./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3107580429

<...>
Warning: Permanently added '10.128.1.130' (ED25519) to the list of known hosts.
execve("./syz-executor3107580429", ["./syz-executor3107580429"], 0x7ffcc2a57be0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555582b000
brk(0x55555582bd40)                     = 0x55555582bd40
arch_prctl(ARCH_SET_FS, 0x55555582b3c0) = 0
set_tid_address(0x55555582b690)         = 295
set_robust_list(0x55555582b6a0, 24)     = 0
rseq(0x55555582bce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3107580429", 4096) = 28
getrandom("\x62\x92\x6f\x20\x7e\xd6\x28\x75", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555582bd40
brk(0x55555584cd40)                     = 0x55555584cd40
brk(0x55555584d000)                     = 0x55555584d000
mprotect(0x7f406051d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 296
./strace-static-x86_64: Process 296 attached
[pid   296] set_robust_list(0x55555582b6a0, 24) = 0
[pid   296] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   296] setsid()                    = 1
[pid   296] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   296] unshare(CLONE_NEWNS)        = 0
[pid   296] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   296] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   296] unshare(CLONE_NEWCGROUP)    = 0
[pid   296] unshare(CLONE_NEWUTS)       = 0
[pid   296] unshare(CLONE_SYSVSEM)      = 0
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] getpid()                    = 1
[pid   296] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   296] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   296] unshare(CLONE_NEWNET)       = 0
[pid   296] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[   22.363003][   T30] audit: type=1400 audit(1697033762.593:66): avc:  denied  { execmem } for  pid=295 comm="syz-executor310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   22.383108][   T30] audit: type=1400 audit(1697033762.613:67): avc:  denied  { integrity } for  pid=295 comm="syz-executor310" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[pid   296] write(3, "0 65535", 7)      = 7
[pid   296] close(3)                    = 0
[pid   296] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid   296] dup2(3, 200)                = 200
[pid   296] close(3)                    = 0
[pid   296] ioctl(200, TUNSETIFF, 0x7ffcb0c04260) = 0
[pid   296] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid   296] write(3, "0", 1)            = 1
[pid   296] close(3)                    = 0
[pid   296] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid   296] write(3, "0", 1)            = 1
[pid   296] close(3)                    = 0
[pid   296] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid   296] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid   296] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid   296] close(4)                    = 0
[pid   296] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid   296] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid   296] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid   296] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid   296] close(4)                    = 0
[pid   296] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid   296] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid   296] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid   296] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid   296] close(4)                    = 0
[pid   296] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid   296] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid   296] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid   296] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid   296] close(4)                    = 0
[pid   296] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid   296] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid   296] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid   296] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid   296] close(4)                    = 0
[pid   296] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid   296] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid   296] close(3)                    = 0
[pid   296] mkdir("/dev/binderfs", 0777) = 0
[pid   296] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   296] symlink("/dev/binderfs", "./binderfs") = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 2
./strace-static-x86_64: Process 297 attached
[pid   297] set_robust_list(0x55555582b6a0, 24) = 0
[pid   297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   297] setpgid(0, 0)               = 0
[pid   297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   297] write(3, "1000", 4)         = 4
[pid   297] close(3)                    = 0
[pid   297] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   297] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   297] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   297] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0} => {parent_tid=[3]}, 88) = 3
[pid   297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   297] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   297] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 298 attached
 <unfinished ...>
[pid   298] set_robust_list(0x7f40604599a0, 24) = 0
[pid   298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   298] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   298] write(3, "69", 2)           = 2
[   22.405695][   T30] audit: type=1400 audit(1697033762.613:68): avc:  denied  { mounton } for  pid=296 comm="syz-executor310" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   22.430254][   T30] audit: type=1400 audit(1697033762.613:69): avc:  denied  { mount } for  pid=296 comm="syz-executor310" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   22.450795][  T298] FAULT_INJECTION: forcing a failure.
[   22.450795][  T298] name failslab, interval 1, probability 0, space 0, times 1
[   22.452640][   T30] audit: type=1400 audit(1697033762.613:70): avc:  denied  { mounton } for  pid=296 comm="syz-executor310" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   22.465081][  T298] CPU: 1 PID: 298 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   22.486289][   T30] audit: type=1400 audit(1697033762.643:71): avc:  denied  { create } for  pid=291 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   22.496115][  T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   22.496125][  T298] Call Trace:
[   22.496130][  T298]  <TASK>
[   22.496135][  T298]  dump_stack_lvl+0x151/0x1b7
[   22.516844][   T30] audit: type=1400 audit(1697033762.643:72): avc:  denied  { write } for  pid=291 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   22.526402][  T298]  ? io_uring_drop_tctx_refs+0x190/0x190
[   22.526424][  T298]  dump_stack+0x15/0x17
[   22.526438][  T298]  should_fail+0x3c6/0x510
[   22.529777][   T30] audit: type=1400 audit(1697033762.643:73): avc:  denied  { nlmsg_read } for  pid=291 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   22.532301][  T298]  __should_failslab+0xa4/0xe0
[   22.536820][   T30] audit: type=1400 audit(1697033762.643:74): avc:  denied  { module_request } for  pid=291 comm="strace-static-x" kmod="net-pf-16-proto-4-type-16" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   22.557127][  T298]  ? anon_vma_fork+0xf7/0x4e0
[   22.557146][  T298]  should_failslab+0x9/0x20
[   22.557160][  T298]  slab_pre_alloc_hook+0x37/0xd0
[   22.557176][  T298]  ? anon_vma_fork+0xf7/0x4e0
[   22.563066][   T30] audit: type=1400 audit(1697033762.643:75): avc:  denied  { read } for  pid=291 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   22.566584][  T298]  kmem_cache_alloc+0x44/0x200
[   22.662175][  T298]  anon_vma_fork+0xf7/0x4e0
[   22.666509][  T298]  ? anon_vma_name+0x43/0x70
[   22.670936][  T298]  ? vm_area_dup+0x17a/0x230
[   22.675361][  T298]  copy_mm+0xa3a/0x13e0
[   22.679357][  T298]  ? copy_signal+0x610/0x610
[   22.683781][  T298]  ? __init_rwsem+0xd6/0x1c0
[   22.688208][  T298]  ? copy_signal+0x4e3/0x610
[   22.692642][  T298]  copy_process+0x12bc/0x3260
[   22.697149][  T298]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   22.702100][  T298]  ? __kasan_check_write+0x14/0x20
[   22.707044][  T298]  kernel_clone+0x21e/0x9e0
[   22.711381][  T298]  ? _raw_spin_unlock_irq+0x4e/0x70
[   22.716413][  T298]  ? create_io_thread+0x1e0/0x1e0
[   22.721288][  T298]  __x64_sys_clone+0x23f/0x290
[   22.725880][  T298]  ? __do_sys_vfork+0x130/0x130
[   22.730566][  T298]  ? __kasan_check_read+0x11/0x20
[   22.735424][  T298]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   22.741240][  T298]  do_syscall_64+0x3d/0xb0
[   22.745492][  T298]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   22.751220][  T298] RIP: 0033:0x7f40604990a9
[   22.755474][  T298] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   22.774915][  T298] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   22.783178][  T298] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   22.790970][  T298] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   22.798784][  T298] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   22.806593][  T298] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[pid   298] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   297] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   298] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   298] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   298] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   297] close(3)                    = 0
[pid   297] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   297] exit_group(0)               = ?
[pid   298] <... futex resumed>)        = ?
[pid   298] +++ exited with 0 +++
[pid   297] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 4
./strace-static-x86_64: Process 299 attached
[pid   299] set_robust_list(0x55555582b6a0, 24) = 0
[pid   299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   299] setpgid(0, 0)               = 0
[pid   299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   299] write(3, "1000", 4)         = 4
[pid   299] close(3)                    = 0
[pid   299] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid   299] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   299] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   299] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   299] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0} => {parent_tid=[5]}, 88) = 5
[pid   299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   299] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   299] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 300 attached
 <unfinished ...>
[pid   300] set_robust_list(0x7f40604599a0, 24) = 0
[pid   300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   300] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   300] write(3, "69", 2)           = 2
[   22.814405][  T298] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   22.822221][  T298]  </TASK>
[   22.835146][  T300] FAULT_INJECTION: forcing a failure.
[   22.835146][  T300] name failslab, interval 1, probability 0, space 0, times 0
[   22.847609][  T300] CPU: 0 PID: 300 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   22.857607][  T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   22.867500][  T300] Call Trace:
[   22.870626][  T300]  <TASK>
[   22.873401][  T300]  dump_stack_lvl+0x151/0x1b7
[   22.877911][  T300]  ? io_uring_drop_tctx_refs+0x190/0x190
[   22.883390][  T300]  dump_stack+0x15/0x17
[   22.887373][  T300]  should_fail+0x3c6/0x510
[   22.891626][  T300]  __should_failslab+0xa4/0xe0
[   22.896225][  T300]  ? anon_vma_fork+0xf7/0x4e0
[   22.900738][  T300]  should_failslab+0x9/0x20
[   22.905080][  T300]  slab_pre_alloc_hook+0x37/0xd0
[   22.909857][  T300]  ? anon_vma_fork+0xf7/0x4e0
[   22.914365][  T300]  kmem_cache_alloc+0x44/0x200
[   22.918968][  T300]  anon_vma_fork+0xf7/0x4e0
[   22.923306][  T300]  ? anon_vma_name+0x4c/0x70
[   22.927733][  T300]  ? vm_area_dup+0x17a/0x230
[   22.932164][  T300]  copy_mm+0xa3a/0x13e0
[   22.936152][  T300]  ? copy_signal+0x610/0x610
[   22.940577][  T300]  ? __init_rwsem+0xd6/0x1c0
[   22.945005][  T300]  ? copy_signal+0x4e3/0x610
[   22.949432][  T300]  copy_process+0x12bc/0x3260
[   22.953955][  T300]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   22.958891][  T300]  ? __kasan_check_write+0x14/0x20
[   22.963838][  T300]  kernel_clone+0x21e/0x9e0
[   22.968180][  T300]  ? _raw_spin_unlock_irq+0x4e/0x70
[   22.973214][  T300]  ? create_io_thread+0x1e0/0x1e0
[   22.978072][  T300]  __x64_sys_clone+0x23f/0x290
[   22.982672][  T300]  ? __do_sys_vfork+0x130/0x130
[   22.987360][  T300]  ? __kasan_check_read+0x11/0x20
[   22.992221][  T300]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   22.998036][  T300]  do_syscall_64+0x3d/0xb0
[   23.002288][  T300]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   23.008017][  T300] RIP: 0033:0x7f40604990a9
[   23.012267][  T300] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   23.031717][  T300] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   23.039965][  T300] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   23.047767][  T300] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   23.055577][  T300] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[pid   300] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   299] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   300] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   299] close(3)                    = 0
[pid   300] <... futex resumed>)        = 0
[pid   299] close(4 <unfinished ...>
[pid   300] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   299] <... close resumed>)        = -1 EBADF (Bad file descriptor)
[pid   299] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   299] exit_group(0)               = ?
