./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4115093791 <...> Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. execve("./syz-executor4115093791", ["./syz-executor4115093791"], 0x7fff8485f9f0 /* 10 vars */) = 0 brk(NULL) = 0x555556bc8000 brk(0x555556bc8d40) = 0x555556bc8d40 arch_prctl(ARCH_SET_FS, 0x555556bc8400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556bc86d0) = 3599 set_robust_list(0x555556bc86e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f591e654220, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f591e653770}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f591e6542c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f591e653770}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4115093791", 4096) = 28 brk(0x555556be9d40) = 0x555556be9d40 brk(0x555556bea000) = 0x555556bea000 mprotect(0x7f591e715000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f591e64e690, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f591e653770}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f591e64e690, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f591e653770}, NULL, 8) = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3600 attached , child_tidptr=0x555556bc86d0) = 3600 [pid 3600] set_robust_list(0x555556bc86e0, 24) = 0 [pid 3600] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3600] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 3600] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 3600] dup2(4, 202) = 202 [pid 3600] close(4) = 0 [pid 3600] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 3600] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f591de43000 [pid 3600] mprotect(0x7f591de44000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 3600] clone(child_stack=0x7f591e6432f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7f591e643700, child_tidptr=0x7f591e6439d0) = 2 [pid 3600] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 3604 attached [pid 3604] set_robust_list(0x7f591e6439e0, 24) = 0 [pid 3604] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3604] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3604] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3604] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 3604] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [pid 3604] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3604] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3604] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3604] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [ 50.972664][ T3603] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 50.981234][ T3603] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 50.989423][ T3603] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 50.999752][ T3603] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 51.009168][ T3603] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [pid 3604] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3604] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3604] read(202, [pid 3600] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 3600] ioctl(3, HCISETSCAN [pid 3604] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 3600] <... ioctl resumed>, 0x7ffdd548d44c) = 0 [pid 3600] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3) = 13 [pid 3600] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14 [pid 3600] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 3600] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 3600] futex(0x7f591e6439d0, FUTEX_WAIT, 2, NULL [pid 3604] madvise(0x7f591de43000, 8372224, MADV_DONTNEED) = 0 [pid 3604] exit(0) = ? [pid 3600] <... futex resumed>) = 0 [pid 3600] close(3) = 0 [pid 3600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3600] setsid() = 1 [pid 3604] +++ exited with 0 +++ [pid 3600] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3600] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3600] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3600] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3600] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3600] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3600] unshare(CLONE_NEWNS) = 0 [pid 3600] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3600] unshare(CLONE_NEWIPC) = 0 [pid 3600] unshare(CLONE_NEWCGROUP) = 0 [pid 3600] unshare(CLONE_NEWUTS) = 0 [pid 3600] unshare(CLONE_SYSVSEM) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "16777216", 8) = 8 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "536870912", 9) = 9 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "1024", 4) = 4 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "8192", 4) = 4 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "1024", 4) = 4 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "1024", 4) = 4 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3600] close(3) = 0 [pid 3600] getpid() = 1 [pid 3600] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 2 [pid 3600] unshare(CLONE_NEWNET) = 0 [pid 3600] mkdir("/dev/binderfs", 0777) = 0 [pid 3600] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 3600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bc86d0) = 3 ./strace-static-x86_64: Process 3605 attached [pid 3605] set_robust_list(0x555556bc86e0, 24) = 0 [pid 3605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3605] setpgid(0, 0) = 0 [pid 3605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3605] write(3, "1000", 4) = 4 [pid 3605] close(3) = 0 [pid 3605] io_uring_setup(21175, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3605] mmap(0x20c00000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20c00000 [pid 3605] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3605] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3605] write(4, "28", 2) = 2 [ 51.091736][ T3605] FAULT_INJECTION: forcing a failure. [ 51.091736][ T3605] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 51.105367][ T3605] CPU: 1 PID: 3605 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 51.115851][ T3605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.125887][ T3605] Call Trace: [ 51.129146][ T3605] [ 51.132065][ T3605] dump_stack_lvl+0xcd/0x134 [ 51.136659][ T3605] should_fail.cold+0x5/0xa [ 51.141150][ T3605] prepare_alloc_pages+0x17b/0x570 [ 51.146255][ T3605] ? kasan_save_stack+0x2e/0x40 [ 51.151087][ T3605] ? kasan_save_stack+0x1e/0x40 [ 51.155921][ T3605] ? __kasan_slab_alloc+0x90/0xc0 [ 51.160930][ T3605] __alloc_pages+0x12f/0x500 [ 51.165507][ T3605] ? __alloc_pages_slowpath.constprop.0+0x20e0/0x20e0 [ 51.172255][ T3605] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.178237][ T3605] alloc_pages+0x1aa/0x310 [ 51.182652][ T3605] __get_free_pages+0x8/0x40 [ 51.187233][ T3605] pgd_alloc+0x81/0x360 [ 51.191384][ T3605] ? pgd_page_get_mm+0x40/0x40 [ 51.196139][ T3605] ? lockdep_init_map_type+0x21a/0x7f0 [ 51.201598][ T3605] ? lockdep_init_map_type+0x21a/0x7f0 [ 51.207058][ T3605] mm_init+0x5d8/0xa70 [ 51.211120][ T3605] dup_mm+0xd8/0x13d0 [ 51.215100][ T3605] ? copy_process+0x2b6a/0x6fe0 [ 51.219945][ T3605] ? replace_mm_exe_file+0x490/0x490 [ 51.225222][ T3605] ? __raw_spin_lock_init+0x36/0x110 [ 51.230504][ T3605] copy_process+0x3b14/0x6fe0 [ 51.235175][ T3605] ? find_held_lock+0x2d/0x110 [ 51.239940][ T3605] ? __cleanup_sighand+0xb0/0xb0 [ 51.244874][ T3605] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.251103][ T3605] ? _copy_from_user+0xf9/0x170 [ 51.255951][ T3605] ? kernel_clone+0x314/0xab0 [ 51.260626][ T3605] kernel_clone+0xe7/0xab0 [ 51.265037][ T3605] ? create_io_thread+0xf0/0xf0 [ 51.269882][ T3605] ? do_raw_spin_lock+0x120/0x2a0 [ 51.274899][ T3605] ? rwlock_bug.part.0+0x90/0x90 [ 51.279831][ T3605] __do_sys_clone3+0x1dd/0x2f0 [ 51.284585][ T3605] ? __do_sys_clone+0x110/0x110 [ 51.289434][ T3605] ? lock_downgrade+0x6e0/0x6e0 [ 51.294284][ T3605] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.299478][ T3605] ? lockdep_hardirqs_on+0x79/0x100 [ 51.304669][ T3605] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.309859][ T3605] ? ptrace_notify+0xfa/0x140 [ 51.314541][ T3605] do_syscall_64+0x35/0xb0 [ 51.318953][ T3605] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.324837][ T3605] RIP: 0033:0x7f591e692a49 [ 51.329243][ T3605] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.348842][ T3605] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 51.357245][ T3605] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 51.365204][ T3605] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 51.373162][ T3605] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 51.381121][ T3605] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [pid 3605] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88) = -1 ENOMEM (Cannot allocate memory) [pid 3605] close(3) = 0 [pid 3605] close(4) = 0 [pid 3605] close(5) = -1 EBADF (Bad file descriptor) [pid 3605] close(6) = -1 EBADF (Bad file descriptor) [pid 3605] close(7) = -1 EBADF (Bad file descriptor) [pid 3605] close(8) = -1 EBADF (Bad file descriptor) [pid 3605] close(9) = -1 EBADF (Bad file descriptor) [pid 3605] close(10) = -1 EBADF (Bad file descriptor) [pid 3605] close(11) = -1 EBADF (Bad file descriptor) [pid 3605] close(12) = -1 EBADF (Bad file descriptor) [pid 3605] close(13) = -1 EBADF (Bad file descriptor) [pid 3605] close(14) = -1 EBADF (Bad file descriptor) [pid 3605] close(15) = -1 EBADF (Bad file descriptor) [pid 3605] close(16) = -1 EBADF (Bad file descriptor) [pid 3605] close(17) = -1 EBADF (Bad file descriptor) [pid 3605] close(18) = -1 EBADF (Bad file descriptor) [pid 3605] close(19) = -1 EBADF (Bad file descriptor) [pid 3605] close(20) = -1 EBADF (Bad file descriptor) [pid 3605] close(21) = -1 EBADF (Bad file descriptor) [pid 3605] close(22) = -1 EBADF (Bad file descriptor) [pid 3605] close(23) = -1 EBADF (Bad file descriptor) [pid 3605] close(24) = -1 EBADF (Bad file descriptor) [pid 3605] close(25) = -1 EBADF (Bad file descriptor) [pid 3605] close(26) = -1 EBADF (Bad file descriptor) [pid 3605] close(27) = -1 EBADF (Bad file descriptor) [pid 3605] close(28) = -1 EBADF (Bad file descriptor) [pid 3605] close(29) = -1 EBADF (Bad file descriptor) [pid 3605] exit_group(0) = ? [pid 3605] +++ exited with 0 +++ [pid 3600] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3606 attached , child_tidptr=0x555556bc86d0) = 4 [pid 3606] set_robust_list(0x555556bc86e0, 24) = 0 [pid 3606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3606] setpgid(0, 0) = 0 [pid 3606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3606] write(3, "1000", 4) = 4 [pid 3606] close(3) = 0 [pid 3606] io_uring_setup(21175, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3606] mmap(0x20c00000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20c00000 [pid 3606] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3606] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3606] write(4, "28", 2) = 2 [ 51.389084][ T3605] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 0000000000000000 [ 51.397055][ T3605] [ 51.434166][ T3606] FAULT_INJECTION: forcing a failure. [ 51.434166][ T3606] name failslab, interval 1, probability 0, space 0, times 1 [ 51.447005][ T3606] CPU: 0 PID: 3606 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 51.457507][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.467544][ T3606] Call Trace: [ 51.470808][ T3606] [ 51.473742][ T3606] dump_stack_lvl+0xcd/0x134 [ 51.478343][ T3606] should_fail.cold+0x5/0xa [ 51.482832][ T3606] ? vm_area_dup+0x88/0x3f0 [ 51.487320][ T3606] should_failslab+0x5/0x10 [ 51.491812][ T3606] kmem_cache_alloc+0x5e/0x3b0 [ 51.496594][ T3606] vm_area_dup+0x88/0x3f0 [ 51.500923][ T3606] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.507155][ T3606] ? copy_page_range+0x2297/0x3e50 [ 51.512287][ T3606] ? vm_area_alloc+0x110/0x110 [ 51.517051][ T3606] ? dup_mm+0x7b9/0x13d0 [ 51.521287][ T3606] ? handle_mm_fault+0x790/0x790 [ 51.526224][ T3606] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 51.532456][ T3606] ? percpu_counter_add_batch+0xbd/0x180 [ 51.538086][ T3606] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 51.544054][ T3606] ? __vm_enough_memory+0x184/0x360 [ 51.549413][ T3606] ? security_vm_enough_memory_mm+0x85/0xb0 [ 51.555303][ T3606] dup_mm+0x5fa/0x13d0 [ 51.559375][ T3606] ? replace_mm_exe_file+0x490/0x490 [ 51.564655][ T3606] ? __raw_spin_lock_init+0x36/0x110 [ 51.569939][ T3606] copy_process+0x3b14/0x6fe0 [ 51.574615][ T3606] ? find_held_lock+0x2d/0x110 [ 51.579392][ T3606] ? __cleanup_sighand+0xb0/0xb0 [ 51.584327][ T3606] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.590557][ T3606] ? _copy_from_user+0xf9/0x170 [ 51.595400][ T3606] ? kernel_clone+0x314/0xab0 [ 51.600074][ T3606] kernel_clone+0xe7/0xab0 [ 51.604485][ T3606] ? create_io_thread+0xf0/0xf0 [ 51.609335][ T3606] ? do_raw_spin_lock+0x120/0x2a0 [ 51.614366][ T3606] ? rwlock_bug.part.0+0x90/0x90 [ 51.619298][ T3606] __do_sys_clone3+0x1dd/0x2f0 [ 51.624059][ T3606] ? __do_sys_clone+0x110/0x110 [ 51.628910][ T3606] ? lock_downgrade+0x6e0/0x6e0 [ 51.633759][ T3606] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.638953][ T3606] ? lockdep_hardirqs_on+0x79/0x100 [ 51.644143][ T3606] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.649331][ T3606] ? ptrace_notify+0xfa/0x140 [ 51.654013][ T3606] do_syscall_64+0x35/0xb0 [ 51.658423][ T3606] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.664333][ T3606] RIP: 0033:0x7f591e692a49 [ 51.668736][ T3606] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.688333][ T3606] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 51.696741][ T3606] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 51.704700][ T3606] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 51.712658][ T3606] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 51.720621][ T3606] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [pid 3606] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88) = -1 ENOMEM (Cannot allocate memory) [pid 3606] close(3) = 0 [pid 3606] close(4) = 0 [pid 3606] close(5) = -1 EBADF (Bad file descriptor) [pid 3606] close(6) = -1 EBADF (Bad file descriptor) [pid 3606] close(7) = -1 EBADF (Bad file descriptor) [pid 3606] close(8) = -1 EBADF (Bad file descriptor) [pid 3606] close(9) = -1 EBADF (Bad file descriptor) [pid 3606] close(10) = -1 EBADF (Bad file descriptor) [pid 3606] close(11) = -1 EBADF (Bad file descriptor) [pid 3606] close(12) = -1 EBADF (Bad file descriptor) [pid 3606] close(13) = -1 EBADF (Bad file descriptor) [pid 3606] close(14) = -1 EBADF (Bad file descriptor) [pid 3606] close(15) = -1 EBADF (Bad file descriptor) [pid 3606] close(16) = -1 EBADF (Bad file descriptor) [pid 3606] close(17) = -1 EBADF (Bad file descriptor) [pid 3606] close(18) = -1 EBADF (Bad file descriptor) [pid 3606] close(19) = -1 EBADF (Bad file descriptor) [pid 3606] close(20) = -1 EBADF (Bad file descriptor) [pid 3606] close(21) = -1 EBADF (Bad file descriptor) [pid 3606] close(22) = -1 EBADF (Bad file descriptor) [pid 3606] close(23) = -1 EBADF (Bad file descriptor) [pid 3606] close(24) = -1 EBADF (Bad file descriptor) [pid 3606] close(25) = -1 EBADF (Bad file descriptor) [pid 3606] close(26) = -1 EBADF (Bad file descriptor) [pid 3606] close(27) = -1 EBADF (Bad file descriptor) [pid 3606] close(28) = -1 EBADF (Bad file descriptor) [pid 3606] close(29) = -1 EBADF (Bad file descriptor) [pid 3606] exit_group(0) = ? [pid 3606] +++ exited with 0 +++ [pid 3600] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 3600] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3607 attached , child_tidptr=0x555556bc86d0) = 5 [pid 3607] set_robust_list(0x555556bc86e0, 24) = 0 [pid 3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3607] setpgid(0, 0) = 0 [pid 3607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1000", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] io_uring_setup(21175, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3607] mmap(0x20c00000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20c00000 [pid 