./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor529443576
<...>
[ 3.248983][ T86] acpid (86) used greatest stack depth: 23440 bytes left
[ 3.479891][ T101] udevd[101]: starting version 3.2.11
[ 3.559916][ T102] udevd[102]: starting eudev-3.2.11
[ 4.252893][ T127] iptables-restor (127) used greatest stack depth: 22352 bytes left
[ 12.998325][ T28] kauditd_printk_skb: 50 callbacks suppressed
[ 12.998338][ T28] audit: type=1400 audit(1694984475.760:61): avc: denied { transition } for pid=227 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.004648][ T28] audit: type=1400 audit(1694984475.760:62): avc: denied { noatsecure } for pid=227 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.007901][ T28] audit: type=1400 audit(1694984475.760:63): avc: denied { write } for pid=227 comm="sh" path="pipe:[13329]" dev="pipefs" ino=13329 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 13.012026][ T28] audit: type=1400 audit(1694984475.760:64): avc: denied { rlimitinh } for pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.014906][ T28] audit: type=1400 audit(1694984475.760:65): avc: denied { siginh } for pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.151' (ED25519) to the list of known hosts.
execve("./syz-executor529443576", ["./syz-executor529443576"], 0x7fff691c2830 /* 10 vars */) = 0
brk(NULL) = 0x555557113000
brk(0x555557113d00) = 0x555557113d00
arch_prctl(ARCH_SET_FS, 0x555557113380) = 0
set_tid_address(0x555557113650) = 295
set_robust_list(0x555557113660, 24) = 0
rseq(0x555557113ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor529443576", 4096) = 27
getrandom("\x61\x94\x17\xab\xcf\x76\xff\x2a", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555557113d00
brk(0x555557134d00) = 0x555557134d00
brk(0x555557135000) = 0x555557135000
mprotect(0x7fab497a8000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.X1cCx4", 0700) = 0
chmod("./syzkaller.X1cCx4", 0777) = 0
chdir("./syzkaller.X1cCx4") = 0
mkdir("./0", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 296
./strace-static-x86_64: Process 296 attached
[pid 296] set_robust_list(0x555557113660, 24) = 0
[pid 296] chdir("./0") = 0
[pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 296] setpgid(0, 0) = 0
[pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 296] write(3, "1000", 4) = 4
[pid 296] close(3) = 0
[pid 296] symlink("/dev/binderfs", "./binderfs") = 0
[pid 296] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 296] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 296] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 296] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 296] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 296] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 296] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 296] write(6, "7", 1) = 1
[pid 296] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 21.173565][ T28] audit: type=1400 audit(1694984483.930:66): avc: denied { execmem } for pid=295 comm="syz-executor529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 21.181573][ T28] audit: type=1400 audit(1694984483.940:67): avc: denied { bpf } for pid=296 comm="syz-executor529" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 21.187355][ T28] audit: type=1400 audit(1694984483.940:68): avc: denied { prog_load } for pid=296 comm="syz-executor529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 21.192133][ T28] audit: type=1400 audit(1694984483.940:69): avc: denied { perfmon } for pid=296 comm="syz-executor529" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 21.198223][ T296] FAULT_INJECTION: forcing a failure.
[ 21.198223][ T296] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 21.204086][ T28] audit: type=1400 audit(1694984483.940:70): avc: denied { prog_run } for pid=296 comm="syz-executor529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 21.217710][ T296] CPU: 1 PID: 296 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 21.235854][ T28] audit: type=1400 audit(1694984483.950:71): avc: denied { map_create } for pid=296 comm="syz-executor529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 21.245697][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 21.245706][ T296] Call Trace:
[ 21.245710][ T296]
[ 21.245714][ T296] dump_stack_lvl+0x151/0x1b7
[ 21.245741][ T296] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 21.245762][ T296] ? yield_to_task_fair+0x190/0x190
[ 21.264845][ T28] audit: type=1400 audit(1694984483.950:72): avc: denied { map_read map_write } for pid=296 comm="syz-executor529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 21.274687][ T296] dump_stack+0x15/0x17
[ 21.319563][ T296] should_fail_ex+0x3d0/0x520
[ 21.324079][ T296] should_fail_alloc_page+0x68/0x90
[ 21.329111][ T296] __alloc_pages+0x1f4/0x780
[ 21.333540][ T296] ? prep_new_page+0x110/0x110
[ 21.338140][ T296] ? __this_cpu_preempt_check+0x13/0x20
[ 21.343519][ T296] __folio_alloc+0x15/0x40
[ 21.347774][ T296] wp_page_copy+0x23c/0x1610
[ 21.352201][ T296] ? __switch_to+0x62c/0x1190
[ 21.356725][ T296] ? compat_start_thread+0x20/0x20
[ 21.361661][ T296] ? fault_dirty_shared_page+0x300/0x300
[ 21.367128][ T296] ? native_set_ldt+0x130/0x130
[ 21.371819][ T296] do_wp_page+0xbbf/0xd80
[ 21.375988][ T296] handle_mm_fault+0x15a2/0x2f40
[ 21.380762][ T296] ? numa_migrate_prep+0xe0/0xe0
[ 21.385531][ T296] ? lock_vma_under_rcu+0x47a/0x540
[ 21.390568][ T296] ? __kasan_check_write+0x14/0x20
[ 21.395513][ T296] ? fpregs_restore_userregs+0x130/0x290
[ 21.400983][ T296] exc_page_fault+0x3a6/0x6e0
[ 21.405497][ T296] asm_exc_page_fault+0x27/0x30
[ 21.410182][ T296] RIP: 0033:0x7fab4970b4f0
[ 21.414437][ T296] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 21.433878][ T296] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 21.439780][ T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 21.447591][ T296] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 21.455512][ T296] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 21.463414][ T296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid 296] exit_group(0) = ?
[pid 296] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 297 attached
, child_tidptr=0x555557113650) = 297
[pid 297] set_robust_list(0x555557113660, 24) = 0
[pid 297] chdir("./1") = 0
[pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 297] setpgid(0, 0) = 0
[pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 297] write(3, "1000", 4) = 4
[pid 297] close(3) = 0
[pid 297] symlink("/dev/binderfs", "./binderfs") = 0
[pid 297] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 297] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 297] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 297] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 297] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 297] write(6, "7", 1) = 1
[pid 297] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 21.471222][ T296] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 21.479039][ T296]
[ 21.482191][ T296] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 21.497709][ T297] FAULT_INJECTION: forcing a failure.
[ 21.497709][ T297] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 21.510784][ T297] CPU: 1 PID: 297 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 21.520620][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 21.531559][ T297] Call Trace:
[ 21.534679][ T297]
[ 21.537461][ T297] dump_stack_lvl+0x151/0x1b7
[ 21.541971][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 21.547272][ T297] ? yield_to_task_fair+0x190/0x190
[ 21.552304][ T297] dump_stack+0x15/0x17
[ 21.556295][ T297] should_fail_ex+0x3d0/0x520
[ 21.560813][ T297] should_fail_alloc_page+0x68/0x90
[ 21.565847][ T297] __alloc_pages+0x1f4/0x780
[ 21.570274][ T297] ? prep_new_page+0x110/0x110
[ 21.574872][ T297] __folio_alloc+0x15/0x40
[ 21.579123][ T297] wp_page_copy+0x23c/0x1610
[ 21.583551][ T297] ? __switch_to+0x62c/0x1190
[ 21.588187][ T297] ? compat_start_thread+0x20/0x20
[ 21.593137][ T297] ? fault_dirty_shared_page+0x300/0x300
[ 21.598599][ T297] ? __kasan_check_write+0x14/0x20
[ 21.603547][ T297] do_wp_page+0xbbf/0xd80
[ 21.607730][ T297] handle_mm_fault+0x15a2/0x2f40
[ 21.612494][ T297] ? numa_migrate_prep+0xe0/0xe0
[ 21.617262][ T297] ? lock_vma_under_rcu+0x47a/0x540
[ 21.622294][ T297] ? __kasan_check_write+0x14/0x20
[ 21.627239][ T297] ? fpregs_restore_userregs+0x130/0x290
[ 21.632718][ T297] exc_page_fault+0x3a6/0x6e0
[ 21.637221][ T297] asm_exc_page_fault+0x27/0x30
[ 21.641909][ T297] RIP: 0033:0x7fab4970b4f0
[ 21.646297][ T297] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 21.665745][ T297] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid 297] exit_group(0) = ?
[pid 297] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 298
./strace-static-x86_64: Process 298 attached
[pid 298] set_robust_list(0x555557113660, 24) = 0
[pid 298] chdir("./2") = 0
[pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 298] setpgid(0, 0) = 0
[pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 298] write(3, "1000", 4) = 4
[pid 298] close(3) = 0
[pid 298] symlink("/dev/binderfs", "./binderfs") = 0
[pid 298] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 298] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 298] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 298] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 298] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 298] write(6, "7", 1) = 1
[pid 298] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 21.671647][ T297] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 21.679455][ T297] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 21.687265][ T297] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 21.695077][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 21.702894][ T297] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 21.710703][ T297]
[ 21.713621][ T297] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 21.738036][ T298] FAULT_INJECTION: forcing a failure.
[ 21.738036][ T298] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 21.751190][ T298] CPU: 1 PID: 298 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 21.761071][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 21.770966][ T298] Call Trace:
[ 21.774092][ T298]
[ 21.776907][ T298] dump_stack_lvl+0x151/0x1b7
[ 21.781384][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 21.786679][ T298] dump_stack+0x15/0x17
[ 21.790670][ T298] should_fail_ex+0x3d0/0x520
[ 21.795184][ T298] should_fail_alloc_page+0x68/0x90
[ 21.800219][ T298] __alloc_pages+0x1f4/0x780
[ 21.804645][ T298] ? prep_new_page+0x110/0x110
[ 21.809244][ T298] ? __this_cpu_preempt_check+0x13/0x20
[ 21.814624][ T298] __folio_alloc+0x15/0x40
[ 21.818885][ T298] wp_page_copy+0x23c/0x1610
[ 21.823305][ T298] ? __switch_to+0x62c/0x1190
[ 21.827817][ T298] ? compat_start_thread+0x20/0x20
[ 21.832768][ T298] ? fault_dirty_shared_page+0x300/0x300
[ 21.838235][ T298] do_wp_page+0xbbf/0xd80
[ 21.842403][ T298] handle_mm_fault+0x15a2/0x2f40
[ 21.847175][ T298] ? numa_migrate_prep+0xe0/0xe0
[ 21.852127][ T298] ? lock_vma_under_rcu+0x47a/0x540
[ 21.857158][ T298] ? __kasan_check_write+0x14/0x20
[ 21.862107][ T298] ? fpregs_restore_userregs+0x130/0x290
[ 21.867574][ T298] exc_page_fault+0x3a6/0x6e0
[ 21.872088][ T298] asm_exc_page_fault+0x27/0x30
[ 21.876775][ T298] RIP: 0033:0x7fab4970b4f0
[ 21.881025][ T298] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 21.900475][ T298] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 21.906371][ T298] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 21.914183][ T298] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 21.921996][ T298] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 21.929810][ T298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid 298] exit_group(0) = ?
[pid 298] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 300
./strace-static-x86_64: Process 300 attached
[pid 300] set_robust_list(0x555557113660, 24) = 0
[pid 300] chdir("./3") = 0
[pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 300] setpgid(0, 0) = 0
[pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 300] write(3, "1000", 4) = 4
[pid 300] close(3) = 0
[pid 300] symlink("/dev/binderfs", "./binderfs") = 0
[pid 300] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 300] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 300] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 300] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 300] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 300] write(6, "7", 1) = 1
[pid 300] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 300] exit_group(0) = ?
[pid 300] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 301 attached
[pid 301] set_robust_list(0x555557113660, 24) = 0
[pid 301] chdir("./4") = 0
[pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 301] setpgid(0, 0) = 0
[pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 301] write(3, "1000", 4) = 4
[pid 301] close(3) = 0
[pid 301] symlink("/dev/binderfs", "./binderfs"
[pid 295] <... clone resumed>, child_tidptr=0x555557113650) = 301
[pid 301] <... symlink resumed>) = 0
[pid 301] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 301] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 301] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 301] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 301] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 301] write(6, "7", 1) = 1
[pid 301] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 21.937687][ T298] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 21.945437][ T298]
[ 21.949115][ T298] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 21.978011][ T301] FAULT_INJECTION: forcing a failure.
[ 21.978011][ T301] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 21.991200][ T301] CPU: 0 PID: 301 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 22.001069][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 22.010981][ T301] Call Trace:
[ 22.014090][ T301]
[ 22.016880][ T301] dump_stack_lvl+0x151/0x1b7
[ 22.021396][ T301] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 22.026675][ T301] ? yield_to_task_fair+0x190/0x190
[ 22.031710][ T301] dump_stack+0x15/0x17
[ 22.035718][ T301] should_fail_ex+0x3d0/0x520
[ 22.040217][ T301] should_fail_alloc_page+0x68/0x90
[ 22.045255][ T301] __alloc_pages+0x1f4/0x780
[ 22.049679][ T301] ? prep_new_page+0x110/0x110
[ 22.054277][ T301] ? __this_cpu_preempt_check+0x13/0x20
[ 22.059660][ T301] __folio_alloc+0x15/0x40
[ 22.063915][ T301] wp_page_copy+0x23c/0x1610
[ 22.068345][ T301] ? __switch_to+0x62c/0x1190
[ 22.072854][ T301] ? compat_start_thread+0x20/0x20
[ 22.077802][ T301] ? fault_dirty_shared_page+0x300/0x300
[ 22.083270][ T301] ? native_set_ldt+0x130/0x130
[ 22.087974][ T301] do_wp_page+0xbbf/0xd80
[ 22.092123][ T301] handle_mm_fault+0x15a2/0x2f40
[ 22.096912][ T301] ? numa_migrate_prep+0xe0/0xe0
[ 22.101670][ T301] ? lock_vma_under_rcu+0x47a/0x540
[ 22.106706][ T301] ? __kasan_check_write+0x14/0x20
[ 22.111658][ T301] ? fpregs_restore_userregs+0x130/0x290
[ 22.117119][ T301] exc_page_fault+0x3a6/0x6e0
[ 22.121664][ T301] asm_exc_page_fault+0x27/0x30
[ 22.126323][ T301] RIP: 0033:0x7fab4970b4f0
[ 22.130582][ T301] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 22.150030][ T301] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 22.155917][ T301] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 22.163757][ T301] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 22.171546][ T301] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 22.179358][ T301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid 301] exit_group(0) = ?
[pid 301] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 302 attached
, child_tidptr=0x555557113650) = 302
[pid 302] set_robust_list(0x555557113660, 24) = 0
[pid 302] chdir("./5") = 0
[pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 302] setpgid(0, 0) = 0
[pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 302] write(3, "1000", 4) = 4
[pid 302] close(3) = 0
[pid 302] symlink("/dev/binderfs", "./binderfs") = 0
[pid 302] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 302] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 302] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 302] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 302] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 302] write(6, "7", 1) = 1
[pid 302] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 302] exit_group(0) = ?
[pid 302] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 303
./strace-static-x86_64: Process 303 attached
[pid 303] set_robust_list(0x555557113660, 24) = 0
[pid 303] chdir("./6") = 0
[pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 303] setpgid(0, 0) = 0
[pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 303] write(3, "1000", 4) = 4
[pid 303] close(3) = 0
[pid 303] symlink("/dev/binderfs", "./binderfs") = 0
[pid 303] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 303] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 303] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 303] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 303] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 303] write(6, "7", 1) = 1
[pid 303] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 22.187269][ T301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 22.195081][ T301]
[ 22.199156][ T301] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 22.233582][ T303] FAULT_INJECTION: forcing a failure.
[ 22.233582][ T303] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 22.246740][ T303] CPU: 1 PID: 303 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 22.256621][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 22.266519][ T303] Call Trace:
[ 22.269638][ T303]
[ 22.272417][ T303] dump_stack_lvl+0x151/0x1b7
[ 22.276934][ T303] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 22.282226][ T303] dump_stack+0x15/0x17
[ 22.286221][ T303] should_fail_ex+0x3d0/0x520
[ 22.290732][ T303] should_fail_alloc_page+0x68/0x90
[ 22.295765][ T303] __alloc_pages+0x1f4/0x780
[ 22.300205][ T303] ? prep_new_page+0x110/0x110
[ 22.304805][ T303] ? __this_cpu_preempt_check+0x13/0x20
[ 22.310186][ T303] __folio_alloc+0x15/0x40
[ 22.314429][ T303] wp_page_copy+0x23c/0x1610
[ 22.318855][ T303] ? __switch_to+0x62c/0x1190
[ 22.323374][ T303] ? compat_start_thread+0x20/0x20
[ 22.328575][ T303] ? fault_dirty_shared_page+0x300/0x300
[ 22.334048][ T303] do_wp_page+0xbbf/0xd80
[ 22.338210][ T303] handle_mm_fault+0x15a2/0x2f40
[ 22.342985][ T303] ? numa_migrate_prep+0xe0/0xe0
[ 22.347758][ T303] ? lock_vma_under_rcu+0x47a/0x540
[ 22.352922][ T303] ? __kasan_check_write+0x14/0x20
[ 22.357865][ T303] ? fpregs_restore_userregs+0x130/0x290
[ 22.363414][ T303] exc_page_fault+0x3a6/0x6e0
[ 22.367930][ T303] asm_exc_page_fault+0x27/0x30
[ 22.372702][ T303] RIP: 0033:0x7fab4970b4f0
[ 22.376962][ T303] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 22.396493][ T303] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 22.402390][ T303] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 22.410205][ T303] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 22.418014][ T303] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 22.425830][ T303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid 303] exit_group(0) = ?
[pid 303] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 304 attached
, child_tidptr=0x555557113650) = 304
[pid 304] set_robust_list(0x555557113660, 24) = 0
[pid 304] chdir("./7") = 0
[pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 304] setpgid(0, 0) = 0
[pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 304] write(3, "1000", 4) = 4
[pid 304] close(3) = 0
[pid 304] symlink("/dev/binderfs", "./binderfs") = 0
[pid 304] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 304] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 304] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 304] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 304] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 304] write(6, "7", 1) = 1
[pid 304] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 304] exit_group(0) = ?
[pid 304] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 305 attached
[pid 305] set_robust_list(0x555557113660, 24) = 0
[pid 305] chdir("./8") = 0
[pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 305] setpgid(0, 0) = 0
[pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 295] <... clone resumed>, child_tidptr=0x555557113650) = 305
[pid 305] <... openat resumed>) = 3
[pid 305] write(3, "1000", 4) = 4
[pid 305] close(3) = 0
[pid 305] symlink("/dev/binderfs", "./binderfs") = 0
[pid 305] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 305] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 305] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 305] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 305] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 305] write(6, "7", 1) = 1
[ 22.433639][ T303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 22.441455][ T303]
[ 22.444472][ T303] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 22.486124][ T305] FAULT_INJECTION: forcing a failure.
