./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3960613924 <...> [ 3.996666][ T100] udevd[100]: starting eudev-3.2.11 [ 4.946456][ T145] cat (145) used greatest stack depth: 23152 bytes left [ 7.675109][ T109] udevd (109) used greatest stack depth: 22176 bytes left [ 14.282290][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 14.282300][ T30] audit: type=1400 audit(1700823626.854:61): avc: denied { transition } for pid=226 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.288828][ T30] audit: type=1400 audit(1700823626.854:62): avc: denied { noatsecure } for pid=226 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.293212][ T30] audit: type=1400 audit(1700823626.854:63): avc: denied { write } for pid=226 comm="sh" path="pipe:[13246]" dev="pipefs" ino=13246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.296739][ T30] audit: type=1400 audit(1700823626.854:64): avc: denied { rlimitinh } for pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.300007][ T30] audit: type=1400 audit(1700823626.854:65): avc: denied { siginh } for pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.654817][ T229] sftp-server (229) used greatest stack depth: 22096 bytes left Warning: Permanently added '10.128.10.16' (ED25519) to the list of known hosts. execve("./syz-executor3960613924", ["./syz-executor3960613924"], 0x7ffd2ad79710 /* 10 vars */) = 0 brk(NULL) = 0x55555641c000 brk(0x55555641cd40) = 0x55555641cd40 arch_prctl(ARCH_SET_FS, 0x55555641c3c0) = 0 set_tid_address(0x55555641c690) = 294 set_robust_list(0x55555641c6a0, 24) = 0 rseq(0x55555641cce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3960613924", 4096) = 28 getrandom("\x89\x5b\x27\xb8\x5d\x11\x0b\xf3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555641cd40 brk(0x55555643dd40) = 0x55555643dd40 brk(0x55555643e000) = 0x55555643e000 mprotect(0x7f51ec36d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555641c690) = 295 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x55555641c6a0, 24) = 0 [pid 295] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setsid() = 1 [pid 295] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 295] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 295] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 295] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 295] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 295] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 295] unshare(CLONE_NEWNS) = 0 [pid 295] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 295] unshare(CLONE_NEWCGROUP) = 0 [pid 295] unshare(CLONE_NEWUTS) = 0 [pid 295] unshare(CLONE_SYSVSEM) = 0 [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] getpid() = 1 [pid 295] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< {parent_tid=[3]}, 88) = 3 [pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 297] write(3, "63", 2) = 2 [ 23.127726][ T30] audit: type=1400 audit(1700823635.694:66): avc: denied { execmem } for pid=294 comm="syz-executor396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.148772][ T30] audit: type=1400 audit(1700823635.694:67): avc: denied { integrity } for pid=294 comm="syz-executor396" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 23.170670][ T297] FAULT_INJECTION: forcing a failure. [ 23.170670][ T297] name failslab, interval 1, probability 0, space 0, times 1 [ 23.172779][ T30] audit: type=1400 audit(1700823635.704:68): avc: denied { mounton } for pid=295 comm="syz-executor396" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 23.186018][ T297] CPU: 1 PID: 297 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 23.209870][ T30] audit: type=1400 audit(1700823635.704:69): avc: denied { mount } for pid=295 comm="syz-executor396" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 23.219439][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 23.219451][ T297] Call Trace: [ 23.219456][ T297] [ 23.219462][ T297] dump_stack_lvl+0x151/0x1b7 [ 23.242459][ T30] audit: type=1400 audit(1700823635.704:70): avc: denied { mounton } for pid=295 comm="syz-executor396" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 23.253420][ T297] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.253464][ T297] dump_stack+0x15/0x17 [ 23.253477][ T297] should_fail+0x3c6/0x510 [ 23.253492][ T297] __should_failslab+0xa4/0xe0 [ 23.257144][ T30] audit: type=1400 audit(1700823635.724:71): avc: denied { create } for pid=291 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 23.259324][ T297] ? anon_vma_fork+0xf7/0x4e0 [ 23.259352][ T297] should_failslab+0x9/0x20 [ 23.259367][ T297] slab_pre_alloc_hook+0x37/0xd0 [ 23.264285][ T30] audit: type=1400 audit(1700823635.724:72): avc: denied { write } for pid=291 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 23.286188][ T297] ? anon_vma_fork+0xf7/0x4e0 [ 23.286228][ T297] kmem_cache_alloc+0x44/0x200 [ 23.286251][ T297] anon_vma_fork+0xf7/0x4e0 [ 23.286265][ T297] ? anon_vma_name+0x43/0x70 [ 23.286279][ T297] ? vm_area_dup+0x17a/0x230 [ 23.286295][ T297] copy_mm+0xa3a/0x13e0 [ 23.286312][ T297] ? copy_signal+0x610/0x610 [ 23.292418][ T30] audit: type=1400 audit(1700823635.724:73): avc: denied { nlmsg_read } for pid=291 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 23.296272][ T297] ? __init_rwsem+0xd6/0x1c0 [ 23.300988][ T30] audit: type=1400 audit(1700823635.724:74): avc: denied { module_request } for pid=291 comm="strace-static-x" kmod="net-pf-16-proto-4-type-16" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 23.305628][ T297] ? copy_signal+0x4e3/0x610 [ 23.327945][ T30] audit: type=1400 audit(1700823635.724:75): avc: denied { read } for pid=291 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 23.332401][ T297] copy_process+0x12bc/0x3260 [ 23.332427][ T297] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 23.475739][ T297] ? __kasan_check_write+0x14/0x20 [ 23.480672][ T297] kernel_clone+0x21e/0x9e0 [ 23.485014][ T297] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.490131][ T297] ? create_io_thread+0x1e0/0x1e0 [ 23.494992][ T297] __x64_sys_clone+0x23f/0x290 [ 23.499593][ T297] ? __do_sys_vfork+0x130/0x130 [ 23.504292][ T297] ? __kasan_check_read+0x11/0x20 [ 23.509141][ T297] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 23.514971][ T297] do_syscall_64+0x3d/0xb0 [ 23.519211][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.524935][ T297] RIP: 0033:0x7f51ec2e90a9 [ 23.529188][ T297] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 23.548800][ T297] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 23.557479][ T297] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 23.565640][ T297] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [pid 297] clone(child_stack=NULL, flags=0 [pid 296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 297] <... clone resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 297] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] close(3) = 0 [pid 296] close(4) = -1 EBADF (Bad file descriptor) [pid 296] close(5) = -1 EBADF (Bad file descriptor) [pid 296] close(6) = -1 EBADF (Bad file descriptor) [pid 296] close(7) = -1 EBADF (Bad file descriptor) [pid 296] close(8) = -1 EBADF (Bad file descriptor) [pid 296] close(9) = -1 EBADF (Bad file descriptor) [pid 296] close(10) = -1 EBADF (Bad file descriptor) [pid 296] close(11) = -1 EBADF (Bad file descriptor) [pid 296] close(12) = -1 EBADF (Bad file descriptor) [pid 296] close(13) = -1 EBADF (Bad file descriptor) [pid 296] close(14) = -1 EBADF (Bad file descriptor) [pid 296] close(15) = -1 EBADF (Bad file descriptor) [pid 296] close(16) = -1 EBADF (Bad file descriptor) [pid 296] close(17) = -1 EBADF (Bad file descriptor) [pid 296] close(18) = -1 EBADF (Bad file descriptor) [pid 296] close(19) = -1 EBADF (Bad file descriptor) [pid 296] close(20) = -1 EBADF (Bad file descriptor) [pid 296] close(21) = -1 EBADF (Bad file descriptor) [pid 296] close(22) = -1 EBADF (Bad file descriptor) [pid 296] close(23) = -1 EBADF (Bad file descriptor) [pid 296] close(24) = -1 EBADF (Bad file descriptor) [pid 296] close(25) = -1 EBADF (Bad file descriptor) [pid 296] close(26) = -1 EBADF (Bad file descriptor) [pid 296] close(27) = -1 EBADF (Bad file descriptor) [pid 296] close(28) = -1 EBADF (Bad file descriptor) [pid 296] close(29) = -1 EBADF (Bad file descriptor) [pid 296] exit_group(0) = ? [pid 297] <... futex resumed>) = ? [pid 297] +++ exited with 0 +++ [pid 296] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555641c690) = 4 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x55555641c6a0, 24) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 299] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 299] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 299] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0}./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x7f51ec2a99a0, 24 [pid 299] <... clone3 resumed> => {parent_tid=[5]}, 88) = 5 [pid 300] <... set_robust_list resumed>) = 0 [pid 300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 300] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 300] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 299] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... openat resumed>) = 3 [pid 300] write(3, "63", 2) = 2 [ 23.574151][ T297] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 23.583156][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 23.591208][ T297] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 23.599037][ T297] [ 23.619673][ T300] FAULT_INJECTION: forcing a failure. [pid 300] clone(child_stack=NULL, flags=0 [pid 299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 23.619673][ T300] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 23.633134][ T300] CPU: 1 PID: 300 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 23.643405][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 23.653557][ T300] Call Trace: [ 23.656676][ T300] [ 23.659454][ T300] dump_stack_lvl+0x151/0x1b7 [ 23.663967][ T300] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.669445][ T300] dump_stack+0x15/0x17 [ 23.673687][ T300] should_fail+0x3c6/0x510 [ 23.678050][ T300] should_fail_alloc_page+0x5a/0x80 [ 23.683062][ T300] prepare_alloc_pages+0x15c/0x700 [ 23.688022][ T300] ? __alloc_pages_bulk+0xe60/0xe60 [ 23.693101][ T300] __alloc_pages+0x138/0x5e0 [ 23.697570][ T300] ? stack_trace_save+0x1c0/0x1c0 [ 23.702422][ T300] ? prep_new_page+0x110/0x110 [ 23.707103][ T300] get_zeroed_page+0x19/0x40 [ 23.711542][ T300] __pud_alloc+0x8b/0x260 [ 23.716047][ T300] ? stack_trace_snprint+0xf0/0xf0 [ 23.720987][ T300] ? do_handle_mm_fault+0x2330/0x2330 [ 23.726202][ T300] ? __stack_depot_save+0x34/0x470 [ 23.731232][ T300] ? anon_vma_clone+0x9a/0x500 [ 23.735836][ T300] copy_page_range+0x2bcf/0x2f90 [ 23.740602][ T300] ? __kasan_slab_alloc+0xb1/0xe0 [ 23.745825][ T300] ? slab_post_alloc_hook+0x53/0x2c0 [ 23.750931][ T300] ? copy_mm+0xa3a/0x13e0 [ 23.755184][ T300] ? copy_process+0x12bc/0x3260 [ 23.759868][ T300] ? kernel_clone+0x21e/0x9e0 [ 23.764476][ T300] ? __x64_sys_clone+0x23f/0x290 [ 23.769243][ T300] ? do_syscall_64+0x3d/0xb0 [ 23.774111][ T300] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.780403][ T300] ? pfn_valid+0x1e0/0x1e0 [ 23.784779][ T300] ? rwsem_write_trylock+0x15b/0x290 [ 23.790092][ T300] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 23.796512][ T300] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 23.802259][ T300] ? __rb_insert_augmented+0x5de/0x610 [ 23.809616][ T300] copy_mm+0xc7e/0x13e0 [ 23.813951][ T300] ? copy_signal+0x610/0x610 [ 23.818761][ T300] ? __init_rwsem+0xd6/0x1c0 [ 23.823155][ T300] ? copy_signal+0x4e3/0x610 [ 23.827790][ T300] copy_process+0x12bc/0x3260 [ 