=[5179], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5179 [pid 5153] <... clone resumed>, parent_tid=[5180], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5180 [pid 5081] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5181 [pid 5177] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5181 attached [pid 5177] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5179 attached [pid 5181] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5179] set_robust_list(0x7f65d6ce29e0, 24 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5179] <... set_robust_list resumed>) = 0 [pid 5181] <... prctl resumed>) = 0 [pid 5179] ioctl(-1, FBIO_WAITFORVSYNC [pid 5181] setpgid(0, 0 [pid 5179] <... ioctl resumed>, 0) = -1 EBADF (Bad file descriptor) [pid 5181] <... setpgid resumed>) = 0 [pid 5179] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5179] <... futex resumed>) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5181] <... openat resumed>) = 3 [pid 5179] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] write(3, "1000", 4 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5181] <... write resumed>) = 4 [pid 5179] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5177] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] close(3 [pid 5179] <... openat resumed>) = 3 [pid 5181] <... close resumed>) = 0 [pid 5179] write(3, "2", 1 [pid 5181] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... write resumed>) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5179] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5179] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5181] <... mmap resumed>) = 0x7f65d6ce3000 [ 66.462645][ T5170] ? find_held_lock+0x2d/0x110 [ 66.467568][ T5170] __x64_sys_futex+0x1ca/0x4d0 [ 66.472391][ T5170] ? do_futex+0x360/0x360 [ 66.476770][ T5170] ? _raw_spin_unlock_irq+0x23/0x50 [ 66.482030][ T5170] ? lockdep_hardirqs_on+0x7d/0x100 [ 66.487265][ T5170] ? _raw_spin_unlock_irq+0x2e/0x50 [ 66.492493][ T5170] ? ptrace_notify+0xfe/0x140 [ 66.497215][ T5170] do_syscall_64+0x39/0xb0 [ 66.501675][ T5170] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.507626][ T5170] RIP: 0033:0x7f65d6d51c49 [pid 5179] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5179] <... futex resumed>) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5181] <... mprotect resumed>) = 0 [ 66.512089][ T5170] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.517965][ T5179] FAULT_INJECTION: forcing a failure. [ 66.517965][ T5179] name fail_futex, interval 1, probability 0, space 0, times 0 [ 66.531724][ T5170] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 66.531752][ T5170] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [pid 5179] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5180 attached ./strace-static-x86_64: Process 5178 attached [pid 5181] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5176] <... futex resumed>) = -1 EFAULT (Bad address) [pid 5175] set_robust_list(0x7f65d6d039e0, 24 [pid 5170] <... futex resumed>) = ? [pid 5153] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5153] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... clone resumed>, parent_tid=[5182], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5182 [pid 5153] <... futex resumed>) = 0 [pid 5181] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5181] <... futex resumed>) = 0 [pid 5153] <... mmap resumed>) = 0x7f65d6cc2000 ./strace-static-x86_64: Process 5182 attached [pid 5181] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5182] set_robust_list(0x7f65d6d039e0, 24 [pid 5153] <... mprotect resumed>) = 0 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5153] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5182] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5153] <... clone resumed>, parent_tid=[5183], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5183 [pid 5182] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5183 attached [pid 5182] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] set_robust_list(0x7f65d6ce29e0, 24 [pid 5182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5181] <... futex resumed>) = 0 [pid 5183] <... set_robust_list resumed>) = 0 [pid 5182] ioctl(3, FBIO_WAITFORVSYNC [pid 5181] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5183] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5183] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] <... ioctl resumed>, 0) = 0 [pid 5153] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5182] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5183] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5182] <... futex resumed>) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5153] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... openat resumed>) = 3 [pid 5182] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] write(3, "2", 1 [pid 5182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5181] <... futex resumed>) = 0 [pid 5183] <... write resumed>) = 1 [pid 5182] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5181] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5182] <... openat resumed>) = 4 [pid 5183] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5182] write(4, "2", 1 [pid 5183] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... write resumed>) = 1 [ 66.531769][ T5170] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 66.531784][ T5170] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 66.531799][ T5170] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 66.531815][ T5170] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 66.531843][ T5170] [ 66.561515][ T5174] CPU: 0 PID: 5174 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [pid 5183] <... futex resumed>) = 1 [pid 5182] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5153] <... futex resumed>) = 0 [ 66.606889][ T5174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 66.616984][ T5174] Call Trace: [ 66.617894][ T5183] FAULT_INJECTION: forcing a failure. [ 66.617894][ T5183] name fail_futex, interval 1, probability 0, space 0, times 0 [ 66.620265][ T5174] [ 66.620277][ T5174] dump_stack_lvl+0x136/0x150 [ 66.640910][ T5174] should_fail_ex+0x4a3/0x5b0 [ 66.645633][ T5174] get_futex_key+0x5aa/0x1ca0 [ 66.650347][ T5174] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 66.656362][ T5174] ? psi_task_switch+0x2de/0x950 [ 66.661331][ T5174] ? futex_setup_timer+0xf0/0xf0 [ 66.668904][ T5174] ? find_held_lock+0x2d/0x110 [ 66.673704][ T5174] futex_wait_setup+0xab/0x230 [ 66.678585][ T5174] ? futex_wait_multiple+0xae0/0xae0 [ 66.683907][ T5174] futex_wait+0x268/0x680 [ 66.688271][ T5174] ? futex_wait_setup+0x230/0x230 [ 66.693320][ T5174] ? mark_held_locks+0x9f/0xe0 [ 66.698116][ T5174] ? do_raw_spin_lock+0x124/0x2b0 [ 66.703155][ T5174] ? spin_bug+0x1c0/0x1c0 [ 66.707523][ T5174] do_futex+0x2e8/0x360 [ 66.711730][ T5174] ? __ia32_sys_get_robust_list+0x400/0x400 [ 66.717732][ T5174] ? find_held_lock+0x2d/0x110 [ 66.722531][ T5174] __x64_sys_futex+0x1ca/0x4d0 [ 66.727325][ T5174] ? do_futex+0x360/0x360 [ 66.731676][ T5174] ? _raw_spin_unlock_irq+0x23/0x50 [ 66.736899][ T5174] ? lockdep_hardirqs_on+0x7d/0x100 [ 66.742124][ T5174] ? _raw_spin_unlock_irq+0x2e/0x50 [ 66.747784][ T5174] ? ptrace_notify+0xfe/0x140 [ 66.752584][ T5174] do_syscall_64+0x39/0xb0 [ 66.757135][ T5174] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.763141][ T5174] RIP: 0033:0x7f65d6d51c49 [ 66.767767][ T5174] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.788024][ T5174] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 66.796479][ T5174] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 66.804469][ T5174] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [pid 5183] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5182] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5180] set_robust_list(0x7f65d6d039e0, 24 [pid 5178] set_robust_list(0x7f65d6d039e0, 24 [pid 5176] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... set_robust_list resumed>) = 0 [pid 5170] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ [pid 5182] <... futex resumed>) = 0 [pid 5181] exit_group(0 [pid 5180] <... set_robust_list resumed>) = 0 [pid 5178] <... set_robust_list resumed>) = 0 [pid 5175] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5174] <... futex resumed>) = ? [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [ 66.812470][ T5174] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 66.820460][ T5174] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 66.828468][ T5174] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 66.836470][ T5174] [ 66.844893][ T5179] CPU: 0 PID: 5179 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 66.848907][ T5182] FAULT_INJECTION: forcing a failure. [pid 5181] <... exit_group resumed>) = ? [pid 5175] <... openat resumed>) = 4 [pid 5175] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] exit_group(0 [pid 5175] <... futex resumed>) = ? [pid 5166] <... exit_group resumed>) = ? [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5175] +++ exited with 0 +++ [pid 5087] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5184 ./strace-static-x86_64: Process 5184 attached [pid 5184] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5184] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5184] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5185], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5185 [pid 5184] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5185 attached [ 66.848907][ T5182] name failslab, interval 1, probability 0, space 0, times 1 [ 66.855352][ T5179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 66.855369][ T5179] Call Trace: [ 66.855377][ T5179] [ 66.855386][ T5179] dump_stack_lvl+0x136/0x150 [ 66.855420][ T5179] should_fail_ex+0x4a3/0x5b0 [ 66.855456][ T5179] get_futex_key+0x5aa/0x1ca0 [ 66.898684][ T5179] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 66.904709][ T5179] ? psi_task_switch+0x2de/0x950 [ 66.909702][ T5179] ? futex_setup_timer+0xf0/0xf0 [pid 5185] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5185] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5185] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] <... futex resumed>) = 0 [pid 5185] ioctl(3, FBIO_WAITFORVSYNC [pid 5184] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... ioctl resumed>, 0) = 0 [pid 