[ 22.486124][ T305] name failslab, interval 1, probability 0, space 0, times 0
[ 22.498913][ T305] CPU: 0 PID: 305 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 22.518753][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 22.528647][ T305] Call Trace:
[ 22.531793][ T305]
[ 22.534557][ T305] dump_stack_lvl+0x151/0x1b7
[ 22.539105][ T305] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 22.544363][ T305] ? kern_path+0x147/0x1a0
[ 22.548613][ T305] ? kasan_set_track+0x60/0x70
[ 22.553212][ T305] ? kasan_save_free_info+0x2b/0x40
[ 22.558247][ T305] dump_stack+0x15/0x17
[ 22.562238][ T305] should_fail_ex+0x3d0/0x520
[ 22.566756][ T305] ? jbd2__journal_start+0x150/0x720
[ 22.571874][ T305] __should_failslab+0xaf/0xf0
[ 22.576474][ T305] should_failslab+0x9/0x20
[ 22.580813][ T305] kmem_cache_alloc+0x3b/0x2c0
[ 22.585500][ T305] ? avc_denied+0x1b0/0x1b0
[ 22.589851][ T305] jbd2__journal_start+0x150/0x720
[ 22.594789][ T305] __ext4_journal_start_sb+0x24d/0x4b0
[ 22.600084][ T305] ext4_dirty_inode+0x8f/0x100
[ 22.604692][ T305] ? __ext4_expand_extra_isize+0x420/0x420
[ 22.610331][ T305] __mark_inode_dirty+0x200/0xa60
[ 22.615190][ T305] touch_atime+0x378/0x540
[ 22.619444][ T305] ? current_time+0x2f0/0x2f0
[ 22.623957][ T305] unix_find_other+0x799/0x8e0
[ 22.628556][ T305] ? avc_has_perm+0x16f/0x260
[ 22.633071][ T305] ? unix_insert_bsd_socket+0x250/0x250
[ 22.638449][ T305] unix_dgram_sendmsg+0xc1f/0x2050
[ 22.643399][ T305] ? unix_dgram_poll+0x710/0x710
[ 22.648176][ T305] ? security_socket_sendmsg+0x82/0xb0
[ 22.653468][ T305] ? unix_dgram_poll+0x710/0x710
[ 22.658239][ T305] ____sys_sendmsg+0x5dc/0x9d0
[ 22.662843][ T305] ? __sys_sendmsg_sock+0x40/0x40
[ 22.667711][ T305] __sys_sendmmsg+0x3b9/0x6f0
[ 22.672217][ T305] ? __ia32_sys_sendmsg+0x90/0x90
[ 22.677081][ T305] ? __switch_to+0x62c/0x1190
[ 22.681592][ T305] ? __sched_clock_gtod_offset+0x100/0x100
[ 22.687231][ T305] ? _raw_spin_unlock+0x4c/0x70
[ 22.692094][ T305] ? finish_task_switch+0x167/0x7b0
[ 22.697126][ T305] ? __schedule+0xca1/0x1540
[ 22.701555][ T305] ? __kasan_check_write+0x14/0x20
[ 22.706499][ T305] ? __kasan_check_write+0x14/0x20
[ 22.711446][ T305] ? _raw_spin_lock_irq+0xa5/0x1b0
[ 22.716393][ T305] ? _raw_spin_lock_irqsave+0x210/0x210
[ 22.721775][ T305] ? cgroup_update_frozen+0x15f/0x980
[ 22.726987][ T305] ? memset+0x35/0x40
[ 22.730805][ T305] ? __kasan_check_write+0x14/0x20
[ 22.735751][ T305] ? fpregs_restore_userregs+0x130/0x290
[ 22.741224][ T305] __x64_sys_sendmmsg+0xa0/0xb0
[ 22.745908][ T305] do_syscall_64+0x3d/0xb0
[ 22.750160][ T305] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 22.755891][ T305] RIP: 0033:0x7fab497355a9
[ 22.760141][ T305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 305] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 305] exit_group(0) = ?
[pid 305] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 22.779586][ T305] RSP: 002b:00007ffca7df4b58 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 22.787836][ T305] RAX: ffffffffffffffda RBX: 00007ffca7df4b80 RCX: 00007fab497355a9
[ 22.795644][ T305] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 22.803455][ T305] RBP: 0000000000000001 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 22.811268][ T305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 22.819076][ T305] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 22.826892][ T305]
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 307
./strace-static-x86_64: Process 307 attached
[pid 307] set_robust_list(0x555557113660, 24) = 0
[ 22.835456][ T19] ==================================================================
[ 22.843324][ T19] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 22.850012][ T19] Read of size 4 at addr ffff888121dc00f4 by task kworker/0:1/19
[ 22.857575][ T19]
[ 22.859724][ T19] CPU: 0 PID: 19 Comm: kworker/0:1 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 22.869191][ T19] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 22.879093][ T19] Workqueue: events sk_psock_destroy
[pid 307] chdir("./9") = 0
[pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 307] setpgid(0, 0) = 0
[pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 307] write(3, "1000", 4) = 4
[pid 307] close(3) = 0
[pid 307] symlink("/dev/binderfs", "./binderfs") = 0
[pid 307] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[ 22.884047][ T309] FAULT_INJECTION: forcing a failure.
[ 22.884047][ T309] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 22.884202][ T19] Call Trace:
[ 22.884209][ T19]
[ 22.903129][ T19] dump_stack_lvl+0x151/0x1b7
[ 22.907643][ T19] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 22.912936][ T19] ? _printk+0xd1/0x111
[ 22.916929][ T19] ? __virt_addr_valid+0x242/0x2f0
[ 22.921874][ T19] print_report+0x158/0x4e0
[ 22.926214][ T19] ? __virt_addr_valid+0x242/0x2f0
[ 22.931164][ T19] ? kasan_complete_mode_report_info+0x90/0x1b0
[ 22.937238][ T19] ? consume_skb+0x3c/0x250
[ 22.941579][ T19] kasan_report+0x13c/0x170
[ 22.945924][ T19] ? consume_skb+0x3c/0x250
[ 22.950261][ T19] ? __kasan_check_write+0x14/0x20
[ 22.955204][ T19] kasan_check_range+0x294/0x2a0
[ 22.959979][ T19] __kasan_check_read+0x11/0x20
[ 22.964669][ T19] consume_skb+0x3c/0x250
[ 22.968836][ T19] __sk_msg_free+0x2dd/0x370
[ 22.973259][ T19] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 22.978905][ T19] ? skb_dequeue+0x123/0x160
[ 22.983328][ T19] sk_psock_destroy+0x351/0x810
[ 22.988016][ T19] process_one_work+0x73d/0xcb0
[ 22.992705][ T19] worker_thread+0xa60/0x1260
[ 22.997224][ T19] ? __kasan_check_read+0x11/0x20
[ 23.002078][ T19] kthread+0x26d/0x300
[ 23.005985][ T19] ? worker_clr_flags+0x1a0/0x1a0
[ 23.010843][ T19] ? kthread_blkcg+0xd0/0xd0
[ 23.015274][ T19] ret_from_fork+0x1f/0x30
[ 23.019527][ T19]
[ 23.022387][ T19]
[ 23.022389][ T309] CPU: 1 PID: 309 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 23.024554][ T19] Allocated by task 304:
[ 23.024562][ T19] kasan_set_track+0x4b/0x70
[ 23.034453][ T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 23.038530][ T19] kasan_save_alloc_info+0x1f/0x30
[ 23.042957][ T309] Call Trace:
[ 23.042963][ T309]
[ 23.052850][ T19] __kasan_slab_alloc+0x6c/0x80
[ 23.057801][ T309] dump_stack_lvl+0x151/0x1b7
[ 23.060927][ T19] slab_post_alloc_hook+0x53/0x2c0
[ 23.063704][ T309] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 23.068390][ T19] kmem_cache_alloc_node+0x18a/0x2d0
[ 23.072903][ T309] ? yield_to_task_fair+0x190/0x190
[ 23.077849][ T19] __alloc_skb+0xcc/0x2c0
[ 23.083150][ T309] dump_stack+0x15/0x17
[ 23.088268][ T19] alloc_skb_with_frags+0xa6/0x680
[ 23.093301][ T309] should_fail_ex+0x3d0/0x520
[ 23.097467][ T19] sock_alloc_send_pskb+0x915/0xa50
[ 23.101460][ T309] should_fail_alloc_page+0x68/0x90
[ 23.106407][ T19] unix_dgram_sendmsg+0x5b1/0x2050
[ 23.110925][ T309] __alloc_pages+0x1f4/0x780
[ 23.115956][ T19] ____sys_sendmsg+0x5dc/0x9d0
[ 23.120996][ T309] ? prep_new_page+0x110/0x110
[ 23.125936][ T19] __sys_sendmmsg+0x3b9/0x6f0
[ 23.130366][ T309] ? __this_cpu_preempt_check+0x13/0x20
[ 23.134966][ T19] __x64_sys_sendmmsg+0xa0/0xb0
[ 23.139565][ T309] __folio_alloc+0x15/0x40
[ 23.144082][ T19] do_syscall_64+0x3d/0xb0
[ 23.149459][ T309] wp_page_copy+0x23c/0x1610
[ 23.154148][ T19] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 23.158402][ T309] ? __switch_to+0x62c/0x1190
[ 23.162661][ T19]
[ 23.162665][ T19] Freed by task 19:
[ 23.167084][ T309] ? compat_start_thread+0x20/0x20
[ 23.172809][ T19] kasan_set_track+0x4b/0x70
[ 23.177327][ T309] ? fault_dirty_shared_page+0x300/0x300
[ 23.179491][ T19] kasan_save_free_info+0x2b/0x40
[ 23.183138][ T309] ? native_set_ldt+0x130/0x130
[ 23.188085][ T19] ____kasan_slab_free+0x131/0x180
[ 23.192520][ T309] do_wp_page+0xbbf/0xd80
[ 23.197979][ T19] __kasan_slab_free+0x11/0x20
[ 23.203017][ T309] handle_mm_fault+0x15a2/0x2f40
[ 23.207704][ T19] kmem_cache_free+0x291/0x510
[ 23.212656][ T309] ? numa_migrate_prep+0xe0/0xe0
[ 23.216820][ T19] kfree_skbmem+0x104/0x170
[ 23.221420][ T309] ? lock_vma_under_rcu+0x47a/0x540
[ 23.226193][ T19] kfree_skb_reason+0xdb/0x250
[ 23.230797][ T309] ? __kasan_check_write+0x14/0x20
[ 23.235567][ T19] sk_psock_destroy+0x143/0x810
[ 23.239903][ T309] ? fpregs_restore_userregs+0x130/0x290
[ 23.244939][ T19] process_one_work+0x73d/0xcb0
[ 23.249541][ T309] exc_page_fault+0x3a6/0x6e0
[ 23.254485][ T19] worker_thread+0xa60/0x1260
[ 23.259175][ T309] asm_exc_page_fault+0x27/0x30
[ 23.264645][ T19] kthread+0x26d/0x300
[ 23.269331][ T309] RIP: 0033:0x7fab4970b4f0
[ 23.273844][ T19] ret_from_fork+0x1f/0x30
[ 23.278359][ T309] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 23.283057][ T19]
[ 23.283062][ T19] The buggy address belongs to the object at ffff888121dc0000
[ 23.283062][ T19] which belongs to the cache skbuff_head_cache of size 256
[ 23.286948][ T309] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 23.291204][ T19] The buggy address is located 244 bytes inside of
[ 23.291204][ T19] 256-byte region [ffff888121dc0000, ffff888121dc0100)
[ 23.295458][ T309]
[ 23.295463][ T309] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 23.314899][ T19]
[ 23.314903][ T19] The buggy address belongs to the physical page:
[ 23.317070][ T309] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 23.331565][ T19] page:ffffea0004877000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121dc0
[ 23.337471][ T309] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 23.350575][ T19] flags: 0x4000000000000200(slab|zone=1)
[ 23.352743][ T309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 23.360560][ T19] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100232a80
[ 23.362725][ T309] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 23.368979][ T19] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 23.376789][ T309]
[ 23.386855][ T19] page dumped because: kasan: bad access detected
[ 23.398820][ T309] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 23.400139][ T19] page_owner tracks the page as allocated
[ 23.400145][ T19] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 290, tgid 290 (sshd), ts 22473276328, free_ts 22473263972
[ 23.472362][ T19] post_alloc_hook+0x213/0x220
[ 23.476967][ T19] prep_new_page+0x1b/0x110
[ 23.478806][ T313] FAULT_INJECTION: forcing a failure.
[ 23.478806][ T313] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 23.481293][ T19] get_page_from_freelist+0x2762/0x27f0
[ 23.481316][ T19] __alloc_pages+0x3a1/0x780
[ 23.481333][ T19] new_slab+0xce/0x4c0
[ 23.481351][ T19] ___slab_alloc+0x6f9/0xb80
[ 23.494667][ T313] CPU: 1 PID: 313 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 23.499693][ T19] __slab_alloc+0x5d/0xa0
[ 23.504119][ T313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 23.508028][ T19] kmem_cache_alloc+0x1b9/0x2c0
[ 23.512456][ T313] Call Trace:
[ 23.512461][ T313]
[ 23.522348][ T19] skb_clone+0x1f8/0x380
[ 23.526515][ T313] dump_stack_lvl+0x151/0x1b7
[ 23.536411][ T19] dev_queue_xmit_nit+0x248/0xa90
[ 23.541101][ T313] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 23.544219][ T19] dev_hard_start_xmit+0x140/0x630
[ 23.547002][ T313] ? yield_to_task_fair+0x190/0x190
[ 23.551077][ T19] sch_direct_xmit+0x298/0x9b0
[ 23.555594][ T313] dump_stack+0x15/0x17
[ 23.560454][ T19] __dev_queue_xmit+0x17df/0x3660
[ 23.565749][ T313] should_fail_ex+0x3d0/0x520
[ 23.570701][ T19] ip_finish_output2+0xb60/0xf90
[ 23.575733][ T313] should_fail_alloc_page+0x68/0x90
[ 23.580329][ T19] __ip_finish_output+0x162/0x370
[ 23.584322][ T313] __alloc_pages+0x1f4/0x780
[ 23.589184][ T19] ip_finish_output+0x31/0x2a0
[ 23.593702][ T313] ? prep_new_page+0x110/0x110
[ 23.598473][ T19] page last free stack trace:
[ 23.598478][ T19] free_unref_page_prepare+0x83d/0x850
[ 23.603596][ T313] ? __this_cpu_preempt_check+0x13/0x20
[ 23.608455][ T19] free_unref_page+0x8d/0x480
[ 23.612887][ T313] __folio_alloc+0x15/0x40
[ 23.617480][ T19] free_the_page+0x13/0x20
[ 23.622082][ T313] wp_page_copy+0x23c/0x1610
[ 23.626596][ T19] page_frag_free+0x108/0x120
[ 23.631995][ T313] ? __switch_to+0x62c/0x1190
[ 23.637370][ T19] skb_release_data+0x6ba/0x840
[ 23.641888][ T313] ? compat_start_thread+0x20/0x20
[ 23.646138][ T19] __kfree_skb+0x50/0x70
[ 23.650389][ T313] ? fault_dirty_shared_page+0x300/0x300
[ 23.654816][ T19] tcp_rcv_established+0xe39/0x1c60
[ 23.659332][ T313] ? native_set_ldt+0x130/0x130
[ 23.663844][ T19] tcp_v4_do_rcv+0x430/0xa20
[ 23.668536][ T313] do_wp_page+0xbbf/0xd80
[ 23.673475][ T19] __release_sock+0x145/0x410
[ 23.677562][ T313] handle_mm_fault+0x15a2/0x2f40
[ 23.683026][ T19] release_sock+0x65/0x1b0
[ 23.688068][ T313] ? numa_migrate_prep+0xe0/0xe0
[ 23.692748][ T19] tcp_sendmsg+0x3a/0x50
[ 23.697176][ T313] ? lock_vma_under_rcu+0x47a/0x540
[ 23.701339][ T19] inet_sendmsg+0xa1/0xc0
[ 23.705860][ T313] ? __kasan_check_write+0x14/0x20
[ 23.710627][ T19] sock_write_iter+0x394/0x4e0
[ 23.714885][ T313] ? fpregs_restore_userregs+0x130/0x290
[ 23.719743][ T19] vfs_write+0x902/0xeb0
[ 23.723825][ T313] exc_page_fault+0x3a6/0x6e0
[ 23.728857][ T19] ksys_write+0x199/0x2c0
[ 23.733034][ T313] asm_exc_page_fault+0x27/0x30
[ 23.737968][ T19] __x64_sys_write+0x7b/0x90
[ 23.742573][ T313] RIP: 0033:0x7fab4970b4f0
[ 23.748038][ T19]
[ 23.748042][ T19] Memory state around the buggy address:
[pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 307] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 307] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 307] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 307] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 307] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 307] write(6, "7", 1) = 1
[pid 307] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 307] exit_group(0) = ?
[pid 307] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 308
./strace-static-x86_64: Process 308 attached
[pid 308] set_robust_list(0x555557113660, 24) = 0
[pid 308] chdir("./10") = 0
[pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 308] setpgid(0, 0) = 0
[pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 308] write(3, "1000", 4) = 4
[pid 308] close(3) = 0
[pid 308] symlink("/dev/binderfs", "./binderfs") = 0
[pid 308] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 308] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 308] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 308] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 308] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 308] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 308] write(6, "7", 1) = 1
[pid 308] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 308] exit_group(0) = ?
[pid 308] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 309
./strace-static-x86_64: Process 309 attached
[pid 309] set_robust_list(0x555557113660, 24) = 0
[pid 309] chdir("./11") = 0
[pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 309] setpgid(0, 0) = 0
[pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 309] write(3, "1000", 4) = 4
[pid 309] close(3) = 0
[pid 309] symlink("/dev/binderfs", "./binderfs") = 0
[pid 309] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 309] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 309] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 309] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 309] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 309] write(6, "7", 1) = 1
[pid 309] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 309] exit_group(0) = ?
[pid 309] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=14} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 310
./strace-static-x86_64: Process 310 attached
[pid 310] set_robust_list(0x555557113660, 24) = 0
[pid 310] chdir("./12") = 0
[pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 310] setpgid(0, 0) = 0
[pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 310] write(3, "1000", 4) = 4
[pid 310] close(3) = 0
[pid 310] symlink("/dev/binderfs", "./binderfs") = 0
[pid 310] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 310] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 310] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 310] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 310] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 310] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 310] write(6, "7", 1) = 1
[pid 310] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 310] exit_group(0) = ?
[pid 310] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 313
./strace-static-x86_64: Process 313 attached
[pid 313] set_robust_list(0x555557113660, 24) = 0
[pid 313] chdir("./13") = 0
[pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 313] setpgid(0, 0) = 0
[pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 313] write(3, "1000", 4) = 4
[pid 313] close(3) = 0
[pid 313] symlink("/dev/binderfs", "./binderfs") = 0
[pid 313] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 313] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 313] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 313] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 313] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 313] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 313] write(6, "7", 1) = 1
[pid 313] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 23.752120][ T313] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 23.756635][ T19] ffff888121dbff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.760796][ T313] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 23.765487][ T19] ffff888121dc0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 23.769911][ T313]
[ 23.769916][ T313] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 23.774168][ T19] >ffff888121dc0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[pid 313] exit_group(0) = ?