3607] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 51.728582][ T3606] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 51.736569][ T3606] [pid 3607] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3607] write(4, "28", 2) = 2 [ 51.773477][ T3607] FAULT_INJECTION: forcing a failure. [ 51.773477][ T3607] name failslab, interval 1, probability 0, space 0, times 0 [ 51.786291][ T3607] CPU: 1 PID: 3607 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 51.796816][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.806876][ T3607] Call Trace: [ 51.810144][ T3607] [ 51.813065][ T3607] dump_stack_lvl+0xcd/0x134 [ 51.817677][ T3607] should_fail.cold+0x5/0xa [ 51.822169][ T3607] ? vm_area_dup+0x88/0x3f0 [ 51.826661][ T3607] should_failslab+0x5/0x10 [ 51.831149][ T3607] kmem_cache_alloc+0x5e/0x3b0 [ 51.835899][ T3607] vm_area_dup+0x88/0x3f0 [ 51.840222][ T3607] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.846449][ T3607] ? copy_page_range+0x2297/0x3e50 [ 51.851561][ T3607] ? vm_area_alloc+0x110/0x110 [ 51.856317][ T3607] ? dup_mm+0x7b9/0x13d0 [ 51.860548][ T3607] ? handle_mm_fault+0x790/0x790 [ 51.865492][ T3607] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 51.871728][ T3607] ? percpu_counter_add_batch+0xbd/0x180 [ 51.877358][ T3607] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 51.883068][ T3607] ? __vm_enough_memory+0x184/0x360 [ 51.888262][ T3607] ? security_vm_enough_memory_mm+0x85/0xb0 [ 51.894171][ T3607] dup_mm+0x5fa/0x13d0 [ 51.898243][ T3607] ? replace_mm_exe_file+0x490/0x490 [ 51.903526][ T3607] ? __raw_spin_lock_init+0x36/0x110 [ 51.908812][ T3607] copy_process+0x3b14/0x6fe0 [ 51.913483][ T3607] ? find_held_lock+0x2d/0x110 [ 51.918251][ T3607] ? __cleanup_sighand+0xb0/0xb0 [ 51.923187][ T3607] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.929419][ T3607] ? _copy_from_user+0xf9/0x170 [ 51.934263][ T3607] ? kernel_clone+0x314/0xab0 [ 51.938931][ T3607] kernel_clone+0xe7/0xab0 [ 51.943341][ T3607] ? create_io_thread+0xf0/0xf0 [ 51.948191][ T3607] ? do_raw_spin_lock+0x120/0x2a0 [ 51.953213][ T3607] ? rwlock_bug.part.0+0x90/0x90 [ 51.958236][ T3607] __do_sys_clone3+0x1dd/0x2f0 [ 51.962992][ T3607] ? __do_sys_clone+0x110/0x110 [ 51.967845][ T3607] ? lock_downgrade+0x6e0/0x6e0 [ 51.972701][ T3607] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.977898][ T3607] ? lockdep_hardirqs_on+0x79/0x100 [ 51.983086][ T3607] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.988280][ T3607] ? ptrace_notify+0xfa/0x140 [ 51.992956][ T3607] do_syscall_64+0x35/0xb0 [ 51.997376][ T3607] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.003263][ T3607] RIP: 0033:0x7f591e692a49 [ 52.007670][ T3607] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 52.027263][ T3607] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 52.035675][ T3607] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 52.043640][ T3607] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 52.051601][ T3607] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 52.059565][ T3607] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [pid 3607] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88) = -1 ENOMEM (Cannot allocate memory) [pid 3607] close(3) = 0 [pid 3607] close(4) = 0 [pid 3607] close(5) = -1 EBADF (Bad file descriptor) [pid 3607] close(6) = -1 EBADF (Bad file descriptor) [pid 3607] close(7) = -1 EBADF (Bad file descriptor) [pid 3607] close(8) = -1 EBADF (Bad file descriptor) [pid 3607] close(9) = -1 EBADF (Bad file descriptor) [pid 3607] close(10) = -1 EBADF (Bad file descriptor) [pid 3607] close(11) = -1 EBADF (Bad file descriptor) [pid 3607] close(12) = -1 EBADF (Bad file descriptor) [pid 3607] close(13) = -1 EBADF (Bad file descriptor) [pid 3607] close(14) = -1 EBADF (Bad file descriptor) [pid 3607] close(15) = -1 EBADF (Bad file descriptor) [pid 3607] close(16) = -1 EBADF (Bad file descriptor) [pid 3607] close(17) = -1 EBADF (Bad file descriptor) [pid 3607] close(18) = -1 EBADF (Bad file descriptor) [pid 3607] close(19) = -1 EBADF (Bad file descriptor) [pid 3607] close(20) = -1 EBADF (Bad file descriptor) [pid 3607] close(21) = -1 EBADF (Bad file descriptor) [pid 3607] close(22) = -1 EBADF (Bad file descriptor) [pid 3607] close(23) = -1 EBADF (Bad file descriptor) [pid 3607] close(24) = -1 EBADF (Bad file descriptor) [pid 3607] close(25) = -1 EBADF (Bad file descriptor) [pid 3607] close(26) = -1 EBADF (Bad file descriptor) [pid 3607] close(27) = -1 EBADF (Bad file descriptor) [pid 3607] close(28) = -1 EBADF (Bad file descriptor) [pid 3607] close(29) = -1 EBADF (Bad file descriptor) [pid 3607] exit_group(0) = ? [pid 3607] +++ exited with 0 +++ [pid 3600] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 3600] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bc86d0) = 6 ./strace-static-x86_64: Process 3608 attached [pid 3608] set_robust_list(0x555556bc86e0, 24) = 0 [ 52.067531][ T3607] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 52.075515][ T3607] [pid 3608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3608] setpgid(0, 0) = 0 [pid 3608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1000", 4) = 4 [pid 3608] close(3) = 0 [pid 3608] io_uring_setup(21175, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3608] mmap(0x20c00000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20c00000 [pid 3608] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3608] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3608] write(4, "28", 2) = 2 [ 52.107263][ T3608] FAULT_INJECTION: forcing a failure. [ 52.107263][ T3608] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 52.120500][ T3608] CPU: 0 PID: 3608 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 52.130986][ T3608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.141040][ T3608] Call Trace: [ 52.144320][ T3608] [ 52.147236][ T3608] dump_stack_lvl+0xcd/0x134 [ 52.151814][ T3608] should_fail.cold+0x5/0xa [ 52.156303][ T3608] prepare_alloc_pages+0x17b/0x570 [ 52.161405][ T3608] ? kasan_save_stack+0x2e/0x40 [ 52.166255][ T3608] ? kasan_save_stack+0x1e/0x40 [ 52.171091][ T3608] ? __kasan_slab_alloc+0x90/0xc0 [ 52.176121][ T3608] __alloc_pages+0x12f/0x500 [ 52.180700][ T3608] ? __alloc_pages_slowpath.constprop.0+0x20e0/0x20e0 [ 52.187454][ T3608] ? local_lock_release+0x1d/0x60 [ 52.192472][ T3608] ? lock_downgrade+0x6e0/0x6e0 [ 52.197326][ T3608] ? ___slab_alloc+0xc3b/0xf20 [ 52.202084][ T3608] alloc_pages+0x1aa/0x310 [ 52.206499][ T3608] __get_free_pages+0x8/0x40 [ 52.211083][ T3608] pgd_alloc+0x81/0x360 [ 52.215232][ T3608] ? pgd_page_get_mm+0x40/0x40 [ 52.219983][ T3608] ? lockdep_init_map_type+0x21a/0x7f0 [ 52.225469][ T3608] ? lockdep_init_map_type+0x21a/0x7f0 [ 52.230926][ T3608] mm_init+0x5d8/0xa70 [ 52.234995][ T3608] dup_mm+0xd8/0x13d0 [ 52.238973][ T3608] ? copy_process+0x2b6a/0x6fe0 [ 52.243819][ T3608] ? replace_mm_exe_file+0x490/0x490 [ 52.249101][ T3608] ? __raw_spin_lock_init+0x36/0x110 [ 52.254391][ T3608] copy_process+0x3b14/0x6fe0 [ 52.259064][ T3608] ? find_held_lock+0x2d/0x110 [ 52.263834][ T3608] ? __cleanup_sighand+0xb0/0xb0 [ 52.268769][ T3608] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 52.275000][ T3608] ? _copy_from_user+0xf9/0x170 [ 52.279844][ T3608] ? kernel_clone+0x314/0xab0 [ 52.284514][ T3608] kernel_clone+0xe7/0xab0 [ 52.288927][ T3608] ? create_io_thread+0xf0/0xf0 [ 52.293776][ T3608] ? do_raw_spin_lock+0x120/0x2a0 [ 52.298796][ T3608] ? rwlock_bug.part.0+0x90/0x90 [ 52.303732][ T3608] __do_sys_clone3+0x1dd/0x2f0 [ 52.308488][ T3608] ? __do_sys_clone+0x110/0x110 [ 52.313338][ T3608] ? lock_downgrade+0x6e0/0x6e0 [ 52.318189][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 52.323382][ T3608] ? lockdep_hardirqs_on+0x79/0x100 [ 52.328577][ T3608] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.333770][ T3608] ? ptrace_notify+0xfa/0x140 [ 52.338445][ T3608] do_syscall_64+0x35/0xb0 [ 52.343899][ T3608] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.349817][ T3608] RIP: 0033:0x7f591e692a49 [ 52.354222][ T3608] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 