5185] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] <... futex resumed>) = 0 [pid 5185] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5184] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... openat resumed>) = 4 [pid 5185] write(4, "2", 1) = 1 [ 66.914678][ T5179] ? find_held_lock+0x2d/0x110 [ 66.919517][ T5179] futex_wait_setup+0xab/0x230 [ 66.924324][ T5179] ? futex_wait_multiple+0xae0/0xae0 [ 66.929657][ T5179] futex_wait+0x268/0x680 [ 66.934036][ T5179] ? futex_wait_setup+0x230/0x230 [ 66.939108][ T5179] ? mark_held_locks+0x9f/0xe0 [ 66.943926][ T5179] ? do_raw_spin_lock+0x124/0x2b0 [ 66.948993][ T5179] ? spin_bug+0x1c0/0x1c0 [ 66.953369][ T5179] do_futex+0x2e8/0x360 [ 66.957572][ T5179] ? __ia32_sys_get_robust_list+0x400/0x400 [pid 5185] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5185] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] exit_group(0) = ? [ 66.963503][ T5179] ? find_held_lock+0x2d/0x110 [ 66.968324][ T5179] __x64_sys_futex+0x1ca/0x4d0 [ 66.970894][ T5185] FAULT_INJECTION: forcing a failure. [ 66.970894][ T5185] name fail_futex, interval 1, probability 0, space 0, times 0 [ 66.973116][ T5179] ? do_futex+0x360/0x360 [ 66.973150][ T5179] ? _raw_spin_unlock_irq+0x23/0x50 [ 66.973191][ T5179] ? lockdep_hardirqs_on+0x7d/0x100 [ 67.000728][ T5179] ? _raw_spin_unlock_irq+0x2e/0x50 [ 67.005990][ T5179] ? ptrace_notify+0xfe/0x140 [ 67.010702][ T5179] do_syscall_64+0x39/0xb0 [ 67.015158][ T5179] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.021102][ T5179] RIP: 0033:0x7f65d6d51c49 [ 67.025541][ T5179] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 67.045178][ T5179] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 67.053630][ T5179] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [pid 5180] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5178] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5180] <... openat resumed>) = 4 [pid 5176] <... futex resumed>) = ? [ 67.061620][ T5179] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 67.069609][ T5179] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 67.077630][ T5179] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 67.085622][ T5179] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 67.094408][ T5179] [ 67.101906][ T5182] CPU: 1 PID: 5182 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 67.112384][ T5182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 67.122480][ T5182] Call Trace: [ 67.125780][ T5182] [ 67.128721][ T5182] dump_stack_lvl+0x136/0x150 [ 67.133436][ T5182] should_fail_ex+0x4a3/0x5b0 [ 67.138167][ T5182] should_failslab+0x9/0x20 [ 67.142707][ T5182] kmem_cache_alloc+0x63/0x3b0 [ 67.147514][ T5182] ? acct_update_integrals+0x3c9/0x480 [ 67.153012][ T5182] taskstats_exit+0x5f3/0xb80 [ 67.157722][ T5182] ? xacct_add_tsk+0x640/0x640 [ 67.162514][ T5182] ? taskstats_user_cmd+0xfe0/0xfe0 [ 67.167829][ T5182] do_exit+0x84e/0x2960 [ 67.172012][ T5182] ? find_held_lock+0x2d/0x110 [ 67.176806][ T5182] ? get_signal+0x89d/0x25b0 [ 67.181407][ T5182] ? mm_update_next_owner+0x7b0/0x7b0 [ 67.186806][ T5182] ? do_raw_spin_lock+0x124/0x2b0 [ 67.191849][ T5182] ? spin_bug+0x1c0/0x1c0 [ 67.196197][ T5182] do_group_exit+0xd4/0x2a0 [ 67.200755][ T5182] get_signal+0x2315/0x25b0 [ 67.205301][ T5182] ? __task_pid_nr_ns+0x16c/0x500 [ 67.210398][ T5182] ? exit_signals+0x910/0x910 [ 67.215099][ T5182] ? from_kuid+0xc0/0xc0 [ 67.219363][ T5182] ? find_held_lock+0x2d/0x110 [ 67.224253][ T5182] arch_do_signal_or_restart+0x79/0x5c0 [ 67.229852][ T5182] ? get_sigframe_size+0x10/0x10 [ 67.234823][ T5182] ? lock_downgrade+0x690/0x690 [ 67.239715][ T5182] ? _raw_spin_unlock_irq+0x23/0x50 [ 67.244955][ T5182] exit_to_user_mode_prepare+0x11f/0x240 [ 67.250636][ T5182] syscall_exit_to_user_mode+0x1d/0x50 [ 67.260222][ T5182] do_syscall_64+0x46/0xb0 [ 67.264717][ T5182] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.270857][ T5182] RIP: 0033:0x7f65d6d51c49 [ 67.275297][ T5182] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 67.295131][ T5182] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 67.304038][ T5182] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [pid 5174] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ [pid 5180] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = -1 EFAULT (Bad address) [pid 5178] <... openat resumed>) = 4 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5153] exit_group(0 [pid 5082] restart_syscall(<... resuming interrupted clone ...> [pid 5153] <... exit_group resumed>) = ? [pid 5082] <... restart_syscall resumed>) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5186 ./strace-static-x86_64: Process 5186 attached [ 67.312024][ T5182] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 67.320009][ T5182] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 67.328071][ T5182] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 67.336145][ T5182] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 67.344142][ T5182] [ 67.347239][ C1] vkms_vblank_simulate: vblank timer overrun [ 67.351478][ T5185] CPU: 0 PID: 5185 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [pid 5186] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5186] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5187], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5187 [pid 5186] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... futex resumed>) = ? [pid 5179] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ [pid 5178] <... futex resumed>) = 0 [pid 5177] exit_group(0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 67.363651][ T5185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 67.373775][ T5185] Call Trace: [ 67.377097][ T5185] [ 67.380055][ T5185] dump_stack_lvl+0x136/0x150 [ 67.384764][ T5185] should_fail_ex+0x4a3/0x5b0 [ 67.389478][ T5185] get_futex_key+0x5aa/0x1ca0 [ 67.394193][ T5185] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 67.400212][ T5185] ? psi_task_switch+0x2de/0x950 [ 67.405201][ T5185] ? futex_setup_timer+0xf0/0xf0 [ 67.410187][ T5185] ? find_held_lock+0x2d/0x110 [pid 5179] <... futex resumed>) = ? [pid 5177] <... exit_group resumed>) = ? [pid 5179] +++ exited with 0 +++ [pid 5178] +++ exited with 0 +++ [pid 5177] +++ exited with 0 +++ [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5083] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5188 [pid 5085] <... restart_syscall resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5189 [pid 5186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5186] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5186] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [ 67.415013][ T5185] futex_wait_setup+0xab/0x230 [ 67.419835][ T5185] ? futex_wait_multiple+0xae0/0xae0 [ 67.425215][ T5185] futex_wait+0x268/0x680 [ 67.429687][ T5185] ? futex_wait_setup+0x230/0x230 [ 67.435203][ T5185] ? mark_held_locks+0x9f/0xe0 [ 67.440018][ T5185] ? do_raw_spin_lock+0x124/0x2b0 [ 67.445072][ T5185] ? spin_bug+0x1c0/0x1c0 [ 67.449443][ T5185] do_futex+0x2e8/0x360 [ 67.453644][ T5185] ? __ia32_sys_get_robust_list+0x400/0x400 [ 67.459583][ T5185] ? find_held_lock+0x2d/0x110 [ 67.464405][ T5185] __x64_sys_futex+0x1ca/0x4d0 [pid 5186] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5190], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5190 [pid 5186] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5190] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5190] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5190] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] <... futex resumed>) = 0 [pid 5190] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5186] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... openat resumed>) = 3 [pid 5190] write(3, "2", 1) = 1 [pid 5190] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5190] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [ 67.469243][ T5185] ? do_futex+0x360/0x360 [ 67.473603][ T5185] ? _raw_spin_unlock_irq+0x23/0x50 [ 67.478845][ T5185] ? lockdep_hardirqs_on+0x7d/0x100 [ 67.484093][ T5185] ? _raw_spin_unlock_irq+0x2e/0x50 [ 67.489345][ T5185] ? ptrace_notify+0xfe/0x140 [ 67.494067][ T5185] do_syscall_64+0x39/0xb0 [ 67.496595][ T5190] FAULT_INJECTION: forcing a failure. [ 67.496595][ T5190] name fail_futex, interval 1, probability 0, space 0, times 0 [ 67.498501][ T5185] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.498546][ T5185] RIP: 0033:0x7f65d6d51c49 [ 67.498566][ T5185] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 67.498589][ T5185] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 67.498615][ T5185] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 67.498632][ T5185] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [pid 5190] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5189 attached ./strace-static-x86_64: Process 5188 attached ./strace-static-x86_64: Process 5187 attached [pid 5185] <... futex resumed>) = ? [pid 5182] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5081] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x55555614c5e0, 24) = 0 [ 67.498649][ T5185] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 67.498666][ T5185] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 67.498682][ T5185] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 67.498714][ T5185] [ 67.594606][ T5183] CPU: 0 PID: 5183 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 67.605290][ T5183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 67.615383][ T5183] Call Trace: [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] set_robust_list(0x55555614c5e0, 24 [pid 5191] <... futex resumed>) = 0 [pid 5189] <... set_robust_list resumed>) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5191] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5189] <... prctl resumed>) = 0 [pid 5191] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5189] setpgid(0, 0 [pid 5191] <... mprotect resumed>) = 0 [pid 5189] <... setpgid resumed>) = 0 [pid 5191] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] <... clone resumed>, parent_tid=[5192], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5192 [pid 5189] write(3, "1000", 4 [pid 5191] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... write resumed>) = 4 [pid 5191] <... futex resumed>) = 0 [pid 5189] close(3./strace-static-x86_64: Process 5192 attached [pid 5191] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... close resumed>) = 0 [pid 