[pid 313] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 315
./strace-static-x86_64: Process 315 attached
[pid 315] set_robust_list(0x555557113660, 24) = 0
[pid 315] chdir("./14") = 0
[pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 315] setpgid(0, 0) = 0
[pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 315] write(3, "1000", 4) = 4
[pid 315] close(3) = 0
[pid 315] symlink("/dev/binderfs", "./binderfs") = 0
[pid 315] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 315] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 315] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 315] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 315] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 315] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 315] write(6, "7", 1) = 1
[pid 315] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 23.776331][ T313] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 23.781802][ T19] ^
[ 23.781810][ T19] ffff888121dc0100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 23.801249][ T313] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 23.809146][ T19] ffff888121dc0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 23.815046][ T313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 23.822945][ T19] ==================================================================
[ 23.823649][ T19] Disabling lock debugging due to kernel taint
[ 23.825114][ T313] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 23.825131][ T313]
[ 23.848672][ T313] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 23.871078][ T315] FAULT_INJECTION: forcing a failure.
[ 23.871078][ T315] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 23.932592][ T315] CPU: 1 PID: 315 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 23.943863][ T315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 23.953752][ T315] Call Trace:
[ 23.956875][ T315]
[ 23.959655][ T315] dump_stack_lvl+0x151/0x1b7
[ 23.964168][ T315] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 23.969466][ T315] ? yield_to_task_fair+0x190/0x190
[ 23.974496][ T315] dump_stack+0x15/0x17
[ 23.978613][ T315] should_fail_ex+0x3d0/0x520
[ 23.983244][ T315] should_fail_alloc_page+0x68/0x90
[ 23.988363][ T315] __alloc_pages+0x1f4/0x780
[ 23.992792][ T315] ? prep_new_page+0x110/0x110
[ 23.997391][ T315] ? __this_cpu_preempt_check+0x13/0x20
[ 24.002773][ T315] __folio_alloc+0x15/0x40
[ 24.007547][ T315] wp_page_copy+0x23c/0x1610
[ 24.011975][ T315] ? __switch_to+0x62c/0x1190
[ 24.016484][ T315] ? compat_start_thread+0x20/0x20
[ 24.021443][ T315] ? fault_dirty_shared_page+0x300/0x300
[ 24.026904][ T315] ? native_set_ldt+0x130/0x130
[ 24.031589][ T315] do_wp_page+0xbbf/0xd80
[ 24.035759][ T315] handle_mm_fault+0x15a2/0x2f40
[ 24.040619][ T315] ? numa_migrate_prep+0xe0/0xe0
[ 24.045387][ T315] ? lock_vma_under_rcu+0x47a/0x540
[ 24.050429][ T315] ? __kasan_check_write+0x14/0x20
[ 24.055372][ T315] ? fpregs_restore_userregs+0x130/0x290
[ 24.060846][ T315] exc_page_fault+0x3a6/0x6e0
[ 24.065357][ T315] asm_exc_page_fault+0x27/0x30
[ 24.070041][ T315] RIP: 0033:0x7fab4970b4f0
[ 24.074292][ T315] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 24.093821][ T315] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 24.099723][ T315] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 24.107545][ T315] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 24.115347][ T315] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 24.123160][ T315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 24.130979][ T315] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 24.138789][ T315]
[pid 315] exit_group(0) = ?
[pid 315] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 318
./strace-static-x86_64: Process 318 attached
[pid 318] set_robust_list(0x555557113660, 24) = 0
[pid 318] chdir("./15") = 0
[pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 318] setpgid(0, 0) = 0
[pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 318] write(3, "1000", 4) = 4
[pid 318] close(3) = 0
[pid 318] symlink("/dev/binderfs", "./binderfs") = 0
[pid 318] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 318] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 318] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 318] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 318] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 318] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 318] write(6, "7", 1) = 1
[pid 318] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 24.142594][ T315] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 24.167161][ T318] FAULT_INJECTION: forcing a failure.
[ 24.167161][ T318] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 24.180325][ T318] CPU: 1 PID: 318 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 24.191679][ T318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 24.201577][ T318] Call Trace:
[ 24.204702][ T318]
[ 24.207475][ T318] dump_stack_lvl+0x151/0x1b7
[ 24.211992][ T318] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 24.217287][ T318] dump_stack+0x15/0x17
[ 24.221279][ T318] should_fail_ex+0x3d0/0x520
[ 24.225792][ T318] should_fail_alloc_page+0x68/0x90
[ 24.230825][ T318] __alloc_pages+0x1f4/0x780
[ 24.235255][ T318] ? prep_new_page+0x110/0x110
[ 24.239852][ T318] ? __this_cpu_preempt_check+0x13/0x20
[ 24.245235][ T318] __folio_alloc+0x15/0x40
[ 24.249490][ T318] wp_page_copy+0x23c/0x1610
[ 24.253919][ T318] ? __switch_to+0x62c/0x1190
[ 24.258446][ T318] ? compat_start_thread+0x20/0x20
[ 24.263374][ T318] ? fault_dirty_shared_page+0x300/0x300
[ 24.268859][ T318] do_wp_page+0xbbf/0xd80
[ 24.273012][ T318] handle_mm_fault+0x15a2/0x2f40
[ 24.277785][ T318] ? numa_migrate_prep+0xe0/0xe0
[ 24.282558][ T318] ? lock_vma_under_rcu+0x47a/0x540
[ 24.287593][ T318] ? __kasan_check_write+0x14/0x20
[ 24.292625][ T318] ? fpregs_restore_userregs+0x130/0x290
[ 24.298095][ T318] exc_page_fault+0x3a6/0x6e0
[ 24.302608][ T318] asm_exc_page_fault+0x27/0x30
[ 24.307293][ T318] RIP: 0033:0x7fab4970b4f0
[ 24.311549][ T318] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 24.330993][ T318] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 24.336891][ T318] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid 318] exit_group(0) = ?
[pid 318] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 319 attached
, child_tidptr=0x555557113650) = 319
[pid 319] set_robust_list(0x555557113660, 24) = 0
[pid 319] chdir("./16") = 0
[pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 319] setpgid(0, 0) = 0
[pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 319] write(3, "1000", 4) = 4
[pid 319] close(3) = 0
[pid 319] symlink("/dev/binderfs", "./binderfs") = 0
[pid 319] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 319] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 319] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 319] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 319] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 319] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 319] write(6, "7", 1) = 1
[pid 319] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 24.344712][ T318] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 24.352516][ T318] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 24.360332][ T318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 24.368140][ T318] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 24.375955][ T318]
[ 24.378960][ T318] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 24.401016][ T319] FAULT_INJECTION: forcing a failure.
[ 24.401016][ T319] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 24.414141][ T319] CPU: 0 PID: 319 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 24.425434][ T319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 24.435331][ T319] Call Trace:
[ 24.438456][ T319]
[ 24.441233][ T319] dump_stack_lvl+0x151/0x1b7
[ 24.445746][ T319] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 24.451040][ T319] ? yield_to_task_fair+0x190/0x190
[ 24.456075][ T319] dump_stack+0x15/0x17
[ 24.460068][ T319] should_fail_ex+0x3d0/0x520
[ 24.464582][ T319] should_fail_alloc_page+0x68/0x90
[ 24.469620][ T319] __alloc_pages+0x1f4/0x780
[ 24.474044][ T319] ? prep_new_page+0x110/0x110
[ 24.478644][ T319] ? __this_cpu_preempt_check+0x13/0x20
[ 24.484028][ T319] __folio_alloc+0x15/0x40
[ 24.488279][ T319] wp_page_copy+0x23c/0x1610
[ 24.492704][ T319] ? __switch_to+0x62c/0x1190
[ 24.497218][ T319] ? compat_start_thread+0x20/0x20
[ 24.502165][ T319] ? fault_dirty_shared_page+0x300/0x300
[ 24.507635][ T319] ? native_set_ldt+0x130/0x130
[ 24.512323][ T319] do_wp_page+0xbbf/0xd80
[ 24.516488][ T319] handle_mm_fault+0x15a2/0x2f40
[ 24.521271][ T319] ? numa_migrate_prep+0xe0/0xe0
[ 24.526036][ T319] ? lock_vma_under_rcu+0x47a/0x540
[ 24.531073][ T319] ? __kasan_check_write+0x14/0x20
[ 24.536017][ T319] ? fpregs_restore_userregs+0x130/0x290
[ 24.541485][ T319] exc_page_fault+0x3a6/0x6e0
[ 24.546000][ T319] asm_exc_page_fault+0x27/0x30
[ 24.550686][ T319] RIP: 0033:0x7fab4970b4f0
[ 24.554939][ T319] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 24.574382][ T319] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 24.580284][ T319] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 24.588097][ T319] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid 319] exit_group(0) = ?
[pid 319] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 320
./strace-static-x86_64: Process 320 attached
[pid 320] set_robust_list(0x555557113660, 24) = 0
[pid 320] chdir("./17") = 0
[pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 320] setpgid(0, 0) = 0
[pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 320] write(3, "1000", 4) = 4
[pid 320] close(3) = 0
[pid 320] symlink("/dev/binderfs", "./binderfs") = 0
[pid 320] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 320] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 320] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 320] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 320] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 320] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 320] write(6, "7", 1) = 1
[pid 320] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 24.595912][ T319] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 24.603721][ T319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 24.611534][ T319] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 24.619347][ T319]
[ 24.622267][ T319] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 24.641426][ T320] FAULT_INJECTION: forcing a failure.
[ 24.641426][ T320] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 24.654589][ T320] CPU: 0 PID: 320 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 24.665935][ T320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 24.675831][ T320] Call Trace:
[ 24.678949][ T320]
[ 24.681733][ T320] dump_stack_lvl+0x151/0x1b7
[ 24.686241][ T320] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 24.691536][ T320] ? unix_dgram_poll+0x710/0x710
[ 24.696311][ T320] dump_stack+0x15/0x17
[ 24.700307][ T320] should_fail_ex+0x3d0/0x520
[ 24.704815][ T320] should_fail_alloc_page+0x68/0x90
[ 24.709849][ T320] __alloc_pages+0x1f4/0x780
[ 24.714278][ T320] ? prep_new_page+0x110/0x110
[ 24.718887][ T320] ? __this_cpu_preempt_check+0x13/0x20
[ 24.724258][ T320] __folio_alloc+0x15/0x40
[ 24.728513][ T320] wp_page_copy+0x23c/0x1610
[ 24.733039][ T320] ? __switch_to+0x62c/0x1190
[ 24.737545][ T320] ? compat_start_thread+0x20/0x20
[ 24.742492][ T320] ? fault_dirty_shared_page+0x300/0x300
[ 24.747961][ T320] ? native_set_ldt+0x130/0x130
[ 24.752650][ T320] do_wp_page+0xbbf/0xd80
[ 24.756819][ T320] handle_mm_fault+0x15a2/0x2f40
[ 24.761597][ T320] ? numa_migrate_prep+0xe0/0xe0
[ 24.766364][ T320] ? lock_vma_under_rcu+0x47a/0x540
[ 24.771397][ T320] ? __kasan_check_write+0x14/0x20
[ 24.776341][ T320] ? fpregs_restore_userregs+0x130/0x290
[ 24.781813][ T320] exc_page_fault+0x3a6/0x6e0
[ 24.786351][ T320] asm_exc_page_fault+0x27/0x30
[ 24.791011][ T320] RIP: 0033:0x7fab4970b4f0
[ 24.795276][ T320] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 24.814708][ T320] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 24.820629][ T320] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 24.828423][ T320] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 24.836233][ T320] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 24.844046][ T320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid 320] exit_group(0) = ?
[pid 320] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 322 attached
, child_tidptr=0x555557113650) = 322
[pid 322] set_robust_list(0x555557113660, 24) = 0
[pid 322] chdir("./18") = 0
[pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 322] setpgid(0, 0) = 0
[pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 322] write(3, "1000", 4) = 4
[pid 322] close(3) = 0
[pid 322] symlink("/dev/binderfs", "./binderfs") = 0
[pid 322] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 322] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 322] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 322] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 322] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 322] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 322] write(6, "7", 1) = 1
[pid 322] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 24.851858][ T320] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 24.859676][ T320]
[ 24.878455][ T322] FAULT_INJECTION: forcing a failure.
[ 24.878455][ T322] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 24.891582][ T322] CPU: 0 PID: 322 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 24.902822][ T322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 24.912719][ T322] Call Trace:
[ 24.915841][ T322]
[ 24.918633][ T322] dump_stack_lvl+0x151/0x1b7
[ 24.923135][ T322] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 24.928429][ T322] ? __sched_clock_gtod_offset+0x100/0x100
[ 24.934130][ T322] dump_stack+0x15/0x17
[ 24.938064][ T322] should_fail_ex+0x3d0/0x520
[ 24.942577][ T322] should_fail_alloc_page+0x68/0x90
[ 24.947613][ T322] __alloc_pages+0x1f4/0x780
[ 24.952039][ T322] ? prep_new_page+0x110/0x110
[ 24.956642][ T322] ? __this_cpu_preempt_check+0x13/0x20
[ 24.962032][ T322] __folio_alloc+0x15/0x40
[ 24.966275][ T322] wp_page_copy+0x23c/0x1610
[ 24.970700][ T322] ? __switch_to+0x62c/0x1190
[ 24.975217][ T322] ? compat_start_thread+0x20/0x20
[ 24.980162][ T322] ? fault_dirty_shared_page+0x300/0x300
[ 24.985635][ T322] do_wp_page+0xbbf/0xd80
[ 24.989800][ T322] handle_mm_fault+0x15a2/0x2f40
[ 24.994576][ T322] ? numa_migrate_prep+0xe0/0xe0
[ 24.999348][ T322] ? lock_vma_under_rcu+0x47a/0x540
[ 25.004382][ T322] ? __kasan_check_write+0x14/0x20
[ 25.009325][ T322] ? fpregs_restore_userregs+0x130/0x290
[ 25.014795][ T322] exc_page_fault+0x3a6/0x6e0
[ 25.019308][ T322] asm_exc_page_fault+0x27/0x30
[ 25.023996][ T322] RIP: 0033:0x7fab4970b4f0
[ 25.028248][ T322] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 25.047785][ T322] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid 322] exit_group(0) = ?
[pid 322] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 323
./strace-static-x86_64: Process 323 attached
[pid 323] set_robust_list(0x555557113660, 24) = 0
[pid 323] chdir("./19") = 0
[pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 323] setpgid(0, 0) = 0
[pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 323] write(3, "1000", 4) = 4
[pid 323] close(3) = 0
[pid 323] symlink("/dev/binderfs", "./binderfs") = 0
[pid 323] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 323] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 323] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 323] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 323] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 323] write(6, "7", 1) = 1
[pid 323] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 323] exit_group(0) = ?
[pid 323] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 324
./strace-static-x86_64: Process 324 attached
[pid 324] set_robust_list(0x555557113660, 24) = 0
[pid 324] chdir("./20") = 0
[pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 324] setpgid(0, 0) = 0
[pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 324] write(3, "1000", 4) = 4
[pid 324] close(3) = 0
[pid 324] symlink("/dev/binderfs", "./binderfs") = 0
[pid 324] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 324] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 324] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 324] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 324] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 324] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 324] write(6, "7", 1) = 1
[pid 324] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 25.053687][ T322] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 25.061498][ T322] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 25.069310][ T322] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 25.077123][ T322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 25.084936][ T322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 25.092749][ T322]
[ 25.110840][ T324] FAULT_INJECTION: forcing a failure.
[ 25.110840][ T324] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 25.124050][ T324] CPU: 0 PID: 324 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 25.135325][ T324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 25.145314][ T324] Call Trace:
[ 25.148439][ T324]
[ 25.151218][ T324] dump_stack_lvl+0x151/0x1b7
[ 25.155731][ T324] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 25.161027][ T324] ? yield_to_task_fair+0x190/0x190
[ 25.166062][ T324] dump_stack+0x15/0x17
[ 25.170052][ T324] should_fail_ex+0x3d0/0x520
[ 25.174565][ T324] should_fail_alloc_page+0x68/0x90
[ 25.179603][ T324] __alloc_pages+0x1f4/0x780
[ 25.184034][ T324] ? prep_new_page+0x110/0x110
[ 25.188629][ T324] ? __this_cpu_preempt_check+0x13/0x20
[ 25.194008][ T324] __folio_alloc+0x15/0x40
[ 25.198266][ T324] wp_page_copy+0x23c/0x1610
[ 25.202691][ T324] ? __switch_to+0x62c/0x1190
[ 25.207205][ T324] ? compat_start_thread+0x20/0x20
[ 25.212154][ T324] ? fault_dirty_shared_page+0x300/0x300
[ 25.217621][ T324] do_wp_page+0xbbf/0xd80
[ 25.221788][ T324] handle_mm_fault+0x15a2/0x2f40
[ 25.226562][ T324] ? numa_migrate_prep+0xe0/0xe0
[ 25.231332][ T324] ? lock_vma_under_rcu+0x47a/0x540
[ 25.236369][ T324] ? __kasan_check_write+0x14/0x20
[ 25.241315][ T324] ? fpregs_restore_userregs+0x130/0x290
[ 25.246788][ T324] exc_page_fault+0x3a6/0x6e0
[ 25.251299][ T324] asm_exc_page_fault+0x27/0x30
[ 25.255984][ T324] RIP: 0033:0x7fab4970b4f0
[ 25.260237][ T324] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 25.279678][ T324] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 25.285580][ T324] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 25.293397][ T324] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 25.301205][ T324] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid 324] exit_group(0) = ?
[pid 324] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 325
./strace-static-x86_64: Process 325 attached
[pid 325] set_robust_list(0x555557113660, 24) = 0
[pid 325] chdir("./21") = 0
[pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 325] setpgid(0, 0) = 0
[pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 325] write(3, "1000", 4) = 4
[pid 325] close(3) = 0
[pid 325] symlink("/dev/binderfs", "./binderfs") = 0
[pid 325] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 325] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 325] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 325] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 325] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 325] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 325] write(6, "7", 1) = 1
[pid 325] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 25.309017][ T324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 25.316828][ T324] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 25.324644][ T324]
[ 25.339157][ T325] FAULT_INJECTION: forcing a failure.