52.373823][ T3608] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 52.382228][ T3608] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 52.390187][ T3608] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 52.398144][ T3608] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [pid 3608] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88) = -1 ENOMEM (Cannot allocate memory) [pid 3608] close(3) = 0 [pid 3608] close(4) = 0 [pid 3608] close(5) = -1 EBADF (Bad file descriptor) [pid 3608] close(6) = -1 EBADF (Bad file descriptor) [pid 3608] close(7) = -1 EBADF (Bad file descriptor) [pid 3608] close(8) = -1 EBADF (Bad file descriptor) [pid 3608] close(9) = -1 EBADF (Bad file descriptor) [pid 3608] close(10) = -1 EBADF (Bad file descriptor) [pid 3608] close(11) = -1 EBADF (Bad file descriptor) [pid 3608] close(12) = -1 EBADF (Bad file descriptor) [pid 3608] close(13) = -1 EBADF (Bad file descriptor) [pid 3608] close(14) = -1 EBADF (Bad file descriptor) [pid 3608] close(15) = -1 EBADF (Bad file descriptor) [pid 3608] close(16) = -1 EBADF (Bad file descriptor) [pid 3608] close(17) = -1 EBADF (Bad file descriptor) [pid 3608] close(18) = -1 EBADF (Bad file descriptor) [pid 3608] close(19) = -1 EBADF (Bad file descriptor) [pid 3608] close(20) = -1 EBADF (Bad file descriptor) [pid 3608] close(21) = -1 EBADF (Bad file descriptor) [pid 3608] close(22) = -1 EBADF (Bad file descriptor) [pid 3608] close(23) = -1 EBADF (Bad file descriptor) [pid 3608] close(24) = -1 EBADF (Bad file descriptor) [pid 3608] close(25) = -1 EBADF (Bad file descriptor) [pid 3608] close(26) = -1 EBADF (Bad file descriptor) [pid 3608] close(27) = -1 EBADF (Bad file descriptor) [pid 3608] close(28) = -1 EBADF (Bad file descriptor) [pid 3608] close(29) = -1 EBADF (Bad file descriptor) [pid 3608] exit_group(0) = ? [pid 3608] +++ exited with 0 +++ [pid 3600] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- [pid 3600] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bc86d0) = 7 ./strace-static-x86_64: Process 3609 attached [pid 3609] set_robust_list(0x555556bc86e0, 24) = 0 [pid 3609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3609] setpgid(0, 0) = 0 [pid 3609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3609] write(3, "1000", 4) = 4 [pid 3609] close(3) = 0 [pid 3609] io_uring_setup(21175, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3609] mmap(0x20c00000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20c00000 [pid 3609] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3609] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3609] write(4, "28", 2) = 2 [ 52.406102][ T3608] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [ 52.414066][ T3608] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 52.422045][ T3608] [ 52.459360][ T3609] FAULT_INJECTION: forcing a failure. [ 52.459360][ T3609] name failslab, interval 1, probability 0, space 0, times 0 [ 52.471993][ T3609] CPU: 0 PID: 3609 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 52.482479][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.492521][ T3609] Call Trace: [ 52.495790][ T3609] [ 52.498727][ T3609] dump_stack_lvl+0xcd/0x134 [ 52.503314][ T3609] should_fail.cold+0x5/0xa [ 52.507807][ T3609] ? vm_area_dup+0x88/0x3f0 [ 52.512298][ T3609] should_failslab+0x5/0x10 [ 52.516788][ T3609] kmem_cache_alloc+0x5e/0x3b0 [ 52.521547][ T3609] vm_area_dup+0x88/0x3f0 [ 52.525903][ T3609] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 52.532151][ T3609] ? copy_page_range+0x2297/0x3e50 [ 52.537275][ T3609] ? vm_area_alloc+0x110/0x110 [ 52.542054][ T3609] ? dup_mm+0x7b9/0x13d0 [ 52.546288][ T3609] ? handle_mm_fault+0x790/0x790 [ 52.551220][ T3609] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 52.557452][ T3609] ? percpu_counter_add_batch+0xbd/0x180 [ 52.563080][ T3609] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 52.568790][ T3609] ? __vm_enough_memory+0x184/0x360 [ 52.573979][ T3609] ? security_vm_enough_memory_mm+0x85/0xb0 [ 52.579865][ T3609] dup_mm+0x5fa/0x13d0 [ 52.583934][ T3609] ? replace_mm_exe_file+0x490/0x490 [ 52.589211][ T3609] ? __raw_spin_lock_init+0x36/0x110 [ 52.594495][ T3609] copy_process+0x3b14/0x6fe0 [ 52.599165][ T3609] ? find_held_lock+0x2d/0x110 [ 52.603935][ T3609] ? __cleanup_sighand+0xb0/0xb0 [ 52.608869][ T3609] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 52.615101][ T3609] ? _copy_from_user+0xf9/0x170 [ 52.619944][ T3609] ? kernel_clone+0x314/0xab0 [ 52.624617][ T3609] kernel_clone+0xe7/0xab0 [ 52.629030][ T3609] ? create_io_thread+0xf0/0xf0 [ 52.633882][ T3609] ? do_raw_spin_lock+0x120/0x2a0 [ 52.638903][ T3609] ? rwlock_bug.part.0+0x90/0x90 [ 52.643840][ T3609] __do_sys_clone3+0x1dd/0x2f0 [ 52.648597][ T3609] ? __do_sys_clone+0x110/0x110 [ 52.653452][ T3609] ? lock_downgrade+0x6e0/0x6e0 [ 52.658306][ T3609] ? _raw_spin_unlock_irq+0x1f/0x40 [ 52.663499][ T3609] ? lockdep_hardirqs_on+0x79/0x100 [ 52.668690][ T3609] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.673884][ T3609] ? ptrace_notify+0xfa/0x140 [ 52.678560][ T3609] do_syscall_64+0x35/0xb0 [ 52.682974][ T3609] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.688858][ T3609] RIP: 0033:0x7f591e692a49 [ 52.693267][ T3609] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 52.712864][ T3609] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 52.721276][ T3609] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 52.729246][ T3609] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 52.737212][ T3609] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 52.745177][ T3609] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [pid 3609] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88) = -1 ENOMEM (Cannot allocate memory) [pid 3609] close(3) = 0 [pid 3609] close(4) = 0 [pid 3609] close(5) = -1 EBADF (Bad file descriptor) [pid 3609] close(6) = -1 EBADF (Bad file descriptor) [pid 3609] close(7) = -1 EBADF (Bad file descriptor) [pid 3609] close(8) = -1 EBADF (Bad file descriptor) [pid 3609] close(9) = -1 EBADF (Bad file descriptor) [pid 3609] close(10) = -1 EBADF (Bad file descriptor) [pid 3609] close(11) = -1 EBADF (Bad file descriptor) [pid 3609] close(12) = -1 EBADF (Bad file descriptor) [pid 3609] close(13) = -1 EBADF (Bad file descriptor) [pid 3609] close(14) = -1 EBADF (Bad file descriptor) [pid 3609] close(15) = -1 EBADF (Bad file descriptor) [pid 3609] close(16) = -1 EBADF (Bad file descriptor) [pid 3609] close(17) = -1 EBADF (Bad file descriptor) [pid 3609] close(18) = -1 EBADF (Bad file descriptor) [pid 3609] close(19) = -1 EBADF (Bad file descriptor) [pid 3609] close(20) = -1 EBADF (Bad file descriptor) [pid 3609] close(21) = -1 EBADF (Bad file descriptor) [pid 3609] close(22) = -1 EBADF (Bad file descriptor) [pid 3609] close(23) = -1 EBADF (Bad file descriptor) [pid 3609] close(24) = -1 EBADF (Bad file descriptor) [pid 3609] close(25) = -1 EBADF (Bad file descriptor) [pid 3609] close(26) = -1 EBADF (Bad file descriptor) [pid 3609] close(27) = -1 EBADF (Bad file descriptor) [pid 3609] close(28) = -1 EBADF (Bad file descriptor) [pid 3609] close(29) = -1 EBADF (Bad file descriptor) [pid 3609] exit_group(0) = ? [pid 3609] +++ exited with 0 +++ [pid 3600] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bc86d0) = 8 ./strace-static-x86_64: Process 3610 attached [pid 3610] set_robust_list(0x555556bc86e0, 24) = 0 [pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3610] setpgid(0, 0) = 0 [pid 3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1000", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] io_uring_setup(21175, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3610] mmap(0x20c00000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20c00000 [pid 3610] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3610] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3610] write(4, "28", 2) = 2 [ 52.753141][ T3609] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 52.761137][ T3609] [ 52.790262][ T3610] FAULT_INJECTION: forcing a failure. [ 