5192] set_robust_list(0x7f65d6d039e0, 24 [pid 5189] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... set_robust_list resumed>) = 0 [pid 5189] <... futex resumed>) = 0 [pid 5192] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5192] <... openat resumed>) = 3 [pid 5189] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5192] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5192] <... futex resumed>) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5189] <... mprotect resumed>) = 0 [pid 5192] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5191] <... futex resumed>) = 0 [ 67.618724][ T5183] [ 67.621701][ T5183] dump_stack_lvl+0x136/0x150 [ 67.626520][ T5183] should_fail_ex+0x4a3/0x5b0 [ 67.631278][ T5183] get_futex_key+0x5aa/0x1ca0 [ 67.635992][ T5183] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 67.642027][ T5183] ? psi_task_switch+0x2de/0x950 [ 67.647051][ T5183] ? futex_setup_timer+0xf0/0xf0 [ 67.652041][ T5183] ? find_held_lock+0x2d/0x110 [ 67.656880][ T5183] futex_wait_setup+0xab/0x230 [ 67.661712][ T5183] ? futex_wait_multiple+0xae0/0xae0 [pid 5192] ioctl(3, FBIO_WAITFORVSYNC [pid 5191] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... clone resumed>, parent_tid=[5193], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5193 [pid 5189] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5193] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5192] <... ioctl resumed>, 0) = 0 [pid 5193] <... openat resumed>) = 3 [pid 5192] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5193] <... futex resumed>) = 1 [pid 5192] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5193] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5191] <... futex resumed>) = 0 [pid 5189] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5191] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 0 [pid 5193] ioctl(3, FBIO_WAITFORVSYNC [pid 5192] <... openat resumed>) = 4 [pid 5189] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] write(4, "2", 1) = 1 [pid 5192] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5192] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [ 67.667765][ T5183] futex_wait+0x268/0x680 [ 67.672148][ T5183] ? futex_wait_setup+0x230/0x230 [ 67.677217][ T5183] ? mark_held_locks+0x9f/0xe0 [ 67.682144][ T5183] ? do_raw_spin_lock+0x124/0x2b0 [ 67.687304][ T5183] ? spin_bug+0x1c0/0x1c0 [ 67.691677][ T5183] do_futex+0x2e8/0x360 [ 67.696228][ T5183] ? __ia32_sys_get_robust_list+0x400/0x400 [ 67.702263][ T5183] ? find_held_lock+0x2d/0x110 [ 67.712016][ T5192] FAULT_INJECTION: forcing a failure. [pid 5192] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] exit_group(0 [pid 5193] <... ioctl resumed>, 0) = 0 [pid 5191] <... exit_group resumed>) = ? [pid 5193] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5193] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5193] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5189] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... openat resumed>) = 4 [pid 5193] write(4, "2", 1) = 1 [pid 5193] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5193] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5193] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] exit_group(0) = ? [ 67.712016][ T5192] name fail_futex, interval 1, probability 0, space 0, times 0 [ 67.714278][ T5183] __x64_sys_futex+0x1ca/0x4d0 [ 67.714323][ T5183] ? do_futex+0x360/0x360 [ 67.714354][ T5183] ? _raw_spin_unlock_irq+0x23/0x50 [ 67.714392][ T5183] ? lockdep_hardirqs_on+0x7d/0x100 [ 67.743180][ T5193] FAULT_INJECTION: forcing a failure. [ 67.743180][ T5193] name fail_futex, interval 1, probability 0, space 0, times 0 [ 67.746675][ T5183] ? _raw_spin_unlock_irq+0x2e/0x50 [ 67.764736][ T5183] ? ptrace_notify+0xfe/0x140 [pid 5188] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5188] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5194], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5194 [ 67.769462][ T5183] do_syscall_64+0x39/0xb0 [ 67.774625][ T5183] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.780579][ T5183] RIP: 0033:0x7f65d6d51c49 [ 67.785010][ T5183] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 67.804649][ T5183] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [pid 5188] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] set_robust_list(0x7f65d6d039e0, 24./strace-static-x86_64: Process 5194 attached [pid 5185] +++ exited with 0 +++ [pid 5184] +++ exited with 0 +++ [pid 5183] <... futex resumed>) = ? [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 67.813103][ T5183] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 67.821108][ T5183] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 67.829121][ T5183] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 67.837133][ T5183] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 67.845135][ T5183] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 67.853154][ T5183] [ 67.858109][ T5190] CPU: 0 PID: 5190 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5188] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5195 [pid 5188] <... futex resumed>) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5195 attached ) = 0x7f65d6cc2000 [pid 5195] set_robust_list(0x55555614c5e0, 24 [pid 5188] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5195] <... set_robust_list resumed>) = 0 [pid 5188] <... mprotect resumed>) = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5188] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5195] <... prctl resumed>) = 0 [pid 5195] setpgid(0, 0 [pid 5188] <... clone resumed>, parent_tid=[5196], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5196 [pid 5195] <... setpgid resumed>) = 0 [pid 5188] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5188] <... futex resumed>) = 0 [pid 5195] <... openat resumed>) = 3 [pid 5188] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5195] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5197], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5197 [pid 5195] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.868585][ T5190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 67.878681][ T5190] Call Trace: [ 67.881993][ T5190] [ 67.884949][ T5190] dump_stack_lvl+0x136/0x150 [ 67.889758][ T5190] should_fail_ex+0x4a3/0x5b0 [ 67.894524][ T5190] get_futex_key+0x5aa/0x1ca0 [ 67.899249][ T5190] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 67.905276][ T5190] ? psi_task_switch+0x2de/0x950 [ 67.910357][ T5190] ? futex_setup_timer+0xf0/0xf0 [ 67.915431][ T5190] ? find_held_lock+0x2d/0x110 [pid 5195] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5197 attached [pid 5197] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5197] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5197] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5197] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5197] ioctl(3, FBIO_WAITFORVSYNC [pid 5195] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] futex(0x7f65d6dda4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ca1000 [pid 5188] mprotect(0x7f65d6ca2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7f65d6cc13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5197] <... ioctl resumed>, 0) = 0 [pid 5197] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... clone resumed>, parent_tid=[5198], tls=0x7f65d6cc1700, child_tidptr=0x7f65d6cc19d0) = 5198 [pid 5197] <... futex resumed>) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5188] futex(0x7f65d6dda4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [ 67.920259][ T5190] futex_wait_setup+0xab/0x230 [ 67.925069][ T5190] ? futex_wait_multiple+0xae0/0xae0 [ 67.930406][ T5190] futex_wait+0x268/0x680 [ 67.934773][ T5190] ? futex_wait_setup+0x230/0x230 [ 67.939842][ T5190] ? mark_held_locks+0x9f/0xe0 [ 67.944655][ T5190] ? do_raw_spin_lock+0x124/0x2b0 [ 67.949726][ T5190] ? spin_bug+0x1c0/0x1c0 [ 67.954108][ T5190] do_futex+0x2e8/0x360 [ 67.958431][ T5190] ? __ia32_sys_get_robust_list+0x400/0x400 [ 67.964422][ T5190] ? find_held_lock+0x2d/0x110 [pid 5188] <... futex resumed>) = 0 [pid 5186] exit_group(0 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] <... futex resumed>) = 0 [pid 5188] futex(0x7f65d6dda4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5198 attached [pid 5197] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5195] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] set_robust_list(0x7f65d6cc19e0, 24 [pid 5197] <... openat resumed>) = 4 [pid 5198] <... set_robust_list resumed>) = 0 [pid 5197] write(4, "2", 1 [pid 5198] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5197] <... write resumed>) = 1 [pid 5198] <... openat resumed>) = 3 [pid 5197] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5198] write(3, "2", 1 [pid 5197] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5198] <... write resumed>) = 1 [pid 5197] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5197] <... futex resumed>) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5198] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 67.969249][ T5190] __x64_sys_futex+0x1ca/0x4d0 [ 67.974162][ T5190] ? do_futex+0x360/0x360 [ 67.978536][ T5190] ? _raw_spin_unlock_irq+0x23/0x50 [ 67.983786][ T5190] ? lockdep_hardirqs_on+0x7d/0x100 [ 67.989029][ T5190] ? _raw_spin_unlock_irq+0x2e/0x50 [ 67.994276][ T5190] ? ptrace_notify+0xfe/0x140 [ 67.998983][ T5190] do_syscall_64+0x39/0xb0 [ 68.003426][ T5190] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.004414][ T5197] FAULT_INJECTION: forcing a failure. [pid 5197] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] exit_group(0./strace-static-x86_64: Process 5196 attached [pid 5198] futex(0x7f65d6dda4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... exit_group resumed>) = ? [pid 5194] set_robust_list(0x7f65d6d039e0, 24 [pid 5190] <... futex resumed>) = ? [pid 5188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5187] <... set_robust_list resumed>) = ? [pid 5183] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f65d6dda4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5080] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5199 [ 68.004414][ T5197] name fail_futex, interval 1, probability 0, space 0, times 0 [ 68.009346][ T5190] RIP: 0033:0x7f65d6d51c49 [ 68.009369][ T5190] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.009393][ T5190] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 68.009417][ T5190] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 68.009433][ T5190] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 68.009448][ T5190] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 68.009463][ T5190] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 68.009479][ T5190] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 68.009509][ T5190] [ 68.022918][ T5192] CPU: 0 PID: 5192 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 68.036769][ T5198] FAULT_INJECTION: forcing a failure. [ 68.036769][ T5198] name fail_futex, interval 1, probability 0, space 0, times 0 [ 68.046465][ T5192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 68.046481][ T5192] Call Trace: [ 68.046489][ T5192] [ 68.046498][ T5192] dump_stack_lvl+0x136/0x150 [ 68.046533][ T5192] should_fail_ex+0x4a3/0x5b0 [ 68.046568][ T5192] get_futex_key+0x5aa/0x1ca0 [ 68.151957][ T5192] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 68.158153][ T5192] ? psi_task_switch+0x2de/0x950 [ 68.163125][ T5192] ? futex_setup_timer+0xf0/0xf0 [ 68.168170][ T5192] ? find_held_lock+0x2d/0x110 [ 68.172968][ T5192] futex_wait_setup+0xab/0x230 [ 68.177762][ T5192] ? futex_wait_multiple+0xae0/0xae0 [ 68.183079][ T5192] futex_wait+0x268/0x680 [ 68.187443][ T5192] ? futex_wait_setup+0x230/0x230 [ 68.192490][ T5192] ? mark_held_locks+0x9f/0xe0 [ 68.197316][ T5192] ? do_raw_spin_lock+0x124/0x2b0 [ 68.202373][ T5192] ? spin_bug+0x1c0/0x1c0 [ 68.206732][ T5192] do_futex+0x2e8/0x360 [ 68.210920][ T5192] ? __ia32_sys_get_robust_list+0x400/0x400 [ 68.219463][ T5192] ? find_held_lock+0x2d/0x110 [ 68.224536][ T5192] __x64_sys_futex+0x1ca/0x4d0 [ 68.229333][ T5192] ? do_futex+0x360/0x360 [ 68.233681][ T5192] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.238906][ T5192] ? lockdep_hardirqs_on+0x7d/0x100 [ 68.244252][ T5192] ? _raw_spin_unlock_irq+0x2e/0x50 [ 68.249516][ T5192] ? ptrace_notify+0xfe/0x140 [ 68.254328][ T5192] do_syscall_64+0x39/0xb0 [ 68.258799][ T5192] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.264733][ T5192] RIP: 0033:0x7f65d6d51c49 [ 68.269165][ T5192] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.288789][ T5192] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 68.297220][ T5192] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 68.305292][ T5192] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 68.313373][ T5192] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 ./strace-static-x86_64: Process 5199 attached [pid 5196] set_robust_list(0x7f65d6ce29e0, 24 [pid 5194] <... set_robust_list resumed>) = 0 [pid 5187] +++ exited with 0 +++ [pid 5190] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5082] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5200 [ 68.321373][ T5192] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 68.329354][ T5192] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 68.337365][ T5192] [ 68.342251][ T5193] CPU: 0 PID: 5193 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 68.352715][ T5193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 68.362905][ T5193] Call Trace: [ 68.366218][ T5193] [ 68.369266][ T5193] dump_stack_lvl+0x136/0x150 [ 68.374165][ T5193] should_fail_ex+0x4a3/0x5b0 [ 68.378912][ T5193] get_futex_key+0x5aa/0x1ca0 [ 68.383639][ T5193] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 68.389653][ T5193] ? psi_task_switch+0x2de/0x950 [ 68.394720][ T5193] ? futex_setup_timer+0xf0/0xf0 [ 68.399714][ T5193] ? find_held_lock+0x2d/0x110 [ 68.404546][ T5193] futex_wait_setup+0xab/0x230 [ 68.410159][ T5193] ? futex_wait_multiple+0xae0/0xae0 [ 68.415518][ T5193] futex_wait+0x268/0x680 [ 68.419901][ T5193] ? futex_wait_setup+0x230/0x230 [ 68.424974][ T5193] ? mark_held_locks+0x9f/0xe0 [ 68.429793][ T5193] ? do_raw_spin_lock+0x124/0x2b0 [ 68.434936][ T5193] ? spin_bug+0x1c0/0x1c0 [ 68.439301][ T5193] do_futex+0x2e8/0x360 [ 68.443506][ T5193] ? __ia32_sys_get_robust_list+0x400/0x400 [ 68.449435][ T5193] ? find_held_lock+0x2d/0x110 [ 68.454242][ T5193] __x64_sys_futex+0x1ca/0x4d0 [ 68.459041][ T5193] ? do_futex+0x360/0x360 [ 68.463400][ T5193] ? _raw_spin_unlock_irq+0x23/0x50 [pid 5196] <... set_robust_list resumed>) = 0 [pid 5196] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5196] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.468641][ T5193] ? lockdep_hardirqs_on+0x7d/0x100 [ 68.473873][ T5193] ? _raw_spin_unlock_irq+0x2e/0x50 [ 68.479109][ T5193] ? ptrace_notify+0xfe/0x140 [ 68.483822][ T5193] do_syscall_64+0x39/0xb0 [ 68.488294][ T5193] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.494218][ T5193] RIP: 0033:0x7f65d6d51c49 [ 68.498647][ T5193] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.518286][ T5193] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 68.526833][ T5193] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 68.534837][ T5193] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 68.542926][ T5193] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 68.550919][ T5193] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 68.558909][ T5193] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 68.566945][ T5193] [ 68.569973][ T5198] CPU: 1 PID: 5198 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 68.580449][ T5198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 68.590537][ T5198] Call Trace: [ 68.593821][ T5198] [ 68.596763][ T5198] dump_stack_lvl+0x136/0x150 [ 68.601573][ T5198] should_fail_ex+0x4a3/0x5b0 [ 68.606279][ T5198] get_futex_key+0x5aa/0x1ca0 [ 68.610985][ T5198] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 68.616984][ T5198] ? psi_task_switch+0x2de/0x950 [ 68.621946][ T5198] ? futex_setup_timer+0xf0/0xf0 [ 68.626905][ T5198] ? find_held_lock+0x2d/0x110 [ 68.631705][ T5198] futex_wait_setup+0xab/0x230 [ 68.636495][ T5198] ? futex_wait_multiple+0xae0/0xae0 [ 68.641816][ T5198] futex_wait+0x268/0x680 [ 68.646345][ T5198] ? futex_wait_setup+0x230/0x230 [ 68.651390][ T5198] ? mark_held_locks+0x9f/0xe0 [ 68.656186][ T5198] ? do_raw_spin_lock+0x124/0x2b0 [ 68.661227][ T5198] ? irqentry_enter+0x2c/0x50 [ 68.665953][ T5198] do_futex+0x2e8/0x360 [ 68.670153][ T5198] ? __ia32_sys_get_robust_list+0x400/0x400 [ 68.676086][ T5198] ? __x64_sys_futex+0x160/0x4d0 [ 68.681067][ T5198] __x64_sys_futex+0x1ca/0x4d0 [ 68.686028][ T5198] ? do_futex+0x360/0x360 [ 68.690408][ T5198] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.695678][ T5198] ? lockdep_hardirqs_on+0x7d/0x100 [ 68.700920][ T5198] ? _raw_spin_unlock_irq+0x2e/0x50 [ 68.706156][ T5198] ? ptrace_notify+0xfe/0x140 [ 68.710869][ T5198] do_syscall_64+0x39/0xb0 [ 68.715299][ T5198] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.721233][ T5198] RIP: 0033:0x7f65d6d51c49 [ 68.725669][ T5198] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.745389][ T5198] RSP: 002b:00007f65d6cc12f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 68.753834][ T5198] RAX: ffffffffffffffda RBX: 00007f65d6dda4c8 RCX: 00007f65d6d51c49 [ 68.761815][ T5198] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4c8 [pid 5196] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5200 attached [pid 5199] set_robust_list(0x55555614c5e0, 24 [pid 5194] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5193] <... futex resumed>) = ? [pid 5192] <... futex resumed>) = ? [pid 5198] <... futex resumed>) = -1 EFAULT (Bad address) [pid 5198] futex(0x7f65d6dda4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] exit_group(0 [pid 5196] <... futex resumed>) = ? [pid 5188] <... exit_group resumed>) = ? [pid 5196] +++ exited with 0 +++ [pid 5198] <... futex resumed>) = ? [pid 5198] +++ exited with 0 +++ [ 68.769972][ T5198] RBP: 00007f65d6dda4c0 R08: 0000000000000032 R09: 0000000000000032 [ 68.777950][ T5198] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 68.785930][ T5198] R13: 00007f65d6cc1300 R14: 0000000000000001 R15: 0000000000022000 [ 68.793936][ T5198] [ 68.797041][ C1] vkms_vblank_simulate: vblank timer overrun [ 68.803144][ T5197] CPU: 0 PID: 5197 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 68.813612][ T5197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [pid 5200] set_robust_list(0x55555614c5e0, 24 [pid 5199] <... set_robust_list resumed>) = 0 [pid 5194] <... openat resumed>) = ? [ 68.823698][ T5197] Call Trace: [ 68.827003][ T5197] [ 68.829954][ T5197] dump_stack_lvl+0x136/0x150 [ 68.834674][ T5197] should_fail_ex+0x4a3/0x5b0 [ 68.839393][ T5197] get_futex_key+0x5aa/0x1ca0 [ 68.844145][ T5197] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 68.850175][ T5197] ? psi_task_switch+0x2de/0x950 [ 68.855171][ T5197] ? futex_setup_timer+0xf0/0xf0 [ 68.860366][ T5197] ? find_held_lock+0x2d/0x110 [ 68.865189][ T5197] futex_wait_setup+0xab/0x230 [ 68.870007][ T5197] ? futex_wait_multiple+0xae0/0xae0 [pid 5193] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ [pid 5200] <... set_robust_list resumed>) = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5194] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5199] <... prctl resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5200] <... prctl resumed>) = 0 [pid 5199] setpgid(0, 0 [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5200] setpgid(0, 0 [pid 5199] <... setpgid resumed>) = 0 [pid 5085] <... restart_syscall resumed>) = 0 [pid 5081] <... restart_syscall resumed>) = 0 [pid 5200] <... setpgid resumed>) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5199] <... openat resumed>) = 3 [pid 5200] <... openat resumed>) = 3 [pid 5199] write(3, "1000", 4 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5200] write(3, "1000", 4 [pid 5199] <... write resumed>) = 4 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5200] <... write resumed>) = 4 [pid 5199] close(3 [pid 5085] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5201 [pid 5081] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5202 [pid 5200] close(3 [pid 5199] <... close resumed>) = 0 [pid 5083] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5203 [pid 5200] <... close resumed>) = 0 [pid 5199] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5199] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5200] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5199] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5200] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5199] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5203 attached [pid 5200] <... mprotect resumed>) = 0 [pid 