[pid   300] <... futex resumed>)        = ?
[pid   300] +++ exited with 0 +++
[pid   299] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 6
./strace-static-x86_64: Process 301 attached
[pid   301] set_robust_list(0x55555582b6a0, 24) = 0
[pid   301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   301] setpgid(0, 0)               = 0
[pid   301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   301] write(3, "1000", 4)         = 4
[pid   301] close(3)                    = 0
[pid   301] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid   301] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   301] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   301] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   301] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0}./strace-static-x86_64: Process 302 attached
 <unfinished ...>
[pid   302] set_robust_list(0x7f40604599a0, 24) = 0
[pid   302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   302] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   301] <... clone3 resumed> => {parent_tid=[7]}, 88) = 7
[pid   301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   301] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   302] <... futex resumed>)        = 0
[pid   302] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   302] write(3, "69", 2)           = 2
[pid   302] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[   23.063395][  T300] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   23.071200][  T300] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   23.079015][  T300]  </TASK>
[   23.096409][  T302] FAULT_INJECTION: forcing a failure.
[   23.096409][  T302] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[pid   301] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[   23.109488][  T302] CPU: 0 PID: 302 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   23.119496][  T302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   23.129381][  T302] Call Trace:
[   23.132508][  T302]  <TASK>
[   23.135285][  T302]  dump_stack_lvl+0x151/0x1b7
[   23.139796][  T302]  ? io_uring_drop_tctx_refs+0x190/0x190
[   23.145266][  T302]  dump_stack+0x15/0x17
[   23.149281][  T302]  should_fail+0x3c6/0x510
[   23.153519][  T302]  should_fail_alloc_page+0x5a/0x80
[   23.158550][  T302]  prepare_alloc_pages+0x15c/0x700
[   23.163493][  T302]  ? __alloc_pages_bulk+0xe60/0xe60
[   23.168526][  T302]  __alloc_pages+0x138/0x5e0
[   23.172952][  T302]  ? prep_new_page+0x110/0x110
[   23.177553][  T302]  ? __alloc_pages+0x206/0x5e0
[   23.182242][  T302]  ? stack_trace_save+0x1c0/0x1c0
[   23.187103][  T302]  ? __kasan_check_write+0x14/0x20
[   23.192047][  T302]  ? _raw_spin_lock+0xa4/0x1b0
[   23.196646][  T302]  __pmd_alloc+0xb1/0x550
[   23.200813][  T302]  ? __pud_alloc+0x260/0x260
[   23.205238][  T302]  ? __pud_alloc+0x213/0x260
[   23.209666][  T302]  ? do_handle_mm_fault+0x2330/0x2330
[   23.214873][  T302]  ? __stack_depot_save+0x34/0x470
[   23.219820][  T302]  ? anon_vma_clone+0x9a/0x500
[   23.224424][  T302]  copy_page_range+0x2b3d/0x2f90
[   23.229195][  T302]  ? __kasan_slab_alloc+0xb1/0xe0
[   23.234054][  T302]  ? slab_post_alloc_hook+0x53/0x2c0
[   23.239175][  T302]  ? copy_mm+0xa3a/0x13e0
[   23.243361][  T302]  ? copy_process+0x12bc/0x3260
[   23.248028][  T302]  ? kernel_clone+0x21e/0x9e0
[   23.252540][  T302]  ? do_syscall_64+0x3d/0xb0
[   23.256966][  T302]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   23.262879][  T302]  ? pfn_valid+0x1e0/0x1e0
[   23.267122][  T302]  ? rwsem_write_trylock+0x15b/0x290
[   23.272248][  T302]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   23.278496][  T302]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   23.284051][  T302]  ? __rb_insert_augmented+0x5de/0x610
[   23.289344][  T302]  copy_mm+0xc7e/0x13e0
[   23.293342][  T302]  ? copy_signal+0x610/0x610
[   23.297760][  T302]  ? __init_rwsem+0xd6/0x1c0
[   23.302188][  T302]  ? copy_signal+0x4e3/0x610
[   23.306615][  T302]  copy_process+0x12bc/0x3260
[   23.311129][  T302]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   23.316074][  T302]  ? __kasan_check_write+0x14/0x20
[   23.321023][  T302]  kernel_clone+0x21e/0x9e0
[   23.325360][  T302]  ? _raw_spin_unlock_irq+0x4e/0x70
[   23.330396][  T302]  ? create_io_thread+0x1e0/0x1e0
[   23.335260][  T302]  __x64_sys_clone+0x23f/0x290
[   23.339943][  T302]  ? __do_sys_vfork+0x130/0x130
[   23.344637][  T302]  ? __kasan_check_read+0x11/0x20
[   23.349489][  T302]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   23.355304][  T302]  do_syscall_64+0x3d/0xb0
[   23.359556][  T302]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   23.365287][  T302] RIP: 0033:0x7f40604990a9
[   23.369539][  T302] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   23.388984][  T302] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   23.397223][  T302] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   23.405036][  T302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[pid   302] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   302] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   302] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   301] close(3)                    = 0
[pid   301] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   301] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   301] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   301] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   301] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   301] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   301] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   301] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   301] exit_group(0)               = ?
[pid   302] <... futex resumed>)        = ?
[pid   302] +++ exited with 0 +++
[pid   301] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 8
./strace-static-x86_64: Process 304 attached
[pid   304] set_robust_list(0x55555582b6a0, 24) = 0
[pid   304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   304] setpgid(0, 0)               = 0
[pid   304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   304] write(3, "1000", 4)         = 4
[pid   304] close(3)                    = 0
[pid   304] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid   304] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   304] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   304] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   304] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0} => {parent_tid=[9]}, 88) = 9
[pid   304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   304] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   304] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 305 attached
 <unfinished ...>
[pid   305] set_robust_list(0x7f40604599a0, 24) = 0
[pid   305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   305] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   305] write(3, "69", 2)           = 2
[   23.412856][  T302] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   23.420660][  T302] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   23.428471][  T302] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   23.436286][  T302]  </TASK>
[   23.459623][  T305] FAULT_INJECTION: forcing a failure.
[   23.459623][  T305] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   23.473123][  T305] CPU: 1 PID: 305 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   23.483182][  T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   23.493075][  T305] Call Trace:
[   23.496195][  T305]  <TASK>
[   23.498975][  T305]  dump_stack_lvl+0x151/0x1b7
[   23.503494][  T305]  ? io_uring_drop_tctx_refs+0x190/0x190
[   23.508961][  T305]  ? sched_clock+0x9/0x10
[   23.513123][  T305]  dump_stack+0x15/0x17
[   23.517118][  T305]  should_fail+0x3c6/0x510
[   23.521367][  T305]  should_fail_alloc_page+0x5a/0x80
[   23.526410][  T305]  prepare_alloc_pages+0x15c/0x700
[   23.531353][  T305]  ? __alloc_pages_bulk+0xe60/0xe60
[   23.536383][  T305]  __alloc_pages+0x138/0x5e0
[   23.540808][  T305]  ? stack_trace_save+0x1c0/0x1c0
[   23.545672][  T305]  ? prep_new_page+0x110/0x110
[   23.550272][  T305]  get_zeroed_page+0x19/0x40
[   23.554691][  T305]  __pud_alloc+0x8b/0x260
[   23.558858][  T305]  ? stack_trace_snprint+0xf0/0xf0
[   23.563806][  T305]  ? do_handle_mm_fault+0x2330/0x2330
[   23.569015][  T305]  ? __stack_depot_save+0x34/0x470
[   23.574052][  T305]  ? anon_vma_clone+0x9a/0x500
[   23.578648][  T305]  copy_page_range+0x2bcf/0x2f90
[   23.583432][  T305]  ? __kasan_slab_alloc+0xb1/0xe0
[   23.588287][  T305]  ? slab_post_alloc_hook+0x53/0x2c0
[   23.593402][  T305]  ? copy_mm+0xa3a/0x13e0
[   23.597571][  T305]  ? copy_process+0x12bc/0x3260
[   23.602261][  T305]  ? kernel_clone+0x21e/0x9e0
[   23.606770][  T305]  ? __x64_sys_clone+0x23f/0x290
[   23.611540][  T305]  ? do_syscall_64+0x3d/0xb0
[   23.615970][  T305]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   23.621878][  T305]  ? pfn_valid+0x1e0/0x1e0
[   23.626130][  T305]  ? rwsem_write_trylock+0x15b/0x290
[   23.631245][  T305]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   23.637496][  T305]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   23.643049][  T305]  ? __rb_insert_augmented+0x5de/0x610
[   23.648348][  T305]  copy_mm+0xc7e/0x13e0
[   23.652342][  T305]  ? copy_signal+0x610/0x610
[   23.656761][  T305]  ? __init_rwsem+0xd6/0x1c0
[   23.661189][  T305]  ? copy_signal+0x4e3/0x610
[   23.665703][  T305]  copy_process+0x12bc/0x3260
[   23.670224][  T305]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   23.675161][  T305]  ? __kasan_check_write+0x14/0x20
[   23.680111][  T305]  kernel_clone+0x21e/0x9e0
[   23.684450][  T305]  ? _raw_spin_unlock_irq+0x4e/0x70
[   23.689484][  T305]  ? create_io_thread+0x1e0/0x1e0
[   23.694346][  T305]  __x64_sys_clone+0x23f/0x290
[   23.698943][  T305]  ? __do_sys_vfork+0x130/0x130
[   23.703632][  T305]  ? __kasan_check_read+0x11/0x20
[   23.708495][  T305]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   23.714311][  T305]  do_syscall_64+0x3d/0xb0
[   23.718560][  T305]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   23.724288][  T305] RIP: 0033:0x7f40604990a9
[   23.728544][  T305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   23.747982][  T305] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[pid   305] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   304] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   305] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   305] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   305] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   304] close(3)                    = 0
[pid   304] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   304] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   304] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   304] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   304] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   304] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   304] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   304] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   304] exit_group(0)               = ?