52.790262][ T3610] name failslab, interval 1, probability 0, space 0, times 0 [ 52.803023][ T3610] CPU: 1 PID: 3610 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 52.813511][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.823549][ T3610] Call Trace: [ 52.826813][ T3610] [ 52.829735][ T3610] dump_stack_lvl+0xcd/0x134 [ 52.834344][ T3610] should_fail.cold+0x5/0xa [ 52.838854][ T3610] ? vm_area_dup+0x88/0x3f0 [ 52.843342][ T3610] should_failslab+0x5/0x10 [ 52.847829][ T3610] kmem_cache_alloc+0x5e/0x3b0 [ 52.852582][ T3610] vm_area_dup+0x88/0x3f0 [ 52.856904][ T3610] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 52.863133][ T3610] ? copy_page_range+0x2297/0x3e50 [ 52.868245][ T3610] ? vm_area_alloc+0x110/0x110 [ 52.873004][ T3610] ? dup_mm+0x7b9/0x13d0 [ 52.877231][ T3610] ? handle_mm_fault+0x790/0x790 [ 52.882169][ T3610] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 52.888392][ T3610] ? percpu_counter_add_batch+0xbd/0x180 [ 52.894016][ T3610] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 52.899747][ T3610] ? __vm_enough_memory+0x184/0x360 [ 52.904934][ T3610] ? security_vm_enough_memory_mm+0x85/0xb0 [ 52.910835][ T3610] dup_mm+0x5fa/0x13d0 [ 52.914898][ T3610] ? replace_mm_exe_file+0x490/0x490 [ 52.920175][ T3610] ? __raw_spin_lock_init+0x36/0x110 [ 52.925587][ T3610] copy_process+0x3b14/0x6fe0 [ 52.930264][ T3610] ? find_held_lock+0x2d/0x110 [ 52.935047][ T3610] ? __cleanup_sighand+0xb0/0xb0 [ 52.939980][ T3610] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 52.946226][ T3610] ? _copy_from_user+0xf9/0x170 [ 52.951072][ T3610] ? kernel_clone+0x314/0xab0 [ 52.955743][ T3610] kernel_clone+0xe7/0xab0 [ 52.960165][ T3610] ? create_io_thread+0xf0/0xf0 [ 52.965006][ T3610] ? do_raw_spin_lock+0x120/0x2a0 [ 52.970017][ T3610] ? rwlock_bug.part.0+0x90/0x90 [ 52.974948][ T3610] __do_sys_clone3+0x1dd/0x2f0 [ 52.979700][ T3610] ? __do_sys_clone+0x110/0x110 [ 52.984546][ T3610] ? lock_downgrade+0x6e0/0x6e0 [ 52.989404][ T3610] ? _raw_spin_unlock_irq+0x1f/0x40 [ 52.994614][ T3610] ? lockdep_hardirqs_on+0x79/0x100 [ 52.999976][ T3610] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.005168][ T3610] ? ptrace_notify+0xfa/0x140 [ 53.009838][ T3610] do_syscall_64+0x35/0xb0 [ 53.014244][ T3610] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.020188][ T3610] RIP: 0033:0x7f591e692a49 [ 53.024620][ T3610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 53.037495][ T3263] Bluetooth: hci0: command 0x0409 tx timeout [ 53.044232][ T3610] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 53.058701][ T3610] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 53.066677][ T3610] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 53.074639][ T3610] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 53.082642][ T3610] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [pid 3610] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88) = -1 ENOMEM (Cannot allocate memory) [pid 3610] close(3) = 0 [pid 3610] close(4) = 0 [pid 3610] close(5) = -1 EBADF (Bad file descriptor) [pid 3610] close(6) = -1 EBADF (Bad file descriptor) [pid 3610] close(7) = -1 EBADF (Bad file descriptor) [pid 3610] close(8) = -1 EBADF (Bad file descriptor) [pid 3610] close(9) = -1 EBADF (Bad file descriptor) [pid 3610] close(10) = -1 EBADF (Bad file descriptor) [pid 3610] close(11) = -1 EBADF (Bad file descriptor) [pid 3610] close(12) = -1 EBADF (Bad file descriptor) [pid 3610] close(13) = -1 EBADF (Bad file descriptor) [pid 3610] close(14) = -1 EBADF (Bad file descriptor) [pid 3610] close(15) = -1 EBADF (Bad file descriptor) [pid 3610] close(16) = -1 EBADF (Bad file descriptor) [pid 3610] close(17) = -1 EBADF (Bad file descriptor) [pid 3610] close(18) = -1 EBADF (Bad file descriptor) [pid 3610] close(19) = -1 EBADF (Bad file descriptor) [pid 3610] close(20) = -1 EBADF (Bad file descriptor) [pid 3610] close(21) = -1 EBADF (Bad file descriptor) [pid 3610] close(22) = -1 EBADF (Bad file descriptor) [pid 3610] close(23) = -1 EBADF (Bad file descriptor) [pid 3610] close(24) = -1 EBADF (Bad file descriptor) [pid 3610] close(25) = -1 EBADF (Bad file descriptor) [pid 3610] close(26) = -1 EBADF (Bad file descriptor) [pid 3610] close(27) = -1 EBADF (Bad file descriptor) [pid 3610] close(28) = -1 EBADF (Bad file descriptor) [pid 3610] close(29) = -1 EBADF (Bad file descriptor) [pid 3610] exit_group(0) = ? [pid 3610] +++ exited with 0 +++ [pid 3600] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bc86d0) = 9 ./strace-static-x86_64: Process 3611 attached [pid 3611] set_robust_list(0x555556bc86e0, 24) = 0 [pid 3611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3611] setpgid(0, 0) = 0 [pid 3611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "1000", 4) = 4 [pid 3611] close(3) = 0 [pid 3611] io_uring_setup(21175, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3611] mmap(0x20c00000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20c00000 [pid 3611] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3611] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3611] write(4, "28", 2) = 2 [ 53.090603][ T3610] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 53.098574][ T3610] [ 53.130844][ T3611] FAULT_INJECTION: forcing a failure. [ 53.130844][ T3611] name failslab, interval 1, probability 0, space 0, times 0 [ 53.143542][ T3611] CPU: 0 PID: 3611 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 53.154045][ T3611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.164094][ T3611] Call Trace: [ 53.167358][ T3611] [ 53.170278][ T3611] dump_stack_lvl+0xcd/0x134 [ 53.174866][ T3611] should_fail.cold+0x5/0xa [ 53.179378][ T3611] ? vm_area_dup+0x88/0x3f0 [ 53.183865][ T3611] should_failslab+0x5/0x10 [ 53.188353][ T3611] kmem_cache_alloc+0x5e/0x3b0 [ 53.193121][ T3611] vm_area_dup+0x88/0x3f0 [ 53.197452][ T3611] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.203678][ T3611] ? copy_page_range+0x2297/0x3e50 [ 53.208791][ T3611] ? vm_area_alloc+0x110/0x110 [ 53.213546][ T3611] ? dup_mm+0x7b9/0x13d0 [ 53.217780][ T3611] ? handle_mm_fault+0x790/0x790 [ 53.222708][ T3611] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.228934][ T3611] ? percpu_counter_add_batch+0xbd/0x180 [ 53.234554][ T3611] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 53.240257][ T3611] ? __vm_enough_memory+0x184/0x360 [ 53.245439][ T3611] ? security_vm_enough_memory_mm+0x85/0xb0 [ 53.251321][ T3611] dup_mm+0x5fa/0x13d0 [ 53.255385][ T3611] ? replace_mm_exe_file+0x490/0x490 [ 53.260653][ T3611] ? __raw_spin_lock_init+0x36/0x110 [ 53.265935][ T3611] copy_process+0x3b14/0x6fe0 [ 53.270601][ T3611] ? find_held_lock+0x2d/0x110 [ 53.275370][ T3611] ? __cleanup_sighand+0xb0/0xb0 [ 53.280314][ T3611] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.286546][ T3611] ? _copy_from_user+0xf9/0x170 [ 53.291404][ T3611] ? kernel_clone+0x314/0xab0 [ 53.296069][ T3611] kernel_clone+0xe7/0xab0 [ 53.300476][ T3611] ? create_io_thread+0xf0/0xf0 [ 53.305334][ T3611] ? do_raw_spin_lock+0x120/0x2a0 [ 53.310349][ T3611] ? rwlock_bug.part.0+0x90/0x90 [ 53.315275][ T3611] __do_sys_clone3+0x1dd/0x2f0 [ 53.320021][ T3611] ? __do_sys_clone+0x110/0x110 [ 53.324879][ T3611] ? lock_downgrade+0x6e0/0x6e0 [ 53.329745][ T3611] ? _raw_spin_unlock_irq+0x1f/0x40 [ 53.334928][ T3611] ? lockdep_hardirqs_on+0x79/0x100 [ 53.340118][ T3611] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.345323][ T3611] ? ptrace_notify+0xfa/0x140 [ 53.350003][ T3611] do_syscall_64+0x35/0xb0 [ 53.354428][ T3611] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.360306][ T3611] RIP: 0033:0x7f591e692a49 [ 53.364704][ T3611] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 3611] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88) = -1 ENOMEM (Cannot allocate memory) [pid 3611] close(3) = 0 [pid 3611] close(4) = 0 [pid 3611] close(5) = -1 EBADF (Bad file descriptor) [pid 3611] close(6) = -1 EBADF (Bad file descriptor) [pid 3611] close(7) = -1 EBADF (Bad file descriptor) [pid 3611] close(8) = -1 EBADF (Bad file descriptor) [pid 