5199] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5203] set_robust_list(0x55555614c5e0, 24 [pid 5200] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5203] <... set_robust_list resumed>) = 0 [pid 5199] <... clone resumed>, parent_tid=[5204], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5204 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5200] <... clone resumed>, parent_tid=[5205], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5205 [pid 5199] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... prctl resumed>) = 0 [pid 5200] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5203] setpgid(0, 0 [pid 5200] <... futex resumed>) = 0 [pid 5199] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... setpgid resumed>) = 0 [pid 5200] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5205 attached ) = 3 [pid 5205] set_robust_list(0x7f65d6d039e0, 24 [pid 5203] write(3, "1000", 4 [pid 5205] <... set_robust_list resumed>) = 0 [pid 5203] <... write resumed>) = 4 [ 68.875355][ T5197] futex_wait+0x268/0x680 [ 68.879758][ T5197] ? futex_wait_setup+0x230/0x230 [ 68.885006][ T5197] ? mark_held_locks+0x9f/0xe0 [ 68.889830][ T5197] ? do_raw_spin_lock+0x124/0x2b0 [ 68.894896][ T5197] ? spin_bug+0x1c0/0x1c0 [ 68.899272][ T5197] do_futex+0x2e8/0x360 [ 68.903484][ T5197] ? __ia32_sys_get_robust_list+0x400/0x400 [ 68.909429][ T5197] ? find_held_lock+0x2d/0x110 [ 68.914265][ T5197] __x64_sys_futex+0x1ca/0x4d0 [ 68.919088][ T5197] ? do_futex+0x360/0x360 [pid 5205] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5203] close(3 [pid 5205] <... openat resumed>) = 3 [pid 5203] <... close resumed>) = 0 [pid 5205] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 0 [pid 5205] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5200] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5200] <... futex resumed>) = 0 [pid 5205] ioctl(3, FBIO_WAITFORVSYNC [pid 5203] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5200] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... mprotect resumed>) = 0 [pid 5203] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5206], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5206 [pid 5203] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5206] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5205] <... ioctl resumed>, 0) = 0 [pid 5206] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 1 [pid 5205] <... futex resumed>) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 0 [pid 5206] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 0 [pid 5206] ioctl(3, FBIO_WAITFORVSYNC [pid 5205] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5203] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... openat resumed>) = 4 [pid 5205] write(4, "2", 1) = 1 [pid 5205] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5205] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [ 68.923483][ T5197] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.928735][ T5197] ? lockdep_hardirqs_on+0x7d/0x100 [ 68.934158][ T5197] ? _raw_spin_unlock_irq+0x2e/0x50 [ 68.939424][ T5197] ? ptrace_notify+0xfe/0x140 [ 68.944297][ T5197] do_syscall_64+0x39/0xb0 [ 68.948752][ T5197] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.954707][ T5197] RIP: 0033:0x7f65d6d51c49 [pid 5205] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] exit_group(0./strace-static-x86_64: Process 5204 attached ./strace-static-x86_64: Process 5202 attached ./strace-static-x86_64: Process 5201 attached [pid 5197] <... futex resumed>) = ? [pid 5204] set_robust_list(0x7f65d6d039e0, 24 [pid 5202] set_robust_list(0x55555614c5e0, 24 [pid 5201] set_robust_list(0x55555614c5e0, 24 [pid 5204] <... set_robust_list resumed>) = 0 [pid 5202] <... set_robust_list resumed>) = 0 [pid 5201] <... set_robust_list resumed>) = 0 [pid 5204] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5202] <... prctl resumed>) = 0 [pid 5201] <... prctl resumed>) = 0 [pid 5202] setpgid(0, 0 [pid 5201] setpgid(0, 0 [pid 5202] <... setpgid resumed>) = 0 [pid 5201] <... setpgid resumed>) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5202] <... openat resumed>) = 3 [pid 5201] <... openat resumed>) = 3 [pid 5202] write(3, "1000", 4 [pid 5201] write(3, "1000", 4 [pid 5202] <... write resumed>) = 4 [pid 5201] <... write resumed>) = 4 [pid 5202] close(3 [pid 5201] close(3 [pid 5202] <... close resumed>) = 0 [pid 5201] <... close resumed>) = 0 [pid 5202] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5206] <... ioctl resumed>, 0) = 0 [pid 5204] <... openat resumed>) = 3 [pid 5199] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5197] +++ exited with 0 +++ [pid 5195] +++ exited with 0 +++ [pid 5206] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5199] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5206] <... futex resumed>) = 1 [ 68.959192][ T5197] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.963976][ T5205] FAULT_INJECTION: forcing a failure. [ 68.963976][ T5205] name fail_futex, interval 1, probability 0, space 0, times 0 [ 68.978914][ T5197] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 68.978946][ T5197] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 68.978962][ T5197] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 68.978976][ T5197] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [pid 5204] <... futex resumed>) = 0 [pid 5203] <... futex resumed>) = 0 [pid 5202] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5201] <... mmap resumed>) = 0x7f65d6ce3000 [pid 5200] <... exit_group resumed>) = ? [pid 5199] <... futex resumed>) = 0 [pid 5206] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] ioctl(3, FBIO_WAITFORVSYNC [pid 5203] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5201] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE [pid 5199] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = 0 [pid 5202] <... mprotect resumed>) = 0 [pid 5201] <... mprotect resumed>) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5206] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5203] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5201] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5206] <... openat resumed>) = 4 [pid 5087] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5207 [pid 5206] write(4, "2", 1 [pid 5202] <... clone resumed>, parent_tid=[5208], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5208 [pid 5201] <... clone resumed>, parent_tid=[5209], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5209 [pid 5206] <... write resumed>) = 1 [pid 5202] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL [pid 5204] <... ioctl resumed>, 0) = 0 [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5206] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5204] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5204] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... futex resumed>) = 0 [pid 5199] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] exit_group(0 [pid 5199] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5209 attached ./strace-static-x86_64: Process 5208 attached ./strace-static-x86_64: Process 5207 attached [pid 5204] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5203] <... exit_group resumed>) = ? [pid 5199] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... openat resumed>) = 4 [pid 5204] write(4, "2", 1) = 1 [pid 5204] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5204] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [ 68.978992][ T5197] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 68.979008][ T5197] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 68.979042][ T5197] [ 69.038906][ T5206] FAULT_INJECTION: forcing a failure. [ 69.038906][ T5206] name fail_futex, interval 1, probability 0, space 0, times 0 [ 69.042332][ T5205] CPU: 1 PID: 5205 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 69.060846][ T5204] FAULT_INJECTION: forcing a failure. [pid 5204] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] exit_group(0) = ? [pid 5202] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5202] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5202] <... futex resumed>) = 0 [pid 5201] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... mmap resumed>) = 0x7f65d6cc2000 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5202] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5201] <... mmap resumed>) = 0x7f65d6cc2000 [pid 5202] <... mprotect resumed>) = 0 [pid 5201] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE [pid 5202] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5201] <... mprotect resumed>) = 0 [pid 5201] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5202] <... clone resumed>, parent_tid=[5210], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5210 [pid 5202] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... clone resumed>, parent_tid=[5211], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5211 [ 69.060846][ T5204] name fail_futex, interval 1, probability 0, space 0, times 0 [ 69.067173][ T5205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 69.067190][ T5205] Call Trace: [ 69.067197][ T5205] [ 69.067205][ T5205] dump_stack_lvl+0x136/0x150 [ 69.067242][ T5205] should_fail_ex+0x4a3/0x5b0 [ 69.105757][ T5205] get_futex_key+0x5aa/0x1ca0 [ 69.110486][ T5205] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 69.116517][ T5205] ? psi_task_switch+0x2de/0x950 [ 69.121513][ T5205] ? futex_setup_timer+0xf0/0xf0 [ 69.126498][ T5205] ? find_held_lock+0x2d/0x110 [ 69.128707][ T5210] FAULT_INJECTION: forcing a failure. [ 69.128707][ T5210] name fail_futex, interval 1, probability 0, space 0, times 0 [ 69.131316][ T5205] futex_wait_setup+0xab/0x230 [ 69.148924][ T5205] ? futex_wait_multiple+0xae0/0xae0 [ 69.154268][ T5205] futex_wait+0x268/0x680 [ 69.158632][ T5205] ? futex_wait_setup+0x230/0x230 [ 69.163682][ T5205] ? mark_held_locks+0x9f/0xe0 [ 69.168510][ T5205] ? do_raw_spin_lock+0x124/0x2b0 [ 69.173554][ T5205] ? spin_bug+0x1c0/0x1c0 [ 69.177920][ T5205] do_futex+0x2e8/0x360 [ 69.182103][ T5205] ? __ia32_sys_get_robust_list+0x400/0x400 [ 69.188014][ T5205] ? find_held_lock+0x2d/0x110 [ 69.192812][ T5205] __x64_sys_futex+0x1ca/0x4d0 [ 69.197605][ T5205] ? do_futex+0x360/0x360 [ 69.201953][ T5205] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.207182][ T5205] ? lockdep_hardirqs_on+0x7d/0x100 [ 69.212402][ T5205] ? _raw_spin_unlock_irq+0x2e/0x50 [ 69.217627][ T5205] ? ptrace_notify+0xfe/0x140 [ 69.222322][ T5205] do_syscall_64+0x39/0xb0 [ 69.226754][ T5205] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.232678][ T5205] RIP: 0033:0x7f65d6d51c49 [ 69.237186][ T5205] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 69.256839][ T5205] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 69.265290][ T5205] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [pid 5202] <... futex resumed>) = 0 [pid 5201] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5210 attached [pid 5210] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5210] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5210] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5210] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] <... futex resumed>) = 0 [pid 5210] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5202] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... openat resumed>) = 3 [pid 5210] write(3, "2", 1) = 1 [pid 5210] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5210] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5210] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5201] futex(0x7f65d6dda4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ca1000 [ 69.273288][ T5205] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 69.281293][ T5205] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 69.289300][ T5205] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 69.299809][ T5205] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 69.307821][ T5205] [ 69.310896][ C1] vkms_vblank_simulate: vblank timer overrun [ 69.315975][ T5204] CPU: 0 PID: 5204 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 69.327315][ T5204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 69.337390][ T5204] Call Trace: [ 69.340682][ T5204] [ 69.343652][ T5204] dump_stack_lvl+0x136/0x150 [ 69.348374][ T5204] should_fail_ex+0x4a3/0x5b0 [ 69.353083][ T5204] get_futex_key+0x5aa/0x1ca0 [ 69.357823][ T5204] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 69.363823][ T5204] ? psi_task_switch+0x2de/0x950 [ 69.368813][ T5204] ? futex_setup_timer+0xf0/0xf0 [ 69.373774][ T5204] ? find_held_lock+0x2d/0x110 [ 69.378608][ T5204] futex_wait_setup+0xab/0x230 [ 69.383405][ T5204] ? futex_wait_multiple+0xae0/0xae0 [ 69.388728][ T5204] futex_wait+0x268/0x680 [ 69.393092][ T5204] ? futex_wait_setup+0x230/0x230 [ 69.398149][ T5204] ? mark_held_locks+0x9f/0xe0 [ 69.402959][ T5204] ? do_raw_spin_lock+0x124/0x2b0 [ 69.408013][ T5204] ? spin_bug+0x1c0/0x1c0 [ 69.412364][ T5204] do_futex+0x2e8/0x360 [ 69.416549][ T5204] ? __ia32_sys_get_robust_list+0x400/0x400 [ 69.422473][ T5204] ? find_held_lock+0x2d/0x110 [ 69.427300][ T5204] __x64_sys_futex+0x1ca/0x4d0 [ 69.432097][ T5204] ? do_futex+0x360/0x360 [ 69.436449][ T5204] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.441678][ T5204] ? lockdep_hardirqs_on+0x7d/0x100 [ 69.446900][ T5204] ? _raw_spin_unlock_irq+0x2e/0x50 [ 69.452132][ T5204] ? ptrace_notify+0xfe/0x140 [ 69.456829][ T5204] do_syscall_64+0x39/0xb0 [ 69.461261][ T5204] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.467197][ T5204] RIP: 0033:0x7f65d6d51c49 [ 69.471625][ T5204] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 69.491249][ T5204] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 69.499695][ T5204] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 69.507853][ T5204] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 69.515921][ T5204] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 ./strace-static-x86_64: Process 5211 attached [pid 5209] set_robust_list(0x7f65d6d039e0, 24 [pid 5208] set_robust_list(0x7f65d6d039e0, 24 [pid 5207] set_robust_list(0x55555614c5e0, 24 [pid 5201] mprotect(0x7f65d6ca2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] clone(child_stack=0x7f65d6cc13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5212], tls=0x7f65d6cc1700, child_tidptr=0x7f65d6cc19d0) = 5212 [pid 5201] futex(0x7f65d6dda4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f65d6dda4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x7f65d6cc19e0, 24) = 0 [pid 5212] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5212] write(3, "2", 1) = 1 [pid 5212] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5212] futex(0x7f65d6dda4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [ 69.523903][ T5204] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 69.531886][ T5204] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 69.539974][ T5204] [ 69.543000][ T5206] CPU: 1 PID: 5206 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 69.553463][ T5206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 69.562174][ T5212] FAULT_INJECTION: forcing a failure. [ 69.562174][ T5212] name fail_futex, interval 1, probability 0, space 0, times 0 [ 69.563522][ T5206] Call Trace: [ 69.563531][ T5206] [ 69.563539][ T5206] dump_stack_lvl+0x136/0x150 [ 69.563577][ T5206] should_fail_ex+0x4a3/0x5b0 [ 69.563614][ T5206] get_futex_key+0x5aa/0x1ca0 [ 69.596854][ T5206] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 69.602873][ T5206] ? psi_task_switch+0x2de/0x950 [ 69.607842][ T5206] ? futex_setup_timer+0xf0/0xf0 [ 69.612805][ T5206] ? find_held_lock+0x2d/0x110 [ 69.617620][ T5206] futex_wait_setup+0xab/0x230 [ 69.622434][ T5206] ? futex_wait_multiple+0xae0/0xae0 [ 69.627776][ T5206] futex_wait+0x268/0x680 [ 69.632155][ T5206] ? futex_wait_setup+0x230/0x230 [ 69.637210][ T5206] ? mark_held_locks+0x9f/0xe0 [ 69.642023][ T5206] ? do_raw_spin_lock+0x124/0x2b0 [ 69.647071][ T5206] ? spin_bug+0x1c0/0x1c0 [ 69.651432][ T5206] do_futex+0x2e8/0x360 [ 69.655652][ T5206] ? __ia32_sys_get_robust_list+0x400/0x400 [ 69.661600][ T5206] ? find_held_lock+0x2d/0x110 [ 69.666422][ T5206] __x64_sys_futex+0x1ca/0x4d0 [ 69.671239][ T5206] ? do_futex+0x360/0x360 [ 69.675608][ T5206] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.680855][ T5206] ? lockdep_hardirqs_on+0x7d/0x100 [ 69.686095][ T5206] ? _raw_spin_unlock_irq+0x2e/0x50 [ 69.691334][ T5206] ? ptrace_notify+0xfe/0x140 [ 69.696047][ T5206] do_syscall_64+0x39/0xb0 [ 69.700498][ T5206] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.706527][ T5206] RIP: 0033:0x7f65d6d51c49 [ 69.711053][ T5206] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 69.730705][ T5206] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 69.739151][ T5206] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 69.747232][ T5206] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4a8 [ 69.755253][ T5206] RBP: 00007f65d6dda4a0 R08: 0000000000000032 R09: 0000000000000032 [ 69.763242][ T5206] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 69.771939][ T5206] R13: 00007f65d6d03300 R14: 0000000000000001 R15: 0000000000022000 [ 69.779951][ T5206] [ 69.782989][ T5212] CPU: 0 PID: 5212 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 69.783000][ C1] vkms_vblank_simulate: vblank timer overrun [ 69.799503][ T5212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 69.809606][ T5212] Call Trace: [ 69.812896][ T5212] [ 69.815861][ T5212] dump_stack_lvl+0x136/0x150 [ 69.820566][ T5212] should_fail_ex+0x4a3/0x5b0 [ 69.825291][ T5212] get_futex_key+0x5aa/0x1ca0 [ 69.829999][ T5212] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 69.836027][ T5212] ? psi_task_switch+0x2de/0x950 [ 69.840993][ T5212] ? futex_setup_timer+0xf0/0xf0 [ 69.845956][ T5212] ? find_held_lock+0x2d/0x110 [ 69.850759][ T5212] futex_wait_setup+0xab/0x230 [ 69.855572][ T5212] ? futex_wait_multiple+0xae0/0xae0 [ 69.860913][ T5212] futex_wait+0x268/0x680 [ 69.865290][ T5212] ? futex_wait_setup+0x230/0x230 [ 69.870340][ T5212] ? mark_held_locks+0x9f/0xe0 [ 69.875160][ T5212] ? do_raw_spin_lock+0x124/0x2b0 [ 69.880222][ T5212] ? spin_bug+0x1c0/0x1c0 [ 69.884586][ T5212] do_futex+0x2e8/0x360 [ 69.888780][ T5212] ? __ia32_sys_get_robust_list+0x400/0x400 [ 69.894708][ T5212] ? find_held_lock+0x2d/0x110 [ 69.899535][ T5212] __x64_sys_futex+0x1ca/0x4d0 [ 69.904431][ T5212] ? do_futex+0x360/0x360 [ 69.908785][ T5212] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.914624][ T5212] ? lockdep_hardirqs_on+0x7d/0x100 [ 69.919861][ T5212] ? _raw_spin_unlock_irq+0x2e/0x50 [ 69.925094][ T5212] ? ptrace_notify+0xfe/0x140 [ 69.929802][ T5212] do_syscall_64+0x39/0xb0 [ 69.934255][ T5212] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.940173][ T5212] RIP: 0033:0x7f65d6d51c49 [ 69.944600][ T5212] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 69.964238][ T5212] RSP: 002b:00007f65d6cc12f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [pid 5212] futex(0x7f65d6dda4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] set_robust_list(0x7f65d6ce29e0, 24 [pid 5209] <... set_robust_list resumed>) = 0 [pid 5208] <... set_robust_list resumed>) = 0 [pid 5207] <... set_robust_list resumed>) = 0 [pid 5205] <... futex resumed>) = ? [pid 5211] <... set_robust_list resumed>) = 0 [pid 5209] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5208] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5211] ioctl(-1, FBIO_WAITFORVSYNC [pid 5209] <... openat resumed>) = 4 [pid 5208] <... openat resumed>) = 4 [pid 5205] +++ exited with 0 +++ [pid 5207] <... prctl resumed>) = 0 [pid 5200] +++ exited with 0 +++ [pid 5211] <... ioctl resumed>, 0) = -1 EBADF (Bad file descriptor) [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614c5d0) = 5213 [ 69.972793][ T5212] RAX: ffffffffffffffda RBX: 00007f65d6dda4c8 RCX: 00007f65d6d51c49 [ 69.980931][ T5212] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4c8 [ 69.988933][ T5212] RBP: 00007f65d6dda4c0 R08: 0000000000000032 R09: 0000000000000032 [ 69.996920][ T5212] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 70.004905][ T5212] R13: 00007f65d6cc1300 R14: 0000000000000001 R15: 0000000000022000 [ 70.012902][ T5212] [pid 5202] exit_group(0) = ? ./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x55555614c5e0, 24) = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5213] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5213] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5214], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5214 [pid 5213] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = ? [pid 5201] exit_group(0) = ? [pid 5204] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ [pid 5080] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5080] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5207] setpgid(0, 0 [pid 