[pid   305] <... futex resumed>)        = ?
[pid   305] +++ exited with 0 +++
[pid   304] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 10
./strace-static-x86_64: Process 306 attached
[pid   306] set_robust_list(0x55555582b6a0, 24) = 0
[pid   306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   306] setpgid(0, 0)               = 0
[pid   306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   306] write(3, "1000", 4)         = 4
[pid   306] close(3)                    = 0
[pid   306] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   306] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   306] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   306] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0} => {parent_tid=[11]}, 88) = 11
[pid   306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   306] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   306] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 307 attached
 <unfinished ...>
[pid   307] set_robust_list(0x7f40604599a0, 24) = 0
[pid   307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   307] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   307] write(3, "69", 2)           = 2
[   23.756400][  T305] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   23.764212][  T305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   23.772023][  T305] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   23.779836][  T305] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   23.787648][  T305] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   23.795462][  T305]  </TASK>
[pid   307] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   306] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   23.819776][  T307] FAULT_INJECTION: forcing a failure.
[   23.819776][  T307] name failslab, interval 1, probability 0, space 0, times 0
[   23.832293][  T307] CPU: 0 PID: 307 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   23.842343][  T307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   23.852244][  T307] Call Trace:
[   23.855362][  T307]  <TASK>
[   23.858139][  T307]  dump_stack_lvl+0x151/0x1b7
[   23.862655][  T307]  ? io_uring_drop_tctx_refs+0x190/0x190
[   23.868121][  T307]  dump_stack+0x15/0x17
[   23.872114][  T307]  should_fail+0x3c6/0x510
[   23.876368][  T307]  __should_failslab+0xa4/0xe0
[   23.880967][  T307]  ? anon_vma_fork+0x1df/0x4e0
[   23.885565][  T307]  should_failslab+0x9/0x20
[   23.889908][  T307]  slab_pre_alloc_hook+0x37/0xd0
[   23.894682][  T307]  ? anon_vma_fork+0x1df/0x4e0
[   23.899284][  T307]  kmem_cache_alloc+0x44/0x200
[   23.903878][  T307]  anon_vma_fork+0x1df/0x4e0
[   23.908307][  T307]  copy_mm+0xa3a/0x13e0
[   23.912300][  T307]  ? copy_signal+0x610/0x610
[   23.916725][  T307]  ? __init_rwsem+0xd6/0x1c0
[   23.921150][  T307]  ? copy_signal+0x4e3/0x610
[   23.925578][  T307]  copy_process+0x12bc/0x3260
[   23.930093][  T307]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   23.935038][  T307]  ? __kasan_check_write+0x14/0x20
[   23.939987][  T307]  kernel_clone+0x21e/0x9e0
[   23.944327][  T307]  ? _raw_spin_unlock_irq+0x4e/0x70
[   23.949384][  T307]  ? create_io_thread+0x1e0/0x1e0
[   23.954219][  T307]  __x64_sys_clone+0x23f/0x290
[   23.958820][  T307]  ? __do_sys_vfork+0x130/0x130
[   23.963507][  T307]  ? __kasan_check_read+0x11/0x20
[   23.968368][  T307]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   23.974183][  T307]  do_syscall_64+0x3d/0xb0
[   23.978435][  T307]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   23.984164][  T307] RIP: 0033:0x7f40604990a9
[   23.988417][  T307] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   24.007859][  T307] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[pid   307] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   307] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   307] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   306] close(3)                    = 0
[pid   306] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   306] exit_group(0 <unfinished ...>
[pid   307] <... futex resumed>)        = ?
[pid   306] <... exit_group resumed>)   = ?
[pid   307] +++ exited with 0 +++
[pid   306] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 12
./strace-static-x86_64: Process 308 attached
[pid   308] set_robust_list(0x55555582b6a0, 24) = 0
[pid   308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   308] setpgid(0, 0)               = 0
[pid   308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   308] write(3, "1000", 4)         = 4
[pid   308] close(3)                    = 0
[pid   308] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   308] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   308] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   308] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0} => {parent_tid=[13]}, 88) = 13
[pid   308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   308] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   308] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 309 attached
 <unfinished ...>
[pid   309] set_robust_list(0x7f40604599a0, 24) = 0
[pid   309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   309] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   309] write(3, "69", 2)           = 2
[   24.016104][  T307] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   24.023920][  T307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   24.031725][  T307] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   24.039538][  T307] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   24.047350][  T307] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   24.055168][  T307]  </TASK>
[   24.069106][  T309] FAULT_INJECTION: forcing a failure.
[   24.069106][  T309] name failslab, interval 1, probability 0, space 0, times 0
[   24.081562][  T309] CPU: 0 PID: 309 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   24.091574][  T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   24.101470][  T309] Call Trace:
[   24.104606][  T309]  <TASK>
[   24.107371][  T309]  dump_stack_lvl+0x151/0x1b7
[   24.111895][  T309]  ? io_uring_drop_tctx_refs+0x190/0x190
[   24.117360][  T309]  dump_stack+0x15/0x17
[   24.121347][  T309]  should_fail+0x3c6/0x510
[   24.125599][  T309]  __should_failslab+0xa4/0xe0
[   24.130198][  T309]  ? anon_vma_fork+0x1df/0x4e0
[   24.134796][  T309]  should_failslab+0x9/0x20
[   24.139141][  T309]  slab_pre_alloc_hook+0x37/0xd0
[   24.143910][  T309]  ? anon_vma_fork+0x1df/0x4e0
[   24.148511][  T309]  kmem_cache_alloc+0x44/0x200
[   24.153111][  T309]  anon_vma_fork+0x1df/0x4e0
[   24.157543][  T309]  copy_mm+0xa3a/0x13e0
[   24.161536][  T309]  ? copy_signal+0x610/0x610
[   24.165959][  T309]  ? __init_rwsem+0xd6/0x1c0
[   24.170385][  T309]  ? copy_signal+0x4e3/0x610
[   24.174812][  T309]  copy_process+0x12bc/0x3260
[   24.179330][  T309]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   24.184272][  T309]  ? __kasan_check_write+0x14/0x20
[   24.189219][  T309]  kernel_clone+0x21e/0x9e0
[   24.193563][  T309]  ? _raw_spin_unlock_irq+0x4e/0x70
[   24.198594][  T309]  ? create_io_thread+0x1e0/0x1e0
[   24.203454][  T309]  __x64_sys_clone+0x23f/0x290
[   24.208054][  T309]  ? __do_sys_vfork+0x130/0x130
[   24.212737][  T309]  ? __kasan_check_read+0x11/0x20
[   24.217599][  T309]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   24.223414][  T309]  do_syscall_64+0x3d/0xb0
[   24.227668][  T309]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.233394][  T309] RIP: 0033:0x7f40604990a9
[   24.237648][  T309] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   24.257090][  T309] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[pid   309] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   308] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   309] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   309] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   309] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   308] close(3)                    = 0
[pid   308] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   308] exit_group(0)               = ?
[pid   309] <... futex resumed>)        = ?
[pid   309] +++ exited with 0 +++
[pid   308] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 14
./strace-static-x86_64: Process 310 attached
[pid   310] set_robust_list(0x55555582b6a0, 24) = 0
[pid   310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   310] setpgid(0, 0)               = 0
[pid   310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   310] write(3, "1000", 4)         = 4
[pid   310] close(3)                    = 0
[pid   310] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   310] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   310] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   310] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0}./strace-static-x86_64: Process 311 attached
 <unfinished ...>
[pid   311] set_robust_list(0x7f40604599a0, 24) = 0
[pid   311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   311] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   310] <... clone3 resumed> => {parent_tid=[15]}, 88) = 15
[pid   310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   310] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   311] <... futex resumed>)        = 0
[pid   311] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   311] write(3, "69", 2)           = 2
[   24.265335][  T309] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   24.273149][  T309] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   24.280963][  T309] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   24.288772][  T309] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   24.296583][  T309] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   24.304508][  T309]  </TASK>
[   24.323914][  T311] FAULT_INJECTION: forcing a failure.