3611] close(9) = -1 EBADF (Bad file descriptor) [pid 3611] close(10) = -1 EBADF (Bad file descriptor) [pid 3611] close(11) = -1 EBADF (Bad file descriptor) [pid 3611] close(12) = -1 EBADF (Bad file descriptor) [pid 3611] close(13) = -1 EBADF (Bad file descriptor) [pid 3611] close(14) = -1 EBADF (Bad file descriptor) [pid 3611] close(15) = -1 EBADF (Bad file descriptor) [pid 3611] close(16) = -1 EBADF (Bad file descriptor) [pid 3611] close(17) = -1 EBADF (Bad file descriptor) [pid 3611] close(18) = -1 EBADF (Bad file descriptor) [pid 3611] close(19) = -1 EBADF (Bad file descriptor) [pid 3611] close(20) = -1 EBADF (Bad file descriptor) [pid 3611] close(21) = -1 EBADF (Bad file descriptor) [pid 3611] close(22) = -1 EBADF (Bad file descriptor) [pid 3611] close(23) = -1 EBADF (Bad file descriptor) [pid 3611] close(24) = -1 EBADF (Bad file descriptor) [pid 3611] close(25) = -1 EBADF (Bad file descriptor) [pid 3611] close(26) = -1 EBADF (Bad file descriptor) [pid 3611] close(27) = -1 EBADF (Bad file descriptor) [pid 3611] close(28) = -1 EBADF (Bad file descriptor) [pid 3611] close(29) = -1 EBADF (Bad file descriptor) [pid 3611] exit_group(0) = ? [pid 3611] +++ exited with 0 +++ [pid 3600] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 3600] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3612 attached , child_tidptr=0x555556bc86d0) = 10 [pid 3612] set_robust_list(0x555556bc86e0, 24) = 0 [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3612] setpgid(0, 0) = 0 [pid 3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1000", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] io_uring_setup(21175, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3612] mmap(0x20c00000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20c00000 [pid 3612] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3612] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3612] write(4, "28", 2) = 2 [ 53.384406][ T3611] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 53.393246][ T3611] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 53.401222][ T3611] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 53.409177][ T3611] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 53.417135][ T3611] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [ 53.425107][ T3611] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 53.433078][ T3611] [ 53.462836][ T3612] FAULT_INJECTION: forcing a failure. [ 53.462836][ T3612] name failslab, interval 1, probability 0, space 0, times 0 [ 53.475593][ T3612] CPU: 1 PID: 3612 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 53.486081][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.496126][ T3612] Call Trace: [ 53.499407][ T3612] [ 53.502325][ T3612] dump_stack_lvl+0xcd/0x134 [ 53.506909][ T3612] should_fail.cold+0x5/0xa [ 53.511401][ T3612] ? vm_area_dup+0x88/0x3f0 [ 53.515898][ T3612] should_failslab+0x5/0x10 [ 53.520406][ T3612] kmem_cache_alloc+0x5e/0x3b0 [ 53.525161][ T3612] vm_area_dup+0x88/0x3f0 [ 53.529488][ T3612] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.535718][ T3612] ? copy_page_range+0x2297/0x3e50 [ 53.540850][ T3612] ? vm_area_alloc+0x110/0x110 [ 53.545624][ T3612] ? dup_mm+0x7b9/0x13d0 [ 53.549853][ T3612] ? handle_mm_fault+0x790/0x790 [ 53.554794][ T3612] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.561029][ T3612] ? percpu_counter_add_batch+0xbd/0x180 [ 53.566662][ T3612] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 53.572374][ T3612] ? __vm_enough_memory+0x184/0x360 [ 53.577569][ T3612] ? security_vm_enough_memory_mm+0x85/0xb0 [ 53.583459][ T3612] dup_mm+0x5fa/0x13d0 [ 53.587535][ T3612] ? replace_mm_exe_file+0x490/0x490 [ 53.592820][ T3612] ? __raw_spin_lock_init+0x36/0x110 [ 53.598108][ T3612] copy_process+0x3b14/0x6fe0 [ 53.602780][ T3612] ? find_held_lock+0x2d/0x110 [ 53.607549][ T3612] ? __cleanup_sighand+0xb0/0xb0 [ 53.612489][ T3612] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.618719][ T3612] ? _copy_from_user+0xf9/0x170 [ 53.623570][ T3612] ? kernel_clone+0x314/0xab0 [ 53.628242][ T3612] kernel_clone+0xe7/0xab0 [ 53.632657][ T3612] ? create_io_thread+0xf0/0xf0 [ 53.637510][ T3612] ? do_raw_spin_lock+0x120/0x2a0 [ 53.642531][ T3612] ? rwlock_bug.part.0+0x90/0x90 [ 53.647471][ T3612] __do_sys_clone3+0x1dd/0x2f0 [ 53.652227][ T3612] ? __do_sys_clone+0x110/0x110 [ 53.657083][ T3612] ? lock_downgrade+0x6e0/0x6e0 [ 53.661937][ T3612] ? _raw_spin_unlock_irq+0x1f/0x40 [ 53.667131][ T3612] ? lockdep_hardirqs_on+0x79/0x100 [ 53.672321][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.677512][ T3612] ? ptrace_notify+0xfa/0x140 [ 53.682196][ T3612] do_syscall_64+0x35/0xb0 [ 53.686614][ T3612] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.692503][ T3612] RIP: 0033:0x7f591e692a49 [ 53.696911][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 53.716511][ T3612] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 53.724921][ T3612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 53.732891][ T3612] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 53.740851][ T3612] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 53.748812][ T3612] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [pid 3612] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88) = -1 ENOMEM (Cannot allocate memory) [pid 3612] close(3) = 0 [pid 3612] close(4) = 0 [pid 3612] close(5) = -1 EBADF (Bad file descriptor) [pid 3612] close(6) = -1 EBADF (Bad file descriptor) [pid 3612] close(7) = -1 EBADF (Bad file descriptor) [pid 3612] close(8) = -1 EBADF (Bad file descriptor) [pid 3612] close(9) = -1 EBADF (Bad file descriptor) [pid 3612] close(10) = -1 EBADF (Bad file descriptor) [pid 3612] close(11) = -1 EBADF (Bad file descriptor) [pid 3612] close(12) = -1 EBADF (Bad file descriptor) [pid 3612] close(13) = -1 EBADF (Bad file descriptor) [pid 3612] close(14) = -1 EBADF (Bad file descriptor) [pid 3612] close(15) = -1 EBADF (Bad file descriptor) [pid 3612] close(16) = -1 EBADF (Bad file descriptor) [pid 3612] close(17) = -1 EBADF (Bad file descriptor) [pid 3612] close(18) = -1 EBADF (Bad file descriptor) [pid 3612] close(19) = -1 EBADF (Bad file descriptor) [pid 3612] close(20) = -1 EBADF (Bad file descriptor) [pid 3612] close(21) = -1 EBADF (Bad file descriptor) [pid 3612] close(22) = -1 EBADF (Bad file descriptor) [pid 3612] close(23) = -1 EBADF (Bad file descriptor) [pid 3612] close(24) = -1 EBADF (Bad file descriptor) [pid 3612] close(25) = -1 EBADF (Bad file descriptor) [pid 3612] close(26) = -1 EBADF (Bad file descriptor) [pid 3612] close(27) = -1 EBADF (Bad file descriptor) [pid 3612] close(28) = -1 EBADF (Bad file descriptor) [pid 3612] close(29) = -1 EBADF (Bad file descriptor) [pid 3612] exit_group(0) = ? [pid 3612] +++ exited with 0 +++ [pid 3600] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 3600] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3613 attached [pid 3613] set_robust_list(0x555556bc86e0, 24 [pid 3600] <... clone resumed>, child_tidptr=0x555556bc86d0) = 11 [pid 3613] <... set_robust_list resumed>) = 0 [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3613] setpgid(0, 0) = 0 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3613] write(3, "1000", 4) = 4 [pid 3613] close(3) = 0 [pid 3613] io_uring_setup(21175, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3613] mmap(0x20c00000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20c00000 [pid 3613] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3613] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3613] write(4, "28", 2) = 2 [ 53.756774][ T3612] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 53.764765][ T3612] [ 53.794168][ T3613] FAULT_INJECTION: forcing a failure. [ 53.794168][ T3613] name failslab, interval 1, probability 0, space 0, times 0 [ 53.806834][ T3613] CPU: 1 PID: 3613 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 53.817323][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.827368][ T3613] Call Trace: [ 53.830656][ T3613] [ 53.833582][ T3613] dump_stack_lvl+0xcd/0x134 [ 53.838198][ T3613] should_fail.cold+0x5/0xa [ 53.842773][ T3613] ? vm_area_dup+0x88/0x3f0 [ 53.847274][ T3613] should_failslab+0x5/0x10 [ 53.851765][ T3613] kmem_cache_alloc+0x5e/0x3b0 [ 53.856530][ T3613] vm_area_dup+0x88/0x3f0 [ 53.860927][ T3613] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.867157][ T3613] ? copy_page_range+0x2297/0x3e50 [ 53.872294][ T3613] ? vm_area_alloc+0x110/0x110 [ 53.877049][ T3613] ? dup_mm+0x7b9/0x13d0 [ 53.881279][ T3613] ? handle_mm_fault+0x790/0x790 [ 53.886211][ T3613] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.892435][ T3613] ? percpu_counter_add_batch+0xbd/0x180 [ 53.898066][ T3613] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 53.903779][ T3613] ? __vm_enough_memory+0x184/0x360 [ 53.908983][ T3613] ? security_vm_enough_memory_mm+0x85/0xb0 [ 53.914868][ T3613] dup_mm+0x5fa/0x13d0 [ 53.918932][ T3613] ? replace_mm_exe_file+0x490/0x490 [ 53.924211][ T3613] ? __raw_spin_lock_init+0x36/0x110 [ 53.929489][ T3613] copy_process+0x3b14/0x6fe0 [ 53.934155][ T3613] ? find_held_lock+0x2d/0x110 [ 53.938931][ T3613] ? __cleanup_sighand+0xb0/0xb0 [ 53.943886][ T3613] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.950121][ T3613] ? _copy_from_user+0xf9/0x170 [ 53.954990][ T3613] ? kernel_clone+0x314/0xab0 [ 53.959664][ T3613] kernel_clone+0xe7/0xab0 [ 53.964084][ T3613] ? create_io_thread+0xf0/0xf0 [ 53.968929][ T3613] ? do_raw_spin_lock+0x120/0x2a0 [ 53.973947][ T3613] ? rwlock_bug.part.0+0x90/0x90 [ 53.978886][ T3613] __do_sys_clone3+0x1dd/0x2f0 [ 53.983646][ T3613] ? __do_sys_clone+0x110/0x110 [ 53.988513][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 53.993382][ T3613] ? _raw_spin_unlock_irq+0x1f/0x40 [ 53.998572][ T3613] ? lockdep_hardirqs_on+0x79/0x100 [ 54.003766][ T3613] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.008972][ T3613] ? ptrace_notify+0xfa/0x140 [ 54.013660][ T3613] do_syscall_64+0x35/0xb0 [ 54.018109][ T3613] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.024020][ T3613] RIP: 0033:0x7f591e692a49 [ 54.028447][ T3613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.048066][ T3613] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 54.056492][ T3613] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 54.064483][ T3613] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 54.072443][ T3613] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 54.080411][ T3613] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [pid 3613] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88) = -1 ENOMEM (Cannot allocate memory) [pid 3613] close(3) = 0 [pid 3613] close(4) = 0 [pid 3613] close(5) = -1 EBADF (Bad file descriptor) [pid 3613] close(6) = -1 EBADF (Bad file descriptor) [pid 3613] close(7) = -1 EBADF (Bad file descriptor) [pid 3613] close(8) = -1 EBADF (Bad file descriptor) [pid 3613] close(9) = -1 EBADF (Bad file descriptor) [pid 3613] close(10) = -1 EBADF (Bad file descriptor) [pid 3613] close(11) = -1 EBADF (Bad file descriptor) [pid 3613] close(12) = -1 EBADF (Bad file descriptor) [pid 3613] close(13) = -1 EBADF (Bad file descriptor) [pid 3613] close(14) = -1 EBADF (Bad file descriptor) [pid 3613] close(15) = -1 EBADF (Bad file descriptor) [pid 3613] close(16) = -1 EBADF (Bad file descriptor) [pid 3613] close(17) = -1 EBADF (Bad file descriptor) [pid 3613] close(18) = -1 EBADF (Bad file descriptor) [pid 3613] close(19) = -1 EBADF (Bad file descriptor) [pid 3613] close(20) = -1 EBADF (Bad file descriptor) [pid 3613] close(21) = -1 EBADF (Bad file descriptor) [pid 3613] close(22) = -1 EBADF (Bad file descriptor) [pid 3613] close(23) = -1 EBADF (Bad file descriptor) [pid 3613] close(24) = -1 EBADF (Bad file descriptor) [pid 3613] close(25) = -1 EBADF (Bad file descriptor) [pid 3613] close(26) = -1 EBADF (Bad file descriptor) [pid 3613] close(27) = -1 EBADF (Bad file descriptor) [pid 3613] close(28) = -1 EBADF (Bad file descriptor) [pid 3613] close(29) = -1 EBADF (Bad file descriptor) [pid 3613] exit_group(0) = ? [pid 3613] +++ exited with 0 +++ [pid 3600] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- [pid 3600] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bc86d0) = 12 ./strace-static-x86_64: Process 3614 attached [pid 3614] set_robust_list(0x555556bc86e0, 24) = 0 [pid 3614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3614] setpgid(0, 0) = 0 [pid 3614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1000", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] io_uring_setup(21175, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3614] mmap(0x20c00000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20c00000 [pid 3614] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3614] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3614] write(4, "28", 2) = 2 [ 54.088387][ T3613] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 54.096356][ T3613] [ 54.132965][ T3614] FAULT_INJECTION: forcing a failure. [ 54.132965][ T3614] name failslab, interval 1, probability 0, space 0, times 0 [ 54.145741][ T3614] CPU: 0 PID: 3614 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 54.156248][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.166292][ T3614] Call Trace: [ 54.169560][ T3614] [ 54.172479][ T3614] dump_stack_lvl+0xcd/0x134 [ 54.177068][ T3614] should_fail.cold+0x5/0xa [ 54.181703][ T3614] ? ptlock_alloc+0x1d/0x70 [ 54.186217][ T3614] should_failslab+0x5/0x10 [ 54.190705][ T3614] kmem_cache_alloc+0x5e/0x3b0 [ 54.195466][ T3614] ptlock_alloc+0x1d/0x70 [ 54.199787][ T3614] pte_alloc_one+0x68/0x230 [ 54.204290][ T3614] __pte_alloc+0x69/0x250 [ 54.208636][ T3614] ? pmd_install+0x150/0x150 [ 54.213264][ T3614] copy_page_range+0x19e6/0x3e50 [ 54.218192][ T3614] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 54.224180][ T3614] ? dup_mm+0x7b9/0x13d0 [ 54.228411][ T3614] ? handle_mm_fault+0x790/0x790 [ 54.233361][ T3614] ? validate_mm_rb+0x46/0x2d0 [ 54.238114][ T3614] ? down_write+0xde/0x150 [ 54.242530][ T3614] ? __vma_link_rb+0x553/0x710 [ 54.247312][ T3614] dup_mm+0xa4e/0x13d0 [ 54.251389][ T3614] ? replace_mm_exe_file+0x490/0x490 [ 54.256705][ T3614] ? __raw_spin_lock_init+0x36/0x110 [ 54.262001][ T3614] copy_process+0x3b14/0x6fe0 [ 54.266673][ T3614] ? find_held_lock+0x2d/0x110 [ 54.271442][ T3614] ? __cleanup_sighand+0xb0/0xb0 [ 54.276390][ T3614] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 54.282623][ T3614] ? _copy_from_user+0xf9/0x170 [ 54.287472][ T3614] ? kernel_clone+0x314/0xab0 [ 54.292144][ T3614] kernel_clone+0xe7/0xab0 [ 54.296558][ T3614] ? create_io_thread+0xf0/0xf0 [ 54.301416][ T3614] ? do_raw_spin_lock+0x120/0x2a0 [ 54.306446][ T3614] ? rwlock_bug.part.0+0x90/0x90 [ 54.311383][ T3614] __do_sys_clone3+0x1dd/0x2f0 [ 54.316138][ T3614] ? __do_sys_clone+0x110/0x110 [ 54.320991][ T3614] ? lock_downgrade+0x6e0/0x6e0 [ 54.325844][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40 [ 54.331038][ T3614] ? lockdep_hardirqs_on+0x79/0x100 [ 54.336234][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.341429][ T3614] ? ptrace_notify+0xfa/0x140 [ 54.346114][ T3614] do_syscall_64+0x35/0xb0 [ 54.350531][ T3614] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.356418][ T3614] RIP: 0033:0x7f591e692a49 [ 54.360833][ T3614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.380428][ T3614] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 54.388841][ T3614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 54.396805][ T3614] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 54.404766][ T3614] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 54.412742][ T3614] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [ 54.420704][ T3614] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 54.428679][ T3614] [ 54.432352][ T3614] ------------[ cut here ]------------ [ 54.438721][ T3614] WARNING: CPU: 1 PID: 3614 at arch/x86/mm/pat/memtype.c:1099 untrack_pfn+0x247/0x290 [ 54.448347][ T3614] Modules linked in: [ 54.452241][ T3614] CPU: 1 PID: 3614 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 