23.832554][ T300] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 23.837663][ T300] ? __kasan_check_write+0x14/0x20 [ 23.842706][ T300] kernel_clone+0x21e/0x9e0 [ 23.847121][ T300] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.852241][ T300] ? create_io_thread+0x1e0/0x1e0 [ 23.857290][ T300] __x64_sys_clone+0x23f/0x290 [ 23.862078][ T300] ? __do_sys_vfork+0x130/0x130 [ 23.866913][ T300] ? __kasan_check_read+0x11/0x20 [ 23.871773][ T300] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 23.877593][ T300] do_syscall_64+0x3d/0xb0 [ 23.881939][ T300] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.888162][ T300] RIP: 0033:0x7f51ec2e90a9 [ 23.892690][ T300] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 23.913261][ T300] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 23.922123][ T300] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [pid 300] <... clone resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 300] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] close(3) = 0 [pid 299] close(4) = -1 EBADF (Bad file descriptor) [pid 299] close(5) = -1 EBADF (Bad file descriptor) [pid 299] close(6) = -1 EBADF (Bad file descriptor) [pid 299] close(7) = -1 EBADF (Bad file descriptor) [pid 299] close(8) = -1 EBADF (Bad file descriptor) [pid 299] close(9) = -1 EBADF (Bad file descriptor) [pid 299] close(10) = -1 EBADF (Bad file descriptor) [pid 299] close(11) = -1 EBADF (Bad file descriptor) [pid 299] close(12) = -1 EBADF (Bad file descriptor) [pid 299] close(13) = -1 EBADF (Bad file descriptor) [pid 299] close(14) = -1 EBADF (Bad file descriptor) [pid 299] close(15) = -1 EBADF (Bad file descriptor) [pid 299] close(16) = -1 EBADF (Bad file descriptor) [pid 299] close(17) = -1 EBADF (Bad file descriptor) [pid 299] close(18) = -1 EBADF (Bad file descriptor) [pid 299] close(19) = -1 EBADF (Bad file descriptor) [pid 299] close(20) = -1 EBADF (Bad file descriptor) [pid 299] close(21) = -1 EBADF (Bad file descriptor) [pid 299] close(22) = -1 EBADF (Bad file descriptor) [pid 299] close(23) = -1 EBADF (Bad file descriptor) [pid 299] close(24) = -1 EBADF (Bad file descriptor) [pid 299] close(25) = -1 EBADF (Bad file descriptor) [pid 299] close(26) = -1 EBADF (Bad file descriptor) [pid 299] close(27) = -1 EBADF (Bad file descriptor) [pid 299] close(28) = -1 EBADF (Bad file descriptor) [pid 299] close(29) = -1 EBADF (Bad file descriptor) [pid 299] exit_group(0 [pid 300] <... futex resumed>) = ? [pid 299] <... exit_group resumed>) = ? [pid 300] +++ exited with 0 +++ [pid 299] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555641c690) = 6 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x55555641c6a0, 24) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 301] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0} => {parent_tid=[7]}, 88) = 7 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] <... futex resumed>) = 0 [pid 302] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 301] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... openat resumed>) = 3 [pid 302] write(3, "63", 2) = 2 [ 23.930008][ T300] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 23.939995][ T300] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 23.948068][ T300] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 23.956051][ T300] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 23.964313][ T300] [pid 302] clone(child_stack=NULL, flags=0 [pid 301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 23.984731][ T302] FAULT_INJECTION: forcing a failure. [ 23.984731][ T302] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 23.998063][ T302] CPU: 0 PID: 302 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 24.008332][ T302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 24.018309][ T302] Call Trace: [ 24.021783][ T302] [ 24.024551][ T302] dump_stack_lvl+0x151/0x1b7 [ 24.029064][ T302] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.034540][ T302] dump_stack+0x15/0x17 [ 24.038616][ T302] should_fail+0x3c6/0x510 [ 24.042882][ T302] should_fail_alloc_page+0x5a/0x80 [ 24.047987][ T302] prepare_alloc_pages+0x15c/0x700 [ 24.052939][ T302] ? __alloc_pages_bulk+0xe60/0xe60 [ 24.057966][ T302] __alloc_pages+0x138/0x5e0 [ 24.062402][ T302] ? stack_trace_save+0x1c0/0x1c0 [ 24.067835][ T302] ? prep_new_page+0x110/0x110 [ 24.072511][ T302] get_zeroed_page+0x19/0x40 [ 24.076928][ T302] __pud_alloc+0x8b/0x260 [ 24.081264][ T302] ? stack_trace_snprint+0xf0/0xf0 [ 24.086391][ T302] ? do_handle_mm_fault+0x2330/0x2330 [ 24.091603][ T302] ? __stack_depot_save+0x34/0x470 [ 24.096539][ T302] ? anon_vma_clone+0x9a/0x500 [ 24.101141][ T302] copy_page_range+0x2bcf/0x2f90 [ 24.106016][ T302] ? __kasan_slab_alloc+0xb1/0xe0 [ 24.110947][ T302] ? slab_post_alloc_hook+0x53/0x2c0 [ 24.116076][ T302] ? copy_mm+0xa3a/0x13e0 [ 24.120336][ T302] ? copy_process+0x12bc/0x3260 [ 24.125010][ T302] ? kernel_clone+0x21e/0x9e0 [ 24.129622][ T302] ? __x64_sys_clone+0x23f/0x290 [ 24.134399][ T302] ? do_syscall_64+0x3d/0xb0 [ 24.139005][ T302] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.144916][ T302] ? pfn_valid+0x1e0/0x1e0 [ 24.149146][ T302] ? rwsem_write_trylock+0x15b/0x290 [ 24.154354][ T302] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 24.160616][ T302] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 24.166251][ T302] ? __rb_insert_augmented+0x5de/0x610 [ 24.171548][ T302] copy_mm+0xc7e/0x13e0 [ 24.175547][ T302] ? copy_signal+0x610/0x610 [ 24.179959][ T302] ? __init_rwsem+0xd6/0x1c0 [ 24.184382][ T302] ? copy_signal+0x4e3/0x610 [ 24.188899][ T302] copy_process+0x12bc/0x3260 [ 24.193420][ T302] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 24.198452][ T302] ? __kasan_check_write+0x14/0x20 [ 24.203404][ T302] kernel_clone+0x21e/0x9e0 [ 24.207739][ T302] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.212930][ T302] ? create_io_thread+0x1e0/0x1e0 [ 24.217888][ T302] __x64_sys_clone+0x23f/0x290 [ 24.222478][ T302] ? __do_sys_vfork+0x130/0x130 [ 24.227332][ T302] ? __kasan_check_read+0x11/0x20 [ 24.232283][ T302] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 24.238122][ T302] do_syscall_64+0x3d/0xb0 [ 24.242350][ T302] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.248170][ T302] RIP: 0033:0x7f51ec2e90a9 [ 24.252421][ T302] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 24.272210][ T302] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [pid 302] <... clone resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 302] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] close(3) = 0 [pid 301] close(4) = -1 EBADF (Bad file descriptor) [pid 301] close(5) = -1 EBADF (Bad file descriptor) [pid 301] close(6) = -1 EBADF (Bad file descriptor) [pid 301] close(7) = -1 EBADF (Bad file descriptor) [pid 301] close(8) = -1 EBADF (Bad file descriptor) [pid 301] close(9) = -1 EBADF (Bad file descriptor) [pid 301] close(10) = -1 EBADF (Bad file descriptor) [pid 301] close(11) = -1 EBADF (Bad file descriptor) [pid 301] close(12) = -1 EBADF (Bad file descriptor) [pid 301] close(13) = -1 EBADF (Bad file descriptor) [pid 301] close(14) = -1 EBADF (Bad file descriptor) [pid 301] close(15) = -1 EBADF (Bad file descriptor) [pid 301] close(16) = -1 EBADF (Bad file descriptor) [pid 301] close(17) = -1 EBADF (Bad file descriptor) [pid 301] close(18) = -1 EBADF (Bad file descriptor) [pid 301] close(19) = -1 EBADF (Bad file descriptor) [pid 301] close(20) = -1 EBADF (Bad file descriptor) [pid 301] close(21) = -1 EBADF (Bad file descriptor) [pid 301] close(22) = -1 EBADF (Bad file descriptor) [pid 301] close(23) = -1 EBADF (Bad file descriptor) [pid 301] close(24) = -1 EBADF (Bad file descriptor) [pid 301] close(25) = -1 EBADF (Bad file descriptor) [pid 301] close(26) = -1 EBADF (Bad file descriptor) [pid 301] close(27) = -1 EBADF (Bad file descriptor) [pid 301] close(28) = -1 EBADF (Bad file descriptor) [pid 301] close(29) = -1 EBADF (Bad file descriptor) [pid 301] exit_group(0) = ? [pid 302] <... futex resumed>) = ? [pid 302] +++ exited with 0 +++ [pid 301] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555641c690) = 8 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x55555641c6a0, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 304] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 304] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0}./strace-static-x86_64: Process 305 attached => {parent_tid=[9]}, 88) = 9 [pid 305] set_robust_list(0x7f51ec2a99a0, 24 [pid 304] rt_sigprocmask(SIG_SETMASK, [], [pid 305] <... set_robust_list resumed>) = 0 [pid 304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], [pid 304] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 305] write(3, "63", 2) = 2 [ 24.280795][ T302] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 24.289075][ T302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 24.296977][ T302] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 24.304797][ T302] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 24.312774][ T302] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 24.320587][ T302] [ 24.348417][ T305] FAULT_INJECTION: forcing a failure. [ 24.348417][ T305] name failslab, interval 1, probability 0, space 0, times 0 [ 24.361207][ T305] CPU: 0 PID: 305 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 24.371878][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 24.382878][ T305] Call Trace: [ 24.386582][ T305] [ 24.390064][ T305] dump_stack_lvl+0x151/0x1b7 [ 24.395879][ T305] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.402212][ T305] ? avc_denied+0x1b0/0x1b0 [ 24.406541][ T305] dump_stack+0x15/0x17 [ 24.411186][ T305] should_fail+0x3c6/0x510 [ 24.415731][ T305] __should_failslab+0xa4/0xe0 [ 24.420314][ T305] ? vm_area_dup+0x26/0x230 [ 24.424643][ T305] should_failslab+0x9/0x20 [ 24.428986][ T305] slab_pre_alloc_hook+0x37/0xd0 [ 24.434373][ T305] ? vm_area_dup+0x26/0x230 [ 24.439019][ T305] kmem_cache_alloc+0x44/0x200 [ 24.443767][ T305] vm_area_dup+0x26/0x230 [ 24.448000][ T305] copy_mm+0x9a1/0x13e0 [ 24.452361][ T305] ? copy_signal+0x610/0x610 [ 24.456843][ T305] ? __init_rwsem+0xd6/0x1c0 [ 24.461460][ T305] ? copy_signal+0x4e3/0x610 [ 24.466536][ T305] copy_process+0x12bc/0x3260 [ 24.471052][ T305] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 24.476175][ T305] ? __kasan_check_write+0x14/0x20 [ 24.482010][ T305] kernel_clone+0x21e/0x9e0 [ 24.486570][ T305] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.491860][ T305] ? create_io_thread+0x1e0/0x1e0 [ 24.496932][ T305] __x64_sys_clone+0x23f/0x290 [ 24.501843][ T305] ? __do_sys_vfork+0x130/0x130 [ 24.506512][ T305] ? __kasan_check_read+0x11/0x20 [ 24.512024][ T305] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 24.519306][ T305] do_syscall_64+0x3d/0xb0 [ 24.524510][ T305] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.530455][ T305] RIP: 0033:0x7f51ec2e90a9 [ 24.535063][ T305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 24.557925][ T305] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 24.567684][ T305] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 24.576050][ T305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 24.584668][ T305] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [pid 305] clone(child_stack=NULL, flags=0 [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 305] <... clone resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 305] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] close(3) = 0 [pid 304] close(4) = -1 EBADF (Bad file descriptor) [pid 304] close(5) = -1 EBADF (Bad file descriptor) [pid 304] close(6) = -1 EBADF (Bad file descriptor) [pid 304] close(7) = -1 EBADF (Bad file descriptor) [pid 