[   24.323914][  T311] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   24.337027][  T311] CPU: 0 PID: 311 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   24.346992][  T311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   24.356886][  T311] Call Trace:
[   24.360012][  T311]  <TASK>
[   24.362788][  T311]  dump_stack_lvl+0x151/0x1b7
[   24.367304][  T311]  ? io_uring_drop_tctx_refs+0x190/0x190
[   24.372766][  T311]  ? kmem_cache_alloc+0x134/0x200
[   24.377629][  T311]  dump_stack+0x15/0x17
[   24.381620][  T311]  should_fail+0x3c6/0x510
[   24.385873][  T311]  should_fail_alloc_page+0x5a/0x80
[   24.390906][  T311]  prepare_alloc_pages+0x15c/0x700
[   24.395854][  T311]  ? __alloc_pages_bulk+0xe60/0xe60
[   24.400890][  T311]  __alloc_pages+0x138/0x5e0
[   24.405315][  T311]  ? prep_new_page+0x110/0x110
[   24.409915][  T311]  ? __alloc_pages+0x206/0x5e0
[   24.414519][  T311]  ? stack_trace_save+0x1c0/0x1c0
[   24.419377][  T311]  ? __kasan_check_write+0x14/0x20
[   24.424581][  T311]  ? _raw_spin_lock+0xa4/0x1b0
[   24.429184][  T311]  __pmd_alloc+0xb1/0x550
[   24.433352][  T311]  ? __pud_alloc+0x260/0x260
[   24.437775][  T311]  ? __pud_alloc+0x213/0x260
[   24.442203][  T311]  ? do_handle_mm_fault+0x2330/0x2330
[   24.447411][  T311]  ? __stack_depot_save+0x34/0x470
[   24.452357][  T311]  ? anon_vma_clone+0x9a/0x500
[   24.456957][  T311]  copy_page_range+0x2b3d/0x2f90
[   24.461731][  T311]  ? __kasan_slab_alloc+0xb1/0xe0
[   24.466593][  T311]  ? slab_post_alloc_hook+0x53/0x2c0
[   24.471711][  T311]  ? copy_mm+0xa3a/0x13e0
[   24.475876][  T311]  ? copy_process+0x12bc/0x3260
[   24.480564][  T311]  ? kernel_clone+0x21e/0x9e0
[   24.485078][  T311]  ? do_syscall_64+0x3d/0xb0
[   24.489505][  T311]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.495410][  T311]  ? pfn_valid+0x1e0/0x1e0
[   24.499660][  T311]  ? rwsem_write_trylock+0x15b/0x290
[   24.504785][  T311]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   24.511031][  T311]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   24.516583][  T311]  ? __rb_insert_augmented+0x5de/0x610
[   24.521887][  T311]  copy_mm+0xc7e/0x13e0
[   24.525885][  T311]  ? copy_signal+0x610/0x610
[   24.530305][  T311]  ? __init_rwsem+0xd6/0x1c0
[   24.534726][  T311]  ? copy_signal+0x4e3/0x610
[   24.539159][  T311]  copy_process+0x12bc/0x3260
[   24.543673][  T311]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   24.548614][  T311]  ? __kasan_check_write+0x14/0x20
[   24.553560][  T311]  kernel_clone+0x21e/0x9e0
[   24.557900][  T311]  ? _raw_spin_unlock_irq+0x4e/0x70
[   24.562934][  T311]  ? create_io_thread+0x1e0/0x1e0
[   24.567795][  T311]  __x64_sys_clone+0x23f/0x290
[   24.572394][  T311]  ? __do_sys_vfork+0x130/0x130
[   24.577080][  T311]  ? __kasan_check_read+0x11/0x20
[   24.581940][  T311]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   24.587755][  T311]  do_syscall_64+0x3d/0xb0
[   24.592007][  T311]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.597738][  T311] RIP: 0033:0x7f40604990a9
[   24.601990][  T311] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[pid   311] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   310] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   311] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   311] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   310] <... futex resumed>)        = 0
[pid   310] close(3)                    = 0
[pid   310] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   310] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   310] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   310] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   310] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   310] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   310] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   311] <... futex resumed>)        = 1
[pid   310] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   311] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   310] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   310] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   310] exit_group(0)               = ?
[pid   311] <... futex resumed>)        = ?
[pid   311] +++ exited with 0 +++
[pid   310] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 313 attached
, child_tidptr=0x55555582b690) = 16
[pid   313] set_robust_list(0x55555582b6a0, 24) = 0
[pid   313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   313] setpgid(0, 0)               = 0
[pid   313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   313] write(3, "1000", 4)         = 4
[pid   313] close(3)                    = 0
[pid   313] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   313] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   313] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   313] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0}./strace-static-x86_64: Process 314 attached
 <unfinished ...>
[pid   314] set_robust_list(0x7f40604599a0, 24) = 0
[pid   314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   314] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   313] <... clone3 resumed> => {parent_tid=[17]}, 88) = 17
[pid   313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   313] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   314] <... futex resumed>)        = 0
[pid   314] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   313] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   314] <... openat resumed>)       = 3
[pid   314] write(3, "69", 2)           = 2
[   24.621433][  T311] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   24.629676][  T311] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   24.637489][  T311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   24.645298][  T311] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   24.653112][  T311] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   24.660924][  T311] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   24.668737][  T311]  </TASK>
[pid   314] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   313] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   24.689931][  T314] FAULT_INJECTION: forcing a failure.
[   24.689931][  T314] name failslab, interval 1, probability 0, space 0, times 0
[   24.702359][  T314] CPU: 0 PID: 314 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   24.712599][  T314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   24.722500][  T314] Call Trace:
[   24.725619][  T314]  <TASK>
[   24.728395][  T314]  dump_stack_lvl+0x151/0x1b7
[   24.732909][  T314]  ? io_uring_drop_tctx_refs+0x190/0x190
[   24.738384][  T314]  dump_stack+0x15/0x17
[   24.742376][  T314]  should_fail+0x3c6/0x510
[   24.746622][  T314]  __should_failslab+0xa4/0xe0
[   24.751224][  T314]  ? anon_vma_fork+0x1df/0x4e0
[   24.755820][  T314]  should_failslab+0x9/0x20
[   24.760164][  T314]  slab_pre_alloc_hook+0x37/0xd0
[   24.764933][  T314]  ? anon_vma_fork+0x1df/0x4e0
[   24.769534][  T314]  kmem_cache_alloc+0x44/0x200
[   24.774140][  T314]  anon_vma_fork+0x1df/0x4e0
[   24.778562][  T314]  copy_mm+0xa3a/0x13e0
[   24.782556][  T314]  ? copy_signal+0x610/0x610
[   24.786986][  T314]  ? __init_rwsem+0xd6/0x1c0
[   24.791406][  T314]  ? copy_signal+0x4e3/0x610
[   24.795833][  T314]  copy_process+0x12bc/0x3260
[   24.800348][  T314]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   24.805297][  T314]  ? __kasan_check_write+0x14/0x20
[   24.810241][  T314]  kernel_clone+0x21e/0x9e0
[   24.814587][  T314]  ? _raw_spin_unlock_irq+0x4e/0x70
[   24.819618][  T314]  ? create_io_thread+0x1e0/0x1e0
[   24.824482][  T314]  __x64_sys_clone+0x23f/0x290
[   24.829075][  T314]  ? __do_sys_vfork+0x130/0x130
[   24.833762][  T314]  ? __kasan_check_read+0x11/0x20
[   24.838628][  T314]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   24.844443][  T314]  do_syscall_64+0x3d/0xb0
[   24.848691][  T314]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.854423][  T314] RIP: 0033:0x7f40604990a9
[   24.858671][  T314] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   24.878115][  T314] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[pid   314] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   314] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   313] close(3)                    = 0
[pid   313] close(4 <unfinished ...>
[pid   314] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   313] <... close resumed>)        = -1 EBADF (Bad file descriptor)
[pid   313] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   313] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   313] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   313] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   313] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   313] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   313] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   313] exit_group(0 <unfinished ...>
[pid   314] <... futex resumed>)        = ?
[pid   313] <... exit_group resumed>)   = ?
[pid   314] +++ exited with 0 +++
[pid   313] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 18
./strace-static-x86_64: Process 315 attached
[pid   315] set_robust_list(0x55555582b6a0, 24) = 0
[pid   315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   315] setpgid(0, 0)               = 0
[pid   315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   315] write(3, "1000", 4)         = 4
[pid   315] close(3)                    = 0
[pid   315] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   315] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   315] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   315] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0}./strace-static-x86_64: Process 316 attached
 <unfinished ...>
[pid   316] set_robust_list(0x7f40604599a0, 24 <unfinished ...>
[pid   315] <... clone3 resumed> => {parent_tid=[19]}, 88) = 19
[pid   315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   315] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   315] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   316] <... set_robust_list resumed>) = 0
[pid   316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   316] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   316] write(3, "69", 2)           = 2
[   24.886360][  T314] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   24.894173][  T314] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   24.901983][  T314] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   24.909794][  T314] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   24.917605][  T314] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   24.925419][  T314]  </TASK>
[pid   316] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   315] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   24.941710][  T316] FAULT_INJECTION: forcing a failure.
[   24.941710][  T316] name failslab, interval 1, probability 0, space 0, times 0
[   24.954182][  T316] CPU: 0 PID: 316 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   24.964171][  T316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   24.974065][  T316] Call Trace:
[   24.977188][  T316]  <TASK>
[   24.979966][  T316]  dump_stack_lvl+0x151/0x1b7
[   24.984483][  T316]  ? io_uring_drop_tctx_refs+0x190/0x190
[   24.989951][  T316]  dump_stack+0x15/0x17
[   24.993940][  T316]  should_fail+0x3c6/0x510
[   24.998193][  T316]  __should_failslab+0xa4/0xe0
[   25.002792][  T316]  ? anon_vma_clone+0x9a/0x500
[   25.007393][  T316]  should_failslab+0x9/0x20
[   25.011736][  T316]  slab_pre_alloc_hook+0x37/0xd0
[   25.016509][  T316]  ? anon_vma_clone+0x9a/0x500
[   25.021107][  T316]  kmem_cache_alloc+0x44/0x200
[   25.025705][  T316]  anon_vma_clone+0x9a/0x500
[   25.030134][  T316]  anon_vma_fork+0x91/0x4e0
[   25.034472][  T316]  ? anon_vma_name+0x4c/0x70
[   25.038900][  T316]  ? vm_area_dup+0x17a/0x230
[   25.043324][  T316]  copy_mm+0xa3a/0x13e0
[   25.047319][  T316]  ? copy_signal+0x610/0x610
[   25.051748][  T316]  ? __init_rwsem+0xd6/0x1c0
[   25.056169][  T316]  ? copy_signal+0x4e3/0x610
[   25.060597][  T316]  copy_process+0x12bc/0x3260
[   25.065113][  T316]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   25.070058][  T316]  ? __kasan_check_write+0x14/0x20
[   25.075009][  T316]  kernel_clone+0x21e/0x9e0
[   25.079345][  T316]  ? _raw_spin_unlock_irq+0x4e/0x70
[   25.084377][  T316]  ? create_io_thread+0x1e0/0x1e0
[   25.089240][  T316]  __x64_sys_clone+0x23f/0x290
[   25.093844][  T316]  ? __do_sys_vfork+0x130/0x130
[   25.098526][  T316]  ? __kasan_check_read+0x11/0x20
[   25.103385][  T316]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   25.109203][  T316]  do_syscall_64+0x3d/0xb0
[   25.113455][  T316]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.119182][  T316] RIP: 0033:0x7f40604990a9
[   25.123447][  T316] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   25.142881][  T316] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   25.151124][  T316] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   25.158935][  T316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   25.166746][  T316] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   25.174558][  T316] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   25.182366][  T316] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   25.190184][  T316]  </TASK>
[pid   316] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 EFAULT (Bad address)
[pid   316] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   316] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   315] close(3)                    = 0
[pid   315] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   315] exit_group(0 <unfinished ...>
[pid   316] <... futex resumed>)        = ?