54.462800][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.472908][ T3614] RIP: 0010:untrack_pfn+0x247/0x290 [ 54.478161][ T3614] Code: 84 6c ff ff ff e8 39 98 42 00 4c 89 ee 4c 89 e7 e8 ae dd ff ff e8 29 98 42 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 19 98 42 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 fa 28 8e 00 e9 98 fe ff ff e8 10 [ 54.497834][ T3614] RSP: 0018:ffffc900030ff678 EFLAGS: 00010293 [ 54.503895][ T3614] RAX: 0000000000000000 RBX: ffff88801c701d68 RCX: 0000000000000000 [ 54.511925][ T3614] RDX: ffff88801b1b0000 RSI: ffffffff8136a8d7 RDI: 0000000000000003 [ 54.519938][ T3614] RBP: 1ffff9200061fecf R08: 0000000000000000 R09: ffffc900030ff600 [ 54.527956][ T3614] R10: ffffffff8136a7a6 R11: 0000000000000000 R12: 00000000ffffffea [ 54.535930][ T3614] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801c701db8 [ 54.543952][ T3614] FS: 0000555556bc8400(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 54.552919][ T3614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.559673][ T3614] CR2: 00007f591e6e7c98 CR3: 000000007a0f5000 CR4: 00000000003506e0 [ 54.567684][ T3614] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.575664][ T3614] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.583704][ T3614] Call Trace: [ 54.587011][ T3614] [ 54.589949][ T3614] ? track_pfn_insert+0x140/0x140 [ 54.594986][ T3614] ? vm_normal_page_pmd+0x550/0x550 [ 54.600239][ T3614] ? lock_downgrade+0x6e0/0x6e0 [ 54.605099][ T3614] ? uprobe_munmap+0x1c/0x560 [ 54.609807][ T3614] unmap_single_vma+0x1bc/0x310 [ 54.614679][ T3614] unmap_vmas+0x16b/0x2f0 [ 54.619106][ T3614] ? unmap_mapping_range+0x280/0x280 [ 54.624418][ T3614] ? lru_add_drain_cpu+0x4e2/0x900 [ 54.629582][ T3614] exit_mmap+0x1c4/0x4a0 [ 54.633846][ T3614] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 54.639886][ T3614] ? dup_mm+0xb3d/0x13d0 [ 54.644146][ T3614] __mmput+0x122/0x4b0 [ 54.648388][ T3614] mmput+0x56/0x60 [ 54.652116][ T3614] dup_mm+0xd73/0x13d0 [ 54.656191][ T3614] ? replace_mm_exe_file+0x490/0x490 [ 54.661545][ T3614] ? __raw_spin_lock_init+0x36/0x110 [ 54.666862][ T3614] copy_process+0x3b14/0x6fe0 [ 54.671532][ T3614] ? find_held_lock+0x2d/0x110 [ 54.676291][ T3614] ? __cleanup_sighand+0xb0/0xb0 [ 54.681328][ T3614] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 54.687609][ T3614] ? _copy_from_user+0xf9/0x170 [ 54.692478][ T3614] ? kernel_clone+0x314/0xab0 [ 54.697227][ T3614] kernel_clone+0xe7/0xab0 [ 54.701663][ T3614] ? create_io_thread+0xf0/0xf0 [ 54.706537][ T3614] ? do_raw_spin_lock+0x120/0x2a0 [ 54.711622][ T3614] ? rwlock_bug.part.0+0x90/0x90 [ 54.716639][ T3614] __do_sys_clone3+0x1dd/0x2f0 [ 54.721408][ T3614] ? __do_sys_clone+0x110/0x110 [ 54.726268][ T3614] ? lock_downgrade+0x6e0/0x6e0 [ 54.731191][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40 [ 54.736396][ T3614] ? lockdep_hardirqs_on+0x79/0x100 [ 54.741650][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.746877][ T3614] ? ptrace_notify+0xfa/0x140 [ 54.751553][ T3614] do_syscall_64+0x35/0xb0 [ 54.755959][ T3614] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.761899][ T3614] RIP: 0033:0x7f591e692a49 [ 54.766323][ T3614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.786083][ T3614] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 54.794549][ T3614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 54.802605][ T3614] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 54.810602][ T3614] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 54.818632][ T3614] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [ 54.826976][ T3614] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 54.834989][ T3614] [ 54.838087][ T3614] Kernel panic - not syncing: panic_on_warn set ... [ 54.844665][ T3614] CPU: 1 PID: 3614 Comm: syz-executor411 Not tainted 5.18.0-rc7-syzkaller-00136-g3b5e1590a267 #0 [ 54.855146][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.865185][ T3614] Call Trace: [ 54.868452][ T3614] [ 54.871386][ T3614] dump_stack_lvl+0xcd/0x134 [ 54.875990][ T3614] panic+0x2d7/0x636 [ 54.879879][ T3614] ? panic_print_sys_info.part.0+0x10b/0x10b [ 54.885889][ T3614] ? __warn.cold+0x1d1/0x2c5 [ 54.890487][ T3614] ? untrack_pfn+0x247/0x290 [ 54.895065][ T3614] __warn.cold+0x1e2/0x2c5 [ 54.899469][ T3614] ? untrack_pfn+0x247/0x290 [ 54.904054][ T3614] report_bug+0x1bd/0x210 [ 54.908379][ T3614] handle_bug+0x3c/0x60 [ 54.912643][ T3614] exc_invalid_op+0x14/0x40 [ 54.917161][ T3614] asm_exc_invalid_op+0x12/0x20 [ 54.922003][ T3614] RIP: 0010:untrack_pfn+0x247/0x290 [ 54.927188][ T3614] Code: 84 6c ff ff ff e8 39 98 42 00 4c 89 ee 4c 89 e7 e8 ae dd ff ff e8 29 98 42 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 19 98 42 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 fa 28 8e 00 e9 98 fe ff ff e8 10 [ 54.946783][ T3614] RSP: 0018:ffffc900030ff678 EFLAGS: 00010293 [ 54.952843][ T3614] RAX: 0000000000000000 RBX: ffff88801c701d68 RCX: 0000000000000000 [ 54.960804][ T3614] RDX: ffff88801b1b0000 RSI: ffffffff8136a8d7 RDI: 0000000000000003 [ 54.968765][ T3614] RBP: 1ffff9200061fecf R08: 0000000000000000 R09: ffffc900030ff600 [ 54.976728][ T3614] R10: ffffffff8136a7a6 R11: 0000000000000000 R12: 00000000ffffffea [ 54.984690][ T3614] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801c701db8 [ 54.992655][ T3614] ? untrack_pfn+0x116/0x290 [ 54.997248][ T3614] ? untrack_pfn+0x247/0x290 [ 55.001836][ T3614] ? untrack_pfn+0x247/0x290 [ 55.006419][ T3614] ? track_pfn_insert+0x140/0x140 [ 55.011436][ T3614] ? vm_normal_page_pmd+0x550/0x550 [ 55.016630][ T3614] ? lock_downgrade+0x6e0/0x6e0 [ 55.021475][ T3614] ? uprobe_munmap+0x1c/0x560 [ 55.026149][ T3614] unmap_single_vma+0x1bc/0x310 [ 55.030998][ T3614] unmap_vmas+0x16b/0x2f0 [ 55.035319][ T3614] ? unmap_mapping_range+0x280/0x280 [ 55.040613][ T3614] ? lru_add_drain_cpu+0x4e2/0x900 [ 55.045735][ T3614] exit_mmap+0x1c4/0x4a0 [ 55.049982][ T3614] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 55.055971][ T3614] ? dup_mm+0xb3d/0x13d0 [ 55.060222][ T3614] __mmput+0x122/0x4b0 [ 55.064296][ T3614] mmput+0x56/0x60 [ 55.068023][ T3614] dup_mm+0xd73/0x13d0 [ 55.072100][ T3614] ? replace_mm_exe_file+0x490/0x490 [ 55.077380][ T3614] ? __raw_spin_lock_init+0x36/0x110 [ 55.082672][ T3614] copy_process+0x3b14/0x6fe0 [ 55.087343][ T3614] ? find_held_lock+0x2d/0x110 [ 55.092112][ T3614] ? __cleanup_sighand+0xb0/0xb0 [ 55.097046][ T3614] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 55.103281][ T3614] ? _copy_from_user+0xf9/0x170 [ 55.108127][ T3614] ? kernel_clone+0x314/0xab0 [ 55.112804][ T3614] kernel_clone+0xe7/0xab0 [ 55.117225][ T3614] ? create_io_thread+0xf0/0xf0 [ 55.122075][ T3614] ? do_raw_spin_lock+0x120/0x2a0 [ 55.127095][ T3614] ? rwlock_bug.part.0+0x90/0x90 [ 55.132028][ T3614] __do_sys_clone3+0x1dd/0x2f0 [ 55.136785][ T3614] ? __do_sys_clone+0x110/0x110 [ 55.141634][ T3614] ? lock_downgrade+0x6e0/0x6e0 [ 55.146488][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40 [ 55.151683][ T3614] ? lockdep_hardirqs_on+0x79/0x100 [ 55.156874][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40 [ 55.162066][ T3614] ? ptrace_notify+0xfa/0x140 [ 55.166744][ T3614] do_syscall_64+0x35/0xb0 [ 55.171161][ T3614] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 55.177049][ T3614] RIP: 0033:0x7f591e692a49 [ 55.181458][ T3614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.201054][ T3614] RSP: 002b:00007ffdd548d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 55.209467][ T3614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f591e692a49 [ 55.217430][ T3614] RDX: 0000000000000300 RSI: 0000000000000058 RDI: 00007ffdd548d310 [ 55.225389][ T3614] RBP: 0000000000000000 R08: 0000000000000002 R09: 00007f591e003832 [ 55.233355][ T3614] R10: 00007ffdd548d310 R11: 0000000000000246 R12: 0000000000000002 [ 55.241313][ T3614] R13: 00007ffdd548d460 R14: 00007ffdd548d470 R15: 00007ffdd548d430 [ 55.249288][ T3614] [ 55.252584][ T3614] Kernel Offset: disabled [ 55.256982][ T3614] Rebooting in 86400 seconds..