304] close(8) = -1 EBADF (Bad file descriptor) [pid 304] close(9) = -1 EBADF (Bad file descriptor) [pid 304] close(10) = -1 EBADF (Bad file descriptor) [pid 304] close(11) = -1 EBADF (Bad file descriptor) [pid 304] close(12) = -1 EBADF (Bad file descriptor) [pid 304] close(13) = -1 EBADF (Bad file descriptor) [pid 304] close(14) = -1 EBADF (Bad file descriptor) [pid 304] close(15) = -1 EBADF (Bad file descriptor) [pid 304] close(16) = -1 EBADF (Bad file descriptor) [pid 304] close(17) = -1 EBADF (Bad file descriptor) [pid 304] close(18) = -1 EBADF (Bad file descriptor) [pid 304] close(19) = -1 EBADF (Bad file descriptor) [pid 304] close(20) = -1 EBADF (Bad file descriptor) [pid 304] close(21) = -1 EBADF (Bad file descriptor) [pid 304] close(22) = -1 EBADF (Bad file descriptor) [pid 304] close(23) = -1 EBADF (Bad file descriptor) [pid 304] close(24) = -1 EBADF (Bad file descriptor) [pid 304] close(25) = -1 EBADF (Bad file descriptor) [pid 304] close(26) = -1 EBADF (Bad file descriptor) [pid 304] close(27) = -1 EBADF (Bad file descriptor) [pid 304] close(28) = -1 EBADF (Bad file descriptor) [pid 304] close(29) = -1 EBADF (Bad file descriptor) [pid 304] exit_group(0) = ? [pid 305] <... futex resumed>) = ? [pid 305] +++ exited with 0 +++ [pid 304] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x55555641c6a0, 24) = 0 [pid 295] <... clone resumed>, child_tidptr=0x55555641c690) = 10 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 307] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0}./strace-static-x86_64: Process 308 attached => {parent_tid=[11]}, 88) = 11 [pid 308] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 307] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... openat resumed>) = 3 [pid 308] write(3, "63", 2) = 2 [ 24.593187][ T305] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 24.601289][ T305] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 24.609492][ T305] [ 24.629566][ T308] FAULT_INJECTION: forcing a failure. [ 24.629566][ T308] name failslab, interval 1, probability 0, space 0, times 0 [pid 308] clone(child_stack=NULL, flags=0 [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 24.642043][ T308] CPU: 0 PID: 308 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 24.652195][ T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 24.663376][ T308] Call Trace: [ 24.666505][ T308] [ 24.669369][ T308] dump_stack_lvl+0x151/0x1b7 [ 24.674120][ T308] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.679596][ T308] dump_stack+0x15/0x17 [ 24.683856][ T308] should_fail+0x3c6/0x510 [ 24.688096][ T308] __should_failslab+0xa4/0xe0 [ 24.692702][ T308] ? anon_vma_clone+0x9a/0x500 [ 24.697291][ T308] should_failslab+0x9/0x20 [ 24.701711][ T308] slab_pre_alloc_hook+0x37/0xd0 [ 24.706515][ T308] ? anon_vma_clone+0x9a/0x500 [ 24.711089][ T308] kmem_cache_alloc+0x44/0x200 [ 24.715790][ T308] anon_vma_clone+0x9a/0x500 [ 24.720290][ T308] anon_vma_fork+0x91/0x4e0 [ 24.724797][ T308] ? anon_vma_name+0x43/0x70 [ 24.729821][ T308] ? vm_area_dup+0x17a/0x230 [ 24.734449][ T308] copy_mm+0xa3a/0x13e0 [ 24.738524][ T308] ? copy_signal+0x610/0x610 [ 24.743184][ T308] ? __init_rwsem+0xd6/0x1c0 [ 24.748068][ T308] ? copy_signal+0x4e3/0x610 [ 24.752672][ T308] copy_process+0x12bc/0x3260 [ 24.757724][ T308] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 24.762658][ T308] ? __kasan_check_write+0x14/0x20 [ 24.767601][ T308] kernel_clone+0x21e/0x9e0 [ 24.772204][ T308] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.777322][ T308] ? create_io_thread+0x1e0/0x1e0 [ 24.782187][ T308] __x64_sys_clone+0x23f/0x290 [ 24.787160][ T308] ? __do_sys_vfork+0x130/0x130 [ 24.791857][ T308] ? __kasan_check_read+0x11/0x20 [ 24.797017][ T308] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 24.803928][ T308] do_syscall_64+0x3d/0xb0 [ 24.808923][ T308] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.816980][ T308] RIP: 0033:0x7f51ec2e90a9 [ 24.821752][ T308] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 24.848102][ T308] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 24.859364][ T308] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 24.869004][ T308] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 24.877411][ T308] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 24.885321][ T308] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [pid 308] <... clone resumed>) = 12 [pid 308] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 309 attached [pid 307] close(3) = 0 [pid 307] close(4) = -1 EBADF (Bad file descriptor) [pid 307] close(5) = -1 EBADF (Bad file descriptor) [pid 307] close(6) = -1 EBADF (Bad file descriptor) [pid 307] close(7) = -1 EBADF (Bad file descriptor) [pid 307] close(8) = -1 EBADF (Bad file descriptor) [pid 307] close(9) = -1 EBADF (Bad file descriptor) [pid 307] close(10) = -1 EBADF (Bad file descriptor) [pid 307] close(11) = -1 EBADF (Bad file descriptor) [pid 307] close(12) = -1 EBADF (Bad file descriptor) [pid 307] close(13) = -1 EBADF (Bad file descriptor) [pid 307] close(14) = -1 EBADF (Bad file descriptor) [pid 307] close(15) = -1 EBADF (Bad file descriptor) [pid 307] close(16) = -1 EBADF (Bad file descriptor) [pid 307] close(17) = -1 EBADF (Bad file descriptor) [pid 307] close(18) = -1 EBADF (Bad file descriptor) [pid 307] close(19) = -1 EBADF (Bad file descriptor) [pid 307] close(20) = -1 EBADF (Bad file descriptor) [pid 307] close(21) = -1 EBADF (Bad file descriptor) [pid 307] close(22) = -1 EBADF (Bad file descriptor) [pid 307] close(23) = -1 EBADF (Bad file descriptor) [pid 307] close(24) = -1 EBADF (Bad file descriptor) [pid 307] close(25) = -1 EBADF (Bad file descriptor) [pid 307] close(26) = -1 EBADF (Bad file descriptor) [pid 307] close(27) = -1 EBADF (Bad file descriptor) [pid 307] close(28) = -1 EBADF (Bad file descriptor) [pid 307] close(29) = -1 EBADF (Bad file descriptor) [pid 307] exit_group(0 [pid 308] <... futex resumed>) = ? [pid 307] <... exit_group resumed>) = ? [pid 308] +++ exited with 0 +++ [pid 307] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 310 attached , child_tidptr=0x55555641c690) = 13 [pid 310] set_robust_list(0x55555641c6a0, 24) = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 310] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 310] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0}./strace-static-x86_64: Process 311 attached => {parent_tid=[14]}, 88) = 14 [pid 311] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 311] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 310] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] <... futex resumed>) = 0 [pid 311] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 310] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] write(3, "63", 2) = 2 [ 24.898016][ T308] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 24.906874][ T308] [ 24.927454][ T311] FAULT_INJECTION: forcing a failure. [ 24.927454][ T311] name failslab, interval 1, probability 0, space 0, times 0 [ 24.941354][ T311] CPU: 0 PID: 311 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 24.952040][ T311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 24.963167][ T311] Call Trace: [ 24.966394][ T311] [ 24.969494][ T311] dump_stack_lvl+0x151/0x1b7 [ 24.974749][ T311] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.981188][ T311] dump_stack+0x15/0x17 [ 24.985799][ T311] should_fail+0x3c6/0x510 [ 24.990829][ T311] __should_failslab+0xa4/0xe0 [ 24.995734][ T311] ? anon_vma_clone+0x9a/0x500 [ 25.000728][ T311] should_failslab+0x9/0x20 [ 25.005413][ T311] slab_pre_alloc_hook+0x37/0xd0 [ 25.010271][ T311] ? anon_vma_clone+0x9a/0x500 [ 25.014856][ T311] kmem_cache_alloc+0x44/0x200 [ 25.019462][ T311] anon_vma_clone+0x9a/0x500 [ 25.023993][ T311] anon_vma_fork+0x91/0x4e0 [ 25.028509][ T311] ? anon_vma_name+0x43/0x70 [ 25.033113][ T311] ? vm_area_dup+0x17a/0x230 [ 25.037622][ T311] copy_mm+0xa3a/0x13e0 [ 25.042124][ T311] ? copy_signal+0x610/0x610 [ 25.046564][ T311] ? __init_rwsem+0xd6/0x1c0 [pid 311] clone(child_stack=NULL, flags=0 [pid 309] exit(0) = ? [ 25.050990][ T311] ? copy_signal+0x4e3/0x610 [ 25.055843][ T311] copy_process+0x12bc/0x3260 [ 25.060929][ T311] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 25.066166][ T311] ? __kasan_check_write+0x14/0x20 [ 25.071500][ T311] kernel_clone+0x21e/0x9e0 [ 25.076027][ T311] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.081327][ T311] ? create_io_thread+0x1e0/0x1e0 [ 25.087826][ T311] __x64_sys_clone+0x23f/0x290 [ 25.093899][ T311] ? __do_sys_vfork+0x130/0x130 [ 25.098716][ T311] ? __kasan_check_read+0x11/0x20 [ 25.103560][ T311] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 25.109375][ T311] do_syscall_64+0x3d/0xb0 [ 25.113720][ T311] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.119446][ T311] RIP: 0033:0x7f51ec2e90a9 [ 25.123712][ T311] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 25.144178][ T311] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [pid 310] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 309] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 311] <... clone resumed>) = 15 [pid 295] <... restart_syscall resumed>) = 0 [pid 311] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 312 attached ) = 0 [pid 311] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] close(3) = 0 [pid 310] close(4) = -1 EBADF (Bad file descriptor) [pid 310] close(5) = -1 EBADF (Bad file descriptor) [pid 310] close(6) = -1 EBADF (Bad file descriptor) [pid 310] close(7) = -1 EBADF (Bad file descriptor) [pid 310] close(8) = -1 EBADF (Bad file descriptor) [pid 310] close(9) = -1 EBADF (Bad file descriptor) [pid 310] close(10) = -1 EBADF (Bad file descriptor) [pid 310] close(11) = -1 EBADF (Bad file descriptor) [pid 310] close(12) = -1 EBADF (Bad file descriptor) [pid 310] close(13) = -1 EBADF (Bad file descriptor) [pid 310] close(14) = -1 EBADF (Bad file descriptor) [pid 310] close(15) = -1 EBADF (Bad file descriptor) [pid 310] close(16) = -1 EBADF (Bad file descriptor) [pid 310] close(17) = -1 EBADF (Bad file descriptor) [pid 310] close(18) = -1 EBADF (Bad file descriptor) [pid 310] close(19) = -1 EBADF (Bad file descriptor) [pid 310] close(20) = -1 EBADF (Bad file descriptor) [pid 310] close(21) = -1 EBADF (Bad file descriptor) [pid 310] close(22) = -1 EBADF (Bad file descriptor) [pid 310] close(23) = -1 EBADF (Bad file descriptor) [pid 310] close(24) = -1 EBADF (Bad file descriptor) [pid 310] close(25) = -1 EBADF (Bad file descriptor) [pid 310] close(26) = -1 EBADF (Bad file descriptor) [pid 310] close(27) = -1 EBADF (Bad file descriptor) [pid 310] close(28) = -1 EBADF (Bad file descriptor) [pid 310] close(29) = -1 EBADF (Bad file descriptor) [pid 310] exit_group(0) = ? [pid 311] <... futex resumed>) = ? [pid 311] +++ exited with 0 +++ [pid 310] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted restart_syscall ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555641c690) = 16 ./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x55555641c6a0, 24) = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 313] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 313] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0} => {parent_tid=[17]}, 88) = 17 ./strace-static-x86_64: Process 314 attached [pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 313] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 314] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 314] write(3, "63", 2) = 2 [ 25.152424][ T311] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 25.160503][ T311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.168408][ T311] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 25.176213][ T311] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 25.184135][ T311] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 25.191951][ T311] [pid 314] clone(child_stack=NULL, flags=0 [pid 313] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 25.212314][ T314] FAULT_INJECTION: forcing a failure. [ 25.212314][ T314] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 25.225428][ T314] CPU: 0 PID: 314 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 25.235486][ T314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 25.245466][ T314] Call Trace: [ 25.248841][ T314] [ 25.251600][ T314] dump_stack_lvl+0x151/0x1b7 [ 25.256112][ T314] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.261771][ T314] ? __kasan_check_write+0x14/0x20 [ 25.266701][ T314] dump_stack+0x15/0x17 [ 25.270689][ T314] should_fail+0x3c6/0x510 [ 25.275039][ T314] should_fail_alloc_page+0x5a/0x80 [ 25.280068][ T314] prepare_alloc_pages+0x15c/0x700 [ 25.285018][ T314] ? __alloc_pages_bulk+0xe60/0xe60 [ 25.290150][ T314] __alloc_pages+0x138/0x5e0 [ 25.294993][ T314] ? stack_trace_save+0x1c0/0x1c0 [ 25.300849][ T314] ? prep_new_page+0x110/0x110 [ 25.305462][ T314] get_zeroed_page+0x19/0x40 [ 25.310126][ T314] __pud_alloc+0x8b/0x260 [ 25.314324][ T314] ? stack_trace_snprint+0xf0/0xf0 [ 25.319419][ T314] ? do_handle_mm_fault+0x2330/0x2330 [ 25.324971][ T314] ? __stack_depot_save+0x34/0x470 [ 25.330211][ T314] ? anon_vma_clone+0x9a/0x500 [ 25.334788][ T314] copy_page_range+0x2bcf/0x2f90 [ 25.340685][ T314] ? __kasan_slab_alloc+0xb1/0xe0 [ 25.346215][ T314] ? slab_post_alloc_hook+0x53/0x2c0 [ 25.351582][ T314] ? copy_mm+0xa3a/0x13e0 [ 25.355824][ T314] ? copy_process+0x12bc/0x3260 [ 25.360515][ T314] ? kernel_clone+0x21e/0x9e0 [ 25.365115][ T314] ? __x64_sys_clone+0x23f/0x290 [ 25.369897][ T314] ? do_syscall_64+0x3d/0xb0 [ 25.374312][ T314] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.380225][ T314] ? pfn_valid+0x1e0/0x1e0 [ 25.384473][ T314] ? rwsem_write_trylock+0x15b/0x290 [ 25.389590][ T314] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 25.396010][ T314] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 25.401564][ T314] ? __rb_insert_augmented+0x5de/0x610 [ 25.406867][ T314] copy_mm+0xc7e/0x13e0 [ 25.410939][ T314] ? copy_signal+0x610/0x610 [ 25.415363][ T314] ? __init_rwsem+0xd6/0x1c0 [ 25.419942][ T314] ? copy_signal+0x4e3/0x610 [ 25.424741][ T314] copy_process+0x12bc/0x3260 [ 25.429260][ T314] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 25.434284][ T314] ? __kasan_check_write+0x14/0x20 [ 25.439229][ T314] kernel_clone+0x21e/0x9e0 [ 25.443568][ T314] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.448601][ T314] ? create_io_thread+0x1e0/0x1e0 [ 25.453472][ T314] __x64_sys_clone+0x23f/0x290 [ 25.458075][ T314] ? __do_sys_vfork+0x130/0x130 [ 25.462760][ T314] ? __kasan_check_read+0x11/0x20 [ 25.467626][ T314] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 25.473959][ T314] do_syscall_64+0x3d/0xb0 [ 25.478310][ T314] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.484457][ T314] RIP: 0033:0x7f51ec2e90a9 [ 25.488819][ T314] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 314] <... clone resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 314] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] exit(0 [pid 314] <... futex resumed>) = 0 [pid 312] <... exit resumed>) = ? [pid 314] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] +++ exited with 0 +++ [pid 313] close(3 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 313] <... close resumed>) = 0 [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 313] close(4 [pid 295] <... restart_syscall resumed>) = 0 [pid 313] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 313] close(5) = -1 EBADF (Bad file descriptor) [pid 313] close(6) = -1 EBADF (Bad file descriptor) [pid 313] close(7) = -1 EBADF (Bad file descriptor) [pid 313] close(8) = -1 EBADF (Bad file descriptor) [pid 313] close(9) = -1 EBADF (Bad file descriptor) [pid 313] close(10) = -1 EBADF (Bad file descriptor) [pid 313] close(11) = -1 EBADF (Bad file descriptor) [pid 313] close(12) = -1 EBADF (Bad file descriptor) [pid 313] close(13) = -1 EBADF (Bad file descriptor) [pid 313] close(14) = -1 EBADF (Bad file descriptor) [pid 313] close(15) = -1 EBADF (Bad file descriptor) [pid 313] close(16) = -1 EBADF (Bad file descriptor) [pid 313] close(17) = -1 EBADF (Bad file descriptor) [pid 313] close(18) = -1 EBADF (Bad file descriptor) [pid 313] close(19) = -1 EBADF (Bad file descriptor) [pid 313] close(20) = -1 EBADF (Bad file descriptor) [pid 313] close(21) = -1 EBADF (Bad file descriptor) [pid 313] close(22) = -1 EBADF (Bad file descriptor) [pid 313] close(23) = -1 EBADF (Bad file descriptor) [pid 313] close(24) = -1 EBADF (Bad file descriptor) [pid 313] close(25) = -1 EBADF (Bad file descriptor) [pid 313] close(26) = -1 EBADF (Bad file descriptor) [pid 313] close(27) = -1 EBADF (Bad file descriptor) [pid 313] close(28) = -1 EBADF (Bad file descriptor) [pid 313] close(29) = -1 EBADF (Bad file descriptor) [pid 313] exit_group(0 [pid 314] <... futex resumed>) = ? [pid 313] <... exit_group resumed>) = ? [pid 314] +++ exited with 0 +++ [pid 313] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555641c690) = 18 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x55555641c6a0, 24) = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 315] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0} => {parent_tid=[19]}, 88) = 19 [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 315] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 316] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 316] write(3, "63", 2) = 2 [ 25.508700][ T314] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 25.517436][ T314] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 25.525952][ T314] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.534114][ T314] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 25.542645][ T314] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 25.550514][ T314] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 25.558406][ T314] [ 25.573702][ T316] FAULT_INJECTION: forcing a failure. [ 25.573702][ T316] name failslab, interval 1, probability 0, space 0, times 0 [ 25.586364][ T316] CPU: 1 PID: 316 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 25.596810][ T316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 25.607462][ T316] Call Trace: [ 25.610583][ T316] [ 25.613809][ T316] dump_stack_lvl+0x151/0x1b7 [ 25.618406][ T316] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.624125][ T316] dump_stack+0x15/0x17 [ 25.628293][ T316] should_fail+0x3c6/0x510 [ 25.632635][ T316] __should_failslab+0xa4/0xe0 [ 25.637319][ T316] ? anon_vma_fork+0x1df/0x4e0 [ 25.641918][ T316] should_failslab+0x9/0x20 [ 25.646431][ T316] slab_pre_alloc_hook+0x37/0xd0 [ 25.651282][ T316] ? anon_vma_fork+0x1df/0x4e0 [ 25.655892][ T316] kmem_cache_alloc+0x44/0x200 [ 25.660666][ T316] anon_vma_fork+0x1df/0x4e0 [ 25.665537][ T316] copy_mm+0xa3a/0x13e0 [ 25.669718][ T316] ? copy_signal+0x610/0x610 [ 25.674222][ T316] ? __init_rwsem+0xd6/0x1c0 [ 25.678655][ T316] ? copy_signal+0x4e3/0x610 [ 25.683079][ T316] copy_process+0x12bc/0x3260 [ 25.687594][ T316] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 25.692745][ T316] ? __kasan_check_write+0x14/0x20 [ 25.697707][ T316] kernel_clone+0x21e/0x9e0 [ 25.702126][ T316] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.707233][ T316] ? create_io_thread+0x1e0/0x1e0 [ 25.712107][ T316] __x64_sys_clone+0x23f/0x290 [ 25.716693][ T316] ? __do_sys_vfork+0x130/0x130 [ 25.721452][ T316] ? __kasan_check_read+0x11/0x20 [ 25.726324][ T316] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 25.732331][ T316] do_syscall_64+0x3d/0xb0 [ 25.736572][ T316] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.742557][ T316] RIP: 0033:0x7f51ec2e90a9 [ 25.747067][ T316] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 316] clone(child_stack=NULL, flags=0) = -1 ENOMEM (Cannot allocate memory) [pid 315] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 316] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] close(3 [pid 316] <... futex resumed>) = 0 [pid 315] <... close resumed>) = 0 [pid 316] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] close(4) = -1 EBADF (Bad file descriptor) [pid 315] close(5) = -1 EBADF (Bad file descriptor) [pid 315] close(6) = -1 EBADF (Bad file descriptor) [pid 315] close(7) = -1 EBADF (Bad file descriptor) [pid 315] close(8) = -1 EBADF (Bad file descriptor) [pid 315] close(9) = -1 EBADF (Bad file descriptor) [pid 315] close(10) = -1 EBADF (Bad file descriptor) [pid 315] close(11) = -1 EBADF (Bad file descriptor) [pid 315] close(12) = -1 EBADF (Bad file descriptor) [pid 315] close(13) = -1 EBADF (Bad file descriptor) [pid 315] close(14) = -1 EBADF (Bad file descriptor) [pid 315] close(15) = -1 EBADF (Bad file descriptor) [pid 315] close(16) = -1 EBADF (Bad file descriptor) [pid 315] close(17) = -1 EBADF (Bad file descriptor) [pid 315] close(18) = -1 EBADF (Bad file descriptor) [pid 315] close(19) = -1 EBADF (Bad file descriptor) [pid 315] close(20) = -1 EBADF (Bad file descriptor) [pid 315] close(21) = -1 EBADF (Bad file descriptor) [pid 315] close(22) = -1 EBADF (Bad file descriptor) [pid 315] close(23) = -1 EBADF (Bad file descriptor) [pid 315] close(24) = -1 EBADF (Bad file descriptor) [pid 315] close(25) = -1 EBADF (Bad file descriptor) [pid 315] close(26) = -1 EBADF (Bad file descriptor) [pid 315] close(27) = -1 EBADF (Bad file descriptor) [pid 315] close(28) = -1 EBADF (Bad file descriptor) [pid 315] close(29) = -1 EBADF (Bad file descriptor) [pid 315] exit_group(0 [pid 316] <... futex resumed>) = ? [pid 315] <... exit_group resumed>) = ? [pid 316] +++ exited with 0 +++ [pid 315] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 318 attached , child_tidptr=0x55555641c690) = 20 [pid 318] set_robust_list(0x55555641c6a0, 24) = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] setpgid(0, 0) = 0 [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 318] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 318] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 318] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0} => {parent_tid=[21]}, 88) = 21 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 319] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 318] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 319] write(3, "63", 2) = 2 [ 25.767770][ T316] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 25.776645][ T316] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 25.785248][ T316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.793304][ T316] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 25.801785][ T316] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 25.810126][ T316] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 25.818478][ T316] [ 25.835375][ T319] FAULT_INJECTION: forcing a failure. [ 25.835375][ T319] name failslab, interval 1, probability 0, space 0, times 0 [ 25.849751][ T319] CPU: 0 PID: 319 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 25.859902][ T319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 25.879425][ T319] Call Trace: [ 25.882724][ T319] [ 25.885497][ T319] dump_stack_lvl+0x151/0x1b7 [ 25.890271][ T319] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.896127][ T319] dump_stack+0x15/0x17 [ 25.900110][ T319] should_fail+0x3c6/0x510 [ 25.904359][ T319] __should_failslab+0xa4/0xe0 [ 25.908969][ T319] ? anon_vma_fork+0xf7/0x4e0 [ 25.913482][ T319] should_failslab+0x9/0x20 [ 25.917833][ T319] slab_pre_alloc_hook+0x37/0xd0 [ 25.922613][ T319] ? anon_vma_fork+0xf7/0x4e0 [ 25.927187][ T319] kmem_cache_alloc+0x44/0x200 [ 25.932004][ T319] anon_vma_fork+0xf7/0x4e0 [ 25.936658][ T319] ? anon_vma_name+0x4c/0x70 [ 25.941068][ T319] ? vm_area_dup+0x17a/0x230 [ 25.945495][ T319] copy_mm+0xa3a/0x13e0 [ 25.949493][ T319] ? copy_signal+0x610/0x610 [ 25.953918][ T319] ? __init_rwsem+0xd6/0x1c0 [ 25.958344][ T319] ? copy_signal+0x4e3/0x610 [ 25.962919][ T319] copy_process+0x12bc/0x3260 [ 25.967396][ T319] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 25.972343][ T319] ? __kasan_check_write+0x14/0x20 [ 25.977274][ T319] kernel_clone+0x21e/0x9e0 [ 25.982068][ T319] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.987089][ T319] ? create_io_thread+0x1e0/0x1e0 [ 25.992031][ T319] __x64_sys_clone+0x23f/0x290 [ 25.996731][ T319] ? __do_sys_vfork+0x130/0x130 [ 26.001506][ T319] ? __kasan_check_read+0x11/0x20 [ 26.006437][ T319] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 26.012250][ T319] do_syscall_64+0x3d/0xb0 [ 26.016522][ T319] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.022245][ T319] RIP: 0033:0x7f51ec2e90a9 [ 26.026490][ T319] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 26.047328][ T319] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 26.055563][ T319] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 26.063381][ T319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.071187][ T319] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [pid 319] clone(child_stack=NULL, flags=0) = -1 ENOMEM (Cannot allocate memory) [pid 318] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 318] close(3) = 0 [pid 318] close(4) = -1 EBADF (Bad file descriptor) [pid 318] close(5) = -1 EBADF (Bad file descriptor) [pid 318] close(6) = -1 EBADF (Bad file descriptor) [pid 318] close(7) = -1 EBADF (Bad file descriptor) [pid 318] close(8) = -1 EBADF (Bad file descriptor) [pid 318] close(9) = -1 EBADF (Bad file descriptor) [pid 318] close(10) = -1 EBADF (Bad file descriptor) [pid 318] close(11) = -1 EBADF (Bad file descriptor) [pid 318] close(12) = -1 EBADF (Bad file descriptor) [pid 318] close(13) = -1 EBADF (Bad file descriptor) [pid 318] close(14) = -1 EBADF (Bad file descriptor) [pid 318] close(15) = -1 EBADF (Bad file descriptor) [pid 318] close(16) = -1 EBADF (Bad file descriptor) [pid 318] close(17) = -1 EBADF (Bad file descriptor) [pid 318] close(18) = -1 EBADF (Bad file descriptor) [pid 318] close(19) = -1 EBADF (Bad file descriptor) [pid 318] close(20) = -1 EBADF (Bad file descriptor) [pid 318] close(21) = -1 EBADF (Bad file descriptor) [pid 318] close(22) = -1 EBADF (Bad file descriptor) [pid 318] close(23) = -1 EBADF (Bad file descriptor) [pid 318] close(24) = -1 EBADF (Bad file descriptor) [pid 318] close(25) = -1 EBADF (Bad file descriptor) [pid 318] close(26) = -1 EBADF (Bad file descriptor) [pid 318] close(27) = -1 EBADF (Bad file descriptor) [pid 318] close(28) = -1 EBADF (Bad file descriptor) [pid 318] close(29) = -1 EBADF (Bad file descriptor) [pid 318] exit_group(0) = ? [pid 319] <... futex resumed>) = ? [pid 319] +++ exited with 0 +++ [pid 318] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555641c690) = 22 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x55555641c6a0, 24) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 320] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 320] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0} => {parent_tid=[23]}, 88) = 23 ./strace-static-x86_64: Process 321 attached [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 321] write(3, "63", 2) = 2 [ 26.079078][ T319] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 26.086901][ T319] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 26.094725][ T319] [ 26.108201][ T321] FAULT_INJECTION: forcing a failure. [ 26.108201][ T321] name failslab, interval 1, probability 0, space 0, times 0 [ 26.121171][ T321] CPU: 1 PID: 321 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 26.131486][ T321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 26.141456][ T321] Call Trace: [ 26.144581][ T321] [ 26.147365][ T321] dump_stack_lvl+0x151/0x1b7 [ 26.151878][ T321] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.157529][ T321] dump_stack+0x15/0x17 [ 26.161515][ T321] should_fail+0x3c6/0x510 [ 26.165862][ T321] __should_failslab+0xa4/0xe0 [ 26.170540][ T321] ? anon_vma_fork+0xf7/0x4e0 [ 26.175052][ T321] should_failslab+0x9/0x20 [ 26.179489][ T321] slab_pre_alloc_hook+0x37/0xd0 [ 26.184261][ T321] ? anon_vma_fork+0xf7/0x4e0 [ 26.188858][ T321] kmem_cache_alloc+0x44/0x200 [ 26.193665][ T321] anon_vma_fork+0xf7/0x4e0 [ 26.198076][ T321] ? anon_vma_name+0x43/0x70 [ 26.202910][ T321] ? vm_area_dup+0x17a/0x230 [ 26.207270][ T321] copy_mm+0xa3a/0x13e0 [ 26.211265][ T321] ? copy_signal+0x610/0x610 [ 26.215689][ T321] ? __init_rwsem+0xd6/0x1c0 [ 26.220121][ T321] ? copy_signal+0x4e3/0x610 [ 26.224716][ T321] copy_process+0x12bc/0x3260 [ 26.229227][ T321] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 26.234298][ T321] ? __kasan_check_write+0x14/0x20 [ 26.239298][ T321] kernel_clone+0x21e/0x9e0 [ 26.243655][ T321] ? _raw_spin_unlock_irq+0x4e/0x70 [ 26.248684][ T321] ? create_io_thread+0x1e0/0x1e0 [ 26.253531][ T321] __x64_sys_clone+0x23f/0x290 [ 26.258130][ T321] ? __do_sys_vfork+0x130/0x130 [ 26.262815][ T321] ? __kasan_check_read+0x11/0x20 [ 26.267762][ T321] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 26.273579][ T321] do_syscall_64+0x3d/0xb0 [ 26.277835][ T321] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.283815][ T321] RIP: 0033:0x7f51ec2e90a9 [ 26.288575][ T321] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 26.308277][ T321] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 26.316530][ T321] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 26.325039][ T321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [pid 321] clone(child_stack=NULL, flags=0) = -1 ENOMEM (Cannot allocate memory) [pid 320] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 321] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] close(3 [pid 321] <... futex resumed>) = 0 [pid 320] <... close resumed>) = 0 [pid 321] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] close(4) = -1 EBADF (Bad file descriptor) [pid 320] close(5) = -1 EBADF (Bad file descriptor) [pid 320] close(6) = -1 EBADF (Bad file descriptor) [pid 320] close(7) = -1 EBADF (Bad file descriptor) [pid 320] close(8) = -1 EBADF (Bad file descriptor) [pid 320] close(9) = -1 EBADF (Bad file descriptor) [pid 320] close(10) = -1 EBADF (Bad file descriptor) [pid 320] close(11) = -1 EBADF (Bad file descriptor) [pid 320] close(12) = -1 EBADF (Bad file descriptor) [pid 320] close(13) = -1 EBADF (Bad file descriptor) [pid 320] close(14) = -1 EBADF (Bad file descriptor) [pid 320] close(15) = -1 EBADF (Bad file descriptor) [pid 320] close(16) = -1 EBADF (Bad file descriptor) [pid 320] close(17) = -1 EBADF (Bad file descriptor) [pid 320] close(18) = -1 EBADF (Bad file descriptor) [pid 320] close(19) = -1 EBADF (Bad file descriptor) [pid 320] close(20) = -1 EBADF (Bad file descriptor) [pid 320] close(21) = -1 EBADF (Bad file descriptor) [pid 320] close(22) = -1 EBADF (Bad file descriptor) [pid 320] close(23) = -1 EBADF (Bad file descriptor) [pid 320] close(24) = -1 EBADF (Bad file descriptor) [pid 320] close(25) = -1 EBADF (Bad file descriptor) [pid 320] close(26) = -1 EBADF (Bad file descriptor) [pid 320] close(27) = -1 EBADF (Bad file descriptor) [pid 320] close(28) = -1 EBADF (Bad file descriptor) [pid 320] close(29) = -1 EBADF (Bad file descriptor) [pid 320] exit_group(0) = ? [pid 321] <... futex resumed>) = ? [pid 321] +++ exited with 0 +++ [pid 320] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555641c690) = 24 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x55555641c6a0, 24) = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 322] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 322] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0}./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 323] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 322] <... clone3 resumed> => {parent_tid=[25]}, 88) = 25 [pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 322] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 323] <... futex resumed>) = 0 [pid 323] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 323] write(3, "63", 2 [pid 322] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... write resumed>) = 2 [ 26.333665][ T321] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 26.341706][ T321] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 26.349515][ T321] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 26.357327][ T321] [ 26.377020][ T323] FAULT_INJECTION: forcing a failure. [ 26.377020][ T323] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 26.390198][ T323] CPU: 0 PID: 323 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 26.400341][ T323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 26.410754][ T323] Call Trace: [ 26.413958][ T323] [ 26.416739][ T323] dump_stack_lvl+0x151/0x1b7 [ 26.421397][ T323] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.426861][ T323] dump_stack+0x15/0x17 [ 26.430852][ T323] should_fail+0x3c6/0x510 [ 26.435112][ T323] should_fail_alloc_page+0x5a/0x80 [ 26.440229][ T323] prepare_alloc_pages+0x15c/0x700 [ 26.445178][ T323] ? __alloc_pages_bulk+0xe60/0xe60 [ 26.450219][ T323] __alloc_pages+0x138/0x5e0 [ 26.454721][ T323] ? stack_trace_save+0x1c0/0x1c0 [ 26.459575][ T323] ? prep_new_page+0x110/0x110 [ 26.464275][ T323] get_zeroed_page+0x19/0x40 [ 26.468837][ T323] __pud_alloc+0x8b/0x260 [ 26.472948][ T323] ? stack_trace_snprint+0xf0/0xf0 [ 26.477912][ T323] ? do_handle_mm_fault+0x2330/0x2330 [ 26.483111][ T323] ? __stack_depot_save+0x34/0x470 [ 26.488078][ T323] ? anon_vma_clone+0x9a/0x500 [ 26.492659][ T323] copy_page_range+0x2bcf/0x2f90 [ 26.497438][ T323] ? __kasan_slab_alloc+0xb1/0xe0 [ 26.502440][ T323] ? slab_post_alloc_hook+0x53/0x2c0 [ 26.507572][ T323] ? copy_mm+0xa3a/0x13e0 [ 26.511724][ T323] ? copy_process+0x12bc/0x3260 [ 26.516408][ T323] ? kernel_clone+0x21e/0x9e0 [ 26.520920][ T323] ? __x64_sys_clone+0x23f/0x290 [ 26.525700][ T323] ? do_syscall_64+0x3d/0xb0 [ 26.530213][ T323] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.536257][ T323] ? pfn_valid+0x1e0/0x1e0 [ 26.540657][ T323] ? rwsem_write_trylock+0x15b/0x290 [ 26.545783][ T323] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 26.552251][ T323] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 26.557887][ T323] ? __rb_insert_augmented+0x5de/0x610 [ 26.563171][ T323] copy_mm+0xc7e/0x13e0 [ 26.567159][ T323] ? copy_signal+0x610/0x610 [ 26.571597][ T323] ? __init_rwsem+0xd6/0x1c0 [ 26.576031][ T323] ? copy_signal+0x4e3/0x610 [ 26.580627][ T323] copy_process+0x12bc/0x3260 [ 26.585129][ T323] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 26.590075][ T323] ? __kasan_check_write+0x14/0x20 [ 26.595023][ T323] kernel_clone+0x21e/0x9e0 [ 26.599491][ T323] ? _raw_spin_unlock_irq+0x4e/0x70 [ 26.604527][ T323] ? create_io_thread+0x1e0/0x1e0 [ 26.609381][ T323] __x64_sys_clone+0x23f/0x290 [ 26.613983][ T323] ? __do_sys_vfork+0x130/0x130 [ 26.618669][ T323] ? __kasan_check_read+0x11/0x20 [ 26.623980][ T323] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 26.629869][ T323] do_syscall_64+0x3d/0xb0 [ 26.634135][ T323] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.640611][ T323] RIP: 0033:0x7f51ec2e90a9 [ 26.644954][ T323] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 26.664923][ T323] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 26.673511][ T323] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [pid 323] clone(child_stack=NULL, flags=0) = -1 