[ 25.339157][ T325] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 25.352400][ T325] CPU: 1 PID: 325 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 25.363758][ T325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 25.373650][ T325] Call Trace:
[ 25.376772][ T325]
[ 25.379549][ T325] dump_stack_lvl+0x151/0x1b7
[ 25.384063][ T325] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 25.389360][ T325] dump_stack+0x15/0x17
[ 25.393350][ T325] should_fail_ex+0x3d0/0x520
[ 25.397864][ T325] should_fail_alloc_page+0x68/0x90
[ 25.402896][ T325] __alloc_pages+0x1f4/0x780
[ 25.407326][ T325] ? prep_new_page+0x110/0x110
[ 25.411928][ T325] ? __this_cpu_preempt_check+0x13/0x20
[ 25.417307][ T325] __folio_alloc+0x15/0x40
[ 25.421560][ T325] wp_page_copy+0x23c/0x1610
[ 25.425993][ T325] ? __switch_to+0x62c/0x1190
[ 25.430591][ T325] ? compat_start_thread+0x20/0x20
[ 25.435538][ T325] ? fault_dirty_shared_page+0x300/0x300
[ 25.441006][ T325] do_wp_page+0xbbf/0xd80
[ 25.445196][ T325] handle_mm_fault+0x15a2/0x2f40
[ 25.449946][ T325] ? numa_migrate_prep+0xe0/0xe0
[ 25.454717][ T325] ? lock_vma_under_rcu+0x47a/0x540
[ 25.459752][ T325] ? __kasan_check_write+0x14/0x20
[ 25.464698][ T325] ? fpregs_restore_userregs+0x130/0x290
[ 25.470262][ T325] exc_page_fault+0x3a6/0x6e0
[ 25.474769][ T325] asm_exc_page_fault+0x27/0x30
[ 25.479457][ T325] RIP: 0033:0x7fab4970b4f0
[ 25.483711][ T325] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 25.503152][ T325] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid 325] exit_group(0) = ?
[pid 325] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 326
./strace-static-x86_64: Process 326 attached
[pid 326] set_robust_list(0x555557113660, 24) = 0
[pid 326] chdir("./22") = 0
[pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 326] setpgid(0, 0) = 0
[pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 326] write(3, "1000", 4) = 4
[pid 326] close(3) = 0
[pid 326] symlink("/dev/binderfs", "./binderfs") = 0
[pid 326] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 326] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 326] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 326] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 326] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 326] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 326] write(6, "7", 1) = 1
[pid 326] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 25.509064][ T325] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 25.516871][ T325] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 25.524678][ T325] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 25.532488][ T325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 25.540302][ T325] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 25.548114][ T325]
[ 25.560707][ T326] FAULT_INJECTION: forcing a failure.
[ 25.560707][ T326] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 25.573785][ T326] CPU: 0 PID: 326 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 25.585075][ T326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 25.594971][ T326] Call Trace:
[ 25.598104][ T326]
[ 25.600920][ T326] dump_stack_lvl+0x151/0x1b7
[ 25.605387][ T326] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 25.610685][ T326] dump_stack+0x15/0x17
[ 25.614674][ T326] should_fail_ex+0x3d0/0x520
[ 25.619190][ T326] should_fail_alloc_page+0x68/0x90
[ 25.624226][ T326] __alloc_pages+0x1f4/0x780
[ 25.628651][ T326] ? prep_new_page+0x110/0x110
[ 25.633253][ T326] ? __this_cpu_preempt_check+0x13/0x20
[ 25.638633][ T326] __folio_alloc+0x15/0x40
[ 25.642886][ T326] wp_page_copy+0x23c/0x1610
[ 25.647312][ T326] ? __switch_to+0x62c/0x1190
[ 25.651829][ T326] ? compat_start_thread+0x20/0x20
[ 25.656775][ T326] ? fault_dirty_shared_page+0x300/0x300
[ 25.662245][ T326] do_wp_page+0xbbf/0xd80
[ 25.666408][ T326] handle_mm_fault+0x15a2/0x2f40
[ 25.671186][ T326] ? numa_migrate_prep+0xe0/0xe0
[ 25.675959][ T326] ? lock_vma_under_rcu+0x47a/0x540
[ 25.681004][ T326] ? __kasan_check_write+0x14/0x20
[ 25.685942][ T326] ? fpregs_restore_userregs+0x130/0x290
[ 25.691417][ T326] exc_page_fault+0x3a6/0x6e0
[ 25.695927][ T326] asm_exc_page_fault+0x27/0x30
[ 25.700606][ T326] RIP: 0033:0x7fab4970b4f0
[ 25.705036][ T326] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 25.724478][ T326] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 25.730378][ T326] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 25.738191][ T326] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 25.746003][ T326] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 25.753814][ T326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid 326] exit_group(0) = ?
[pid 326] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 327 attached
[pid 327] set_robust_list(0x555557113660, 24) = 0
[pid 327] chdir("./23") = 0
[pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 327] setpgid(0, 0) = 0
[pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 295] <... clone resumed>, child_tidptr=0x555557113650) = 327
[pid 327] <... openat resumed>) = 3
[pid 327] write(3, "1000", 4) = 4
[pid 327] close(3) = 0
[pid 327] symlink("/dev/binderfs", "./binderfs") = 0
[pid 327] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 327] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 327] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 327] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 327] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 327] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 327] write(6, "7", 1) = 1
[pid 327] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 25.761632][ T326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 25.769530][ T326]
[ 25.780534][ T327] FAULT_INJECTION: forcing a failure.
[ 25.780534][ T327] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 25.793625][ T327] CPU: 0 PID: 327 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 25.804921][ T327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 25.814816][ T327] Call Trace:
[ 25.817938][ T327]
[ 25.820718][ T327] dump_stack_lvl+0x151/0x1b7
[ 25.825235][ T327] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 25.830525][ T327] dump_stack+0x15/0x17
[ 25.834512][ T327] should_fail_ex+0x3d0/0x520
[ 25.839028][ T327] should_fail_alloc_page+0x68/0x90
[ 25.844083][ T327] __alloc_pages+0x1f4/0x780
[ 25.848489][ T327] ? prep_new_page+0x110/0x110
[ 25.853089][ T327] ? __this_cpu_preempt_check+0x13/0x20
[ 25.858470][ T327] __folio_alloc+0x15/0x40
[ 25.862730][ T327] wp_page_copy+0x23c/0x1610
[ 25.867148][ T327] ? __switch_to+0x62c/0x1190
[ 25.871666][ T327] ? compat_start_thread+0x20/0x20
[ 25.876616][ T327] ? fault_dirty_shared_page+0x300/0x300
[ 25.882082][ T327] do_wp_page+0xbbf/0xd80
[ 25.886245][ T327] handle_mm_fault+0x15a2/0x2f40
[ 25.891030][ T327] ? numa_migrate_prep+0xe0/0xe0
[ 25.895818][ T327] ? lock_vma_under_rcu+0x47a/0x540
[ 25.900833][ T327] ? __kasan_check_write+0x14/0x20
[ 25.905774][ T327] ? fpregs_restore_userregs+0x130/0x290
[ 25.911242][ T327] exc_page_fault+0x3a6/0x6e0
[ 25.915759][ T327] asm_exc_page_fault+0x27/0x30
[ 25.920444][ T327] RIP: 0033:0x7fab4970b4f0
[ 25.924696][ T327] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 25.944141][ T327] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 25.950041][ T327] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid 327] exit_group(0) = ?
[pid 327] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 329
./strace-static-x86_64: Process 329 attached
[pid 329] set_robust_list(0x555557113660, 24) = 0
[pid 329] chdir("./24") = 0
[pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 329] setpgid(0, 0) = 0
[pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 329] write(3, "1000", 4) = 4
[pid 329] close(3) = 0
[pid 329] symlink("/dev/binderfs", "./binderfs") = 0
[pid 329] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 329] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 329] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 329] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 329] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 329] write(6, "7", 1) = 1
[pid 329] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 329] exit_group(0) = ?
[pid 329] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 330 attached
, child_tidptr=0x555557113650) = 330
[pid 330] set_robust_list(0x555557113660, 24) = 0
[pid 330] chdir("./25") = 0
[pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 330] setpgid(0, 0) = 0
[pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 330] write(3, "1000", 4) = 4
[pid 330] close(3) = 0
[pid 330] symlink("/dev/binderfs", "./binderfs") = 0
[pid 330] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 330] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 330] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 330] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 330] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 330] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 330] write(6, "7", 1) = 1
[pid 330] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 330] exit_group(0) = ?
[pid 330] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 331
./strace-static-x86_64: Process 331 attached
[pid 331] set_robust_list(0x555557113660, 24) = 0
[pid 331] chdir("./26") = 0
[pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 331] setpgid(0, 0) = 0
[pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 331] write(3, "1000", 4) = 4
[pid 331] close(3) = 0
[pid 331] symlink("/dev/binderfs", "./binderfs") = 0
[pid 331] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 331] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 331] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 331] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 331] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 331] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 331] write(6, "7", 1) = 1
[pid 331] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 331] exit_group(0) = ?
[pid 331] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 332
./strace-static-x86_64: Process 332 attached
[pid 332] set_robust_list(0x555557113660, 24) = 0
[pid 332] chdir("./27") = 0
[pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 332] setpgid(0, 0) = 0
[pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 332] write(3, "1000", 4) = 4
[pid 332] close(3) = 0
[pid 332] symlink("/dev/binderfs", "./binderfs") = 0
[pid 332] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 332] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 332] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 332] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 332] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 332] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 332] write(6, "7", 1) = 1
[pid 332] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 332] exit_group(0) = ?
[pid 332] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 333
./strace-static-x86_64: Process 333 attached
[pid 333] set_robust_list(0x555557113660, 24) = 0
[pid 333] chdir("./28") = 0
[pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 333] setpgid(0, 0) = 0
[pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 333] write(3, "1000", 4) = 4
[pid 333] close(3) = 0
[pid 333] symlink("/dev/binderfs", "./binderfs") = 0
[pid 333] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 333] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 333] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 333] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 333] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 333] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 333] write(6, "7", 1) = 1
[pid 333] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 333] exit_group(0) = ?
[pid 333] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 25.957853][ T327] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 25.965667][ T327] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 25.973476][ T327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 25.981288][ T327] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 25.989106][ T327]
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 334
./strace-static-x86_64: Process 334 attached
[pid 334] set_robust_list(0x555557113660, 24) = 0
[pid 334] chdir("./29") = 0
[pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 334] setpgid(0, 0) = 0
[pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 334] write(3, "1000", 4) = 4
[pid 334] close(3) = 0
[pid 334] symlink("/dev/binderfs", "./binderfs") = 0
[pid 334] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 334] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 334] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 334] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 334] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 334] write(6, "7", 1) = 1
[pid 334] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 26.055316][ T334] FAULT_INJECTION: forcing a failure.
[ 26.055316][ T334] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 26.068532][ T334] CPU: 1 PID: 334 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 26.079863][ T334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 26.089755][ T334] Call Trace:
[ 26.092883][ T334]
[ 26.095660][ T334] dump_stack_lvl+0x151/0x1b7
[ 26.100174][ T334] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 26.105467][ T334] ? yield_to_task_fair+0x190/0x190
[ 26.110501][ T334] dump_stack+0x15/0x17
[ 26.114494][ T334] should_fail_ex+0x3d0/0x520
[ 26.119008][ T334] should_fail_alloc_page+0x68/0x90
[ 26.124044][ T334] __alloc_pages+0x1f4/0x780
[ 26.128474][ T334] ? prep_new_page+0x110/0x110
[ 26.133070][ T334] ? __this_cpu_preempt_check+0x13/0x20
[ 26.138452][ T334] __folio_alloc+0x15/0x40
[ 26.142706][ T334] wp_page_copy+0x23c/0x1610
[ 26.147156][ T334] ? __switch_to+0x62c/0x1190
[ 26.151651][ T334] ? compat_start_thread+0x20/0x20
[ 26.156591][ T334] ? fault_dirty_shared_page+0x300/0x300
[ 26.162064][ T334] ? native_set_ldt+0x130/0x130
[ 26.166749][ T334] do_wp_page+0xbbf/0xd80
[ 26.170915][ T334] handle_mm_fault+0x15a2/0x2f40
[ 26.175690][ T334] ? numa_migrate_prep+0xe0/0xe0
[ 26.180465][ T334] ? lock_vma_under_rcu+0x47a/0x540
[ 26.185497][ T334] ? __kasan_check_write+0x14/0x20
[ 26.190446][ T334] ? fpregs_restore_userregs+0x130/0x290
[ 26.195915][ T334] exc_page_fault+0x3a6/0x6e0
[ 26.200428][ T334] asm_exc_page_fault+0x27/0x30
[ 26.205111][ T334] RIP: 0033:0x7fab4970b4f0
[ 26.209365][ T334] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 26.228815][ T334] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 26.234713][ T334] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 26.242523][ T334] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid 334] exit_group(0) = ?
[pid 334] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 335 attached
[pid 335] set_robust_list(0x555557113660, 24) = 0
[pid 295] <... clone resumed>, child_tidptr=0x555557113650) = 335
[pid 335] chdir("./30") = 0
[pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 335] setpgid(0, 0) = 0
[pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 335] write(3, "1000", 4) = 4
[pid 335] close(3) = 0
[pid 335] symlink("/dev/binderfs", "./binderfs") = 0
[pid 335] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 335] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 335] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 335] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 335] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 335] write(6, "7", 1) = 1
[pid 335] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 26.250333][ T334] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 26.258147][ T334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 26.265963][ T334] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 26.273823][ T334]
[ 26.286372][ T335] FAULT_INJECTION: forcing a failure.
[ 26.286372][ T335] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 26.299432][ T335] CPU: 1 PID: 335 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 26.310759][ T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 26.320654][ T335] Call Trace:
[ 26.323772][ T335]
[ 26.326577][ T335] dump_stack_lvl+0x151/0x1b7
[ 26.331062][ T335] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 26.336357][ T335] ? yield_to_task_fair+0x190/0x190
[ 26.341394][ T335] dump_stack+0x15/0x17
[ 26.345384][ T335] should_fail_ex+0x3d0/0x520
[ 26.349917][ T335] should_fail_alloc_page+0x68/0x90
[ 26.354933][ T335] __alloc_pages+0x1f4/0x780
[ 26.359499][ T335] ? prep_new_page+0x110/0x110
[ 26.364097][ T335] ? __this_cpu_preempt_check+0x13/0x20
[ 26.369478][ T335] __folio_alloc+0x15/0x40
[ 26.373729][ T335] wp_page_copy+0x23c/0x1610
[ 26.378167][ T335] ? __switch_to+0x62c/0x1190
[ 26.382668][ T335] ? compat_start_thread+0x20/0x20
[ 26.387617][ T335] ? fault_dirty_shared_page+0x300/0x300
[ 26.393088][ T335] ? native_set_ldt+0x130/0x130
[ 26.397775][ T335] do_wp_page+0xbbf/0xd80
[ 26.401939][ T335] handle_mm_fault+0x15a2/0x2f40
[ 26.406738][ T335] ? numa_migrate_prep+0xe0/0xe0
[ 26.411493][ T335] ? lock_vma_under_rcu+0x47a/0x540
[ 26.416520][ T335] ? __kasan_check_write+0x14/0x20
[ 26.421466][ T335] ? fpregs_restore_userregs+0x130/0x290
[ 26.426936][ T335] exc_page_fault+0x3a6/0x6e0
[ 26.431453][ T335] asm_exc_page_fault+0x27/0x30
[ 26.436138][ T335] RIP: 0033:0x7fab4970b4f0
[ 26.440389][ T335] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 26.459956][ T335] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 26.465865][ T335] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 26.473666][ T335] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 26.481513][ T335] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 26.489295][ T335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 26.497109][ T335] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[pid 335] exit_group(0) = ?
[pid 335] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 336 attached
, child_tidptr=0x555557113650) = 336
[pid 336] set_robust_list(0x555557113660, 24) = 0
[pid 336] chdir("./31") = 0
[pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 336] setpgid(0, 0) = 0
[pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 336] write(3, "1000", 4) = 4
[pid 336] close(3) = 0
[pid 336] symlink("/dev/binderfs", "./binderfs") = 0
[pid 336] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 336] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 336] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 336] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 336] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 336] write(6, "7", 1) = 1
[pid 336] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 26.504919][ T335]
[ 26.507875][ T335] pagefault_out_of_memory: 7 callbacks suppressed
[ 26.507887][ T335] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 26.534329][ T336] FAULT_INJECTION: forcing a failure.
[ 26.534329][ T336] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 26.547435][ T336] CPU: 1 PID: 336 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 26.558700][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 26.568598][ T336] Call Trace:
[ 26.571719][ T336]
[ 26.574498][ T336] dump_stack_lvl+0x151/0x1b7
[ 26.579009][ T336] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 26.584308][ T336] ? __sched_clock_gtod_offset+0x100/0x100
[ 26.590084][ T336] dump_stack+0x15/0x17
[ 26.594063][ T336] should_fail_ex+0x3d0/0x520
[ 26.598579][ T336] should_fail_alloc_page+0x68/0x90
[ 26.603611][ T336] __alloc_pages+0x1f4/0x780
[ 26.608037][ T336] ? prep_new_page+0x110/0x110
[ 26.612637][ T336] ? __this_cpu_preempt_check+0x13/0x20
[ 26.618023][ T336] __folio_alloc+0x15/0x40
[ 26.622273][ T336] wp_page_copy+0x23c/0x1610
[ 26.626698][ T336] ? __switch_to+0x62c/0x1190
[ 26.631216][ T336] ? compat_start_thread+0x20/0x20
[ 26.636159][ T336] ? fault_dirty_shared_page+0x300/0x300
[ 26.641808][ T336] do_wp_page+0xbbf/0xd80
[ 26.645970][ T336] handle_mm_fault+0x15a2/0x2f40
[ 26.650744][ T336] ? numa_migrate_prep+0xe0/0xe0
[ 26.655513][ T336] ? lock_vma_under_rcu+0x47a/0x540
[ 26.660549][ T336] ? __kasan_check_write+0x14/0x20
[ 26.665499][ T336] ? fpregs_restore_userregs+0x130/0x290
[ 26.670964][ T336] exc_page_fault+0x3a6/0x6e0
[ 26.675479][ T336] asm_exc_page_fault+0x27/0x30
[ 26.680164][ T336] RIP: 0033:0x7fab4970b4f0
[ 26.684417][ T336] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 26.703874][ T336] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 26.709853][ T336] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 26.717664][ T336] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 26.725477][ T336] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 26.733285][ T336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 26.741101][ T336] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 26.748913][ T336]
[pid 336] exit_group(0) = ?
[pid 336] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 337 attached
[pid 337] set_robust_list(0x555557113660, 24) = 0
[pid 337] chdir("./32") = 0
[pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 337] setpgid(0, 0) = 0
[pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 295] <... clone resumed>, child_tidptr=0x555557113650) = 337
[pid 337] <... openat resumed>) = 3
[pid 337] write(3, "1000", 4) = 4
[pid 337] close(3) = 0
[pid 337] symlink("/dev/binderfs", "./binderfs") = 0
[pid 337] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 337] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 337] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 337] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 337] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 337] write(6, "7", 1) = 1
[pid 337] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 26.752001][ T336] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 26.771303][ T337] FAULT_INJECTION: forcing a failure.
