./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1934221460 <...> Warning: Permanently added '10.128.0.77' (ED25519) to the list of known hosts. execve("./syz-executor1934221460", ["./syz-executor1934221460"], 0x7ffe150a55d0 /* 10 vars */) = 0 brk(NULL) = 0x555557271000 brk(0x555557271d00) = 0x555557271d00 arch_prctl(ARCH_SET_FS, 0x555557271380) = 0 set_tid_address(0x555557271650) = 5041 set_robust_list(0x555557271660, 24) = 0 rseq(0x555557271ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1934221460", 4096) = 28 getrandom("\x30\x67\xa6\x28\xb0\xb2\x47\xc1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557271d00 brk(0x555557292d00) = 0x555557292d00 brk(0x555557293000) = 0x555557293000 mprotect(0x7fa8ebc4c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 mkdir("./syzkaller.Jq69MN", 0700) = 0 chmod("./syzkaller.Jq69MN", 0777) = 0 chdir("./syzkaller.Jq69MN") = 0 mkdir("./0", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x555557271660, 24 [pid 5041] <... clone resumed>, child_tidptr=0x555557271650) = 5042 [pid 5042] <... set_robust_list resumed>) = 0 [pid 5042] chdir("./0") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] socket(AF_UNIX, SOCK_DGRAM, 0) = 3 [pid 5042] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4 [pid 5042] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 5042] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0 [pid 5042] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0 [pid 5042] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0 [pid 5042] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5042] write(6, "8", 1) = 1 [ 75.309463][ T5042] FAULT_INJECTION: forcing a failure. [ 75.309463][ T5042] name failslab, interval 1, probability 0, space 0, times 1 [ 75.322423][ T5042] CPU: 0 PID: 5042 Comm: syz-executor193 Not tainted 6.5.0-syzkaller-04028-gd3287e4038ca #0 [ 75.332545][ T5042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 75.342645][ T5042] Call Trace: [ 75.345959][ T5042] [ 75.348926][ T5042] dump_stack_lvl+0x125/0x1b0 [ 75.353683][ T5042] should_fail_ex+0x496/0x5b0 [ 75.358406][ T5042] should_failslab+0x9/0x20 [ 75.362939][ T5042] __kmem_cache_alloc_node+0x2fd/0x350 [ 75.368435][ T5042] ? tomoyo_supervisor+0x43d/0xea0 [ 75.373588][ T5042] ? common_lsm_audit+0x2210/0x2210 [ 75.378837][ T5042] ? tomoyo_profile+0x47/0x60 [ 75.383655][ T5042] ? tomoyo_supervisor+0x43d/0xea0 [ 75.388891][ T5042] __kmalloc+0x4c/0x100 [ 75.393105][ T5042] tomoyo_supervisor+0x43d/0xea0 [ 75.398089][ T5042] ? tomoyo_profile+0x60/0x60 [ 75.402849][ T5042] ? kasan_set_track+0x25/0x30 [ 75.407653][ T5042] ? tomoyo_check_unix_acl+0xaf/0x120 [ 75.413043][ T5042] ? tomoyo_check_acl+0x1f4/0x410 [ 75.418101][ T5042] tomoyo_unix_entry+0x49b/0x650 [ 75.423069][ T5042] ? tomoyo_check_inet_acl+0x350/0x350 [ 75.428563][ T5042] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 75.434689][ T5042] tomoyo_socket_sendmsg_permission+0x350/0x3c0 [ 75.440960][ T5042] ? tomoyo_socket_bind_permission+0x340/0x340 [ 75.447141][ T5042] ? reacquire_held_locks+0x4b0/0x4b0 [ 75.452566][ T5042] security_socket_sendmsg+0x72/0xb0 [ 75.457893][ T5042] sock_sendmsg+0x42/0x180 [ 75.462364][ T5042] ____sys_sendmsg+0x2ac/0x940 [ 75.467171][ T5042] ? copy_msghdr_from_user+0x10b/0x160 [ 75.472670][ T5042] ? kernel_sendmsg+0x50/0x50 [ 75.477403][ T5042] ? find_held_lock+0x2d/0x110 [ 75.482192][ T5042] ___sys_sendmsg+0x135/0x1d0 [ 75.486897][ T5042] ? do_recvmmsg+0x740/0x740 [ 75.491505][ T5042] ? __lock_acquire+0x182f/0x5de0 [ 75.496583][ T5042] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 75.502614][ T5042] ? __fget_light+0x1fc/0x260 [ 75.507310][ T5042] __sys_sendmmsg+0x1a1/0x450 [ 75.512110][ T5042] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 75.517167][ T5042] ? cgroup_update_frozen+0x144/0x6b0 [ 75.522595][ T5042] ? find_held_lock+0x2d/0x110 [ 75.527410][ T5042] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.532645][ T5042] ? lockdep_hardirqs_on+0x7d/0x100 [ 75.537888][ T5042] __x64_sys_sendmmsg+0x9c/0x100 [ 75.542862][ T5042] do_syscall_64+0x38/0xb0 [ 75.547300][ T5042] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.553214][ T5042] RIP: 0033:0x7fa8ebbd95a9 [ 75.557637][ T5042] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.577262][ T5042] RSP: 002b:00007ffe0e4b2e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 75.585712][ T5042] RAX: ffffffffffffffda RBX: 00007ffe0e4b2eb0 RCX: 00007fa8ebbd95a9 [ 75.593706][ T5042] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003 [ 75.601705][ T5042] RBP: 0000000000000001 R08: 00007ffe0e4b2c27 R09: 00007ffe0e5b51a0 [pid 5042] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1 [pid 5042] exit_group(0) = ? [pid 5042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555572726f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file0") = 0 getdents64(3, 0x5555572726f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5043 attached , child_tidptr=0x555557271650) = 5043 [pid 5043] set_robust_list(0x555557271660, 24) = 0 [pid 5043] chdir("./1") = 0 [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5043] setpgid(0, 0) = 0 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5043] write(3, "1000", 4) = 4 [pid 5043] close(3) = 0 [pid 5043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5043] socket(AF_UNIX, SOCK_DGRAM, 0) = 3 [pid 5043] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4 [pid 5043] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 5043] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0 [pid 5043] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0 [pid 5043] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0 [pid 5043] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5043] write(6, "8", 1) = 1 [ 75.609683][ T5042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.617678][ T5042] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 75.625679][ T5042] [ 75.666570][ T5043] FAULT_INJECTION: forcing a failure. [ 75.666570][ T5043] name failslab, interval 1, probability 0, space 0, times 0 [ 75.680197][ T5043] CPU: 0 PID: 5043 Comm: syz-executor193 Not tainted 6.5.0-syzkaller-04028-gd3287e4038ca #0 [ 75.690307][ T5043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 75.700395][ T5043] Call Trace: [ 75.703706][ T5043] [ 75.706668][ T5043] dump_stack_lvl+0x125/0x1b0 [ 75.711398][ T5043] should_fail_ex+0x496/0x5b0 [ 75.716099][ T5043] should_failslab+0x9/0x20 [ 75.720631][ T5043] kmem_cache_alloc_node+0x389/0x3f0 [ 75.725952][ T5043] ? __alloc_skb+0x287/0x330 [ 75.730680][ T5043] __alloc_skb+0x287/0x330 [ 75.735120][ T5043] ? __napi_build_skb+0x50/0x50 [ 75.740009][ T5043] ? mark_held_locks+0x9f/0xe0 [ 75.744810][ T5043] ? kasan_quarantine_put+0x102/0x230 [ 75.750227][ T5043] ? find_held_lock+0x2d/0x110 [ 75.755019][ T5043] alloc_skb_with_frags+0xe4/0x710 [ 75.760163][ T5043] sock_alloc_send_pskb+0x7e4/0x970 [ 75.765397][ T5043] ? aa_profile_af_perm+0x470/0x470 [ 75.770624][ T5043] ? tomoyo_unix_entry+0x1d2/0x650 [ 75.775753][ T5043] ? sock_wmalloc+0x120/0x120 [ 75.780496][ T5043] ? unix_gc+0x12b0/0x12b0 [ 75.784982][ T5043] ? apparmor_socket_getpeersec_dgram+0x9/0x10 [ 75.791199][ T5043] unix_dgram_sendmsg+0x455/0x1c30 [ 75.796343][ T5043] ? aa_sk_perm+0x2c1/0xae0 [ 75.800885][ T5043] ? unix_dgram_connect+0xba0/0xba0 [ 75.806129][ T5043] ? aa_af_perm+0x260/0x260 [ 75.810675][ T5043] ? reacquire_held_locks+0x4b0/0x4b0 [ 75.816090][ T5043] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 75.821413][ T5043] ? unix_dgram_connect+0xba0/0xba0 [ 75.826633][ T5043] sock_sendmsg+0xd9/0x180 [ 75.831069][ T5043] ____sys_sendmsg+0x2ac/0x940 [ 75.835849][ T5043] ? copy_msghdr_from_user+0x10b/0x160 [ 75.841323][ T5043] ? kernel_sendmsg+0x50/0x50 [ 75.846020][ T5043] ? find_held_lock+0x2d/0x110 [ 75.850810][ T5043] ___sys_sendmsg+0x135/0x1d0 [ 75.855524][ T5043] ? do_recvmmsg+0x740/0x740 [ 75.860177][ T5043] ? __lock_acquire+0x182f/0x5de0 [ 75.865258][ T5043] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 75.871276][ T5043] ? __fget_light+0x1fc/0x260 [ 75.875967][ T5043] __sys_sendmmsg+0x1a1/0x450 [ 75.880680][ T5043] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 75.885748][ T5043] ? cgroup_update_frozen+0x144/0x6b0 [ 75.891166][ T5043] ? find_held_lock+0x2d/0x110 [ 75.895980][ T5043] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.901202][ T5043] ? lockdep_hardirqs_on+0x7d/0x100 [ 75.906457][ T5043] __x64_sys_sendmmsg+0x9c/0x100 [ 75.911416][ T5043] do_syscall_64+0x38/0xb0 [ 75.915886][ T5043] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.921836][ T5043] RIP: 0033:0x7fa8ebbd95a9 [ 75.926289][ T5043] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.945927][ T5043] RSP: 002b:00007ffe0e4b2e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 75.954369][ T5043] RAX: ffffffffffffffda RBX: 00007ffe0e4b2eb0 RCX: 00007fa8ebbd95a9 [pid 5043] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 ENOBUFS (No buffer space available) [pid 5043] exit_group(0) = ? [pid 5043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5043, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555572726f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file0") = 0 getdents64(3, 0x5555572726f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557271650) = 5044 ./strace-static-x86_64: Process 5044 attached [pid 5044] set_robust_list(0x555557271660, 24) = 0 [pid 5044] chdir("./2") = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] socket(AF_UNIX, SOCK_DGRAM, 0) = 3 [pid 5044] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4 [pid 5044] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 5044] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0 [pid 5044] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0 [pid 5044] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0 [pid 5044] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5044] write(6, "8", 1) = 1 [pid 5044] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1 [pid 5044] exit_group(0) = ? [pid 5044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555572726f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 75.962368][ T5043] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003 [ 75.970368][ T5043] RBP: 0000000000000001 R08: 00007ffe0e4b2c27 R09: 00007ffe0e5b51a0 [ 75.978366][ T5043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.986348][ T5043] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 75.994365][ T5043] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file0") = 0 getdents64(3, 0x5555572726f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5045 attached , child_tidptr=0x555557271650) = 5045 [pid 5045] set_robust_list(0x555557271660, 24) = 0 [pid 5045] chdir("./3") = 0 [pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5045] setpgid(0, 0) = 0 [pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5045] write(3, "1000", 4) = 4 [pid 5045] close(3) = 0 [pid 5045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5045] socket(AF_UNIX, SOCK_DGRAM, 