[pid   315] <... exit_group resumed>)   = ?
[pid   316] +++ exited with 0 +++
[pid   315] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 21
./strace-static-x86_64: Process 318 attached
[pid   318] set_robust_list(0x55555582b6a0, 24) = 0
[pid   318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   318] setpgid(0, 0)               = 0
[pid   318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   318] write(3, "1000", 4)         = 4
[pid   318] close(3)                    = 0
[pid   318] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   318] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   318] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   318] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0}./strace-static-x86_64: Process 319 attached
 <unfinished ...>
[pid   319] set_robust_list(0x7f40604599a0, 24) = 0
[pid   319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   319] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   318] <... clone3 resumed> => {parent_tid=[22]}, 88) = 22
[pid   318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   318] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   319] <... futex resumed>)        = 0
[pid   319] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   318] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   319] write(3, "69", 2)           = 2
[pid   319] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   318] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   25.208189][  T319] FAULT_INJECTION: forcing a failure.
[   25.208189][  T319] name failslab, interval 1, probability 0, space 0, times 0
[   25.220629][  T319] CPU: 0 PID: 319 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   25.230664][  T319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   25.240557][  T319] Call Trace:
[   25.243683][  T319]  <TASK>
[   25.246460][  T319]  dump_stack_lvl+0x151/0x1b7
[   25.250971][  T319]  ? io_uring_drop_tctx_refs+0x190/0x190
[   25.256440][  T319]  dump_stack+0x15/0x17
[   25.260446][  T319]  should_fail+0x3c6/0x510
[   25.264685][  T319]  __should_failslab+0xa4/0xe0
[   25.269289][  T319]  ? anon_vma_fork+0xf7/0x4e0
[   25.273797][  T319]  should_failslab+0x9/0x20
[   25.278138][  T319]  slab_pre_alloc_hook+0x37/0xd0
[   25.282912][  T319]  ? anon_vma_fork+0xf7/0x4e0
[   25.287425][  T319]  kmem_cache_alloc+0x44/0x200
[   25.292026][  T319]  anon_vma_fork+0xf7/0x4e0
[   25.296364][  T319]  ? anon_vma_name+0x43/0x70
[   25.300793][  T319]  ? vm_area_dup+0x17a/0x230
[   25.305218][  T319]  copy_mm+0xa3a/0x13e0
[   25.309217][  T319]  ? copy_signal+0x610/0x610
[   25.313641][  T319]  ? __init_rwsem+0xd6/0x1c0
[   25.318066][  T319]  ? copy_signal+0x4e3/0x610
[   25.322493][  T319]  copy_process+0x12bc/0x3260
[   25.327009][  T319]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   25.331956][  T319]  ? __kasan_check_write+0x14/0x20
[   25.336899][  T319]  kernel_clone+0x21e/0x9e0
[   25.341248][  T319]  ? _raw_spin_unlock_irq+0x4e/0x70
[   25.346274][  T319]  ? create_io_thread+0x1e0/0x1e0
[   25.351136][  T319]  __x64_sys_clone+0x23f/0x290
[   25.355732][  T319]  ? __do_sys_vfork+0x130/0x130
[   25.360419][  T319]  ? __kasan_check_read+0x11/0x20
[   25.365283][  T319]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   25.371102][  T319]  do_syscall_64+0x3d/0xb0
[   25.375348][  T319]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.381081][  T319] RIP: 0033:0x7f40604990a9
[   25.385335][  T319] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[pid   319] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   319] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   318] close(3 <unfinished ...>
[pid   319] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   318] <... close resumed>)        = 0
[pid   318] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   318] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   318] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   318] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   318] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   318] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   318] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   318] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   318] exit_group(0 <unfinished ...>
[pid   319] <... futex resumed>)        = ?
[pid   318] <... exit_group resumed>)   = ?
[pid   319] +++ exited with 0 +++
[pid   318] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 23
./strace-static-x86_64: Process 320 attached
[pid   320] set_robust_list(0x55555582b6a0, 24) = 0
[pid   320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   320] setpgid(0, 0)               = 0
[pid   320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   320] write(3, "1000", 4)         = 4
[pid   320] close(3)                    = 0
[pid   320] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   320] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   320] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   320] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0}./strace-static-x86_64: Process 321 attached
 => {parent_tid=[24]}, 88) = 24
[pid   321] set_robust_list(0x7f40604599a0, 24 <unfinished ...>
[pid   320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   320] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   320] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   321] <... set_robust_list resumed>) = 0
[pid   321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   321] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   321] write(3, "69", 2)           = 2
[   25.404775][  T319] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   25.413015][  T319] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   25.420827][  T319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   25.428637][  T319] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   25.436453][  T319] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   25.444264][  T319] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   25.452075][  T319]  </TASK>
[   25.466594][  T321] FAULT_INJECTION: forcing a failure.
[   25.466594][  T321] name failslab, interval 1, probability 0, space 0, times 0
[   25.479044][  T321] CPU: 1 PID: 321 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   25.489051][  T321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   25.498946][  T321] Call Trace:
[   25.502070][  T321]  <TASK>
[   25.504848][  T321]  dump_stack_lvl+0x151/0x1b7
[   25.509361][  T321]  ? io_uring_drop_tctx_refs+0x190/0x190
[   25.514829][  T321]  ? avc_denied+0x1b0/0x1b0
[   25.519169][  T321]  dump_stack+0x15/0x17
[   25.523164][  T321]  should_fail+0x3c6/0x510
[   25.527427][  T321]  __should_failslab+0xa4/0xe0
[   25.532012][  T321]  ? vm_area_dup+0x26/0x230
[   25.536355][  T321]  should_failslab+0x9/0x20
[   25.540693][  T321]  slab_pre_alloc_hook+0x37/0xd0
[   25.545466][  T321]  ? vm_area_dup+0x26/0x230
[   25.549811][  T321]  kmem_cache_alloc+0x44/0x200
[   25.554408][  T321]  vm_area_dup+0x26/0x230
[   25.558572][  T321]  copy_mm+0x9a1/0x13e0
[   25.562571][  T321]  ? copy_signal+0x610/0x610
[   25.566991][  T321]  ? __init_rwsem+0xd6/0x1c0
[   25.571424][  T321]  ? copy_signal+0x4e3/0x610
[   25.575845][  T321]  copy_process+0x12bc/0x3260
[   25.580358][  T321]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   25.585304][  T321]  ? __kasan_check_write+0x14/0x20
[   25.590253][  T321]  kernel_clone+0x21e/0x9e0
[   25.594591][  T321]  ? _raw_spin_unlock_irq+0x4e/0x70
[   25.599638][  T321]  ? create_io_thread+0x1e0/0x1e0
[   25.604487][  T321]  __x64_sys_clone+0x23f/0x290
[   25.609092][  T321]  ? __do_sys_vfork+0x130/0x130
[   25.613773][  T321]  ? __kasan_check_read+0x11/0x20
[   25.618633][  T321]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   25.624448][  T321]  do_syscall_64+0x3d/0xb0
[   25.628705][  T321]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.634519][  T321] RIP: 0033:0x7f40604990a9
[   25.638770][  T321] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   25.658212][  T321] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[pid   321] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   320] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   321] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   321] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   320] close(3)                    = 0
[pid   320] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   320] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   320] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   320] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   320] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   320] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   320] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   320] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   320] exit_group(0 <unfinished ...>
[pid   321] <... futex resumed>)        = ?
[pid   320] <... exit_group resumed>)   = ?
[pid   321] +++ exited with 0 +++
[pid   320] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 323 attached
, child_tidptr=0x55555582b690) = 25
[pid   323] set_robust_list(0x55555582b6a0, 24) = 0
[pid   323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   323] setpgid(0, 0)               = 0
[pid   323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   323] write(3, "1000", 4)         = 4
[pid   323] close(3)                    = 0
[pid   323] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   323] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   323] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   323] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0} => {parent_tid=[26]}, 88) = 26
[pid   323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   323] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   323] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 324 attached
 <unfinished ...>
[pid   324] set_robust_list(0x7f40604599a0, 24) = 0
[pid   324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   324] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   324] write(3, "69", 2)           = 2
[   25.666457][  T321] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   25.674267][  T321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   25.682080][  T321] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   25.689982][  T321] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   25.697790][  T321] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   25.705604][  T321]  </TASK>
[   25.718296][  T324] FAULT_INJECTION: forcing a failure.