[ 26.771303][ T337] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 26.784414][ T337] CPU: 1 PID: 337 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 26.795767][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 26.805661][ T337] Call Trace:
[ 26.808789][ T337]
[ 26.811563][ T337] dump_stack_lvl+0x151/0x1b7
[ 26.816078][ T337] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 26.821372][ T337] dump_stack+0x15/0x17
[ 26.825363][ T337] should_fail_ex+0x3d0/0x520
[ 26.829879][ T337] should_fail_alloc_page+0x68/0x90
[ 26.834911][ T337] __alloc_pages+0x1f4/0x780
[ 26.839340][ T337] ? prep_new_page+0x110/0x110
[ 26.843941][ T337] ? __this_cpu_preempt_check+0x13/0x20
[ 26.849325][ T337] __folio_alloc+0x15/0x40
[ 26.853575][ T337] wp_page_copy+0x23c/0x1610
[ 26.858003][ T337] ? __switch_to+0x62c/0x1190
[ 26.862515][ T337] ? compat_start_thread+0x20/0x20
[ 26.867462][ T337] ? fault_dirty_shared_page+0x300/0x300
[ 26.872932][ T337] do_wp_page+0xbbf/0xd80
[ 26.877100][ T337] handle_mm_fault+0x15a2/0x2f40
[ 26.881873][ T337] ? numa_migrate_prep+0xe0/0xe0
[ 26.886643][ T337] ? lock_vma_under_rcu+0x47a/0x540
[ 26.891687][ T337] ? __kasan_check_write+0x14/0x20
[ 26.896630][ T337] ? fpregs_restore_userregs+0x130/0x290
[ 26.902095][ T337] exc_page_fault+0x3a6/0x6e0
[ 26.906614][ T337] asm_exc_page_fault+0x27/0x30
[ 26.911293][ T337] RIP: 0033:0x7fab4970b4f0
[ 26.915550][ T337] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 26.934991][ T337] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 26.940893][ T337] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 26.948706][ T337] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid 337] exit_group(0) = ?
[pid 337] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 339 attached
, child_tidptr=0x555557113650) = 339
[pid 339] set_robust_list(0x555557113660, 24) = 0
[pid 339] chdir("./33") = 0
[pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 339] setpgid(0, 0) = 0
[pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 339] write(3, "1000", 4) = 4
[pid 339] close(3) = 0
[pid 339] symlink("/dev/binderfs", "./binderfs") = 0
[pid 339] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 339] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 339] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 339] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 339] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 339] write(6, "7", 1) = 1
[pid 339] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 26.956517][ T337] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 26.964435][ T337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 26.972247][ T337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 26.980148][ T337]
[ 26.983144][ T337] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 27.004669][ T339] FAULT_INJECTION: forcing a failure.
[ 27.004669][ T339] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 27.017811][ T339] CPU: 1 PID: 339 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 27.029166][ T339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 27.039060][ T339] Call Trace:
[ 27.042187][ T339]
[ 27.044961][ T339] dump_stack_lvl+0x151/0x1b7
[ 27.049474][ T339] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 27.054788][ T339] ? __sched_clock_gtod_offset+0x100/0x100
[ 27.060417][ T339] dump_stack+0x15/0x17
[ 27.064404][ T339] should_fail_ex+0x3d0/0x520
[ 27.068917][ T339] should_fail_alloc_page+0x68/0x90
[ 27.073953][ T339] __alloc_pages+0x1f4/0x780
[ 27.078379][ T339] ? prep_new_page+0x110/0x110
[ 27.082979][ T339] ? __this_cpu_preempt_check+0x13/0x20
[ 27.088367][ T339] __folio_alloc+0x15/0x40
[ 27.092616][ T339] wp_page_copy+0x23c/0x1610
[ 27.097045][ T339] ? __switch_to+0x62c/0x1190
[ 27.101553][ T339] ? compat_start_thread+0x20/0x20
[ 27.106509][ T339] ? fault_dirty_shared_page+0x300/0x300
[ 27.111973][ T339] do_wp_page+0xbbf/0xd80
[ 27.116137][ T339] handle_mm_fault+0x15a2/0x2f40
[ 27.120913][ T339] ? numa_migrate_prep+0xe0/0xe0
[ 27.125690][ T339] ? lock_vma_under_rcu+0x47a/0x540
[ 27.130722][ T339] ? __kasan_check_write+0x14/0x20
[ 27.135667][ T339] ? fpregs_restore_userregs+0x130/0x290
[ 27.141136][ T339] exc_page_fault+0x3a6/0x6e0
[ 27.145648][ T339] asm_exc_page_fault+0x27/0x30
[ 27.150368][ T339] RIP: 0033:0x7fab4970b4f0
[ 27.154593][ T339] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 27.174034][ T339] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 27.179936][ T339] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 27.187743][ T339] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 27.195555][ T339] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid 339] exit_group(0) = ?
[pid 339] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 340
./strace-static-x86_64: Process 340 attached
[pid 340] set_robust_list(0x555557113660, 24) = 0
[pid 340] chdir("./34") = 0
[pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 340] setpgid(0, 0) = 0
[pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 340] write(3, "1000", 4) = 4
[pid 340] close(3) = 0
[pid 340] symlink("/dev/binderfs", "./binderfs") = 0
[pid 340] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 340] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 340] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 340] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 340] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 340] write(6, "7", 1) = 1
[pid 340] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 27.203371][ T339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 27.211180][ T339] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 27.218996][ T339]
[ 27.222695][ T339] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 27.243672][ T340] FAULT_INJECTION: forcing a failure.
[ 27.243672][ T340] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 27.256775][ T340] CPU: 1 PID: 340 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 27.268045][ T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 27.277943][ T340] Call Trace:
[ 27.281064][ T340]
[ 27.283843][ T340] dump_stack_lvl+0x151/0x1b7
[ 27.288358][ T340] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 27.293652][ T340] dump_stack+0x15/0x17
[ 27.297643][ T340] should_fail_ex+0x3d0/0x520
[ 27.302157][ T340] should_fail_alloc_page+0x68/0x90
[ 27.307192][ T340] __alloc_pages+0x1f4/0x780
[ 27.311620][ T340] ? prep_new_page+0x110/0x110
[ 27.316236][ T340] ? __this_cpu_preempt_check+0x13/0x20
[ 27.321599][ T340] __folio_alloc+0x15/0x40
[ 27.325854][ T340] wp_page_copy+0x23c/0x1610
[ 27.330283][ T340] ? __switch_to+0x62c/0x1190
[ 27.334815][ T340] ? compat_start_thread+0x20/0x20
[ 27.339743][ T340] ? fault_dirty_shared_page+0x300/0x300
[ 27.345217][ T340] do_wp_page+0xbbf/0xd80
[ 27.349376][ T340] handle_mm_fault+0x15a2/0x2f40
[ 27.354152][ T340] ? numa_migrate_prep+0xe0/0xe0
[ 27.358924][ T340] ? lock_vma_under_rcu+0x47a/0x540
[ 27.363961][ T340] ? __kasan_check_write+0x14/0x20
[ 27.368907][ T340] ? fpregs_restore_userregs+0x130/0x290
[ 27.374375][ T340] exc_page_fault+0x3a6/0x6e0
[ 27.378889][ T340] asm_exc_page_fault+0x27/0x30
[ 27.383580][ T340] RIP: 0033:0x7fab4970b4f0
[ 27.387829][ T340] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 27.407285][ T340] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 27.413176][ T340] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 27.420989][ T340] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 27.428796][ T340] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 27.436726][ T340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 27.444531][ T340] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 27.452346][ T340]
[pid 340] exit_group(0) = ?
[pid 340] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 341
./strace-static-x86_64: Process 341 attached
[pid 341] set_robust_list(0x555557113660, 24) = 0
[pid 341] chdir("./35") = 0
[pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 341] setpgid(0, 0) = 0
[pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 341] write(3, "1000", 4) = 4
[pid 341] close(3) = 0
[pid 341] symlink("/dev/binderfs", "./binderfs") = 0
[pid 341] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 341] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 341] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 341] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 341] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 341] write(6, "7", 1) = 1
[pid 341] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 27.455551][ T340] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 27.474031][ T341] FAULT_INJECTION: forcing a failure.
[ 27.474031][ T341] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 27.487129][ T341] CPU: 0 PID: 341 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 27.498424][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 27.508319][ T341] Call Trace:
[ 27.511443][ T341]
[ 27.514219][ T341] dump_stack_lvl+0x151/0x1b7
[ 27.518733][ T341] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 27.524031][ T341] dump_stack+0x15/0x17
[ 27.528020][ T341] should_fail_ex+0x3d0/0x520
[ 27.532537][ T341] should_fail_alloc_page+0x68/0x90
[ 27.537578][ T341] __alloc_pages+0x1f4/0x780
[ 27.542006][ T341] ? prep_new_page+0x110/0x110
[ 27.546638][ T341] ? __this_cpu_preempt_check+0x13/0x20
[ 27.551977][ T341] __folio_alloc+0x15/0x40
[ 27.556231][ T341] wp_page_copy+0x23c/0x1610
[ 27.560659][ T341] ? __switch_to+0x62c/0x1190
[ 27.565173][ T341] ? compat_start_thread+0x20/0x20
[ 27.570131][ T341] ? fault_dirty_shared_page+0x300/0x300
[ 27.575591][ T341] do_wp_page+0xbbf/0xd80
[ 27.579796][ T341] handle_mm_fault+0x15a2/0x2f40
[ 27.584620][ T341] ? numa_migrate_prep+0xe0/0xe0
[ 27.589387][ T341] ? lock_vma_under_rcu+0x47a/0x540
[ 27.594425][ T341] ? __kasan_check_write+0x14/0x20
[ 27.599380][ T341] ? fpregs_restore_userregs+0x130/0x290
[ 27.604847][ T341] exc_page_fault+0x3a6/0x6e0
[ 27.609355][ T341] asm_exc_page_fault+0x27/0x30
[ 27.614038][ T341] RIP: 0033:0x7fab4970b4f0
[ 27.618292][ T341] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 27.637739][ T341] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 27.643637][ T341] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 27.651451][ T341] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid 341] exit_group(0) = ?
[pid 341] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 342
./strace-static-x86_64: Process 342 attached
[pid 342] set_robust_list(0x555557113660, 24) = 0
[pid 342] chdir("./36") = 0
[pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 342] setpgid(0, 0) = 0
[pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 342] write(3, "1000", 4) = 4
[pid 342] close(3) = 0
[pid 342] symlink("/dev/binderfs", "./binderfs") = 0
[pid 342] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 342] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 342] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 342] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 342] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 342] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 342] write(6, "7", 1) = 1
[pid 342] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 27.659262][ T341] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 27.667176][ T341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 27.674990][ T341] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 27.682816][ T341]
[ 27.686786][ T341] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 27.701507][ T342] FAULT_INJECTION: forcing a failure.
[ 27.701507][ T342] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 27.714666][ T342] CPU: 1 PID: 342 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 27.725999][ T342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 27.735895][ T342] Call Trace:
[ 27.739024][ T342]
[ 27.741801][ T342] dump_stack_lvl+0x151/0x1b7
[ 27.746309][ T342] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 27.751604][ T342] ? yield_to_task_fair+0x190/0x190
[ 27.756637][ T342] dump_stack+0x15/0x17
[ 27.760628][ T342] should_fail_ex+0x3d0/0x520
[ 27.765145][ T342] should_fail_alloc_page+0x68/0x90
[ 27.770179][ T342] __alloc_pages+0x1f4/0x780
[ 27.774604][ T342] ? prep_new_page+0x110/0x110
[ 27.779207][ T342] ? __this_cpu_preempt_check+0x13/0x20
[ 27.784587][ T342] __folio_alloc+0x15/0x40
[ 27.788843][ T342] wp_page_copy+0x23c/0x1610
[ 27.793291][ T342] ? __switch_to+0x62c/0x1190
[ 27.797781][ T342] ? compat_start_thread+0x20/0x20
[ 27.802727][ T342] ? fault_dirty_shared_page+0x300/0x300
[ 27.808195][ T342] ? native_set_ldt+0x130/0x130
[ 27.812890][ T342] do_wp_page+0xbbf/0xd80
[ 27.817050][ T342] handle_mm_fault+0x15a2/0x2f40
[ 27.821828][ T342] ? numa_migrate_prep+0xe0/0xe0
[ 27.826946][ T342] ? lock_vma_under_rcu+0x47a/0x540
[ 27.831981][ T342] ? __kasan_check_write+0x14/0x20
[ 27.836928][ T342] ? fpregs_restore_userregs+0x130/0x290
[ 27.842397][ T342] exc_page_fault+0x3a6/0x6e0
[ 27.846910][ T342] asm_exc_page_fault+0x27/0x30
[ 27.851595][ T342] RIP: 0033:0x7fab4970b4f0
[ 27.855852][ T342] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 27.875296][ T342] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 27.881194][ T342] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 27.889006][ T342] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 27.896819][ T342] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 27.904631][ T342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid 342] exit_group(0) = ?
[pid 342] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 343
./strace-static-x86_64: Process 343 attached
[pid 343] set_robust_list(0x555557113660, 24) = 0
[pid 343] chdir("./37") = 0
[pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 343] setpgid(0, 0) = 0
[pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 343] write(3, "1000", 4) = 4
[pid 343] close(3) = 0
[pid 343] symlink("/dev/binderfs", "./binderfs") = 0
[pid 343] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 343] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 343] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 343] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 343] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 343] write(6, "7", 1) = 1
[pid 343] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 27.912441][ T342] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 27.920258][ T342]
[ 27.923190][ T342] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 27.925345][ T28] audit: type=1400 audit(1694984490.680:73): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 27.942073][ T343] FAULT_INJECTION: forcing a failure.
[ 27.942073][ T343] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 27.953222][ T28] audit: type=1400 audit(1694984490.680:74): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 27.965647][ T343] CPU: 1 PID: 343 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 27.998549][ T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 28.008450][ T343] Call Trace:
[ 28.011568][ T343]
[ 28.014342][ T343] dump_stack_lvl+0x151/0x1b7
[ 28.018857][ T343] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 28.024151][ T343] ? yield_to_task_fair+0x190/0x190
[ 28.029227][ T343] dump_stack+0x15/0x17
[ 28.033178][ T343] should_fail_ex+0x3d0/0x520
[ 28.037691][ T343] should_fail_alloc_page+0x68/0x90
[ 28.042726][ T343] __alloc_pages+0x1f4/0x780
[ 28.047155][ T343] ? prep_new_page+0x110/0x110
[ 28.051752][ T343] ? __this_cpu_preempt_check+0x13/0x20
[ 28.057135][ T343] __folio_alloc+0x15/0x40
[ 28.061386][ T343] wp_page_copy+0x23c/0x1610
[ 28.065815][ T343] ? __switch_to+0x62c/0x1190
[ 28.070328][ T343] ? compat_start_thread+0x20/0x20
[ 28.075278][ T343] ? fault_dirty_shared_page+0x300/0x300
[ 28.080743][ T343] ? native_set_ldt+0x130/0x130
[ 28.085433][ T343] do_wp_page+0xbbf/0xd80
[ 28.089601][ T343] handle_mm_fault+0x15a2/0x2f40
[ 28.094372][ T343] ? numa_migrate_prep+0xe0/0xe0
[ 28.099144][ T343] ? lock_vma_under_rcu+0x47a/0x540
[ 28.104181][ T343] ? __kasan_check_write+0x14/0x20
[ 28.109126][ T343] ? fpregs_restore_userregs+0x130/0x290
[ 28.114594][ T343] exc_page_fault+0x3a6/0x6e0
[ 28.119111][ T343] asm_exc_page_fault+0x27/0x30
[ 28.123794][ T343] RIP: 0033:0x7fab4970b4f0
[ 28.128054][ T343] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 28.147492][ T343] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 28.153395][ T343] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid 343] exit_group(0) = ?
[pid 343] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 345
./strace-static-x86_64: Process 345 attached
[pid 345] set_robust_list(0x555557113660, 24) = 0
[pid 345] chdir("./38") = 0
[pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 345] setpgid(0, 0) = 0
[pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 345] write(3, "1000", 4) = 4
[pid 345] close(3) = 0
[pid 345] symlink("/dev/binderfs", "./binderfs") = 0
[pid 345] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 345] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 345] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 345] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 345] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 345] write(6, "7", 1) = 1
[pid 345] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 28.161208][ T343] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 28.169018][ T343] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 28.176828][ T343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 28.184642][ T343] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 28.192462][ T343]
[ 28.195877][ T343] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 28.212824][ T345] FAULT_INJECTION: forcing a failure.
[ 28.212824][ T345] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 28.226025][ T345] CPU: 0 PID: 345 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 28.237357][ T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 28.247250][ T345] Call Trace:
[ 28.250380][ T345]
[ 28.253152][ T345] dump_stack_lvl+0x151/0x1b7
[ 28.257667][ T345] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 28.262961][ T345] ? yield_to_task_fair+0x190/0x190
[ 28.268002][ T345] dump_stack+0x15/0x17
[ 28.271993][ T345] should_fail_ex+0x3d0/0x520
[ 28.276505][ T345] should_fail_alloc_page+0x68/0x90
[ 28.281544][ T345] __alloc_pages+0x1f4/0x780
[ 28.285963][ T345] ? prep_new_page+0x110/0x110
[ 28.290563][ T345] ? __this_cpu_preempt_check+0x13/0x20
[ 28.295943][ T345] __folio_alloc+0x15/0x40
[ 28.300209][ T345] wp_page_copy+0x23c/0x1610
[ 28.304623][ T345] ? __switch_to+0x62c/0x1190
[ 28.309136][ T345] ? compat_start_thread+0x20/0x20
[ 28.314082][ T345] ? fault_dirty_shared_page+0x300/0x300
[ 28.319552][ T345] ? native_set_ldt+0x130/0x130
[ 28.324240][ T345] do_wp_page+0xbbf/0xd80
[ 28.328408][ T345] handle_mm_fault+0x15a2/0x2f40
[ 28.333182][ T345] ? numa_migrate_prep+0xe0/0xe0
[ 28.337955][ T345] ? lock_vma_under_rcu+0x47a/0x540
[ 28.342990][ T345] ? __kasan_check_write+0x14/0x20
[ 28.347938][ T345] ? fpregs_restore_userregs+0x130/0x290
[ 28.353410][ T345] exc_page_fault+0x3a6/0x6e0
[ 28.357919][ T345] asm_exc_page_fault+0x27/0x30
[ 28.362604][ T345] RIP: 0033:0x7fab4970b4f0
[ 28.366863][ T345] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 28.386300][ T345] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 28.392204][ T345] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 28.400014][ T345] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 28.407827][ T345] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid 345] exit_group(0) = ?
[pid 345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 346
./strace-static-x86_64: Process 346 attached
[pid 346] set_robust_list(0x555557113660, 24) = 0
[pid 346] chdir("./39") = 0
[pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 346] setpgid(0, 0) = 0
[pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 346] write(3, "1000", 4) = 4
[pid 346] close(3) = 0
[pid 346] symlink("/dev/binderfs", "./binderfs") = 0
[pid 346] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 346] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 346] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 346] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 346] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 346] write(6, "7", 1) = 1
[pid 346] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 28.415639][ T345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 28.423462][ T345] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 28.431267][ T345]
[ 28.434316][ T345] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 28.451800][ T346] FAULT_INJECTION: forcing a failure.