5211] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ [pid 5207] <... setpgid resumed>) = 0 [pid 5080] <... clone resumed>, child_tidptr=0x55555614c5d0) = 5215 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [ 70.023311][ T5210] CPU: 1 PID: 5210 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 70.033797][ T5210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 70.043960][ T5210] Call Trace: [ 70.047272][ T5210] [ 70.050231][ T5210] dump_stack_lvl+0x136/0x150 [ 70.054983][ T5210] should_fail_ex+0x4a3/0x5b0 [ 70.059739][ T5210] get_futex_key+0x5aa/0x1ca0 [ 70.064750][ T5210] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 70.070773][ T5210] ? psi_task_switch+0x2de/0x950 [ 70.075764][ T5210] ? futex_setup_timer+0xf0/0xf0 [pid 5207] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5207] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5216], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5216 [pid 5207] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5216 attached [ 70.080750][ T5210] ? find_held_lock+0x2d/0x110 [ 70.085572][ T5210] futex_wait_setup+0xab/0x230 [ 70.090393][ T5210] ? futex_wait_multiple+0xae0/0xae0 [ 70.095733][ T5210] futex_wait+0x268/0x680 [ 70.100112][ T5210] ? futex_wait_setup+0x230/0x230 [ 70.105183][ T5210] ? mark_held_locks+0x9f/0xe0 [ 70.110092][ T5210] ? do_raw_spin_lock+0x124/0x2b0 [ 70.115162][ T5210] ? spin_bug+0x1c0/0x1c0 [ 70.119532][ T5210] do_futex+0x2e8/0x360 [ 70.123753][ T5210] ? __ia32_sys_get_robust_list+0x400/0x400 [ 70.127074][ T5217] FAULT_INJECTION: forcing a failure. [ 70.127074][ T5217] name fail_futex, interval 1, probability 0, space 0, times 0 [ 70.129760][ T5210] ? find_held_lock+0x2d/0x110 [ 70.147354][ T5210] __x64_sys_futex+0x1ca/0x4d0 [ 70.152193][ T5210] ? do_futex+0x360/0x360 [ 70.156736][ T5210] ? _raw_spin_unlock_irq+0x23/0x50 [ 70.161977][ T5210] ? lockdep_hardirqs_on+0x7d/0x100 [ 70.167214][ T5210] ? _raw_spin_unlock_irq+0x2e/0x50 [ 70.172447][ T5210] ? ptrace_notify+0xfe/0x140 [pid 5216] set_robust_list(0x7f65d6d039e0, 24) = 0 [pid 5216] openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 [pid 5216] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5216] futex(0x7f65d6dda4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] <... futex resumed>) = 0 [pid 5216] ioctl(3, FBIO_WAITFORVSYNC [pid 5207] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = ? [ 70.177257][ T5210] do_syscall_64+0x39/0xb0 [ 70.181702][ T5210] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.182946][ T5216] ------------[ cut here ]------------ [ 70.187612][ T5210] RIP: 0033:0x7f65d6d51c49 [ 70.187639][ T5210] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 70.193201][ T5216] platform vkms: vblank wait timed out on crtc 0 [ 70.197556][ T5210] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 70.225658][ T5218] FAULT_INJECTION: forcing a failure. [ 70.225658][ T5218] name fail_futex, interval 1, probability 0, space 0, times 0 [ 70.231976][ T5210] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 70.231997][ T5210] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 70.232013][ T5210] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 70.232029][ T5210] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [pid 5213] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5213] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5213] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5213] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5217], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5217 [pid 5213] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5217] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5217] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] <... futex resumed>) = 1 [pid 5213] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5217] write(3, "2", 1) = 1 [pid 5217] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5217] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5217] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5207] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5207] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5218], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5218 [pid 5207] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5218] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5207] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5218] <... openat resumed>) = 4 [pid 5218] write(4, "2", 1) = 1 [pid 5218] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [pid 5218] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.276726][ T5210] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 70.284749][ T5210] [ 70.287786][ T5218] CPU: 0 PID: 5218 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 70.287799][ C1] vkms_vblank_simulate: vblank timer overrun [ 70.305315][ T5218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 70.315402][ T5218] Call Trace: [ 70.318713][ T5218] [ 70.321656][ T5218] dump_stack_lvl+0x136/0x150 [ 70.326444][ T5218] should_fail_ex+0x4a3/0x5b0 [ 70.331147][ T5218] get_futex_key+0x5aa/0x1ca0 [ 70.335851][ T5218] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 70.341846][ T5218] ? psi_task_switch+0x2de/0x950 [ 70.346807][ T5218] ? futex_setup_timer+0xf0/0xf0 [ 70.351785][ T5218] ? find_held_lock+0x2d/0x110 [ 70.356585][ T5218] futex_wait_setup+0xab/0x230 [ 70.361379][ T5218] ? futex_wait_multiple+0xae0/0xae0 [ 70.367392][ T5218] futex_wait+0x268/0x680 [ 70.371751][ T5218] ? futex_wait_setup+0x230/0x230 [ 70.376799][ T5218] ? mark_held_locks+0x9f/0xe0 [ 70.381594][ T5218] ? do_raw_spin_lock+0x124/0x2b0 [ 70.386634][ T5218] ? spin_bug+0x1c0/0x1c0 [ 70.390980][ T5218] do_futex+0x2e8/0x360 [ 70.395158][ T5218] ? __ia32_sys_get_robust_list+0x400/0x400 [ 70.401090][ T5218] ? find_held_lock+0x2d/0x110 [ 70.405891][ T5218] __x64_sys_futex+0x1ca/0x4d0 [ 70.410679][ T5218] ? do_futex+0x360/0x360 [ 70.415026][ T5218] ? _raw_spin_unlock_irq+0x23/0x50 [ 70.420251][ T5218] ? lockdep_hardirqs_on+0x7d/0x100 [ 70.425470][ T5218] ? _raw_spin_unlock_irq+0x2e/0x50 [ 70.430701][ T5218] ? ptrace_notify+0xfe/0x140 [ 70.435404][ T5218] do_syscall_64+0x39/0xb0 [ 70.439849][ T5218] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.445777][ T5218] RIP: 0033:0x7f65d6d51c49 [ 70.450218][ T5218] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 70.469840][ T5218] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [pid 5218] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5215 attached ./strace-static-x86_64: Process 5214 attached [pid 5210] <... futex resumed>) = ? [pid 5215] set_robust_list(0x55555614c5e0, 24 [pid 5214] set_robust_list(0x7f65d6d039e0, 24 [pid 5215] <... set_robust_list resumed>) = 0 [pid 5214] <... set_robust_list resumed>) = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5214] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5215] <... prctl resumed>) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [ 70.478265][ T5218] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 70.486334][ T5218] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 70.494312][ T5218] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 70.502289][ T5218] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 70.510268][ T5218] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 70.518261][ T5218] [ 70.534681][ T5217] CPU: 0 PID: 5217 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 70.543175][ T5216] WARNING: CPU: 1 PID: 5216 at drivers/gpu/drm/drm_vblank.c:1269 drm_wait_one_vblank+0x2c0/0x510 [ 70.545111][ T5217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 70.555666][ T5216] Modules linked in: [ 70.566411][ T5217] Call Trace: [ 70.566421][ T5217] [ 70.566431][ T5217] dump_stack_lvl+0x136/0x150 [ 70.566464][ T5217] should_fail_ex+0x4a3/0x5b0 [ 70.566502][ T5217] get_futex_key+0x5aa/0x1ca0 [ 70.570389][ T5216] [ 70.570399][ T5216] CPU: 1 PID: 5216 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 70.573658][ T5217] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 70.573689][ T5217] ? psi_task_switch+0x2de/0x950 [ 70.576623][ T5216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 70.581305][ T5217] ? futex_setup_timer+0xf0/0xf0 [ 70.586039][ T5216] RIP: 0010:drm_wait_one_vblank+0x2c0/0x510 [ 70.590649][ T5217] ? find_held_lock+0x2d/0x110 [ 70.592993][ T5216] Code: 85 f6 0f 84 a3 01 00 00 e8 bd 5f e5 fc 4c 89 ef e8 15 a1 73 00 44 89 e1 4c 89 f2 48 c7 c7 60 d1 ba 8a 48 89 c6 e8 40 e6 ad fc <0f> 0b e9 87 fe ff ff e8 94 5f e5 fc 31 ff 4c 89 ee e8 fa 5b e5 fc [ 70.603355][ T5217] futex_wait_setup+0xab/0x230 [ 70.603400][ T5217] ? futex_wait_multiple+0xae0/0xae0 [ 70.609375][ T5216] RSP: 0018:ffffc90003e4fb40 EFLAGS: 00010282 [ 70.614312][ T5217] futex_wait+0x268/0x680 [ 70.614360][ T5217] ? futex_wait_setup+0x230/0x230 [ 70.614396][ T5217] ? mark_held_locks+0x9f/0xe0 [ 70.624605][ T5216] [ 70.629446][ T5217] ? do_raw_spin_lock+0x124/0x2b0 [ 70.635393][ T5216] RAX: 0000000000000000 RBX: 0000000000000e7f RCX: 0000000000000000 [ 70.640055][ T5217] ? spin_bug+0x1c0/0x1c0 [ 70.659758][ T5216] RDX: ffff88807bf657c0 RSI: ffffffff814b5fe7 RDI: 0000000000000001 [ 70.664417][ T5217] do_futex+0x2e8/0x360 [ 70.664462][ T5217] ? __ia32_sys_get_robust_list+0x400/0x400 [ 70.664495][ T5217] ? find_held_lock+0x2d/0x110 [pid 5206] <... futex resumed>) = ? [pid 5217] <... futex resumed>) = -1 EFAULT (Bad address) [pid 5217] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... futex resumed>) = -1 EFAULT (Bad address) [pid 5218] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] close(3) = 0 [pid 5215] futex(0x7f65d6dda4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6ce3000 [pid 5215] mprotect(0x7f65d6ce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] clone(child_stack=0x7f65d6d033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5219], tls=0x7f65d6d03700, child_tidptr=0x7f65d6d039d0) = 5219 [pid 5215] futex(0x7f65d6dda4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f65d6dda4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x7f65d6d039e0, 24) = 0 [ 70.669767][ T5216] RBP: ffff88801d75c000 R08: 0000000000000001 R09: 0000000000000000 [ 70.675821][ T5217] __x64_sys_futex+0x1ca/0x4d0 [ 70.675871][ T5217] ? do_futex+0x360/0x360 [ 70.680177][ T5216] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 70.685178][ T5217] ? _raw_spin_unlock_irq+0x23/0x50 [ 70.685220][ T5217] ? lockdep_hardirqs_on+0x7d/0x100 [ 70.689973][ T5216] R13: ffff88801dd6b010 R14: ffff88801d9ca050 R15: ffff888146de2030 [ 70.692283][ T5217] ? _raw_spin_unlock_irq+0x2e/0x50 [pid 5219] openat(AT_FDCWD, "/dev/fb0", O_RDONLY [pid 5215] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5215] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65d6cc2000 [pid 5215] mprotect(0x7f65d6cc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] clone(child_stack=0x7f65d6ce23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5220], tls=0x7f65d6ce2700, child_tidptr=0x7f65d6ce29d0) = 5220 [pid 5215] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.697360][ T5216] FS: 00007f65d6d03700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 70.705249][ T5217] ? ptrace_notify+0xfe/0x140 [ 70.705284][ T5217] do_syscall_64+0x39/0xb0 [ 70.709608][ T5216] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.717577][ T5217] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.717621][ T5217] RIP: 0033:0x7f65d6d51c49 [pid 5215] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x7f65d6ce29e0, 24) = 0 [pid 5220] ioctl(-1, FBIO_WAITFORVSYNC, 0) = -1 EBADF (Bad file descriptor) [pid 5220] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5220] futex(0x7f65d6dda4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] futex(0x7f65d6dda4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] <... futex resumed>) = 0 [pid 5220] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5215] futex(0x7f65d6dda4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... openat resumed>) = 4 [pid 5220] write(4, "2", 1) = 1 [pid 5220] ioctl(-1, SNDCTL_TMR_START or TCSETS, NULL) = -1 EBADF (Bad file descriptor) [ 70.717641][ T5217] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 70.717663][ T5217] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 70.721836][ T5216] CR2: 00007f65d6da703b CR3: 0000000027dc8000 CR4: 00000000003506e0 [ 70.727731][ T5217] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 70.727752][ T5217] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 70.727766][ T5217] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 70.727781][ T5217] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 70.727797][ T5217] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 70.727828][ T5217] [ 70.732618][ T5216] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.858614][ T5220] FAULT_INJECTION: forcing a failure. [ 70.858614][ T5220] name fail_futex, interval 1, probability 0, space 0, times 0 [ 70.862807][ T5216] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.862829][ T5216] Call Trace: [ 70.862837][ T5216] [ 70.880579][ T5220] CPU: 0 PID: 5220 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 70.886913][ T5216] ? drm_crtc_vblank_put+0x80/0x80 [ 70.894808][ T5220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 70.894824][ T5220] Call Trace: [ 70.894831][ T5220] [ 70.894840][ T5220] dump_stack_lvl+0x136/0x150 [ 70.894874][ T5220] should_fail_ex+0x4a3/0x5b0 [ 70.897910][ T5216] ? mark_held_locks+0x9f/0xe0 [ 70.905862][ T5220] get_futex_key+0x5aa/0x1ca0 [ 70.905899][ T5220] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 70.918665][ T5216] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 70.926595][ T5220] ? psi_task_switch+0x2de/0x950 [ 70.926636][ T5220] ? futex_setup_timer+0xf0/0xf0 [ 70.929901][ T5216] ? lockdep_hardirqs_on+0x7d/0x100 [ 70.932819][ T5220] ? find_held_lock+0x2d/0x110 [ 70.932868][ T5220] futex_wait_setup+0xab/0x230 [ 70.943275][ T5216] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 70.948339][ T5220] ? futex_wait_multiple+0xae0/0xae0 [ 70.958716][ T5216] ? drm_vblank_get+0x150/0x290 [ 70.961961][ T5220] futex_wait+0x268/0x680 [ 70.964975][ T5216] drm_fb_helper_ioctl+0x15d/0x1a0 [ 70.969634][ T5220] ? futex_wait_setup+0x230/0x230 [ 70.974383][ T5216] do_fb_ioctl+0x31f/0x740 [ 70.979061][ T5220] ? mark_held_locks+0x9f/0xe0 [ 70.983798][ T5216] ? drm_fb_helper_cfb_read+0x350/0x350 [ 70.989715][ T5220] ? do_raw_spin_lock+0x124/0x2b0 [ 70.995535][ T5216] ? fb_getput_cmap+0x270/0x270 [ 71.000415][ T5220] ? spin_bug+0x1c0/0x1c0 [ 71.000456][ T5220] do_futex+0x2e8/0x360 [ 71.005438][ T5216] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 71.010584][ T5220] ? __ia32_sys_get_robust_list+0x400/0x400 [ 71.015435][ T5216] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 71.020082][ T5220] ? find_held_lock+0x2d/0x110 [ 71.025912][ T5216] ? do_vfs_ioctl+0x132/0x1670 [ 71.031140][ T5220] __x64_sys_futex+0x1ca/0x4d0 [ 71.036021][ T5216] ? vfs_fileattr_set+0xc40/0xc40 [ 71.040299][ T5220] ? do_futex+0x360/0x360 [ 71.045427][ T5216] ? find_held_lock+0x2d/0x110 [ 71.050381][ T5220] ? _raw_spin_unlock_irq+0x23/0x50 [pid 5220] futex(0x7f65d6dda4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [ 71.054834][ T5216] ? do_one_initcall+0x172/0x540 [ 71.059542][ T5220] ? lockdep_hardirqs_on+0x7d/0x100 [ 71.065116][ T5216] ? __fget_files+0x26a/0x480 [ 71.070068][ T5220] ? _raw_spin_unlock_irq+0x2e/0x50 [ 71.074936][ T5216] fb_ioctl+0xeb/0x150 [ 71.079222][ T5220] ? ptrace_notify+0xfe/0x140 [ 71.083397][ T5216] ? do_fb_ioctl+0x740/0x740 [ 71.089141][ T5220] do_syscall_64+0x39/0xb0 [ 71.095037][ T5216] __x64_sys_ioctl+0x197/0x210 [ 71.100873][ T5220] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.105670][ T5216] do_syscall_64+0x39/0xb0 [ 71.110378][ T5220] RIP: 0033:0x7f65d6d51c49 [ 71.115215][ T5216] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.120150][ T5220] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.124540][ T5216] RIP: 0033:0x7f65d6d51c49 [ 71.129232][ T5220] RSP: 002b:00007f65d6ce22f8 EFLAGS: 00000246 [ 71.135345][ T5216] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.140202][ T5220] ORIG_RAX: 00000000000000ca [ 71.140217][ T5220] RAX: ffffffffffffffda RBX: 00007f65d6dda4b8 RCX: 00007f65d6d51c49 [ 71.145464][ T5216] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 [ 71.150064][ T5220] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65d6dda4b8 [ 71.150082][ T5220] RBP: 00007f65d6dda4b0 R08: 0000000000000032 R09: 0000000000000032 [ 71.150098][ T5220] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 71.155328][ T5216] ORIG_RAX: 0000000000000010 [ 71.159330][ T5220] R13: 00007f65d6ce2300 R14: 0000000000000001 R15: 0000000000022000 [ 71.164022][ T5216] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 71.168583][ T5220] [ 71.249006][ C1] vkms_vblank_simulate: vblank timer overrun [ 71.323118][ T5216] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000003 [ 71.331158][ T5216] RBP: 00007f65d6dda4a0 R08: 0000000000000000 R09: 0000000000000000 [ 71.339220][ T5216] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 71.347265][ T5216] R13: 00007fff7e814f6f R14: 00007f65d6d03400 R15: 0000000000022000 [ 71.355360][ T5216] [ 71.358415][ T5216] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 71.365715][ T5216] CPU: 1 PID: 5216 Comm: syz-executor371 Not tainted 6.3.0-rc4-syzkaller-00161-g62bad54b26db #0 [ 71.376159][ T5216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 71.386246][ T5216] Call Trace: [ 71.389545][ T5216] [ 71.392493][ T5216] dump_stack_lvl+0xd9/0x150 [ 71.397107][ T5216] panic+0x688/0x730 [ 71.401048][ T5216] ? panic_smp_self_stop+0x90/0x90 [ 71.406202][ T5216] ? show_trace_log_lvl+0x285/0x390 [ 71.411461][ T5216] ? drm_wait_one_vblank+0x2c0/0x510 [ 71.416789][ T5216] check_panic_on_warn+0xb1/0xc0 [ 71.421778][ T5216] __warn+0xf2/0x390 [ 71.425701][ T5216] ? drm_wait_one_vblank+0x2c0/0x510 [ 71.430998][ T5216] report_bug+0x2da/0x500 [ 71.435353][ T5216] handle_bug+0x3c/0x70 [ 71.439517][ T5216] exc_invalid_op+0x18/0x50 [ 71.444049][ T5216] asm_exc_invalid_op+0x1a/0x20 [ 71.448942][ T5216] RIP: 0010:drm_wait_one_vblank+0x2c0/0x510 [ 71.454873][ T5216] Code: 85 f6 0f 84 a3 01 00 00 e8 bd 5f e5 fc 4c 89 ef e8 15 a1 73 00 44 89 e1 4c 89 f2 48 c7 c7 60 d1 ba 8a 48 89 c6 e8 40 e6 ad fc <0f> 0b e9 87 fe ff ff e8 94 5f e5 fc 31 ff 4c 89 ee e8 fa 5b e5 fc [ 71.474519][ T5216] RSP: 0018:ffffc90003e4fb40 EFLAGS: 00010282 [ 71.480598][ T5216] RAX: 0000000000000000 RBX: 0000000000000e7f RCX: 0000000000000000 [ 71.488575][ T5216] RDX: ffff88807bf657c0 RSI: ffffffff814b5fe7 RDI: 0000000000000001 [ 71.496553][ T5216] RBP: ffff88801d75c000 R08: 0000000000000001 R09: 0000000000000000 [ 71.504550][ T5216] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 71.512534][ T5216] R13: ffff88801dd6b010 R14: ffff88801d9ca050 R15: ffff888146de2030 [ 71.520528][ T5216] ? __warn_printk+0x187/0x310 [ 71.525322][ T5216] ? drm_crtc_vblank_put+0x80/0x80 [ 71.530456][ T5216] ? mark_held_locks+0x9f/0xe0 [ 71.535234][ T5216] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 71.541058][ T5216] ? lockdep_hardirqs_on+0x7d/0x100 [ 71.546275][ T5216] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 71.552106][ T5216] ? drm_vblank_get+0x150/0x290 [ 71.556984][ T5216] drm_fb_helper_ioctl+0x15d/0x1a0 [ 71.562120][ T5216] do_fb_ioctl+0x31f/0x740 [ 71.566558][ T5216] ? drm_fb_helper_cfb_read+0x350/0x350 [ 71.572124][ T5216] ? fb_getput_cmap+0x270/0x270 [ 71.576999][ T5216] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 71.582825][ T5216] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 71.588740][ T5216] ? do_vfs_ioctl+0x132/0x1670 [ 71.593555][ T5216] ? vfs_fileattr_set+0xc40/0xc40 [ 71.598617][ T5216] ? find_held_lock+0x2d/0x110 [ 71.603427][ T5216] ? do_one_initcall+0x172/0x540 [ 71.608395][ T5216] ? __fget_files+0x26a/0x480 [ 71.613108][ T5216] fb_ioctl+0xeb/0x150 [ 71.617197][ T5216] ? do_fb_ioctl+0x740/0x740 [ 71.621814][ T5216] __x64_sys_ioctl+0x197/0x210 [ 71.626625][ T5216] do_syscall_64+0x39/0xb0 [ 71.631053][ T5216] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.636970][ T5216] RIP: 0033:0x7f65d6d51c49 [ 71.641393][ T5216] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.661012][ T5216] RSP: 002b:00007f65d6d032f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 71.669440][ T5216] RAX: ffffffffffffffda RBX: 00007f65d6dda4a8 RCX: 00007f65d6d51c49 [ 71.677420][ T5216] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000003 [ 71.685484][ T5216] RBP: 00007f65d6dda4a0 R08: 0000000000000000 R09: 0000000000000000 [ 71.693464][ T5216] R10: 0000000000000000 R11: 0000000000000246 R12: 3062662f7665642f [ 71.701447][ T5216] R13: 00007fff7e814f6f R14: 00007f65d6d03400 R15: 0000000000022000 [ 71.709882][ T5216] [ 71.713074][ T5216] Kernel Offset: disabled [ 71.717492][ T5216] Rebooting in 86400 seconds..