[   25.718296][  T324] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   25.731426][  T324] CPU: 0 PID: 324 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   25.741372][  T324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   25.751296][  T324] Call Trace:
[   25.754397][  T324]  <TASK>
[   25.757168][  T324]  dump_stack_lvl+0x151/0x1b7
[   25.761685][  T324]  ? io_uring_drop_tctx_refs+0x190/0x190
[   25.767160][  T324]  ? kmem_cache_alloc+0x134/0x200
[   25.772011][  T324]  dump_stack+0x15/0x17
[   25.776003][  T324]  should_fail+0x3c6/0x510
[   25.780258][  T324]  should_fail_alloc_page+0x5a/0x80
[   25.785290][  T324]  prepare_alloc_pages+0x15c/0x700
[   25.790238][  T324]  ? __alloc_pages_bulk+0xe60/0xe60
[   25.795272][  T324]  __alloc_pages+0x138/0x5e0
[   25.799698][  T324]  ? prep_new_page+0x110/0x110
[   25.804296][  T324]  ? __alloc_pages+0x206/0x5e0
[   25.808897][  T324]  ? stack_trace_save+0x1c0/0x1c0
[   25.813758][  T324]  ? __kasan_check_write+0x14/0x20
[   25.818704][  T324]  ? _raw_spin_lock+0xa4/0x1b0
[   25.823306][  T324]  __pmd_alloc+0xb1/0x550
[   25.827473][  T324]  ? __pud_alloc+0x260/0x260
[   25.831896][  T324]  ? __pud_alloc+0x213/0x260
[   25.836324][  T324]  ? do_handle_mm_fault+0x2330/0x2330
[   25.841531][  T324]  ? __stack_depot_save+0x34/0x470
[   25.846478][  T324]  ? anon_vma_clone+0x9a/0x500
[   25.851081][  T324]  copy_page_range+0x2b3d/0x2f90
[   25.855856][  T324]  ? __kasan_slab_alloc+0xb1/0xe0
[   25.860712][  T324]  ? slab_post_alloc_hook+0x53/0x2c0
[   25.865833][  T324]  ? copy_mm+0xa3a/0x13e0
[   25.870000][  T324]  ? copy_process+0x12bc/0x3260
[   25.874686][  T324]  ? kernel_clone+0x21e/0x9e0
[   25.879201][  T324]  ? do_syscall_64+0x3d/0xb0
[   25.883631][  T324]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.889535][  T324]  ? pfn_valid+0x1e0/0x1e0
[   25.893781][  T324]  ? rwsem_write_trylock+0x15b/0x290
[   25.898907][  T324]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   25.905154][  T324]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   25.910707][  T324]  ? __rb_insert_augmented+0x5de/0x610
[   25.916001][  T324]  copy_mm+0xc7e/0x13e0
[   25.919996][  T324]  ? copy_signal+0x610/0x610
[   25.924425][  T324]  ? __init_rwsem+0xd6/0x1c0
[   25.928847][  T324]  ? copy_signal+0x4e3/0x610
[   25.933273][  T324]  copy_process+0x12bc/0x3260
[   25.937788][  T324]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   25.942938][  T324]  ? __kasan_check_write+0x14/0x20
[   25.947879][  T324]  kernel_clone+0x21e/0x9e0
[   25.952222][  T324]  ? _raw_spin_unlock_irq+0x4e/0x70
[   25.957252][  T324]  ? create_io_thread+0x1e0/0x1e0
[   25.962114][  T324]  __x64_sys_clone+0x23f/0x290
[   25.966720][  T324]  ? __do_sys_vfork+0x130/0x130
[   25.971401][  T324]  ? __kasan_check_read+0x11/0x20
[   25.976262][  T324]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   25.982164][  T324]  do_syscall_64+0x3d/0xb0
[   25.986415][  T324]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.992144][  T324] RIP: 0033:0x7f40604990a9
[   25.996398][  T324] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[pid   324] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   323] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   324] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   324] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   324] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   323] close(3)                    = 0
[pid   323] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   323] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   323] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   323] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   323] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   323] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   323] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   323] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   323] exit_group(0 <unfinished ...>
[pid   324] <... futex resumed>)        = ?
[pid   323] <... exit_group resumed>)   = ?
[pid   324] +++ exited with 0 +++
[pid   323] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 27
./strace-static-x86_64: Process 325 attached
[pid   325] set_robust_list(0x55555582b6a0, 24) = 0
[pid   325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   325] setpgid(0, 0)               = 0
[pid   325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   325] write(3, "1000", 4)         = 4
[pid   325] close(3)                    = 0
[pid   325] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   325] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   325] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   325] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0} => {parent_tid=[28]}, 88) = 28
./strace-static-x86_64: Process 326 attached
[pid   326] set_robust_list(0x7f40604599a0, 24) = 0
[pid   326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   326] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   325] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   326] <... futex resumed>)        = 0
[pid   326] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   325] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   326] <... openat resumed>)       = 3
[pid   326] write(3, "69", 2)           = 2
[   26.015839][  T324] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   26.024108][  T324] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   26.031898][  T324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   26.039705][  T324] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   26.047528][  T324] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   26.055331][  T324] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   26.063143][  T324]  </TASK>
[pid   326] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   325] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   26.080522][  T326] FAULT_INJECTION: forcing a failure.
[   26.080522][  T326] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   26.093605][  T326] CPU: 0 PID: 326 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   26.103603][  T326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   26.113502][  T326] Call Trace:
[   26.116622][  T326]  <TASK>
[   26.119399][  T326]  dump_stack_lvl+0x151/0x1b7
[   26.123912][  T326]  ? io_uring_drop_tctx_refs+0x190/0x190
[   26.129381][  T326]  dump_stack+0x15/0x17
[   26.133377][  T326]  should_fail+0x3c6/0x510
[   26.137631][  T326]  should_fail_alloc_page+0x5a/0x80
[   26.142660][  T326]  prepare_alloc_pages+0x15c/0x700
[   26.147607][  T326]  ? __alloc_pages_bulk+0xe60/0xe60
[   26.152642][  T326]  __alloc_pages+0x138/0x5e0
[   26.157068][  T326]  ? stack_trace_save+0x1c0/0x1c0
[   26.161927][  T326]  ? prep_new_page+0x110/0x110
[   26.166529][  T326]  get_zeroed_page+0x19/0x40
[   26.170956][  T326]  __pud_alloc+0x8b/0x260
[   26.175122][  T326]  ? stack_trace_snprint+0xf0/0xf0
[   26.180069][  T326]  ? do_handle_mm_fault+0x2330/0x2330
[   26.185274][  T326]  ? __stack_depot_save+0x34/0x470
[   26.190220][  T326]  ? anon_vma_clone+0x9a/0x500
[   26.194823][  T326]  copy_page_range+0x2bcf/0x2f90
[   26.199618][  T326]  ? __kasan_slab_alloc+0xb1/0xe0
[   26.204455][  T326]  ? slab_post_alloc_hook+0x53/0x2c0
[   26.209576][  T326]  ? copy_mm+0xa3a/0x13e0
[   26.213748][  T326]  ? copy_process+0x12bc/0x3260
[   26.218429][  T326]  ? kernel_clone+0x21e/0x9e0
[   26.222942][  T326]  ? __x64_sys_clone+0x23f/0x290
[   26.227716][  T326]  ? do_syscall_64+0x3d/0xb0
[   26.232144][  T326]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.238050][  T326]  ? pfn_valid+0x1e0/0x1e0
[   26.242296][  T326]  ? rwsem_write_trylock+0x15b/0x290
[   26.247419][  T326]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   26.253667][  T326]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   26.259225][  T326]  ? __rb_insert_augmented+0x5de/0x610
[   26.264518][  T326]  copy_mm+0xc7e/0x13e0
[   26.268511][  T326]  ? copy_signal+0x610/0x610
[   26.272935][  T326]  ? __init_rwsem+0xd6/0x1c0
[   26.277361][  T326]  ? copy_signal+0x4e3/0x610
[   26.281791][  T326]  copy_process+0x12bc/0x3260
[   26.286314][  T326]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   26.291254][  T326]  ? __kasan_check_write+0x14/0x20
[   26.296200][  T326]  kernel_clone+0x21e/0x9e0
[   26.300537][  T326]  ? _raw_spin_unlock_irq+0x4e/0x70
[   26.305570][  T326]  ? create_io_thread+0x1e0/0x1e0
[   26.310432][  T326]  __x64_sys_clone+0x23f/0x290
[   26.315041][  T326]  ? __do_sys_vfork+0x130/0x130
[   26.319719][  T326]  ? __kasan_check_read+0x11/0x20
[   26.324577][  T326]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   26.330393][  T326]  do_syscall_64+0x3d/0xb0
[   26.334647][  T326]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.340375][  T326] RIP: 0033:0x7f40604990a9
[   26.344630][  T326] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   26.364069][  T326] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   26.372315][  T326] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[pid   326] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   326] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   325] close(3)                    = 0
[pid   325] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   325] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   325] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   325] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   325] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   325] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   325] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(16 <unfinished ...>
[pid   326] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   325] <... close resumed>)        = -1 EBADF (Bad file descriptor)
[pid   325] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   325] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   325] exit_group(0 <unfinished ...>
[pid   326] <... futex resumed>)        = 230
[pid   325] <... exit_group resumed>)   = ?
[pid   326] +++ exited with 0 +++
[pid   325] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 327 attached
 <unfinished ...>
[pid   327] set_robust_list(0x55555582b6a0, 24) = 0
[pid   327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   327] setpgid(0, 0)               = 0
[pid   327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   296] <... clone resumed>, child_tidptr=0x55555582b690) = 29
[pid   327] <... openat resumed>)       = 3
[pid   327] write(3, "1000", 4)         = 4
[pid   327] close(3)                    = 0
[pid   327] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   327] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   327] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   327] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0} => {parent_tid=[30]}, 88) = 30
[pid   327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   327] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   327] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 328 attached
 <unfinished ...>
[pid   328] set_robust_list(0x7f40604599a0, 24) = 0
[pid   328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   328] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   328] write(3, "69", 2)           = 2
[   26.380124][  T326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   26.387936][  T326] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   26.395750][  T326] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   26.403561][  T326] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   26.411376][  T326]  </TASK>
[pid   328] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   327] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   26.428870][  T328] FAULT_INJECTION: forcing a failure.