[ 28.451800][ T346] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 28.464890][ T346] CPU: 0 PID: 346 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 28.476180][ T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 28.486078][ T346] Call Trace:
[ 28.489202][ T346]
[ 28.491982][ T346] dump_stack_lvl+0x151/0x1b7
[ 28.496493][ T346] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 28.501786][ T346] ? __sched_clock_gtod_offset+0x100/0x100
[ 28.507428][ T346] dump_stack+0x15/0x17
[ 28.511425][ T346] should_fail_ex+0x3d0/0x520
[ 28.515938][ T346] should_fail_alloc_page+0x68/0x90
[ 28.520973][ T346] __alloc_pages+0x1f4/0x780
[ 28.525397][ T346] ? prep_new_page+0x110/0x110
[ 28.529997][ T346] ? __this_cpu_preempt_check+0x13/0x20
[ 28.535384][ T346] __folio_alloc+0x15/0x40
[ 28.539632][ T346] wp_page_copy+0x23c/0x1610
[ 28.544058][ T346] ? __switch_to+0x62c/0x1190
[ 28.548572][ T346] ? compat_start_thread+0x20/0x20
[ 28.553518][ T346] ? fault_dirty_shared_page+0x300/0x300
[ 28.558986][ T346] ? native_set_ldt+0x130/0x130
[ 28.563676][ T346] do_wp_page+0xbbf/0xd80
[ 28.567848][ T346] handle_mm_fault+0x15a2/0x2f40
[ 28.572623][ T346] ? numa_migrate_prep+0xe0/0xe0
[ 28.577389][ T346] ? lock_vma_under_rcu+0x47a/0x540
[ 28.582426][ T346] exc_page_fault+0x3a6/0x6e0
[ 28.586943][ T346] asm_exc_page_fault+0x27/0x30
[ 28.591622][ T346] RIP: 0033:0x7fab4970b4f0
[ 28.595876][ T346] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 28.615319][ T346] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 28.621220][ T346] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 28.629036][ T346] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 28.636851][ T346] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 28.644656][ T346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 28.652472][ T346] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 28.660282][ T346]
[pid 346] exit_group(0) = ?
[pid 346] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 347
./strace-static-x86_64: Process 347 attached
[pid 347] set_robust_list(0x555557113660, 24) = 0
[pid 347] chdir("./40") = 0
[pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 347] setpgid(0, 0) = 0
[pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 347] write(3, "1000", 4) = 4
[pid 347] close(3) = 0
[pid 347] symlink("/dev/binderfs", "./binderfs") = 0
[pid 347] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 347] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 347] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 347] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 347] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 347] write(6, "7", 1) = 1
[pid 347] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 28.663208][ T346] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 28.683022][ T347] FAULT_INJECTION: forcing a failure.
[ 28.683022][ T347] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 28.696179][ T347] CPU: 1 PID: 347 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 28.707536][ T347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 28.717431][ T347] Call Trace:
[ 28.720555][ T347]
[ 28.723332][ T347] dump_stack_lvl+0x151/0x1b7
[ 28.727847][ T347] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 28.733143][ T347] ? __sched_clock_gtod_offset+0x100/0x100
[ 28.738783][ T347] dump_stack+0x15/0x17
[ 28.742774][ T347] should_fail_ex+0x3d0/0x520
[ 28.747293][ T347] should_fail_alloc_page+0x68/0x90
[ 28.752326][ T347] __alloc_pages+0x1f4/0x780
[ 28.756756][ T347] ? prep_new_page+0x110/0x110
[ 28.761353][ T347] ? __this_cpu_preempt_check+0x13/0x20
[ 28.766735][ T347] __folio_alloc+0x15/0x40
[ 28.770986][ T347] wp_page_copy+0x23c/0x1610
[ 28.775413][ T347] ? __switch_to+0x62c/0x1190
[ 28.779929][ T347] ? compat_start_thread+0x20/0x20
[ 28.784962][ T347] ? fault_dirty_shared_page+0x300/0x300
[ 28.790436][ T347] do_wp_page+0xbbf/0xd80
[ 28.794597][ T347] handle_mm_fault+0x15a2/0x2f40
[ 28.799375][ T347] ? numa_migrate_prep+0xe0/0xe0
[ 28.804144][ T347] ? lock_vma_under_rcu+0x47a/0x540
[ 28.809182][ T347] ? __kasan_check_write+0x14/0x20
[ 28.814126][ T347] ? fpregs_restore_userregs+0x130/0x290
[ 28.819596][ T347] exc_page_fault+0x3a6/0x6e0
[ 28.824112][ T347] asm_exc_page_fault+0x27/0x30
[ 28.828793][ T347] RIP: 0033:0x7fab4970b4f0
[ 28.833050][ T347] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 28.852489][ T347] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 28.858400][ T347] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid 347] exit_group(0) = ?
[pid 347] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 348
./strace-static-x86_64: Process 348 attached
[pid 348] set_robust_list(0x555557113660, 24) = 0
[pid 348] chdir("./41") = 0
[pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 348] setpgid(0, 0) = 0
[pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 348] write(3, "1000", 4) = 4
[pid 348] close(3) = 0
[pid 348] symlink("/dev/binderfs", "./binderfs") = 0
[pid 348] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 348] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 348] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 348] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 348] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 348] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 348] write(6, "7", 1) = 1
[pid 348] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 348] exit_group(0) = ?
[pid 348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 349
./strace-static-x86_64: Process 349 attached
[pid 349] set_robust_list(0x555557113660, 24) = 0
[pid 349] chdir("./42") = 0
[pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 349] setpgid(0, 0) = 0
[pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 349] write(3, "1000", 4) = 4
[pid 349] close(3) = 0
[pid 349] symlink("/dev/binderfs", "./binderfs") = 0
[pid 349] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 349] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 349] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 349] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 349] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 349] write(6, "7", 1) = 1
[pid 349] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 349] exit_group(0) = ?
[pid 349] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 350 attached
[pid 350] set_robust_list(0x555557113660, 24) = 0
[pid 350] chdir("./43") = 0
[pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 350] setpgid(0, 0) = 0
[pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 350] write(3, "1000", 4) = 4
[pid 350] close(3) = 0
[pid 350] symlink("/dev/binderfs", "./binderfs") = 0
[pid 295] <... clone resumed>, child_tidptr=0x555557113650) = 350
[pid 350] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 350] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 350] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 350] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 350] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 350] write(6, "7", 1) = 1
[pid 350] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 350] exit_group(0) = ?
[pid 350] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 351
./strace-static-x86_64: Process 351 attached
[pid 351] set_robust_list(0x555557113660, 24) = 0
[pid 351] chdir("./44") = 0
[pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 351] setpgid(0, 0) = 0
[pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 351] write(3, "1000", 4) = 4
[pid 351] close(3) = 0
[pid 351] symlink("/dev/binderfs", "./binderfs") = 0
[pid 351] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 351] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 351] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 351] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 351] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 351] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 351] write(6, "7", 1) = 1
[pid 351] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 351] exit_group(0) = ?
[pid 351] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 28.866206][ T347] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 28.874015][ T347] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 28.881827][ T347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 28.889639][ T347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 28.897627][ T347]
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 352
./strace-static-x86_64: Process 352 attached
[pid 352] set_robust_list(0x555557113660, 24) = 0
[pid 352] chdir("./45") = 0
[pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 352] setpgid(0, 0) = 0
[pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 352] write(3, "1000", 4) = 4
[pid 352] close(3) = 0
[pid 352] symlink("/dev/binderfs", "./binderfs") = 0
[pid 352] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 352] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 352] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 352] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 352] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 352] write(6, "7", 1) = 1
[pid 352] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 28.954317][ T352] FAULT_INJECTION: forcing a failure.
[ 28.954317][ T352] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 28.967437][ T352] CPU: 1 PID: 352 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 28.978705][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 28.988600][ T352] Call Trace:
[ 28.991723][ T352]
[ 28.994510][ T352] dump_stack_lvl+0x151/0x1b7
[ 28.999017][ T352] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 29.004310][ T352] ? yield_to_task_fair+0x190/0x190
[ 29.009354][ T352] dump_stack+0x15/0x17
[ 29.013431][ T352] should_fail_ex+0x3d0/0x520
[ 29.017944][ T352] should_fail_alloc_page+0x68/0x90
[ 29.022976][ T352] __alloc_pages+0x1f4/0x780
[ 29.027406][ T352] ? prep_new_page+0x110/0x110
[ 29.032007][ T352] __folio_alloc+0x15/0x40
[ 29.036265][ T352] wp_page_copy+0x23c/0x1610
[ 29.040684][ T352] ? __switch_to+0x62c/0x1190
[ 29.045201][ T352] ? compat_start_thread+0x20/0x20
[ 29.050149][ T352] ? fault_dirty_shared_page+0x300/0x300
[ 29.055614][ T352] ? __kasan_check_write+0x14/0x20
[ 29.060565][ T352] do_wp_page+0xbbf/0xd80
[ 29.064736][ T352] handle_mm_fault+0x15a2/0x2f40
[ 29.069511][ T352] ? numa_migrate_prep+0xe0/0xe0
[ 29.074282][ T352] ? lock_vma_under_rcu+0x47a/0x540
[ 29.079313][ T352] ? __kasan_check_write+0x14/0x20
[ 29.084257][ T352] ? fpregs_restore_userregs+0x130/0x290
[ 29.089828][ T352] exc_page_fault+0x3a6/0x6e0
[ 29.094244][ T352] asm_exc_page_fault+0x27/0x30
[ 29.098933][ T352] RIP: 0033:0x7fab4970b4f0
[ 29.103182][ T352] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 29.122626][ T352] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 29.128531][ T352] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 29.136350][ T352] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 29.144149][ T352] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid 352] exit_group(0) = ?
[pid 352] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 354
./strace-static-x86_64: Process 354 attached
[pid 354] set_robust_list(0x555557113660, 24) = 0
[pid 354] chdir("./46") = 0
[pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 354] setpgid(0, 0) = 0
[pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 354] write(3, "1000", 4) = 4
[pid 354] close(3) = 0
[pid 354] symlink("/dev/binderfs", "./binderfs") = 0
[pid 354] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 354] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 354] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 354] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 354] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 354] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 354] write(6, "7", 1) = 1
[pid 354] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 29.151962][ T352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 29.159776][ T352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 29.167599][ T352]
[ 29.184893][ T354] FAULT_INJECTION: forcing a failure.
[ 29.184893][ T354] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 29.198304][ T354] CPU: 0 PID: 354 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 29.209658][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 29.219562][ T354] Call Trace:
[ 29.222687][ T354]
[ 29.225475][ T354] dump_stack_lvl+0x151/0x1b7
[ 29.229971][ T354] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 29.235265][ T354] ? __sched_clock_gtod_offset+0x100/0x100
[ 29.240905][ T354] dump_stack+0x15/0x17
[ 29.244898][ T354] should_fail_ex+0x3d0/0x520
[ 29.249418][ T354] should_fail_alloc_page+0x68/0x90
[ 29.254445][ T354] __alloc_pages+0x1f4/0x780
[ 29.258878][ T354] ? prep_new_page+0x110/0x110
[ 29.263481][ T354] ? __this_cpu_preempt_check+0x13/0x20
[ 29.268853][ T354] __folio_alloc+0x15/0x40
[ 29.273891][ T354] wp_page_copy+0x23c/0x1610
[ 29.278406][ T354] ? __switch_to+0x62c/0x1190
[ 29.282921][ T354] ? compat_start_thread+0x20/0x20
[ 29.287872][ T354] ? fault_dirty_shared_page+0x300/0x300
[ 29.293345][ T354] do_wp_page+0xbbf/0xd80
[ 29.297526][ T354] handle_mm_fault+0x15a2/0x2f40
[ 29.302274][ T354] ? numa_migrate_prep+0xe0/0xe0
[ 29.307134][ T354] ? lock_vma_under_rcu+0x47a/0x540
[ 29.312169][ T354] ? __kasan_check_write+0x14/0x20
[ 29.317116][ T354] ? fpregs_restore_userregs+0x130/0x290
[ 29.322583][ T354] exc_page_fault+0x3a6/0x6e0
[ 29.327103][ T354] asm_exc_page_fault+0x27/0x30
[ 29.331784][ T354] RIP: 0033:0x7fab4970b4f0
[ 29.336040][ T354] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[pid 354] exit_group(0) = ?
[pid 354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 355
./strace-static-x86_64: Process 355 attached
[pid 355] set_robust_list(0x555557113660, 24) = 0
[pid 355] chdir("./47") = 0
[pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 355] setpgid(0, 0) = 0
[pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 355] write(3, "1000", 4) = 4
[pid 355] close(3) = 0
[pid 355] symlink("/dev/binderfs", "./binderfs") = 0
[pid 355] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 355] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 355] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 355] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 355] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 355] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 355] write(6, "7", 1) = 1
[pid 355] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 29.355479][ T354] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 29.361380][ T354] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 29.369192][ T354] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 29.377008][ T354] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 29.384822][ T354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 29.392630][ T354] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 29.400444][ T354]
[ 29.413372][ T355] FAULT_INJECTION: forcing a failure.
[ 29.413372][ T355] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 29.426428][ T355] CPU: 1 PID: 355 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 29.437755][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 29.447654][ T355] Call Trace:
[ 29.450773][ T355]
[ 29.453549][ T355] dump_stack_lvl+0x151/0x1b7
[ 29.458069][ T355] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 29.463360][ T355] ? yield_to_task_fair+0x190/0x190
[ 29.468399][ T355] dump_stack+0x15/0x17
[ 29.472389][ T355] should_fail_ex+0x3d0/0x520
[ 29.476908][ T355] should_fail_alloc_page+0x68/0x90
[ 29.481938][ T355] __alloc_pages+0x1f4/0x780
[ 29.486468][ T355] ? prep_new_page+0x110/0x110
[ 29.491065][ T355] ? __this_cpu_preempt_check+0x13/0x20
[ 29.496445][ T355] __folio_alloc+0x15/0x40
[ 29.500699][ T355] wp_page_copy+0x23c/0x1610
[ 29.505125][ T355] ? __switch_to+0x62c/0x1190
[ 29.509638][ T355] ? compat_start_thread+0x20/0x20
[ 29.514588][ T355] ? fault_dirty_shared_page+0x300/0x300
[ 29.520056][ T355] ? native_set_ldt+0x130/0x130
[ 29.524742][ T355] do_wp_page+0xbbf/0xd80
[ 29.528914][ T355] handle_mm_fault+0x15a2/0x2f40
[ 29.533856][ T355] ? numa_migrate_prep+0xe0/0xe0
[ 29.538628][ T355] ? lock_vma_under_rcu+0x47a/0x540
[ 29.543662][ T355] ? __kasan_check_write+0x14/0x20
[ 29.548616][ T355] ? fpregs_restore_userregs+0x130/0x290
[ 29.554080][ T355] exc_page_fault+0x3a6/0x6e0
[ 29.558594][ T355] asm_exc_page_fault+0x27/0x30
[ 29.563280][ T355] RIP: 0033:0x7fab4970b4f0
[ 29.567534][ T355] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 29.586980][ T355] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 29.592881][ T355] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 29.600692][ T355] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid 355] exit_group(0) = ?
[pid 355] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 356 attached
, child_tidptr=0x555557113650) = 356
[pid 356] set_robust_list(0x555557113660, 24) = 0
[pid 356] chdir("./48") = 0
[pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 356] setpgid(0, 0) = 0
[pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 356] write(3, "1000", 4) = 4
[pid 356] close(3) = 0
[pid 356] symlink("/dev/binderfs", "./binderfs") = 0
[pid 356] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 356] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 356] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 356] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 356] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 356] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 356] write(6, "7", 1) = 1
[pid 356] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 29.608503][ T355] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 29.616316][ T355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 29.624127][ T355] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 29.631951][ T355]
[ 29.648243][ T356] FAULT_INJECTION: forcing a failure.
[ 29.648243][ T356] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 29.661420][ T356] CPU: 1 PID: 356 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 29.672796][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 29.682691][ T356] Call Trace:
[ 29.685816][ T356]
[ 29.688593][ T356] dump_stack_lvl+0x151/0x1b7
[ 29.693104][ T356] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 29.698399][ T356] ? yield_to_task_fair+0x190/0x190
[ 29.703436][ T356] dump_stack+0x15/0x17
[ 29.707426][ T356] should_fail_ex+0x3d0/0x520
[ 29.711942][ T356] should_fail_alloc_page+0x68/0x90
[ 29.716976][ T356] __alloc_pages+0x1f4/0x780
[ 29.721401][ T356] ? prep_new_page+0x110/0x110
[ 29.726003][ T356] ? __this_cpu_preempt_check+0x13/0x20
[ 29.731382][ T356] __folio_alloc+0x15/0x40
[ 29.735635][ T356] wp_page_copy+0x23c/0x1610
[ 29.740063][ T356] ? __switch_to+0x62c/0x1190
[ 29.744580][ T356] ? compat_start_thread+0x20/0x20
[ 29.749524][ T356] ? fault_dirty_shared_page+0x300/0x300
[ 29.754996][ T356] ? native_set_ldt+0x130/0x130
[ 29.759683][ T356] do_wp_page+0xbbf/0xd80
[ 29.763851][ T356] handle_mm_fault+0x15a2/0x2f40
[ 29.768623][ T356] ? numa_migrate_prep+0xe0/0xe0
[ 29.773507][ T356] ? lock_vma_under_rcu+0x47a/0x540
[ 29.778537][ T356] ? __kasan_check_write+0x14/0x20
[ 29.783481][ T356] ? fpregs_restore_userregs+0x130/0x290
[ 29.788951][ T356] exc_page_fault+0x3a6/0x6e0
[ 29.793463][ T356] asm_exc_page_fault+0x27/0x30
[ 29.798151][ T356] RIP: 0033:0x7fab4970b4f0
[ 29.802406][ T356] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 29.821846][ T356] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 29.827748][ T356] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 29.835561][ T356] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 29.843372][ T356] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 29.851189][ T356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid 356] exit_group(0) = ?
[pid 356] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 357
./strace-static-x86_64: Process 357 attached
[pid 357] set_robust_list(0x555557113660, 24) = 0
[pid 357] chdir("./49") = 0
[pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 357] setpgid(0, 0) = 0
[pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 357] write(3, "1000", 4) = 4
[pid 357] close(3) = 0
[pid 357] symlink("/dev/binderfs", "./binderfs") = 0
[pid 357] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 357] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 357] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 357] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 357] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 357] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 357] write(6, "7", 1) = 1
[pid 357] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 357] exit_group(0) = ?