ENOMEM (Cannot allocate memory) [pid 323] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 323] <... futex resumed>) = 0 [pid 323] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 322] close(3) = 0 [pid 322] close(4) = -1 EBADF (Bad file descriptor) [pid 322] close(5) = -1 EBADF (Bad file descriptor) [pid 322] close(6) = -1 EBADF (Bad file descriptor) [pid 322] close(7) = -1 EBADF (Bad file descriptor) [pid 322] close(8) = -1 EBADF (Bad file descriptor) [pid 322] close(9) = -1 EBADF (Bad file descriptor) [pid 322] close(10) = -1 EBADF (Bad file descriptor) [pid 322] close(11) = -1 EBADF (Bad file descriptor) [pid 322] close(12) = -1 EBADF (Bad file descriptor) [pid 322] close(13) = -1 EBADF (Bad file descriptor) [pid 322] close(14) = -1 EBADF (Bad file descriptor) [pid 322] close(15) = -1 EBADF (Bad file descriptor) [pid 322] close(16) = -1 EBADF (Bad file descriptor) [pid 322] close(17) = -1 EBADF (Bad file descriptor) [pid 322] close(18) = -1 EBADF (Bad file descriptor) [pid 322] close(19) = -1 EBADF (Bad file descriptor) [pid 322] close(20) = -1 EBADF (Bad file descriptor) [pid 322] close(21) = -1 EBADF (Bad file descriptor) [pid 322] close(22) = -1 EBADF (Bad file descriptor) [pid 322] close(23) = -1 EBADF (Bad file descriptor) [pid 322] close(24) = -1 EBADF (Bad file descriptor) [pid 322] close(25) = -1 EBADF (Bad file descriptor) [pid 322] close(26) = -1 EBADF (Bad file descriptor) [pid 322] close(27) = -1 EBADF (Bad file descriptor) [pid 322] close(28) = -1 EBADF (Bad file descriptor) [pid 322] close(29) = -1 EBADF (Bad file descriptor) [pid 322] exit_group(0) = ? [pid 323] <... futex resumed>) = ? [pid 323] +++ exited with 0 +++ [pid 322] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 324 attached , child_tidptr=0x55555641c690) = 26 [pid 324] set_robust_list(0x55555641c6a0, 24) = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 324] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 324] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0}./strace-static-x86_64: Process 325 attached => {parent_tid=[27]}, 88) = 27 [pid 325] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 325] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 324] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 325] <... futex resumed>) = 0 [pid 325] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 325] write(3, "63", 2) = 2 [ 26.681532][ T323] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.689834][ T323] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 26.698133][ T323] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 26.707196][ T323] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 26.715008][ T323] [ 26.732530][ T325] FAULT_INJECTION: forcing a failure. [ 26.732530][ T325] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 26.746797][ T325] CPU: 1 PID: 325 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 26.757476][ T325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 26.767584][ T325] Call Trace: [ 26.770751][ T325] [ 26.773532][ T325] dump_stack_lvl+0x151/0x1b7 [ 26.778188][ T325] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.783673][ T325] ? kmem_cache_alloc+0x134/0x200 [ 26.788503][ T325] dump_stack+0x15/0x17 [ 26.792749][ T325] should_fail+0x3c6/0x510 [ 26.797000][ T325] should_fail_alloc_page+0x5a/0x80 [ 26.802208][ T325] prepare_alloc_pages+0x15c/0x700 [ 26.807155][ T325] ? __alloc_pages_bulk+0xe60/0xe60 [ 26.812188][ T325] __alloc_pages+0x138/0x5e0 [ 26.816632][ T325] ? prep_new_page+0x110/0x110 [ 26.821478][ T325] ? __alloc_pages+0x206/0x5e0 [ 26.826084][ T325] ? stack_trace_save+0x1c0/0x1c0 [ 26.830941][ T325] ? __kasan_check_write+0x14/0x20 [ 26.835975][ T325] ? _raw_spin_lock+0xa4/0x1b0 [ 26.840579][ T325] __pmd_alloc+0xb1/0x550 [ 26.844746][ T325] ? __pud_alloc+0x260/0x260 [ 26.849163][ T325] ? __pud_alloc+0x213/0x260 [ 26.853592][ T325] ? do_handle_mm_fault+0x2330/0x2330 [ 26.858802][ T325] ? __stack_depot_save+0x34/0x470 [ 26.864002][ T325] ? anon_vma_clone+0x9a/0x500 [ 26.868784][ T325] copy_page_range+0x2b3d/0x2f90 [ 26.873585][ T325] ? __kasan_slab_alloc+0xb1/0xe0 [ 26.878412][ T325] ? slab_post_alloc_hook+0x53/0x2c0 [ 26.883533][ T325] ? copy_mm+0xa3a/0x13e0 [ 26.887811][ T325] ? copy_process+0x12bc/0x3260 [ 26.892476][ T325] ? kernel_clone+0x21e/0x9e0 [ 26.897156][ T325] ? do_syscall_64+0x3d/0xb0 [ 26.901591][ T325] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.907500][ T325] ? pfn_valid+0x1e0/0x1e0 [ 26.911745][ T325] ? rwsem_write_trylock+0x15b/0x290 [ 26.916865][ T325] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 26.923113][ T325] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 26.929186][ T325] ? __rb_insert_augmented+0x5de/0x610 [ 26.934479][ T325] copy_mm+0xc7e/0x13e0 [ 26.938478][ T325] ? copy_signal+0x610/0x610 [ 26.942894][ T325] ? __init_rwsem+0xd6/0x1c0 [ 26.947321][ T325] ? copy_signal+0x4e3/0x610 [ 26.951775][ T325] copy_process+0x12bc/0x3260 [ 26.956278][ T325] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 26.961381][ T325] ? __kasan_check_write+0x14/0x20 [ 26.966337][ T325] kernel_clone+0x21e/0x9e0 [ 26.970670][ T325] ? _raw_spin_unlock_irq+0x4e/0x70 [ 26.975705][ T325] ? create_io_thread+0x1e0/0x1e0 [ 26.980652][ T325] __x64_sys_clone+0x23f/0x290 [ 26.985253][ T325] ? __do_sys_vfork+0x130/0x130 [ 26.989938][ T325] ? __kasan_check_read+0x11/0x20 [ 26.994891][ T325] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 27.000703][ T325] do_syscall_64+0x3d/0xb0 [ 27.004954][ T325] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.010687][ T325] RIP: 0033:0x7f51ec2e90a9 [ 27.014930][ T325] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 325] clone(child_stack=NULL, flags=0 [pid 324] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... clone resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 325] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] close(3) = 0 [pid 325] <... futex resumed>) = 1 [pid 324] close(4 [pid 325] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 324] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 324] close(5) = -1 EBADF (Bad file descriptor) [pid 324] close(6) = -1 EBADF (Bad file descriptor) [pid 324] close(7) = -1 EBADF (Bad file descriptor) [pid 324] close(8) = -1 EBADF (Bad file descriptor) [pid 324] close(9) = -1 EBADF (Bad file descriptor) [pid 324] close(10) = -1 EBADF (Bad file descriptor) [pid 324] close(11) = -1 EBADF (Bad file descriptor) [pid 324] close(12) = -1 EBADF (Bad file descriptor) [pid 324] close(13) = -1 EBADF (Bad file descriptor) [pid 324] close(14) = -1 EBADF (Bad file descriptor) [pid 324] close(15) = -1 EBADF (Bad file descriptor) [pid 324] close(16) = -1 EBADF (Bad file descriptor) [pid 324] close(17) = -1 EBADF (Bad file descriptor) [pid 324] close(18) = -1 EBADF (Bad file descriptor) [pid 324] close(19) = -1 EBADF (Bad file descriptor) [pid 324] close(20) = -1 EBADF (Bad file descriptor) [pid 324] close(21) = -1 EBADF (Bad file descriptor) [pid 324] close(22) = -1 EBADF (Bad file descriptor) [pid 324] close(23) = -1 EBADF (Bad file descriptor) [pid 324] close(24) = -1 EBADF (Bad file descriptor) [pid 324] close(25) = -1 EBADF (Bad file descriptor) [pid 324] close(26) = -1 EBADF (Bad file descriptor) [pid 324] close(27) = -1 EBADF (Bad file descriptor) [pid 324] close(28) = -1 EBADF (Bad file descriptor) [pid 324] close(29) = -1 EBADF (Bad file descriptor) [pid 324] exit_group(0 [pid 325] <... futex resumed>) = ? [pid 324] <... exit_group resumed>) = ? [pid 325] +++ exited with 0 +++ [pid 324] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555641c690) = 28 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x55555641c6a0, 24) = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 327] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 327] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0}./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x7f51ec2a99a0, 24 [pid 327] <... clone3 resumed> => {parent_tid=[29]}, 88) = 29 [pid 328] <... set_robust_list resumed>) = 0 [pid 327] rt_sigprocmask(SIG_SETMASK, [], [pid 328] rt_sigprocmask(SIG_SETMASK, [], [pid 327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 327] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 328] write(3, "63", 2) = 2 [ 27.034813][ T325] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 27.043138][ T325] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 27.050948][ T325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 27.058762][ T325] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 27.066591][ T325] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 27.074393][ T325] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 27.082198][ T325] [pid 328] clone(child_stack=NULL, flags=0 [pid 327] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 27.103074][ T328] FAULT_INJECTION: forcing a failure. [ 27.103074][ T328] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 27.116140][ T328] CPU: 0 PID: 328 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 27.126356][ T328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 27.136253][ T328] Call Trace: [ 27.139386][ T328] [ 27.142157][ T328] dump_stack_lvl+0x151/0x1b7 [ 27.146673][ T328] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.152140][ T328] ? kmem_cache_alloc+0x134/0x200 [ 27.157003][ T328] dump_stack+0x15/0x17 [ 27.160990][ T328] should_fail+0x3c6/0x510 [ 27.165239][ T328] should_fail_alloc_page+0x5a/0x80 [ 27.170375][ T328] prepare_alloc_pages+0x15c/0x700 [ 27.175487][ T328] ? __alloc_pages_bulk+0xe60/0xe60 [ 27.180652][ T328] __alloc_pages+0x138/0x5e0 [ 27.185153][ T328] ? prep_new_page+0x110/0x110 [ 27.189873][ T328] ? __alloc_pages+0x206/0x5e0 [ 27.194670][ T328] ? stack_trace_save+0x1c0/0x1c0 [ 27.199966][ T328] ? __kasan_check_write+0x14/0x20 [ 27.204895][ T328] ? _raw_spin_lock+0xa4/0x1b0 [ 27.209648][ T328] __pmd_alloc+0xb1/0x550 [ 27.213844][ T328] ? __pud_alloc+0x260/0x260 [ 27.218346][ T328] ? __pud_alloc+0x213/0x260 [ 27.222862][ T328] ? do_handle_mm_fault+0x2330/0x2330 [ 27.228077][ T328] ? __stack_depot_save+0x34/0x470 [ 27.233013][ T328] ? anon_vma_clone+0x9a/0x500 [ 27.237624][ T328] copy_page_range+0x2b3d/0x2f90 [ 27.242389][ T328] ? __kasan_slab_alloc+0xb1/0xe0 [ 27.247257][ T328] ? slab_post_alloc_hook+0x53/0x2c0 [ 27.252369][ T328] ? copy_mm+0xa3a/0x13e0 [ 27.256647][ T328] ? copy_process+0x12bc/0x3260 [ 27.261402][ T328] ? kernel_clone+0x21e/0x9e0 [ 27.265907][ T328] ? do_syscall_64+0x3d/0xb0 [ 27.270349][ T328] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.276328][ T328] ? pfn_valid+0x1e0/0x1e0 [ 27.280587][ T328] ? rwsem_write_trylock+0x15b/0x290 [ 27.285801][ T328] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 27.292312][ T328] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 27.297942][ T328] ? __rb_insert_augmented+0x5de/0x610 [ 27.303242][ T328] copy_mm+0xc7e/0x13e0 [ 27.307233][ T328] ? copy_signal+0x610/0x610 [ 27.311688][ T328] ? __init_rwsem+0xd6/0x1c0 [ 27.316184][ T328] ? copy_signal+0x4e3/0x610 [ 27.320605][ T328] copy_process+0x12bc/0x3260 [ 27.325285][ T328] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 27.330228][ T328] ? __kasan_check_write+0x14/0x20 [ 27.335183][ T328] kernel_clone+0x21e/0x9e0 [ 27.339743][ T328] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.345052][ T328] ? create_io_thread+0x1e0/0x1e0 [ 27.349908][ T328] __x64_sys_clone+0x23f/0x290 [ 27.354563][ T328] ? __do_sys_vfork+0x130/0x130 [ 27.359188][ T328] ? __kasan_check_read+0x11/0x20 [ 27.364142][ T328] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 27.369961][ T328] do_syscall_64+0x3d/0xb0 [ 27.374329][ T328] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.380611][ T328] RIP: 0033:0x7f51ec2e90a9 [ 27.386055][ T328] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 27.406488][ T328] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 27.414924][ T328] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 27.423832][ T328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 27.432106][ T328] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 27.440029][ T328] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [pid 328] <... clone resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 328] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] close(3) = 0 [pid 327] close(4) = -1 EBADF (Bad file descriptor) [pid 327] close(5) = -1 EBADF (Bad file descriptor) [pid 327] close(6) = -1 EBADF (Bad file descriptor) [pid 327] close(7) = -1 EBADF (Bad file descriptor) [pid 327] close(8) = -1 EBADF (Bad file descriptor) [pid 327] close(9) = -1 EBADF (Bad file descriptor) [pid 327] close(10) = -1 EBADF (Bad file descriptor) [pid 327] close(11) = -1 EBADF (Bad file descriptor) [pid 327] close(12) = -1 EBADF (Bad file descriptor) [pid 327] close(13) = -1 EBADF (Bad file descriptor) [pid 327] close(14) = -1 EBADF (Bad file descriptor) [pid 327] close(15) = -1 EBADF (Bad file descriptor) [pid 327] close(16) = -1 EBADF (Bad file descriptor) [pid 327] close(17) = -1 EBADF (Bad file descriptor) [pid 327] close(18) = -1 EBADF (Bad file descriptor) [pid 327] close(19) = -1 EBADF (Bad file descriptor) [pid 327] close(20) = -1 EBADF (Bad file descriptor) [pid 327] close(21) = -1 EBADF (Bad file descriptor) [pid 327] close(22) = -1 EBADF (Bad file descriptor) [pid 327] close(23) = -1 EBADF (Bad file descriptor) [pid 327] close(24) = -1 EBADF (Bad file descriptor) [pid 327] close(25) = -1 EBADF (Bad file descriptor) [pid 327] close(26) = -1 EBADF (Bad file descriptor) [pid 327] close(27) = -1 EBADF (Bad file descriptor) [pid 327] close(28) = -1 EBADF (Bad file descriptor) [pid 327] close(29) = -1 EBADF (Bad file descriptor) [pid 327] exit_group(0) = ? [pid 328] <... futex resumed>) = ? [pid 328] +++ exited with 0 +++ [pid 327] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555641c690) = 30 ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x55555641c6a0, 24) = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 329] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 329] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0}./strace-static-x86_64: Process 330 attached => {parent_tid=[31]}, 88) = 31 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 329] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] set_robust_list(0x7f51ec2a99a0, 24) = 0 [pid 330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 330] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 330] write(3, "63", 2) = 2 [ 27.449135][ T328] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 27.457731][ T328] [ 27.470865][ T330] FAULT_INJECTION: forcing a failure. [ 27.470865][ T330] name failslab, interval 1, probability 0, space 0, times 0 [ 27.483707][ T330] CPU: 0 PID: 330 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [pid 330] clone(child_stack=NULL, flags=0 [pid 329] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 27.495582][ T330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 27.505950][ T330] Call Trace: [ 27.509377][ T330] [ 27.512240][ T330] dump_stack_lvl+0x151/0x1b7 [ 27.516933][ T330] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.522481][ T330] dump_stack+0x15/0x17 [ 27.526562][ T330] should_fail+0x3c6/0x510 [ 27.531158][ T330] __should_failslab+0xa4/0xe0 [ 27.537757][ T330] ? anon_vma_fork+0x1df/0x4e0 [ 27.542640][ T330] should_failslab+0x9/0x20 [ 27.547055][ T330] slab_pre_alloc_hook+0x37/0xd0 [ 27.552236][ T330] ? anon_vma_fork+0x1df/0x4e0 [ 27.556827][ T330] kmem_cache_alloc+0x44/0x200 [ 27.561688][ T330] anon_vma_fork+0x1df/0x4e0 [ 27.566108][ T330] copy_mm+0xa3a/0x13e0 [ 27.570365][ T330] ? copy_signal+0x610/0x610 [ 27.575054][ T330] ? __init_rwsem+0xd6/0x1c0 [ 27.579492][ T330] ? copy_signal+0x4e3/0x610 [ 27.583893][ T330] copy_process+0x12bc/0x3260 [ 27.588683][ T330] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 27.593631][ T330] ? __kasan_check_write+0x14/0x20 [ 27.598568][ T330] kernel_clone+0x21e/0x9e0 [ 27.602909][ T330] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.607948][ T330] ? create_io_thread+0x1e0/0x1e0 [ 27.612803][ T330] __x64_sys_clone+0x23f/0x290 [ 27.617406][ T330] ? __do_sys_vfork+0x130/0x130 [ 27.622256][ T330] ? __kasan_check_read+0x11/0x20 [ 27.627640][ T330] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 27.633630][ T330] do_syscall_64+0x3d/0xb0 [ 27.637891][ T330] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.644016][ T330] RIP: 0033:0x7f51ec2e90a9 [ 27.648445][ T330] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 27.669937][ T330] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 27.679897][ T330] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 27.687989][ T330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 27.696063][ T330] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [pid 330] <... clone resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 330] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 329] close(3) = 0 [pid 329] close(4) = -1 EBADF (Bad file descriptor) [pid 329] close(5) = -1 EBADF (Bad file descriptor) [pid 329] close(6) = -1 EBADF (Bad file descriptor) [pid 329] close(7) = -1 EBADF (Bad file descriptor) [pid 329] close(8) = -1 EBADF (Bad file descriptor) [pid 329] close(9) = -1 EBADF (Bad file descriptor) [pid 329] close(10) = -1 EBADF (Bad file descriptor) [pid 329] close(11) = -1 EBADF (Bad file descriptor) [pid 329] close(12) = -1 EBADF (Bad file descriptor) [pid 329] close(13) = -1 EBADF (Bad file descriptor) [pid 329] close(14) = -1 EBADF (Bad file descriptor) [pid 329] close(15) = -1 EBADF (Bad file descriptor) [pid 329] close(16) = -1 EBADF (Bad file descriptor) [pid 329] close(17) = -1 EBADF (Bad file descriptor) [pid 329] close(18) = -1 EBADF (Bad file descriptor) [pid 329] close(19) = -1 EBADF (Bad file descriptor) [pid 329] close(20) = -1 EBADF (Bad file descriptor) [pid 329] close(21) = -1 EBADF (Bad file descriptor) [pid 329] close(22) = -1 EBADF (Bad file descriptor) [pid 329] close(23) = -1 EBADF (Bad file descriptor) [pid 329] close(24) = -1 EBADF (Bad file descriptor) [pid 329] close(25) = -1 EBADF (Bad file descriptor) [pid 329] close(26) = -1 EBADF (Bad file descriptor) [pid 329] close(27) = -1 EBADF (Bad file descriptor) [pid 329] close(28) = -1 EBADF (Bad file descriptor) [pid 329] close(29) = -1 EBADF (Bad file descriptor) [pid 329] exit_group(0) = ? [pid 330] <... futex resumed>) = ? [pid 330] +++ exited with 0 +++ [pid 329] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 331 attached , child_tidptr=0x55555641c690) = 32 [pid 331] set_robust_list(0x55555641c6a0, 24) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] read(200, 0x7ffcd81dfdf0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] rt_sigaction(SIGRT_1, {sa_handler=0x7f51ec310cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f51ec302330}, NULL, 8) = 0 [pid 331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f51ec289000 [pid 331] mprotect(0x7f51ec28a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f51ec2a9990, parent_tid=0x7f51ec2a9990, exit_signal=0, stack=0x7f51ec289000, stack_size=0x20300, tls=0x7f51ec2a96c0} => {parent_tid=[33]}, 88) = 33 [pid 331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 331] futex(0x7f51ec3733c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 332 attached ) = 0 [pid 332] set_robust_list(0x7f51ec2a99a0, 24 [pid 331] futex(0x7f51ec3733cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] <... set_robust_list resumed>) = 0 [pid 332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 332] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 332] write(3, "63", 2) = 2 [ 27.704373][ T330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 27.712462][ T330] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 27.722071][ T330] [ 27.741213][ T332] FAULT_INJECTION: forcing a failure. [ 27.741213][ T332] name failslab, interval 1, probability 0, space 0, times 0 [ 27.754469][ T332] CPU: 0 PID: 332 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 27.764770][ T332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 27.775539][ T332] Call Trace: [ 27.778675][ T332] [ 27.783188][ T332] dump_stack_lvl+0x151/0x1b7 [ 27.787983][ T332] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.795426][ T332] dump_stack+0x15/0x17 [ 27.799756][ T332] should_fail+0x3c6/0x510 [ 27.803995][ T332] __should_failslab+0xa4/0xe0 [ 27.808603][ T332] ? anon_vma_fork+0x1df/0x4e0 [ 27.814263][ T332] should_failslab+0x9/0x20 [ 27.818743][ T332] slab_pre_alloc_hook+0x37/0xd0 [ 27.823775][ T332] ? anon_vma_fork+0x1df/0x4e0 [ 27.830534][ T332] kmem_cache_alloc+0x44/0x200 [ 27.835551][ T332] anon_vma_fork+0x1df/0x4e0 [ 27.840092][ T332] copy_mm+0xa3a/0x13e0 [ 27.844078][ T332] ? copy_signal+0x610/0x610 [ 27.848614][ T332] ? __init_rwsem+0xd6/0x1c0 [ 27.853100][ T332] ? copy_signal+0x4e3/0x610 [ 27.857652][ T332] copy_process+0x12bc/0x3260 [ 27.862307][ T332] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 27.867351][ T332] ? __kasan_check_write+0x14/0x20 [ 27.872554][ T332] kernel_clone+0x21e/0x9e0 [ 27.876884][ T332] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.881934][ T332] ? create_io_thread+0x1e0/0x1e0 [ 27.886900][ T332] __x64_sys_clone+0x23f/0x290 [ 27.891607][ T332] ? __do_sys_vfork+0x130/0x130 [ 27.896520][ T332] ? debug_smp_processor_id+0x17/0x20 [ 27.902103][ T332] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 27.908393][ T332] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 27.914205][ T332] do_syscall_64+0x3d/0xb0 [ 27.918458][ T332] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.924903][ T332] RIP: 0033:0x7f51ec2e90a9 [ 27.929339][ T332] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 27.949184][ T332] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 27.957729][ T332] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 27.965624][ T332] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 27.973431][ T332] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 27.981245][ T332] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 27.989055][ T332] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 27.996861][ T332] [ 28.000086][ T332] ================================================================== [ 28.008087][ T332] BUG: KASAN: double-free or invalid-free in kfree+0xc8/0x220 [ 28.015345][ T332] [ 28.017548][ T332] CPU: 0 PID: 332 Comm: syz-executor396 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 28.027602][ T332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 28.037996][ T332] Call Trace: [ 28.042611][ T332] [ 28.045565][ T332] dump_stack_lvl+0x151/0x1b7 [ 28.050067][ T332] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.055573][ T332] ? __wake_up_klogd+0xd5/0x110 [ 28.060226][ T332] ? panic+0x751/0x751 [ 28.064129][ T332] ? kfree+0xc8/0x220 [ 28.067945][ T332] print_address_description+0x87/0x3b0 [ 28.073327][ T332] ? kfree+0xc8/0x220 [ 28.077139][ T332] ? kfree+0xc8/0x220 [ 28.080958][ T332] kasan_report_invalid_free+0x6b/0xa0 [ 28.086257][ T332] ____kasan_slab_free+0x13e/0x160 [ 28.091380][ T332] __kasan_slab_free+0x11/0x20 [ 28.095972][ T332] slab_free_freelist_hook+0xbd/0x190 [ 28.101194][ T332] ? anon_vma_name_free+0x15/0x20 [ 28.106140][ T332] kfree+0xc8/0x220 [ 28.109774][ T332] anon_vma_name_free+0x15/0x20 [ 28.114472][ T332] vm_area_free_no_check+0xa6/0x130 [ 28.119505][ T332] copy_mm+0xefb/0x13e0 [ 28.123491][ T332] ? copy_signal+0x610/0x610 [ 28.127920][ T332] ? __init_rwsem+0xd6/0x1c0 [ 28.132430][ T332] ? copy_signal+0x4e3/0x610 [ 28.136853][ T332] copy_process+0x12bc/0x3260 [ 28.141372][ T332] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 28.146325][ T332] ? __kasan_check_write+0x14/0x20 [ 28.151362][ T332] kernel_clone+0x21e/0x9e0 [ 28.155781][ T332] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.160962][ T332] ? create_io_thread+0x1e0/0x1e0 [ 28.165914][ T332] __x64_sys_clone+0x23f/0x290 [ 28.170676][ T332] ? __do_sys_vfork+0x130/0x130 [ 28.175375][ T332] ? debug_smp_processor_id+0x17/0x20 [ 28.180654][ T332] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 28.186558][ T332] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 28.192380][ T332] do_syscall_64+0x3d/0xb0 [ 28.196719][ T332] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.202459][ T332] RIP: 0033:0x7f51ec2e90a9 [ 28.206694][ T332] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 28.226574][ T332] RSP: 002b:00007f51ec2a9208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 28.234823][ T332] RAX: ffffffffffffffda RBX: 00007f51ec3733c8 RCX: 00007f51ec2e90a9 [ 28.242727][ T332] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 28.250529][ T332] RBP: 00007f51ec3733c0 R08: 0000000000000000 R09: 0000000000003336 [ 28.258335][ T332] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51ec3733cc [ 28.266594][ T332] R13: 00007f51ec2a9210 R14: 0000000000000002 R15: 00007f51ec34001d [ 28.274493][ T332] [ 28.278914][ T332] [ 28.281081][ T332] Allocated by task 294: [ 28.285174][ T332] __kasan_slab_alloc+0xb1/0xe0 [ 28.289845][ T332] slab_post_alloc_hook+0x53/0x2c0 [ 28.294806][ T332] kmem_cache_alloc+0xf5/0x200 [ 28.299393][ T332] vm_area_dup+0x26/0x230 [ 28.303559][ T332] copy_mm+0x9a1/0x13e0 [ 28.307558][ T332] copy_process+0x12bc/0x3260 [ 28.312071][ T332] kernel_clone+0x21e/0x9e0 [ 28.316425][ T332] __x64_sys_clone+0x23f/0x290 [ 28.321091][ T332] do_syscall_64+0x3d/0xb0 [ 28.325340][ T332] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.331082][ T332] [ 28.333241][ T332] The buggy address belongs to the object at ffff88811df18b90 [ 28.333241][ T332] which belongs to the cache vm_area_struct of size 232 [ 28.347411][ T332] The buggy address is located 88 bytes inside of [ 28.347411][ T332] 232-byte region [ffff88811df18b90, ffff88811df18c78) [ 28.361276][ T332] The buggy address belongs to the page: [ 28.366875][ T332] page:ffffea000477c600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11df18 [ 28.377027][ T332] flags: 0x4000000000000200(slab|zone=1) [ 28.382758][ T332] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881001bd080 [ 28.391191][ T332] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000 [ 28.399679][ T332] page dumped because: kasan: bad access detected [ 28.406521][ T332] page_owner tracks the page as allocated [ 28.412005][ T332] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 294, ts 23126891142, free_ts 23126210191 [ 28.428105][ T332] post_alloc_hook+0x1a3/0x1b0 [ 28.432963][ T332] prep_new_page+0x1b/0x110 [ 28.437368][ T332] get_page_from_freelist+0x3550/0x35d0 [ 28.442682][ T332] __alloc_pages+0x206/0x5e0 [ 28.447380][ T332] new_slab+0x9a/0x4e0 [ 28.451384][ T332] ___slab_alloc+0x39e/0x830 [ 28.456085][ T332] __slab_alloc+0x4a/0x90 [ 28.460403][ T332] kmem_cache_alloc+0x134/0x200 [ 28.465161][ T332] vm_area_dup+0x26/0x230 [ 28.469342][ T332] __split_vma+0xc0/0x480 [ 28.473488][ T332] split_vma+0x7c/0xd0 [ 28.477411][ T332] mprotect_fixup+0x55c/0x780 [ 28.482013][ T332] do_mprotect_pkey+0x7b2/0xa80 [ 28.488264][ T332] __x64_sys_mprotect+0x80/0x90 [ 28.492991][ T332] do_syscall_64+0x3d/0xb0 [ 28.497344][ T332] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.503264][ T332] page last free stack trace: [ 28.507768][ T332] free_unref_page_prepare+0x7c8/0x7d0 [ 28.513391][ T332] free_unref_page+0xe6/0x730 [ 28.517995][ T332] __free_pages+0x61/0xf0 [ 28.522285][ T332] free_pages+0x7c/0x90 [ 28.526356][ T332] proc_pid_readlink+0x1d7/0x230 [ 28.531294][ T332] vfs_readlink+0x3a8/0x400 [ 28.535837][ T332] do_readlinkat+0x27f/0x3a0 [ 28.541118][ T332] __x64_sys_readlink+0x7f/0x90 [ 28.545879][ T332] do_syscall_64+0x3d/0xb0 [ 28.550213][ T332] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.556041][ T332] [ 28.558197][ T332] Memory state around the buggy address: [ 28.563762][ T332] ffff88811df18a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.571792][ T332] ffff88811df18b00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 28.579642][ T332] >ffff88811df18b80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.587534][ T332] ^ [ 28.594840][ T332] ffff88811df18c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [pid 332] clone(child_stack=NULL, flags=0 [pid 331] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 332] <... clone resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 332] futex(0x7f51ec3733cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f51ec3733c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] close(3) = 0 [pid 331] close(4) = -1 EBADF (Bad file descriptor) [pid 331] close(5) = -1 EBADF (Bad file descriptor) [pid 331] close(6) = -1 EBADF (Bad file descriptor) [pid 331] close(7) = -1 EBADF (Bad file descriptor) [pid 331] close(8) = -1 EBADF (Bad file descriptor) [pid 331] close(9) = -1 EBADF (Bad file descriptor) [pid 331] close(10) = -1 EBADF (Bad file descriptor) [pid 331] close(11) = -1 EBADF (Bad file descriptor) [pid 331] close(12) = -1 EBADF (Bad file descriptor) [pid 331] close(13) = -1 EBADF (Bad file descriptor) [pid 331] close(14) = -1 EBADF (Bad file descriptor) [pid 331] close(15) = -1 EBADF (Bad file descriptor) [pid 331] close(16) = -1 EBADF (Bad file descriptor) [pid 331] close(17) = -1 EBADF (Bad file descriptor) [pid 331] close(18) = -1 EBADF (Bad file descriptor) [pid 331] close(19) = -1 EBADF (Bad file descriptor) [pid 331] close(20) = -1 EBADF (Bad file descriptor) [pid 331] close(21) = -1 EBADF (Bad file descriptor) [pid 331] close(22) = -1 EBADF (Bad file descriptor) [pid 331] close(23) = -1 EBADF (Bad file descriptor) [pid 331] close(24) = -1 EBADF (Bad file descriptor) [pid 331] close(25) = -1 EBADF (Bad file descriptor) [pid 331] close(26) = -1 EBADF (Bad file descriptor) [pid 331] close(27) = -1 EBADF (Bad file descriptor) [pid 331] close(28) = -1 EBADF (Bad file descriptor) [pid 331] close(29) = -1 EBADF (Bad file descriptor) [pid 331] exit_group(0 [pid 332] <... futex resumed>) = ? [pid 331] <... exit_group resumed>) = ? [pid 332] +++ exited with 0 +++ [pid 331] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 28.603429][ T332] ffff88811df18c80: fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 [ 28.611691][ T332] ================================================================== [ 28.619733][ T332] Disabling lock debugging due to kernel taint [ 28.633912][ T295] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 28.646454][ T295] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 28.654811][ T295] CPU: 1 PID: 295 Comm: syz-executor396 Tainted: G B 5.15.137-syzkaller-01792-g61cfd264993d #0 [ 28.666916][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 28.679308][ T295] RIP: 0010:__rb_insert_augmented+0x91/0x610 [ 28.685195][ T295] Code: 00 74 08 4c 89 ef e8 ae b3 2b ff 49 8b 45 00 a8 01 0f 85 60 05 00 00 48 89 5d a0 48 89 45 c0 48 8d 58 08 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 80 b3 2b ff 48 89 d8 48 8b 1b 4c [ 28.704840][ T295] RSP: 0018:ffffc900009578f8 EFLAGS: 00010202 [ 28.711064][ T295] RAX: 0000000000000000 RBX: 0000000000000008 RCX: dffffc0000000000 [ 28.718877][ T295] RDX: ffffffff81a4d410 RSI: ffff88810be27250 RDI: ffff88811e813998 [ 28.726698][ T295] RBP: ffffc90000957960 R08: dffffc0000000000 R09: ffff88811e8139a0 [ 28.734674][ T295] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 28.742777][ T295] R13: ffff88811df18be8 R14: 0000000000000001 R15: ffff88811e813998 [ 28.751536][ T295] FS: 000055555641c3c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 28.760641][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.770747][ T295] CR2: 00007f51ec33f808 CR3: 000000011e121000 CR4: 00000000003506a0 [ 28.780506][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.789164][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.797788][ T295] Call Trace: [ 28.800891][ T295] [ 28.803666][ T295] ? __die_body+0x62/0xb0 [ 28.807920][ T295] ? die_addr+0x9f/0xd0 [ 28.812167][ T295] ? exc_general_protection+0x311/0x4b0 [ 28.818121][ T295] ? asm_exc_general_protection+0x27/0x30 [ 28.823665][ T295] ? anon_vma_interval_tree_iter_next+0x390/0x390 [ 28.829920][ T295] ? __rb_insert_augmented+0x91/0x610 [ 28.835678][ T295] ? anon_vma_interval_tree_iter_next+0x390/0x390 [ 28.842002][ T295] vma_interval_tree_insert_after+0x2be/0x2d0 [ 28.847907][ T295] copy_mm+0xba2/0x13e0 [ 28.851946][ T295] ? copy_signal+0x610/0x610 [ 28.856330][ T295] ? __init_rwsem+0xd6/0x1c0 [ 28.861045][ T295] ? copy_signal+0x4e3/0x610 [ 28.865466][ T295] copy_process+0x12bc/0x3260 [ 28.869980][ T295] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 28.874929][ T295] ? __kasan_check_write+0x14/0x20 [ 28.879870][ T295] kernel_clone+0x21e/0x9e0 [ 28.884383][ T295] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.889536][ T295] ? create_io_thread+0x1e0/0x1e0 [ 28.894597][ T295] __x64_sys_clone+0x23f/0x290 [ 28.899193][ T295] ? __do_sys_vfork+0x130/0x130 [ 28.903981][ T295] ? __kasan_check_read+0x11/0x20 [ 28.908829][ T295] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 28.914814][ T295] do_syscall_64+0x3d/0xb0 [ 28.919180][ T295] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.924976][ T295] RIP: 0033:0x7f51ec2e6f03 [ 28.929219][ T295] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 28.948849][ T295] RSP: 002b:00007ffcd81e00e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 28.957266][ T295] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f51ec2e6f03 [ 28.965071][ T295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 28.973467][ T295] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffcd81ef0b0 [ 28.981563][ T295] R10: 000055555641c690 R11: 0000000000000246 R12: 0000000000000001 [ 28.989654][ T295] R13: 00007ffcd81e020c R14: 00007ffcd81e0260 R15: 00007ffcd81e0250 [ 28.997652][ T295] [ 29.000606][ T295] Modules linked in: [ 29.005428][ T295] ---[ end trace 5e6c6fe00d212e84 ]--- [ 29.010720][ T295] RIP: 0010:__rb_insert_augmented+0x91/0x610 [ 29.017707][ T295] Code: 00 74 08 4c 89 ef e8 ae b3 2b ff 49 8b 45 00 a8 01 0f 85 60 05 00 00 48 89 5d a0 48 89 45 c0 48 8d 58 08 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 80 b3 2b ff 48 89 d8 48 8b 1b 4c [ 29.038161][ T295] RSP: 0018:ffffc900009578f8 EFLAGS: 00010202 [ 29.044161][ T295] RAX: 0000000000000000 RBX: 0000000000000008 RCX: dffffc0000000000 [ 29.052145][ T295] RDX: ffffffff81a4d410 RSI: ffff88810be27250 RDI: ffff88811e813998 [ 29.060238][ T295] RBP: ffffc90000957960 R08: dffffc0000000000 R09: ffff88811e8139a0 [ 29.068536][ T295] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 29.076466][ T295] R13: ffff88811df18be8 R14: 0000000000000001 R15: ffff88811e813998 [ 29.084627][ T295] FS: 000055555641c3c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 29.093393][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.100523][ T295] CR2: 00007f51ec33f808 CR3: 000000011e121000 CR4: 00000000003506a0 [ 29.109194][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.117575][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.126014][ T295] Kernel panic - not syncing: Fatal exception [ 29.132529][ T295] Kernel Offset: disabled [ 29.138011][ T295] Rebooting in 86400 seconds..