[   26.428870][  T328] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   26.442064][  T328] CPU: 1 PID: 328 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   26.452104][  T328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   26.461997][  T328] Call Trace:
[   26.465122][  T328]  <TASK>
[   26.467897][  T328]  dump_stack_lvl+0x151/0x1b7
[   26.472499][  T328]  ? io_uring_drop_tctx_refs+0x190/0x190
[   26.477968][  T328]  ? sched_clock+0x9/0x10
[   26.482134][  T328]  dump_stack+0x15/0x17
[   26.486129][  T328]  should_fail+0x3c6/0x510
[   26.490377][  T328]  should_fail_alloc_page+0x5a/0x80
[   26.495413][  T328]  prepare_alloc_pages+0x15c/0x700
[   26.500361][  T328]  ? __alloc_pages_bulk+0xe60/0xe60
[   26.505395][  T328]  __alloc_pages+0x138/0x5e0
[   26.509818][  T328]  ? stack_trace_save+0x1c0/0x1c0
[   26.514678][  T328]  ? prep_new_page+0x110/0x110
[   26.519281][  T328]  get_zeroed_page+0x19/0x40
[   26.523706][  T328]  __pud_alloc+0x8b/0x260
[   26.527871][  T328]  ? stack_trace_snprint+0xf0/0xf0
[   26.532820][  T328]  ? do_handle_mm_fault+0x2330/0x2330
[   26.538025][  T328]  ? __stack_depot_save+0x34/0x470
[   26.542973][  T328]  ? anon_vma_clone+0x9a/0x500
[   26.547576][  T328]  copy_page_range+0x2bcf/0x2f90
[   26.552346][  T328]  ? __kasan_slab_alloc+0xb1/0xe0
[   26.557209][  T328]  ? slab_post_alloc_hook+0x53/0x2c0
[   26.562336][  T328]  ? copy_mm+0xa3a/0x13e0
[   26.566492][  T328]  ? copy_process+0x12bc/0x3260
[   26.571277][  T328]  ? kernel_clone+0x21e/0x9e0
[   26.575789][  T328]  ? __x64_sys_clone+0x23f/0x290
[   26.580562][  T328]  ? do_syscall_64+0x3d/0xb0
[   26.584993][  T328]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.590892][  T328]  ? pfn_valid+0x1e0/0x1e0
[   26.595142][  T328]  ? rwsem_write_trylock+0x15b/0x290
[   26.600268][  T328]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   26.606517][  T328]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   26.612068][  T328]  ? __rb_insert_augmented+0x5de/0x610
[   26.617367][  T328]  copy_mm+0xc7e/0x13e0
[   26.621362][  T328]  ? copy_signal+0x610/0x610
[   26.625781][  T328]  ? __init_rwsem+0xd6/0x1c0
[   26.630211][  T328]  ? copy_signal+0x4e3/0x610
[   26.634636][  T328]  copy_process+0x12bc/0x3260
[   26.639151][  T328]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   26.644102][  T328]  ? __kasan_check_write+0x14/0x20
[   26.649243][  T328]  kernel_clone+0x21e/0x9e0
[   26.653584][  T328]  ? _raw_spin_unlock_irq+0x4e/0x70
[   26.658613][  T328]  ? create_io_thread+0x1e0/0x1e0
[   26.663477][  T328]  __x64_sys_clone+0x23f/0x290
[   26.668076][  T328]  ? __do_sys_vfork+0x130/0x130
[   26.672762][  T328]  ? __kasan_check_read+0x11/0x20
[   26.677621][  T328]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   26.683438][  T328]  do_syscall_64+0x3d/0xb0
[   26.687691][  T328]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.693421][  T328] RIP: 0033:0x7f40604990a9
[   26.697678][  T328] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   26.717119][  T328] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   26.725359][  T328] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[pid   328] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   328] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   328] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   327] close(3)                    = 0
[pid   327] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   327] exit_group(0)               = ?
[pid   328] <... futex resumed>)        = ?
[pid   328] +++ exited with 0 +++
[pid   327] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555582b690) = 31
./strace-static-x86_64: Process 330 attached
[pid   330] set_robust_list(0x55555582b6a0, 24) = 0
[pid   330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   330] setpgid(0, 0)               = 0
[pid   330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   330] write(3, "1000", 4)         = 4
[pid   330] close(3)                    = 0
[pid   330] read(200, 0x7ffcb0c03dc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   330] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   330] rt_sigaction(SIGRT_1, {sa_handler=0x7f40604c0cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40604b2330}, NULL, 8) = 0
[pid   330] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4060439000
[pid   330] mprotect(0x7f406043a000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4060459990, parent_tid=0x7f4060459990, exit_signal=0, stack=0x7f4060439000, stack_size=0x20300, tls=0x7f40604596c0} => {parent_tid=[32]}, 88) = 32
[pid   330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   330] futex(0x7f40605233c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   330] futex(0x7f40605233cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 331 attached
 <unfinished ...>
[pid   331] set_robust_list(0x7f40604599a0, 24) = 0
[pid   331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   331] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   331] write(3, "69", 2)           = 2
[   26.733170][  T328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   26.740979][  T328] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   26.748794][  T328] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   26.756602][  T328] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   26.764418][  T328]  </TASK>
[   26.779780][  T331] FAULT_INJECTION: forcing a failure.
[   26.779780][  T331] name failslab, interval 1, probability 0, space 0, times 0
[   26.792392][  T331] CPU: 0 PID: 331 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   26.802429][  T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   26.812326][  T331] Call Trace:
[   26.815448][  T331]  <TASK>
[   26.818226][  T331]  dump_stack_lvl+0x151/0x1b7
[   26.822739][  T331]  ? io_uring_drop_tctx_refs+0x190/0x190
[   26.828207][  T331]  dump_stack+0x15/0x17
[   26.832199][  T331]  should_fail+0x3c6/0x510
[   26.836453][  T331]  __should_failslab+0xa4/0xe0
[   26.841051][  T331]  ? anon_vma_fork+0xf7/0x4e0
[   26.845565][  T331]  should_failslab+0x9/0x20
[   26.849904][  T331]  slab_pre_alloc_hook+0x37/0xd0
[   26.854680][  T331]  ? anon_vma_fork+0xf7/0x4e0
[   26.859255][  T331]  kmem_cache_alloc+0x44/0x200
[   26.863798][  T331]  anon_vma_fork+0xf7/0x4e0
[   26.868134][  T331]  ? anon_vma_name+0x43/0x70
[   26.872556][  T331]  ? vm_area_dup+0x17a/0x230
[   26.876984][  T331]  copy_mm+0xa3a/0x13e0
[   26.880982][  T331]  ? copy_signal+0x610/0x610
[   26.885403][  T331]  ? __init_rwsem+0xd6/0x1c0
[   26.889829][  T331]  ? copy_signal+0x4e3/0x610
[   26.894258][  T331]  copy_process+0x12bc/0x3260
[   26.898769][  T331]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   26.903715][  T331]  ? __kasan_check_write+0x14/0x20
[   26.908665][  T331]  kernel_clone+0x21e/0x9e0
[   26.913006][  T331]  ? _raw_spin_unlock_irq+0x4e/0x70
[   26.918041][  T331]  ? create_io_thread+0x1e0/0x1e0
[   26.922898][  T331]  __x64_sys_clone+0x23f/0x290
[   26.927497][  T331]  ? __do_sys_vfork+0x130/0x130
[   26.932185][  T331]  ? __kasan_check_read+0x11/0x20
[   26.937049][  T331]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   26.942859][  T331]  do_syscall_64+0x3d/0xb0
[   26.947114][  T331]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.952841][  T331] RIP: 0033:0x7f40604990a9
[   26.957099][  T331] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   26.976539][  T331] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   26.984780][  T331] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   26.992593][  T331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   27.000405][  T331] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   27.008214][  T331] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   27.016026][  T331] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   27.023840][  T331]  </TASK>
[   27.026895][  T331] ==================================================================
[   27.034764][  T331] BUG: KASAN: double-free or invalid-free in kfree+0xc8/0x220
[   27.042050][  T331] 
[   27.044223][  T331] CPU: 1 PID: 331 Comm: syz-executor310 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[   27.054302][  T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   27.064271][  T331] Call Trace:
[   27.067395][  T331]  <TASK>
[   27.070173][  T331]  dump_stack_lvl+0x151/0x1b7
[   27.074687][  T331]  ? io_uring_drop_tctx_refs+0x190/0x190
[   27.080157][  T331]  ? __wake_up_klogd+0xd5/0x110
[   27.084841][  T331]  ? panic+0x751/0x751
[   27.088749][  T331]  ? kfree+0xc8/0x220
[   27.092566][  T331]  print_address_description+0x87/0x3b0
[   27.097946][  T331]  ? kfree+0xc8/0x220
[   27.101769][  T331]  ? kfree+0xc8/0x220
[   27.105583][  T331]  kasan_report_invalid_free+0x6b/0xa0
[   27.110881][  T331]  ____kasan_slab_free+0x13e/0x160
[   27.115834][  T331]  __kasan_slab_free+0x11/0x20
[   27.120428][  T331]  slab_free_freelist_hook+0xbd/0x190
[   27.125635][  T331]  ? anon_vma_name_free+0x15/0x20
[   27.130496][  T331]  kfree+0xc8/0x220
[   27.134140][  T331]  anon_vma_name_free+0x15/0x20
[   27.138826][  T331]  vm_area_free_no_check+0xa6/0x130
[   27.143860][  T331]  copy_mm+0xefb/0x13e0
[   27.147859][  T331]  ? copy_signal+0x610/0x610
[   27.152279][  T331]  ? __init_rwsem+0xd6/0x1c0
[   27.156706][  T331]  ? copy_signal+0x4e3/0x610
[   27.161135][  T331]  copy_process+0x12bc/0x3260
[   27.165647][  T331]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   27.170592][  T331]  ? __kasan_check_write+0x14/0x20
[   27.175542][  T331]  kernel_clone+0x21e/0x9e0
[   27.179879][  T331]  ? _raw_spin_unlock_irq+0x4e/0x70
[   27.184915][  T331]  ? create_io_thread+0x1e0/0x1e0
[   27.189779][  T331]  __x64_sys_clone+0x23f/0x290
[   27.194382][  T331]  ? __do_sys_vfork+0x130/0x130
[   27.199062][  T331]  ? __kasan_check_read+0x11/0x20
[   27.203922][  T331]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   27.209739][  T331]  do_syscall_64+0x3d/0xb0
[   27.213991][  T331]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.219717][  T331] RIP: 0033:0x7f40604990a9
[   27.223974][  T331] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   27.243413][  T331] RSP: 002b:00007f4060459208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   27.251657][  T331] RAX: ffffffffffffffda RBX: 00007f40605233c8 RCX: 00007f40604990a9
[   27.259475][  T331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000012201000
[   27.267281][  T331] RBP: 00007f40605233c0 R08: 0000000000000000 R09: 0000000000003936