0) = 3 [pid 5045] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4 [pid 5045] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 5045] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0 [pid 5045] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0 [pid 5045] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0 [pid 5045] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5045] write(6, "8", 1) = 1 [pid 5045] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1 [ 76.074170][ T22] ================================================================== [ 76.080148][ T5045] FAULT_INJECTION: forcing a failure. [ 76.080148][ T5045] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 76.082257][ T22] BUG: KASAN: slab-use-after-free in consume_skb+0x32/0x170 [ 76.082306][ T22] Read of size 4 at addr ffff8880733c5c24 by task kworker/1:0/22 [ 76.096458][ T5045] CPU: 0 PID: 5045 Comm: syz-executor193 Not tainted 6.5.0-syzkaller-04028-gd3287e4038ca #0 [ 76.102832][ T22] [ 76.122971][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 76.133044][ T5045] Call Trace: [ 76.136354][ T5045] [ 76.139300][ T5045] dump_stack_lvl+0x125/0x1b0 [ 76.144024][ T5045] should_fail_ex+0x496/0x5b0 [ 76.148741][ T5045] __should_fail_alloc_page+0xe7/0x130 [ 76.154237][ T5045] prepare_alloc_pages.constprop.0+0x16f/0x550 [ 76.160436][ T5045] ? mark_lock+0x105/0x1950 [ 76.164987][ T5045] __alloc_pages+0x14e/0x4a0 [ 76.169606][ T5045] ? __alloc_pages_slowpath.constprop.0+0x2360/0x2360 [ 76.176431][ T5045] ? __lock_acquire+0x182f/0x5de0 [ 76.181491][ T5045] ? find_held_lock+0x2d/0x110 [ 76.186288][ T5045] __folio_alloc+0x16/0x40 [ 76.190723][ T5045] vma_alloc_folio+0x156/0x890 [ 76.195527][ T5045] ? policy_nodemask+0x1d0/0x1d0 [ 76.200499][ T5045] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 76.206558][ T5045] do_wp_page+0x79b/0x3710 [ 76.211018][ T5045] ? lock_sync+0x190/0x190 [ 76.215472][ T5045] ? finish_mkwrite_fault+0x250/0x250 [ 76.220882][ T5045] ? spin_bug+0x1d0/0x1d0 [ 76.225274][ T5045] __handle_mm_fault+0x1af7/0x3b80 [ 76.230432][ T5045] ? vm_iomap_memory+0x170/0x170 [ 76.235416][ T5045] ? find_vma+0x10e/0x1b0 [ 76.239786][ T5045] ? vma_link+0x290/0x290 [ 76.244270][ T5045] handle_mm_fault+0x2ab/0x9d0 [ 76.249073][ T5045] ? access_error+0x156/0x2d0 [ 76.253778][ T5045] ? lock_mm_and_find_vma+0xa6/0x760 [ 76.259097][ T5045] do_user_addr_fault+0x446/0xfc0 [ 76.264154][ T5045] ? rcu_is_watching+0x12/0xb0 [ 76.268967][ T5045] exc_page_fault+0x5c/0xd0 [ 76.273526][ T5045] asm_exc_page_fault+0x26/0x30 [ 76.278417][ T5045] RIP: 0033:0x7fa8ebbaf4d0 [ 76.282858][ T5045] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 1d 0b 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 d0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 c3 38 0a 00 4c [ 76.302494][ T5045] RSP: 002b:00007ffe0e4b2e30 EFLAGS: 00010246 [ 76.308588][ T5045] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 76.316577][ T5045] RDX: 0000000000000001 RSI: 00007fa8ebc50120 RDI: 0000000000000000 [pid 5045] exit_group(0) = ? [pid 5045] +++ exited with 0 +++ [ 76.324568][ T5045] RBP: 00007fa8ebc50120 R08: 00007ffe0e4b2c27 R09: 00007ffe0e5b51a0 [ 76.332561][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.340551][ T5045] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.348564][ T5045] [ 76.351606][ T22] CPU: 1 PID: 22 Comm: kworker/1:0 Not tainted 6.5.0-syzkaller-04028-gd3287e4038ca #0 [ 76.352341][ T5045] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 76.361178][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 76.361199][ T22] Workqueue: events sk_psock_destroy [ 76.361240][ T22] Call Trace: [ 76.361248][ T22] [ 76.390309][ T22] dump_stack_lvl+0xd9/0x1b0 [ 76.394959][ T22] print_report+0xc4/0x620 [ 76.399419][ T22] ? __virt_addr_valid+0x5e/0x2d0 [ 76.404471][ T22] ? __phys_addr+0xc6/0x140 [ 76.409008][ T22] kasan_report+0xda/0x110 [ 76.413472][ T22] ? consume_skb+0x32/0x170 [ 76.418031][ T22] ? consume_skb+0x32/0x170 [ 76.422573][ T22] kasan_check_range+0xef/0x190 [ 76.427447][ T22] consume_skb+0x32/0x170 [ 76.431813][ T22] __sk_msg_free+0x230/0x380 [ 76.436434][ T22] ? lockdep_hardirqs_on+0x7d/0x100 [ 76.441681][ T22] ? _raw_spin_unlock_irqrestore+0x3b/0x70 [ 76.447518][ T22] sk_psock_destroy+0x335/0xa50 [ 76.452397][ T22] process_one_work+0xaa2/0x16f0 [ 76.457378][ T22] ? bpf_jit_binary_pack_hdr+0x200/0x200 [ 76.463037][ T22] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 76.468438][ T22] ? spin_bug+0x1d0/0x1d0 [ 76.472812][ T22] worker_thread+0x687/0x1110 [ 76.477535][ T22] ? process_one_work+0x16f0/0x16f0 [ 76.482768][ T22] kthread+0x33a/0x430 [ 76.486861][ T22] ? kthread_complete_and_exit+0x40/0x40 [ 76.492518][ T22] ret_from_fork+0x2c/0x70 [ 76.496957][ T22] ? kthread_complete_and_exit+0x40/0x40 [ 76.502610][ T22] ret_from_fork_asm+0x11/0x20 [ 76.507409][ T22] [ 76.510435][ T22] [ 76.512762][ T22] Allocated by task 5044: [ 76.517094][ T22] kasan_save_stack+0x33/0x50 [ 76.521797][ T22] kasan_set_track+0x25/0x30 [ 76.526420][ T22] __kasan_slab_alloc+0x81/0x90 [ 76.531295][ T22] kmem_cache_alloc_node+0x185/0x3f0 [ 76.536600][ T22] __alloc_skb+0x287/0x330 [ 76.541034][ T22] alloc_skb_with_frags+0xe4/0x710 [ 76.546166][ T22] sock_alloc_send_pskb+0x7e4/0x970 [ 76.551380][ T22] unix_dgram_sendmsg+0x455/0x1c30 [ 76.556513][ T22] sock_sendmsg+0xd9/0x180 [ 76.560939][ T22] ____sys_sendmsg+0x2ac/0x940 [ 76.565716][ T22] ___sys_sendmsg+0x135/0x1d0 [ 76.570418][ T22] __sys_sendmmsg+0x1a1/0x450 [ 76.575108][ T22] __x64_sys_sendmmsg+0x9c/0x100 [ 76.580070][ T22] do_syscall_64+0x38/0xb0 [ 76.584507][ T22] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.590422][ T22] [ 76.592746][ T22] Freed by task 22: [ 76.596571][ T22] kasan_save_stack+0x33/0x50 [ 76.601275][ T22] kasan_set_track+0x25/0x30 [ 76.605891][ T22] kasan_save_free_info+0x2b/0x40 [ 76.610928][ T22] ____kasan_slab_free+0x15e/0x1b0 [ 76.616067][ T22] slab_free_freelist_hook+0x10b/0x1e0 [ 76.621547][ T22] kmem_cache_free+0xf0/0x490 [ 76.626274][ T22] kfree_skbmem+0xef/0x1b0 [ 76.630707][ T22] kfree_skb_reason+0x10e/0x210 [ 76.635580][ T22] sk_psock_destroy+0x18d/0xa50 [ 76.640449][ T22] process_one_work+0xaa2/0x16f0 [ 76.645408][ T22] worker_thread+0x687/0x1110 [ 76.650108][ T22] kthread+0x33a/0x430 [ 76.654188][ T22] ret_from_fork+0x2c/0x70 [ 76.658626][ T22] ret_from_fork_asm+0x11/0x20 [ 76.663414][ T22] [ 76.665743][ T22] The buggy address belongs to the object at ffff8880733c5b40 [ 76.665743][ T22] which belongs to the cache skbuff_head_cache of size 240 [ 76.680346][ T22] The buggy address is located 228 bytes inside of [ 76.680346][ T22] freed 240-byte region [ffff8880733c5b40, ffff8880733c5c30) [ 76.694154][ T22] [ 76.696486][ T22] The buggy address belongs to the physical page: [ 76.702896][ T22] page:ffffea0001ccf140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x733c5 [ 76.713152][ T22] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 76.720709][ T22] page_type: 0xffffffff() [ 76.725053][ T22] raw: 00fff00000000200 ffff888019660500 dead000000000122 0000000000000000 [ 76.733652][ T22] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 76.742241][ T22] page dumped because: kasan: bad access detected [ 76.748659][ T22] page_owner tracks the page as allocated [ 76.754396][ T22] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 5038, tgid 5038 (strace-static-x), ts 76027238060, free_ts 69351215114 [ 76.773003][ T22] post_alloc_hook+0x2d2/0x350 [ 76.777794][ T22] get_page_from_freelist+0x10a9/0x31e0 [ 76.783373][ T22] __alloc_pages+0x1d0/0x4a0 [ 76.787980][ T22] alloc_pages+0x1a9/0x270 [ 76.792426][ T22] allocate_slab+0x24e/0x380 [ 76.797044][ T22] ___slab_alloc+0x8bc/0x1570 [ 76.801767][ T22] kmem_cache_alloc_bulk+0x25a/0x7c0 [ 76.807085][ T22] napi_skb_cache_get+0xf7/0x190 [ 76.812066][ T22] __napi_build_skb+0x14/0x50 [ 76.816764][ T22] __napi_alloc_skb+0x3a7/0x6f0 [ 76.821721][ T22] page_to_skb+0x150/0xac0 [ 76.826163][ T22] receive_buf+0x11c0/0x52d0 [ 76.830777][ T22] virtnet_poll+0x772/0x1530 [ 76.835392][ T22] __napi_poll.constprop.0+0xb4/0x530 [ 76.840783][ T22] net_rx_action+0x956/0xe90 [ 76.845390][ T22] __do_softirq+0x218/0x965 [ 76.849925][ T22] page last free stack trace: [ 76.854599][ T22] free_unref_page_prepare+0x508/0xb90 [ 76.860087][ T22] free_unref_page+0x33/0x3b0 [ 76.864794][ T22] __folio_put+0xc5/0x140 [ 76.869142][ T22] anon_pipe_buf_release+0x3fa/0x4b0 [ 76.874443][ T22] pipe_read+0x635/0x1270 [ 76.878789][ T22] vfs_read+0x7ef/0x930 [ 76.882953][ T22] ksys_read+0x1f0/0x250 [ 76.887202][ T22] do_syscall_64+0x38/0xb0 [ 76.891648][ T22] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.897561][ T22] [ 76.899920][ T22] Memory state around the buggy address: [ 76.905580][ T22] ffff8880733c5b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 76.913675][ T22] ffff8880733c5b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555572726f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file0") = 0 getdents64(3, 0x5555572726f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557271650) = 5046 [ 76.921778][ T22] >ffff8880733c5c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 76.929845][ T22] ^ [ 76.934964][ T22] ffff8880733c5c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.943036][ T22] ffff8880733c5d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 76.951103][ T22] ================================================================== [ 76.963711][ T22] Kernel panic - not syncing: KASAN: panic_on_warn set ... ./strace-static-x86_64: Process 5046 attached [pid 5046] set_robust_list(0x555557271660, 24) = 0 [pid 5046] chdir("./4") = 0 [pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5046] setpgid(0, 0) = 0 [pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5046] write(3, "1000", 4) = 4 [pid 5046] close(3) = 0 [pid 5046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5046] socket(AF_UNIX, SOCK_DGRAM, 0) = 3 [pid 5046] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4 [pid 5046] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 5046] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0 [pid 5046] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0 [ 76.970953][ T22] CPU: 1 PID: 22 Comm: kworker/1:0 Not tainted 6.5.0-syzkaller-04028-gd3287e4038ca #0 [ 76.980535][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 76.990624][ T22] Workqueue: events sk_psock_destroy [ 76.995981][ T22] Call Trace: [ 76.996833][ T5046] FAULT_INJECTION: forcing a failure. [ 76.996833][ T5046] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 77.012471][ T22] [ 77.015428][ T22] dump_stack_lvl+0xd9/0x1b0 [ 77.020062][ T22] panic+0x6a4/0x750 [ 77.023993][ T22] ? panic_smp_self_stop+0xa0/0xa0 [ 77.029141][ T22] ? preempt_schedule_thunk+0x1a/0x30 [ 77.034557][ T22] ? preempt_schedule_common+0x45/0xc0 [ 77.040088][ T22] check_panic_on_warn+0xab/0xb0 [ 77.045063][ T22] end_report+0x108/0x150 [ 77.049435][ T22] kasan_report+0xea/0x110 [ 77.053894][ T22] ? consume_skb+0x32/0x170 [ 77.058432][ T22] ? consume_skb+0x32/0x170 [ 77.062988][ T22] kasan_check_range+0xef/0x190 [ 77.067869][ T22] consume_skb+0x32/0x170 [ 77.072253][ T22] __sk_msg_free+0x230/0x380 [pid 5046] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0 [pid 5046] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5046] write(6, "8", 1) = 1 [pid 5046] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1 [ 77.076886][ T22] ? lockdep_hardirqs_on+0x7d/0x100 [ 77.082124][ T22] ? _raw_spin_unlock_irqrestore+0x3b/0x70 [ 77.087984][ T22] sk_psock_destroy+0x335/0xa50 [ 77.092889][ T22] process_one_work+0xaa2/0x16f0 [ 77.097889][ T22] ? bpf_jit_binary_pack_hdr+0x200/0x200 [ 77.103551][ T22] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 77.108972][ T22] ? spin_bug+0x1d0/0x1d0 [ 77.113340][ T22] worker_thread+0x687/0x1110 [ 77.118072][ T22] ? process_one_work+0x16f0/0x16f0 [ 77.123314][ T22] kthread+0x33a/0x430 [ 77.127409][ T22] ? kthread_complete_and_exit+0x40/0x40 [ 77.133079][ T22] ret_from_fork+0x2c/0x70 [ 77.137526][ T22] ? kthread_complete_and_exit+0x40/0x40 [ 77.143184][ T22] ret_from_fork_asm+0x11/0x20 [ 77.147992][ T22] [ 77.151034][ T5046] CPU: 0 PID: 5046 Comm: syz-executor193 Not tainted 6.5.0-syzkaller-04028-gd3287e4038ca #0 [ 77.161120][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 77.171177][ T5046] Call Trace: [ 77.174468][ T5046] [ 77.177402][ T5046] dump_stack_lvl+0x125/0x1b0 [ 77.182108][ T5046] should_fail_ex+0x496/0x5b0 [ 77.186818][ T5046] __should_fail_alloc_page+0xe7/0x130 [ 77.192301][ T5046] prepare_alloc_pages.constprop.0+0x16f/0x550 [ 77.198486][ T5046] ? mark_lock+0x105/0x1950 [ 77.203018][ T5046] __alloc_pages+0x14e/0x4a0 [ 77.207631][ T5046] ? __alloc_pages_slowpath.constprop.0+0x2360/0x2360 [ 77.214454][ T5046] ? __lock_acquire+0x182f/0x5de0 [ 77.219504][ T5046] ? find_held_lock+0x2d/0x110 [ 77.224290][ T5046] __folio_alloc+0x16/0x40 [ 77.228720][ T5046] vma_alloc_folio+0x156/0x890 [ 77.233511][ T5046] ? policy_nodemask+0x1d0/0x1d0 [ 77.238467][ T5046] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 77.244484][ T5046] do_wp_page+0x79b/0x3710 [ 77.248929][ T5046] ? lock_sync+0x190/0x190 [ 77.253367][ T5046] ? finish_mkwrite_fault+0x250/0x250 [ 77.258757][ T5046] ? spin_bug+0x1d0/0x1d0 [ 77.263122][ T5046] __handle_mm_fault+0x1af7/0x3b80 [ 77.268343][ T5046] ? vm_iomap_memory+0x170/0x170 [ 77.273310][ T5046] ? find_vma+0x10e/0x1b0 [ 77.277662][ T5046] ? vma_link+0x290/0x290 [ 77.282021][ T5046] handle_mm_fault+0x2ab/0x9d0 [ 77.286800][ T5046] ? access_error+0x156/0x2d0 [ 77.291494][ T5046] ? lock_mm_and_find_vma+0xa6/0x760 [ 77.296795][ T5046] do_user_addr_fault+0x446/0xfc0 [ 77.301835][ T5046] ? rcu_is_watching+0x12/0xb0 [ 77.306615][ T5046] exc_page_fault+0x5c/0xd0 [ 77.311150][ T5046] asm_exc_page_fault+0x26/0x30 [ 77.316128][ T5046] RIP: 0033:0x7fa8ebbaf4d0 [ 77.320579][ T5046] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 1d 0b 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 d0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 c3 38 0a 00 4c [ 77.340208][ T5046] RSP: 002b:00007ffe0e4b2e30 EFLAGS: 00010246 [ 77.346310][ T5046] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 77.354293][ T5046] RDX: 0000000000000001 RSI: 00007fa8ebc50120 RDI: 0000000000000000 [ 77.362274][ T5046] RBP: 00007fa8ebc50120 R08: 00007ffe0e4b2c27 R09: 00007ffe0e5b51a0 [ 77.370255][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.378234][ T5046] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 77.386231][ T5046] [ 77.389562][ T22] Kernel Offset: disabled [ 77.394285][ T22] Rebooting in 86400 seconds..