[pid 357] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 358
./strace-static-x86_64: Process 358 attached
[pid 358] set_robust_list(0x555557113660, 24) = 0
[pid 358] chdir("./50") = 0
[pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 358] setpgid(0, 0) = 0
[pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 358] write(3, "1000", 4) = 4
[pid 358] close(3) = 0
[pid 358] symlink("/dev/binderfs", "./binderfs") = 0
[pid 358] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 358] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 358] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 358] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 358] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 358] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 358] write(6, "7", 1) = 1
[pid 358] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 29.858998][ T356] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 29.866815][ T356]
[ 29.893787][ T358] FAULT_INJECTION: forcing a failure.
[ 29.893787][ T358] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 29.907140][ T358] CPU: 0 PID: 358 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 29.918495][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 29.928368][ T358] Call Trace:
[ 29.931491][ T358]
[ 29.934269][ T358] dump_stack_lvl+0x151/0x1b7
[ 29.938786][ T358] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 29.944165][ T358] ? __sched_clock_gtod_offset+0x100/0x100
[ 29.949805][ T358] dump_stack+0x15/0x17
[ 29.953799][ T358] should_fail_ex+0x3d0/0x520
[ 29.958315][ T358] should_fail_alloc_page+0x68/0x90
[ 29.963352][ T358] __alloc_pages+0x1f4/0x780
[ 29.967774][ T358] ? prep_new_page+0x110/0x110
[ 29.972388][ T358] ? __this_cpu_preempt_check+0x13/0x20
[ 29.977761][ T358] __folio_alloc+0x15/0x40
[ 29.982009][ T358] wp_page_copy+0x23c/0x1610
[ 29.986434][ T358] ? __switch_to+0x62c/0x1190
[ 29.990952][ T358] ? compat_start_thread+0x20/0x20
[ 29.995894][ T358] ? fault_dirty_shared_page+0x300/0x300
[ 30.001365][ T358] do_wp_page+0xbbf/0xd80
[ 30.005531][ T358] handle_mm_fault+0x15a2/0x2f40
[ 30.010312][ T358] ? numa_migrate_prep+0xe0/0xe0
[ 30.015083][ T358] ? lock_vma_under_rcu+0x47a/0x540
[ 30.020114][ T358] ? __kasan_check_write+0x14/0x20
[ 30.025061][ T358] ? fpregs_restore_userregs+0x130/0x290
[ 30.030530][ T358] exc_page_fault+0x3a6/0x6e0
[ 30.035043][ T358] asm_exc_page_fault+0x27/0x30
[ 30.039732][ T358] RIP: 0033:0x7fab4970b4f0
[ 30.044000][ T358] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 30.063427][ T358] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 30.069328][ T358] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 30.077138][ T358] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 30.084951][ T358] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid 358] exit_group(0) = ?
[pid 358] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 360
./strace-static-x86_64: Process 360 attached
[pid 360] set_robust_list(0x555557113660, 24) = 0
[pid 360] chdir("./51") = 0
[pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 360] setpgid(0, 0) = 0
[pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 360] write(3, "1000", 4) = 4
[pid 360] close(3) = 0
[pid 360] symlink("/dev/binderfs", "./binderfs") = 0
[pid 360] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 360] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 360] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 360] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 360] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 360] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 360] write(6, "7", 1) = 1
[pid 360] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 30.092762][ T358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 30.100576][ T358] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 30.108397][ T358]
[ 30.123396][ T360] FAULT_INJECTION: forcing a failure.
[ 30.123396][ T360] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 30.136494][ T360] CPU: 1 PID: 360 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 30.147764][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 30.157659][ T360] Call Trace:
[ 30.160785][ T360]
[ 30.163575][ T360] dump_stack_lvl+0x151/0x1b7
[ 30.168078][ T360] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 30.173369][ T360] ? __sched_clock_gtod_offset+0x100/0x100
[ 30.179013][ T360] dump_stack+0x15/0x17
[ 30.183004][ T360] should_fail_ex+0x3d0/0x520
[ 30.187521][ T360] should_fail_alloc_page+0x68/0x90
[ 30.192556][ T360] __alloc_pages+0x1f4/0x780
[ 30.196989][ T360] ? prep_new_page+0x110/0x110
[ 30.201581][ T360] ? __this_cpu_preempt_check+0x13/0x20
[ 30.206961][ T360] __folio_alloc+0x15/0x40
[ 30.211216][ T360] wp_page_copy+0x23c/0x1610
[ 30.215643][ T360] ? __switch_to+0x62c/0x1190
[ 30.220158][ T360] ? compat_start_thread+0x20/0x20
[ 30.225103][ T360] ? fault_dirty_shared_page+0x300/0x300
[ 30.230580][ T360] do_wp_page+0xbbf/0xd80
[ 30.234738][ T360] handle_mm_fault+0x15a2/0x2f40
[ 30.239519][ T360] ? numa_migrate_prep+0xe0/0xe0
[ 30.244286][ T360] ? lock_vma_under_rcu+0x47a/0x540
[ 30.249320][ T360] ? __kasan_check_write+0x14/0x20
[ 30.254267][ T360] ? fpregs_restore_userregs+0x130/0x290
[ 30.259737][ T360] exc_page_fault+0x3a6/0x6e0
[ 30.264248][ T360] asm_exc_page_fault+0x27/0x30
[ 30.268935][ T360] RIP: 0033:0x7fab4970b4f0
[ 30.273194][ T360] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[pid 360] exit_group(0) = ?
[pid 360] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 361
./strace-static-x86_64: Process 361 attached
[pid 361] set_robust_list(0x555557113660, 24) = 0
[pid 361] chdir("./52") = 0
[pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 361] setpgid(0, 0) = 0
[pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 361] write(3, "1000", 4) = 4
[pid 361] close(3) = 0
[pid 361] symlink("/dev/binderfs", "./binderfs") = 0
[pid 361] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 361] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 361] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 361] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 361] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 361] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 361] write(6, "7", 1) = 1
[pid 361] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 30.292639][ T360] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 30.298535][ T360] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 30.306348][ T360] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 30.314158][ T360] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 30.321970][ T360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 30.329781][ T360] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 30.337602][ T360]
[ 30.351058][ T361] FAULT_INJECTION: forcing a failure.
[ 30.351058][ T361] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 30.364137][ T361] CPU: 1 PID: 361 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 30.375428][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 30.385326][ T361] Call Trace:
[ 30.388450][ T361]
[ 30.391230][ T361] dump_stack_lvl+0x151/0x1b7
[ 30.395768][ T361] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 30.401036][ T361] ? yield_to_task_fair+0x190/0x190
[ 30.406071][ T361] dump_stack+0x15/0x17
[ 30.410064][ T361] should_fail_ex+0x3d0/0x520
[ 30.414576][ T361] should_fail_alloc_page+0x68/0x90
[ 30.419617][ T361] __alloc_pages+0x1f4/0x780
[ 30.424045][ T361] ? prep_new_page+0x110/0x110
[ 30.428641][ T361] ? __this_cpu_preempt_check+0x13/0x20
[ 30.434021][ T361] __folio_alloc+0x15/0x40
[ 30.438270][ T361] wp_page_copy+0x23c/0x1610
[ 30.442701][ T361] ? __switch_to+0x62c/0x1190
[ 30.447211][ T361] ? compat_start_thread+0x20/0x20
[ 30.452159][ T361] ? fault_dirty_shared_page+0x300/0x300
[ 30.457628][ T361] ? native_set_ldt+0x130/0x130
[ 30.462338][ T361] do_wp_page+0xbbf/0xd80
[ 30.466485][ T361] handle_mm_fault+0x15a2/0x2f40
[ 30.471258][ T361] ? numa_migrate_prep+0xe0/0xe0
[ 30.476028][ T361] ? lock_vma_under_rcu+0x47a/0x540
[ 30.481071][ T361] ? __kasan_check_write+0x14/0x20
[ 30.486011][ T361] ? fpregs_restore_userregs+0x130/0x290
[ 30.491479][ T361] exc_page_fault+0x3a6/0x6e0
[ 30.495993][ T361] asm_exc_page_fault+0x27/0x30
[ 30.500681][ T361] RIP: 0033:0x7fab4970b4f0
[ 30.504934][ T361] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 30.524376][ T361] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 30.530283][ T361] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 30.538089][ T361] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid 361] exit_group(0) = ?
[pid 361] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 362
./strace-static-x86_64: Process 362 attached
[pid 362] set_robust_list(0x555557113660, 24) = 0
[pid 362] chdir("./53") = 0
[pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 362] setpgid(0, 0) = 0
[pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 362] write(3, "1000", 4) = 4
[pid 362] close(3) = 0
[pid 362] symlink("/dev/binderfs", "./binderfs") = 0
[pid 362] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 362] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 362] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 362] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 362] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 362] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 362] write(6, "7", 1) = 1
[pid 362] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 362] exit_group(0) = ?
[pid 362] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs") = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 363
./strace-static-x86_64: Process 363 attached
[pid 363] set_robust_list(0x555557113660, 24) = 0
[pid 363] chdir("./54") = 0
[pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 363] setpgid(0, 0) = 0
[pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 363] write(3, "1000", 4) = 4
[pid 363] close(3) = 0
[pid 363] symlink("/dev/binderfs", "./binderfs") = 0
[pid 363] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 363] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 363] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 363] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 363] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 363] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 363] write(6, "7", 1) = 1
[pid 363] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 30.545901][ T361] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 30.553714][ T361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 30.561524][ T361] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 30.569343][ T361]
[ 30.593568][ T363] FAULT_INJECTION: forcing a failure.
[ 30.593568][ T363] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 30.606762][ T363] CPU: 0 PID: 363 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 30.618143][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 30.628049][ T363] Call Trace:
[ 30.631162][ T363]
[ 30.633941][ T363] dump_stack_lvl+0x151/0x1b7
[ 30.638454][ T363] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 30.643749][ T363] ? yield_to_task_fair+0x190/0x190
[ 30.648786][ T363] dump_stack+0x15/0x17
[ 30.652780][ T363] should_fail_ex+0x3d0/0x520
[ 30.657289][ T363] should_fail_alloc_page+0x68/0x90
[ 30.662322][ T363] __alloc_pages+0x1f4/0x780
[ 30.666752][ T363] ? prep_new_page+0x110/0x110
[ 30.671358][ T363] ? __this_cpu_preempt_check+0x13/0x20
[ 30.676735][ T363] __folio_alloc+0x15/0x40
[ 30.681082][ T363] wp_page_copy+0x23c/0x1610
[ 30.685505][ T363] ? __switch_to+0x62c/0x1190
[ 30.690015][ T363] ? compat_start_thread+0x20/0x20
[ 30.694961][ T363] ? fault_dirty_shared_page+0x300/0x300
[ 30.700431][ T363] ? native_set_ldt+0x130/0x130
[ 30.705115][ T363] do_wp_page+0xbbf/0xd80
[ 30.709284][ T363] handle_mm_fault+0x15a2/0x2f40
[ 30.714058][ T363] ? numa_migrate_prep+0xe0/0xe0
[ 30.718872][ T363] ? lock_vma_under_rcu+0x47a/0x540
[ 30.723869][ T363] ? __kasan_check_write+0x14/0x20
[ 30.728812][ T363] ? fpregs_restore_userregs+0x130/0x290
[ 30.734282][ T363] exc_page_fault+0x3a6/0x6e0
[ 30.738806][ T363] asm_exc_page_fault+0x27/0x30
[ 30.743484][ T363] RIP: 0033:0x7fab4970b4f0
[ 30.747734][ T363] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 30.767267][ T363] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 30.773165][ T363] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 30.780978][ T363] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid 363] exit_group(0) = ?
[pid 363] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs") = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 364 attached
, child_tidptr=0x555557113650) = 364
[pid 364] set_robust_list(0x555557113660, 24) = 0
[pid 364] chdir("./55") = 0
[pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 364] setpgid(0, 0) = 0
[pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 364] write(3, "1000", 4) = 4
[pid 364] close(3) = 0
[pid 364] symlink("/dev/binderfs", "./binderfs") = 0
[pid 364] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 364] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 364] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 364] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 364] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 364] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 364] write(6, "7", 1) = 1
[ 30.788789][ T363] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 30.796599][ T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 30.804420][ T363] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 30.812231][ T363]
[ 30.826337][ T364] FAULT_INJECTION: forcing a failure.
[ 30.826337][ T364] name failslab, interval 1, probability 0, space 0, times 0
[ 30.838889][ T364] CPU: 0 PID: 364 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 30.850223][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 30.860117][ T364] Call Trace:
[ 30.863241][ T364]
[ 30.866017][ T364] dump_stack_lvl+0x151/0x1b7
[ 30.870532][ T364] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 30.875841][ T364] ? kern_path+0x147/0x1a0
[ 30.880080][ T364] ? kasan_set_track+0x60/0x70
[ 30.884678][ T364] ? kasan_save_free_info+0x2b/0x40
[ 30.889717][ T364] dump_stack+0x15/0x17
[ 30.893707][ T364] should_fail_ex+0x3d0/0x520
[ 30.898221][ T364] ? jbd2__journal_start+0x150/0x720
[ 30.903348][ T364] __should_failslab+0xaf/0xf0
[ 30.907943][ T364] should_failslab+0x9/0x20
[ 30.912282][ T364] kmem_cache_alloc+0x3b/0x2c0
[ 30.916887][ T364] ? avc_denied+0x1b0/0x1b0
[ 30.921228][ T364] jbd2__journal_start+0x150/0x720
[ 30.926176][ T364] __ext4_journal_start_sb+0x24d/0x4b0
[ 30.931466][ T364] ext4_dirty_inode+0x8f/0x100
[ 30.936064][ T364] ? __ext4_expand_extra_isize+0x420/0x420
[ 30.941708][ T364] __mark_inode_dirty+0x200/0xa60
[ 30.946572][ T364] touch_atime+0x378/0x540
[ 30.950824][ T364] ? current_time+0x2f0/0x2f0
[ 30.955437][ T364] unix_find_other+0x799/0x8e0
[ 30.960034][ T364] ? avc_has_perm+0x16f/0x260
[ 30.964549][ T364] ? unix_insert_bsd_socket+0x250/0x250
[ 30.969937][ T364] unix_dgram_sendmsg+0xc1f/0x2050
[ 30.974881][ T364] ? unix_dgram_poll+0x710/0x710
[ 30.979653][ T364] ? security_socket_sendmsg+0x82/0xb0
[ 30.984950][ T364] ? unix_dgram_poll+0x710/0x710
[ 30.989724][ T364] ____sys_sendmsg+0x5dc/0x9d0
[ 30.994327][ T364] ? __sys_sendmsg_sock+0x40/0x40
[ 30.999183][ T364] __sys_sendmmsg+0x3b9/0x6f0
[ 31.003703][ T364] ? __ia32_sys_sendmsg+0x90/0x90
[ 31.008554][ T364] ? __switch_to+0x62c/0x1190
[ 31.013090][ T364] ? __sched_clock_gtod_offset+0x100/0x100
[ 31.018726][ T364] ? _raw_spin_unlock+0x4c/0x70
[ 31.023402][ T364] ? finish_task_switch+0x167/0x7b0
[ 31.028433][ T364] ? __schedule+0xca1/0x1540
[ 31.032860][ T364] ? __kasan_check_write+0x14/0x20
[ 31.037813][ T364] ? __kasan_check_write+0x14/0x20
[ 31.042753][ T364] ? _raw_spin_lock_irq+0xa5/0x1b0
[ 31.047706][ T364] ? _raw_spin_lock_irqsave+0x210/0x210
[ 31.053083][ T364] ? cgroup_update_frozen+0x15f/0x980
[ 31.058291][ T364] ? memset+0x35/0x40
[ 31.062115][ T364] ? __kasan_check_write+0x14/0x20
[ 31.067056][ T364] ? fpregs_restore_userregs+0x130/0x290
[ 31.072527][ T364] __x64_sys_sendmmsg+0xa0/0xb0
[ 31.077213][ T364] do_syscall_64+0x3d/0xb0
[ 31.081467][ T364] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 31.087195][ T364] RIP: 0033:0x7fab497355a9
[ 31.091452][ T364] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 31.110894][ T364] RSP: 002b:00007ffca7df4b58 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 31.119143][ T364] RAX: ffffffffffffffda RBX: 00007ffca7df4b80 RCX: 00007fab497355a9
[ 31.126955][ T364] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 31.134764][ T364] RBP: 0000000000000001 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid 364] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 364] exit_group(0) = ?
[pid 364] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs") = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 366
./strace-static-x86_64: Process 366 attached
[pid 366] set_robust_list(0x555557113660, 24) = 0
[pid 366] chdir("./56") = 0
[pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 366] setpgid(0, 0) = 0
[pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 366] write(3, "1000", 4) = 4
[pid 366] close(3) = 0
[pid 366] symlink("/dev/binderfs", "./binderfs") = 0
[pid 366] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 366] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 366] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 366] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 366] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 366] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 366] write(6, "7", 1) = 1
[pid 366] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 31.142573][ T364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 31.150388][ T364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 31.158201][ T364]
[ 31.173175][ T366] FAULT_INJECTION: forcing a failure.
[ 31.173175][ T366] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 31.186254][ T366] CPU: 0 PID: 366 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 31.197636][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 31.207533][ T366] Call Trace:
[ 31.210651][ T366]
[ 31.213427][ T366] dump_stack_lvl+0x151/0x1b7
[ 31.217944][ T366] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 31.223239][ T366] dump_stack+0x15/0x17
[ 31.227230][ T366] should_fail_ex+0x3d0/0x520
[ 31.231746][ T366] should_fail_alloc_page+0x68/0x90
[ 31.236778][ T366] __alloc_pages+0x1f4/0x780
[ 31.241204][ T366] ? prep_new_page+0x110/0x110
[ 31.245804][ T366] ? __this_cpu_preempt_check+0x13/0x20
[ 31.251202][ T366] __folio_alloc+0x15/0x40
[ 31.255441][ T366] wp_page_copy+0x23c/0x1610
[ 31.259865][ T366] ? __switch_to+0x62c/0x1190
[ 31.264385][ T366] ? compat_start_thread+0x20/0x20
[ 31.269413][ T366] ? fault_dirty_shared_page+0x300/0x300
[ 31.274884][ T366] do_wp_page+0xbbf/0xd80
[ 31.279049][ T366] handle_mm_fault+0x15a2/0x2f40
[ 31.283825][ T366] ? numa_migrate_prep+0xe0/0xe0
[ 31.288597][ T366] ? lock_vma_under_rcu+0x47a/0x540
[ 31.293631][ T366] ? __kasan_check_write+0x14/0x20
[ 31.298579][ T366] ? fpregs_restore_userregs+0x130/0x290
[ 31.304050][ T366] exc_page_fault+0x3a6/0x6e0
[ 31.308560][ T366] asm_exc_page_fault+0x27/0x30
[ 31.313248][ T366] RIP: 0033:0x7fab4970b4f0
[ 31.317500][ T366] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 31.336946][ T366] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid 366] exit_group(0) = ?