[   27.275093][  T331] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40605233cc
[   27.282904][  T331] R13: 00007f4060459210 R14: 0000000000000002 R15: 00007f40604f001d
[   27.290720][  T331]  </TASK>
[   27.293578][  T331] 
[   27.295751][  T331] Allocated by task 295:
[   27.299830][  T331]  __kasan_slab_alloc+0xb1/0xe0
[   27.304515][  T331]  slab_post_alloc_hook+0x53/0x2c0
[   27.309469][  T331]  kmem_cache_alloc+0xf5/0x200
[   27.314062][  T331]  vm_area_dup+0x26/0x230
[   27.318230][  T331]  copy_mm+0x9a1/0x13e0
[   27.322222][  T331]  copy_process+0x12bc/0x3260
[   27.326740][  T331]  kernel_clone+0x21e/0x9e0
[   27.331077][  T331]  __x64_sys_clone+0x23f/0x290
[   27.335680][  T331]  do_syscall_64+0x3d/0xb0
[   27.339928][  T331]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.345655][  T331] 
[   27.347828][  T331] The buggy address belongs to the object at ffff88811a9156f0
[   27.347828][  T331]  which belongs to the cache vm_area_struct of size 232
[   27.361972][  T331] The buggy address is located 88 bytes inside of
[   27.361972][  T331]  232-byte region [ffff88811a9156f0, ffff88811a9157d8)
[   27.374994][  T331] The buggy address belongs to the page:
[   27.380463][  T331] page:ffffea00046a4540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a915
[   27.390541][  T331] flags: 0x4000000000000200(slab|zone=1)
[   27.396004][  T331] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881001bd680
[   27.404418][  T331] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000
[   27.412833][  T331] page dumped because: kasan: bad access detected
[   27.419101][  T331] page_owner tracks the page as allocated
[   27.424637][  T331] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 295, ts 22389395565, free_ts 22357790018
[   27.440435][  T331]  post_alloc_hook+0x1a3/0x1b0
[   27.445034][  T331]  prep_new_page+0x1b/0x110
[   27.449374][  T331]  get_page_from_freelist+0x3550/0x35d0
[   27.454755][  T331]  __alloc_pages+0x206/0x5e0
[   27.459181][  T331]  new_slab+0x9a/0x4e0
[   27.463092][  T331]  ___slab_alloc+0x39e/0x830
[   27.467514][  T331]  __slab_alloc+0x4a/0x90
[   27.471680][  T331]  kmem_cache_alloc+0x134/0x200
[   27.476364][  T331]  vm_area_dup+0x26/0x230
[   27.480533][  T331]  copy_mm+0x9a1/0x13e0
[   27.484524][  T331]  copy_process+0x12bc/0x3260
[   27.489040][  T331]  kernel_clone+0x21e/0x9e0
[   27.493381][  T331]  __x64_sys_clone+0x23f/0x290
[   27.497981][  T331]  do_syscall_64+0x3d/0xb0
[   27.502231][  T331]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.507958][  T331] page last free stack trace:
[   27.512478][  T331]  free_unref_page_prepare+0x7c8/0x7d0
[   27.517766][  T331]  free_unref_page_list+0x14b/0xa60
[   27.522799][  T331]  release_pages+0x1310/0x1370
[   27.527399][  T331]  free_pages_and_swap_cache+0x8a/0xa0
[   27.532695][  T331]  tlb_finish_mmu+0x177/0x320
[   27.537207][  T331]  exit_mmap+0x3ef/0x6f0
[   27.541288][  T331]  __mmput+0x95/0x310
[   27.545106][  T331]  mmput+0x5b/0x170
[   27.548751][  T331]  do_exit+0xbb4/0x2b60
[   27.552743][  T331]  do_group_exit+0x141/0x310
[   27.557170][  T331]  get_signal+0x7a3/0x1630
[   27.561422][  T331]  arch_do_signal_or_restart+0xbd/0x1680
[   27.566890][  T331]  exit_to_user_mode_loop+0xa0/0xe0
[   27.571929][  T331]  exit_to_user_mode_prepare+0x5a/0xa0
[   27.577226][  T331]  syscall_exit_to_user_mode+0x26/0x160
[   27.582602][  T331]  ret_from_fork+0x15/0x30
[   27.586855][  T331] 
[   27.589111][  T331] Memory state around the buggy address:
[   27.594581][  T331]  ffff88811a915600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.602481][  T331]  ffff88811a915680: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc 00 00
[   27.610379][  T331] >ffff88811a915700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.618276][  T331]                                               ^
[   27.624527][  T331]  ffff88811a915780: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[pid   331] clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_CHILD_CLEARTID|CLONE_NEWCGROUP|CLONE_NEWUSER <unfinished ...>
[pid   330] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   331] <... clone resumed>, parent_tid=NULL, child_tidptr=NULL) = -1 ENOMEM (Cannot allocate memory)
[pid   331] futex(0x7f40605233cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] futex(0x7f40605233c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   330] close(3)                    = 0
[pid   330] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   330] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   330] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   330] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   330] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   330] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   330] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   330] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   330] exit_group(0)               = ?
[pid   331] <... futex resumed>)        = ?
[pid   331] +++ exited with 0 +++
[pid   330] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[   27.632421][  T331]  ffff88811a915800: fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb
[   27.640319][  T331] ==================================================================
[   27.648216][  T331] Disabling lock debugging due to kernel taint
[   27.663613][  T296] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
[   27.675133][  T296] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[   27.683377][  T296] CPU: 1 PID: 296 Comm: syz-executor310 Tainted: G    B             5.15.131-syzkaller-00653-gea586874d2f9 #0
[   27.694833][  T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   27.704729][  T296] RIP: 0010:__rb_insert_augmented+0x91/0x610
[   27.710541][  T296] Code: 00 74 08 4c 89 ef e8 7e b8 2b ff 49 8b 45 00 a8 01 0f 85 60 05 00 00 48 89 5d a0 48 89 45 c0 48 8d 58 08 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 50 b8 2b ff 48 89 d8 48 8b 1b 4c
[   27.729985][  T296] RSP: 0018:ffffc900007d78f8 EFLAGS: 00010202
[   27.735883][  T296] RAX: 0000000000000000 RBX: 0000000000000008 RCX: dffffc0000000000
[   27.743695][  T296] RDX: ffffffff81a4c130 RSI: ffff88810be64390 RDI: ffff888107fca620
[   27.751508][  T296] RBP: ffffc900007d7960 R08: dffffc0000000000 R09: ffff888107fca628
[   27.759319][  T296] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   27.767130][  T296] R13: ffff88811a915748 R14: 0000000000000001 R15: ffff888107fca620
[   27.775042][  T296] FS:  000055555582b3c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   27.783794][  T296] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.790220][  T296] CR2: 00007f4060459670 CR3: 000000011ce4d000 CR4: 00000000003506a0
[   27.798033][  T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.805840][  T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.813650][  T296] Call Trace:
[   27.816775][  T296]  <TASK>
[   27.819556][  T296]  ? __die_body+0x62/0xb0
[   27.823721][  T296]  ? die_addr+0x9f/0xd0
[   27.827711][  T296]  ? exc_general_protection+0x311/0x4b0
[   27.833099][  T296]  ? asm_exc_general_protection+0x27/0x30
[   27.838649][  T296]  ? anon_vma_interval_tree_iter_next+0x390/0x390
[   27.844896][  T296]  ? __rb_insert_augmented+0x91/0x610
[   27.850198][  T296]  ? anon_vma_interval_tree_iter_next+0x390/0x390
[   27.856446][  T296]  vma_interval_tree_insert_after+0x2be/0x2d0
[   27.862351][  T296]  copy_mm+0xba2/0x13e0
[   27.866341][  T296]  ? copy_signal+0x610/0x610
[   27.870767][  T296]  ? __init_rwsem+0xd6/0x1c0
[   27.875194][  T296]  ? copy_signal+0x4e3/0x610
[   27.879623][  T296]  copy_process+0x12bc/0x3260
[   27.884135][  T296]  ? finish_task_switch+0x16f/0x7b0
[   27.889170][  T296]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   27.894113][  T296]  ? __kasan_check_write+0x14/0x20
[   27.899062][  T296]  kernel_clone+0x21e/0x9e0
[   27.903401][  T296]  ? _raw_spin_unlock_irq+0x4e/0x70
[   27.908436][  T296]  ? create_io_thread+0x1e0/0x1e0
[   27.913296][  T296]  __x64_sys_clone+0x23f/0x290
[   27.917897][  T296]  ? __do_sys_vfork+0x130/0x130
[   27.922582][  T296]  ? __kasan_check_read+0x11/0x20
[   27.927443][  T296]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   27.933259][  T296]  do_syscall_64+0x3d/0xb0
[   27.937518][  T296]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.943241][  T296] RIP: 0033:0x7f4060496f03
[   27.947493][  T296] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[   27.966937][  T296] RSP: 002b:00007ffcb0c040b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   27.975180][  T296] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4060496f03
[   27.982992][  T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   27.990803][  T296] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffcb0d080b0
[   27.998616][  T296] R10: 000055555582b690 R11: 0000000000000246 R12: 0000000000000001
[   28.006426][  T296] R13: 00007ffcb0c041dc R14: 00007ffcb0c04230 R15: 00007ffcb0c04220
[   28.014240][  T296]  </TASK>
[   28.017101][  T296] Modules linked in:
[   28.021924][  T296] ---[ end trace 12c08b95a3bbbeea ]---
[   28.027197][  T296] RIP: 0010:__rb_insert_augmented+0x91/0x610
[   28.033061][  T296] Code: 00 74 08 4c 89 ef e8 7e b8 2b ff 49 8b 45 00 a8 01 0f 85 60 05 00 00 48 89 5d a0 48 89 45 c0 48 8d 58 08 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 50 b8 2b ff 48 89 d8 48 8b 1b 4c
[   28.052487][  T296] RSP: 0018:ffffc900007d78f8 EFLAGS: 00010202
[   28.058443][  T296] RAX: 0000000000000000 RBX: 0000000000000008 RCX: dffffc0000000000
[   28.066164][  T296] RDX: ffffffff81a4c130 RSI: ffff88810be64390 RDI: ffff888107fca620
[   28.074007][  T296] RBP: ffffc900007d7960 R08: dffffc0000000000 R09: ffff888107fca628
[   28.081828][  T296] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   28.089621][  T296] R13: ffff88811a915748 R14: 0000000000000001 R15: ffff888107fca620
[   28.097409][  T296] FS:  000055555582b3c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   28.106227][  T296] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   28.112621][  T296] CR2: 00007f40604ef808 CR3: 000000011ce4d000 CR4: 00000000003506b0
[   28.120463][  T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   28.128255][  T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   28.136034][  T296] Kernel panic - not syncing: Fatal exception
[   28.142115][  T296] Kernel Offset: disabled
[   28.146244][  T296] Rebooting in 86400 seconds..