[pid 366] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs") = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 368 attached
, child_tidptr=0x555557113650) = 368
[pid 368] set_robust_list(0x555557113660, 24) = 0
[pid 368] chdir("./57") = 0
[pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 368] setpgid(0, 0) = 0
[pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 368] write(3, "1000", 4) = 4
[pid 368] close(3) = 0
[pid 368] symlink("/dev/binderfs", "./binderfs") = 0
[pid 368] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 368] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 368] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 368] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 368] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 368] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 368] write(6, "7", 1) = 1
[pid 368] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 31.342848][ T366] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 31.350658][ T366] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 31.358473][ T366] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 31.366284][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 31.374092][ T366] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 31.381909][ T366]
[ 31.398164][ T368] FAULT_INJECTION: forcing a failure.
[ 31.398164][ T368] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 31.411329][ T368] CPU: 0 PID: 368 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 31.422656][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 31.432552][ T368] Call Trace:
[ 31.435681][ T368]
[ 31.438474][ T368] dump_stack_lvl+0x151/0x1b7
[ 31.442968][ T368] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 31.448262][ T368] ? yield_to_task_fair+0x190/0x190
[ 31.453298][ T368] dump_stack+0x15/0x17
[ 31.457290][ T368] should_fail_ex+0x3d0/0x520
[ 31.461803][ T368] should_fail_alloc_page+0x68/0x90
[ 31.466838][ T368] __alloc_pages+0x1f4/0x780
[ 31.471268][ T368] ? prep_new_page+0x110/0x110
[ 31.475866][ T368] ? __this_cpu_preempt_check+0x13/0x20
[ 31.481246][ T368] __folio_alloc+0x15/0x40
[ 31.485499][ T368] wp_page_copy+0x23c/0x1610
[ 31.489926][ T368] ? __switch_to+0x62c/0x1190
[ 31.494440][ T368] ? compat_start_thread+0x20/0x20
[ 31.499386][ T368] ? fault_dirty_shared_page+0x300/0x300
[ 31.504856][ T368] ? native_set_ldt+0x130/0x130
[ 31.509544][ T368] do_wp_page+0xbbf/0xd80
[ 31.513709][ T368] handle_mm_fault+0x15a2/0x2f40
[ 31.518484][ T368] ? numa_migrate_prep+0xe0/0xe0
[ 31.523257][ T368] ? lock_vma_under_rcu+0x47a/0x540
[ 31.528292][ T368] ? __kasan_check_write+0x14/0x20
[ 31.533238][ T368] ? fpregs_restore_userregs+0x130/0x290
[ 31.538710][ T368] exc_page_fault+0x3a6/0x6e0
[ 31.543222][ T368] asm_exc_page_fault+0x27/0x30
[ 31.547907][ T368] RIP: 0033:0x7fab4970b4f0
[ 31.552160][ T368] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 31.571609][ T368] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 31.577512][ T368] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 31.585331][ T368] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid 368] exit_group(0) = ?
[pid 368] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs") = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 369
./strace-static-x86_64: Process 369 attached
[pid 369] set_robust_list(0x555557113660, 24) = 0
[pid 369] chdir("./58") = 0
[pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 369] setpgid(0, 0) = 0
[pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 369] write(3, "1000", 4) = 4
[pid 369] close(3) = 0
[pid 369] symlink("/dev/binderfs", "./binderfs") = 0
[pid 369] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 369] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 369] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 369] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 369] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 369] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 369] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 369] write(6, "7", 1) = 1
[pid 369] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 369] exit_group(0) = ?
[pid 369] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs") = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 370
./strace-static-x86_64: Process 370 attached
[pid 370] set_robust_list(0x555557113660, 24) = 0
[pid 370] chdir("./59") = 0
[pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 370] setpgid(0, 0) = 0
[pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 370] write(3, "1000", 4) = 4
[pid 370] close(3) = 0
[pid 370] symlink("/dev/binderfs", "./binderfs") = 0
[pid 370] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 370] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 370] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 370] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 370] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 370] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 370] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 370] write(6, "7", 1) = 1
[ 31.593136][ T368] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 31.600949][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 31.608757][ T368] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 31.616570][ T368]
[ 31.619632][ T368] pagefault_out_of_memory: 10 callbacks suppressed
[ 31.619642][ T368] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[pid 370] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 31.657133][ T370] FAULT_INJECTION: forcing a failure.
[ 31.657133][ T370] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 31.670503][ T370] CPU: 1 PID: 370 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 31.681859][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 31.691815][ T370] Call Trace:
[ 31.694878][ T370]
[ 31.697655][ T370] dump_stack_lvl+0x151/0x1b7
[ 31.702177][ T370] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 31.707462][ T370] ? __sched_clock_gtod_offset+0x100/0x100
[ 31.713214][ T370] dump_stack+0x15/0x17
[ 31.717292][ T370] should_fail_ex+0x3d0/0x520
[ 31.721811][ T370] should_fail_alloc_page+0x68/0x90
[ 31.726841][ T370] __alloc_pages+0x1f4/0x780
[ 31.731275][ T370] ? prep_new_page+0x110/0x110
[ 31.735873][ T370] __folio_alloc+0x15/0x40
[ 31.740118][ T370] wp_page_copy+0x23c/0x1610
[ 31.744546][ T370] ? __switch_to+0x62c/0x1190
[ 31.749061][ T370] ? compat_start_thread+0x20/0x20
[ 31.754014][ T370] ? fault_dirty_shared_page+0x300/0x300
[ 31.759481][ T370] do_wp_page+0xbbf/0xd80
[ 31.763644][ T370] handle_mm_fault+0x15a2/0x2f40
[ 31.768425][ T370] ? numa_migrate_prep+0xe0/0xe0
[ 31.773195][ T370] ? lock_vma_under_rcu+0x47a/0x540
[ 31.778227][ T370] ? __kasan_check_write+0x14/0x20
[ 31.783173][ T370] ? fpregs_restore_userregs+0x130/0x290
[ 31.788646][ T370] exc_page_fault+0x3a6/0x6e0
[ 31.793153][ T370] asm_exc_page_fault+0x27/0x30
[ 31.797850][ T370] RIP: 0033:0x7fab4970b4f0
[ 31.802099][ T370] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 31.821543][ T370] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 31.827444][ T370] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 31.835252][ T370] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 31.843066][ T370] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid 370] exit_group(0) = ?
[pid 370] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs") = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 371
./strace-static-x86_64: Process 371 attached
[pid 371] set_robust_list(0x555557113660, 24) = 0
[pid 371] chdir("./60") = 0
[pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 371] setpgid(0, 0) = 0
[pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 371] write(3, "1000", 4) = 4
[pid 371] close(3) = 0
[pid 371] symlink("/dev/binderfs", "./binderfs") = 0
[pid 371] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 371] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 371] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 371] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 371] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 371] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 371] write(6, "7", 1) = 1
[pid 371] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 31.850881][ T370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 31.858688][ T370] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 31.866508][ T370]
[ 31.870209][ T370] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 31.888639][ T371] FAULT_INJECTION: forcing a failure.
[ 31.888639][ T371] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 31.901737][ T371] CPU: 1 PID: 371 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 31.913027][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 31.922921][ T371] Call Trace:
[ 31.926046][ T371]
[ 31.928823][ T371] dump_stack_lvl+0x151/0x1b7
[ 31.933338][ T371] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 31.938634][ T371] ? yield_to_task_fair+0x190/0x190
[ 31.943678][ T371] dump_stack+0x15/0x17
[ 31.947659][ T371] should_fail_ex+0x3d0/0x520
[ 31.952178][ T371] should_fail_alloc_page+0x68/0x90
[ 31.957208][ T371] __alloc_pages+0x1f4/0x780
[ 31.961634][ T371] ? prep_new_page+0x110/0x110
[ 31.966234][ T371] ? __this_cpu_preempt_check+0x13/0x20
[ 31.971618][ T371] __folio_alloc+0x15/0x40
[ 31.975883][ T371] wp_page_copy+0x23c/0x1610
[ 31.980294][ T371] ? __switch_to+0x62c/0x1190
[ 31.984896][ T371] ? compat_start_thread+0x20/0x20
[ 31.989843][ T371] ? fault_dirty_shared_page+0x300/0x300
[ 31.995309][ T371] ? native_set_ldt+0x130/0x130
[ 32.000002][ T371] do_wp_page+0xbbf/0xd80
[ 32.004171][ T371] handle_mm_fault+0x15a2/0x2f40
[ 32.008944][ T371] ? numa_migrate_prep+0xe0/0xe0
[ 32.013717][ T371] ? lock_vma_under_rcu+0x47a/0x540
[ 32.018752][ T371] ? __kasan_check_write+0x14/0x20
[ 32.023692][ T371] ? fpregs_restore_userregs+0x130/0x290
[ 32.029171][ T371] exc_page_fault+0x3a6/0x6e0
[ 32.033677][ T371] asm_exc_page_fault+0x27/0x30
[ 32.038363][ T371] RIP: 0033:0x7fab4970b4f0
[ 32.042624][ T371] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 32.062232][ T371] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 32.068137][ T371] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 32.075946][ T371] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 32.083762][ T371] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 32.091580][ T371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 32.099384][ T371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[pid 371] exit_group(0) = ?
[pid 371] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs") = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 372
./strace-static-x86_64: Process 372 attached
[pid 372] set_robust_list(0x555557113660, 24) = 0
[pid 372] chdir("./61") = 0
[pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 372] setpgid(0, 0) = 0
[pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 372] write(3, "1000", 4) = 4
[pid 372] close(3) = 0
[pid 372] symlink("/dev/binderfs", "./binderfs") = 0
[pid 372] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 372] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 372] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 372] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 372] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 372] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 372] write(6, "7", 1) = 1
[pid 372] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid 372] exit_group(0) = ?
[pid 372] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs") = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./61") = 0
mkdir("./62", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 373 attached
[pid 373] set_robust_list(0x555557113660, 24) = 0
[pid 373] chdir("./62") = 0
[pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 373] setpgid(0, 0) = 0
[pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 373] write(3, "1000", 4) = 4
[pid 373] close(3) = 0
[pid 373] symlink("/dev/binderfs", "./binderfs") = 0
[pid 373] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 373] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72
[pid 295] <... clone resumed>, child_tidptr=0x555557113650) = 373
[pid 373] <... bpf resumed>) = 4
[pid 373] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 373] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 373] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 373] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 373] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 373] write(6, "7", 1) = 1
[pid 373] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 32.107199][ T371]
[ 32.110169][ T371] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 32.134849][ T373] FAULT_INJECTION: forcing a failure.
[ 32.134849][ T373] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 32.148007][ T373] CPU: 0 PID: 373 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 32.159362][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 32.169259][ T373] Call Trace:
[ 32.172381][ T373]
[ 32.175161][ T373] dump_stack_lvl+0x151/0x1b7
[ 32.179671][ T373] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 32.184967][ T373] ? yield_to_task_fair+0x190/0x190
[ 32.189999][ T373] dump_stack+0x15/0x17
[ 32.193994][ T373] should_fail_ex+0x3d0/0x520
[ 32.198507][ T373] should_fail_alloc_page+0x68/0x90
[ 32.203546][ T373] __alloc_pages+0x1f4/0x780
[ 32.207971][ T373] ? prep_new_page+0x110/0x110
[ 32.212571][ T373] __folio_alloc+0x15/0x40
[ 32.216823][ T373] wp_page_copy+0x23c/0x1610
[ 32.221248][ T373] ? __switch_to+0x62c/0x1190
[ 32.225761][ T373] ? compat_start_thread+0x20/0x20
[ 32.230709][ T373] ? fault_dirty_shared_page+0x300/0x300
[ 32.236179][ T373] ? __kasan_check_write+0x14/0x20
[ 32.241126][ T373] do_wp_page+0xbbf/0xd80
[ 32.245297][ T373] handle_mm_fault+0x15a2/0x2f40
[ 32.250069][ T373] ? numa_migrate_prep+0xe0/0xe0
[ 32.254842][ T373] ? lock_vma_under_rcu+0x47a/0x540
[ 32.259878][ T373] ? __kasan_check_write+0x14/0x20
[ 32.264820][ T373] ? fpregs_restore_userregs+0x130/0x290
[ 32.270386][ T373] exc_page_fault+0x3a6/0x6e0
[ 32.274904][ T373] asm_exc_page_fault+0x27/0x30
[ 32.279586][ T373] RIP: 0033:0x7fab4970b4f0
[ 32.283840][ T373] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 32.303285][ T373] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid 373] exit_group(0) = ?
[pid 373] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs") = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 375
./strace-static-x86_64: Process 375 attached
[pid 375] set_robust_list(0x555557113660, 24) = 0
[pid 375] chdir("./63") = 0
[pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 375] setpgid(0, 0) = 0
[pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 375] write(3, "1000", 4) = 4
[pid 375] close(3) = 0
[pid 375] symlink("/dev/binderfs", "./binderfs") = 0
[pid 375] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 375] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 375] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 375] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 375] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 375] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 375] write(6, "7", 1) = 1
[pid 375] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 32.309183][ T373] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 32.316999][ T373] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 32.324811][ T373] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 32.332624][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 32.340521][ T373] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 32.348334][ T373]
[ 32.351593][ T373] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 32.369532][ T375] FAULT_INJECTION: forcing a failure.
[ 32.369532][ T375] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 32.382594][ T375] CPU: 0 PID: 375 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 32.393899][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 32.403797][ T375] Call Trace:
[ 32.406924][ T375]
[ 32.409701][ T375] dump_stack_lvl+0x151/0x1b7
[ 32.414213][ T375] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 32.419511][ T375] dump_stack+0x15/0x17
[ 32.423543][ T375] should_fail_ex+0x3d0/0x520
[ 32.428016][ T375] should_fail_alloc_page+0x68/0x90
[ 32.433047][ T375] __alloc_pages+0x1f4/0x780
[ 32.437476][ T375] ? prep_new_page+0x110/0x110
[ 32.442155][ T375] ? __this_cpu_preempt_check+0x13/0x20
[ 32.447545][ T375] __folio_alloc+0x15/0x40
[ 32.451796][ T375] wp_page_copy+0x23c/0x1610
[ 32.456226][ T375] ? __switch_to+0x62c/0x1190
[ 32.460734][ T375] ? compat_start_thread+0x20/0x20
[ 32.465680][ T375] ? fault_dirty_shared_page+0x300/0x300
[ 32.471157][ T375] do_wp_page+0xbbf/0xd80
[ 32.475322][ T375] handle_mm_fault+0x15a2/0x2f40
[ 32.480093][ T375] ? numa_migrate_prep+0xe0/0xe0
[ 32.484865][ T375] ? lock_vma_under_rcu+0x47a/0x540
[ 32.489903][ T375] ? __kasan_check_write+0x14/0x20
[ 32.494848][ T375] ? fpregs_restore_userregs+0x130/0x290
[ 32.500335][ T375] exc_page_fault+0x3a6/0x6e0
[ 32.504833][ T375] asm_exc_page_fault+0x27/0x30
[ 32.509518][ T375] RIP: 0033:0x7fab4970b4f0
[ 32.513775][ T375] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 32.533211][ T375] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[ 32.539120][ T375] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 32.546927][ T375] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 32.554737][ T375] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 32.562549][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid 375] exit_group(0) = ?
[pid 375] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs") = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 376
./strace-static-x86_64: Process 376 attached
[pid 376] set_robust_list(0x555557113660, 24) = 0
[pid 376] chdir("./64") = 0
[pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 376] setpgid(0, 0) = 0
[pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 376] write(3, "1000", 4) = 4
[pid 376] close(3) = 0
[pid 376] symlink("/dev/binderfs", "./binderfs") = 0
[pid 376] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 376] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 376] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 376] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 376] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 376] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 376] write(6, "7", 1) = 1
[pid 376] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 32.570450][ T375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 32.578269][ T375]
[ 32.581172][ T375] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 32.597915][ T376] FAULT_INJECTION: forcing a failure.
[ 32.597915][ T376] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 32.611119][ T376] CPU: 0 PID: 376 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 32.622454][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 32.632352][ T376] Call Trace:
[ 32.635477][ T376]
[ 32.638254][ T376] dump_stack_lvl+0x151/0x1b7
[ 32.642766][ T376] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 32.648065][ T376] dump_stack+0x15/0x17
[ 32.652053][ T376] should_fail_ex+0x3d0/0x520
[ 32.656578][ T376] should_fail_alloc_page+0x68/0x90
[ 32.661609][ T376] __alloc_pages+0x1f4/0x780
[ 32.666030][ T376] ? prep_new_page+0x110/0x110
[ 32.670633][ T376] ? __this_cpu_preempt_check+0x13/0x20
[ 32.676011][ T376] __folio_alloc+0x15/0x40
[ 32.680273][ T376] wp_page_copy+0x23c/0x1610
[ 32.684702][ T376] ? __switch_to+0x62c/0x1190
[ 32.689216][ T376] ? compat_start_thread+0x20/0x20
[ 32.694157][ T376] ? fault_dirty_shared_page+0x300/0x300
[ 32.699650][ T376] do_wp_page+0xbbf/0xd80
[ 32.703790][ T376] handle_mm_fault+0x15a2/0x2f40
[ 32.708738][ T376] ? numa_migrate_prep+0xe0/0xe0
[ 32.713511][ T376] ? lock_vma_under_rcu+0x47a/0x540
[ 32.718548][ T376] ? __kasan_check_write+0x14/0x20
[ 32.723492][ T376] ? fpregs_restore_userregs+0x130/0x290
[ 32.728958][ T376] exc_page_fault+0x3a6/0x6e0
[ 32.733472][ T376] asm_exc_page_fault+0x27/0x30
[ 32.738161][ T376] RIP: 0033:0x7fab4970b4f0
[ 32.742411][ T376] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[ 32.761857][ T376] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid 376] exit_group(0) = ?
[pid 376] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs") = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file0") = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 377
./strace-static-x86_64: Process 377 attached
[pid 377] set_robust_list(0x555557113660, 24) = 0
[pid 377] chdir("./65") = 0
[pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 377] setpgid(0, 0) = 0
[pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 377] write(3, "1000", 4) = 4
[pid 377] close(3) = 0
[pid 377] symlink("/dev/binderfs", "./binderfs") = 0
[pid 377] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid 377] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid 377] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid 377] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid 377] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid 377] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 377] write(6, "7", 1) = 1
[pid 377] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[ 32.767758][ T376] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 32.775571][ T376] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[ 32.783384][ T376] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[ 32.791193][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 32.799006][ T376] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 32.806825][ T376]
[ 32.810003][ T376] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 32.826302][ T377] FAULT_INJECTION: forcing a failure.
[ 32.826302][ T377] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 32.839392][ T377] CPU: 1 PID: 377 Comm: syz-executor529 Tainted: G B 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[ 32.850690][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 32.860583][ T377] Call Trace:
[ 32.863710][ T377]
[ 32.866487][ T377] dump_stack_lvl+0x151/0x1b7
[ 32.871000][ T377] ? nf_tcp_handle_invalid+0x3f1/0x3f1