./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3750652530

<...>
[    3.560028][   T83] acpid (83) used greatest stack depth: 23344 bytes left
[    3.810319][   T98] udevd[98]: starting version 3.2.11
[    3.864433][   T99] udevd[99]: starting eudev-3.2.11
[    3.866943][   T98] udevd (98) used greatest stack depth: 22288 bytes left
[   11.092136][   T30] kauditd_printk_skb: 50 callbacks suppressed
[   11.092147][   T30] audit: type=1400 audit(1684489019.063:61): avc:  denied  { transition } for  pid=221 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   11.097428][   T30] audit: type=1400 audit(1684489019.073:62): avc:  denied  { noatsecure } for  pid=221 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   11.103486][   T30] audit: type=1400 audit(1684489019.073:63): avc:  denied  { write } for  pid=221 comm="sh" path="pipe:[13224]" dev="pipefs" ino=13224 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   11.109643][   T30] audit: type=1400 audit(1684489019.073:64): avc:  denied  { rlimitinh } for  pid=221 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   11.115130][   T30] audit: type=1400 audit(1684489019.073:65): avc:  denied  { siginh } for  pid=221 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts.
execve("./syz-executor3750652530", ["./syz-executor3750652530"], 0x7fffe0fc8fd0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556679000
brk(0x555556679c40)                     = 0x555556679c40
arch_prctl(ARCH_SET_FS, 0x555556679300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x5555566795d0)         = 304
set_robust_list(0x5555566795e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f991fb95c40, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f991fb96310}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f991fb95ce0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f991fb96310}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3750652530", 4096) = 28
brk(0x55555669ac40)                     = 0x55555669ac40
brk(0x55555669b000)                     = 0x55555669b000
mprotect(0x7f991fc57000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566795d0) = 305
./strace-static-x86_64: Process 305 attached
[pid   305] set_robust_list(0x5555566795e0, 24) = 0
[pid   305] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   305] setsid()                    = 1
[pid   305] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   305] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   305] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   305] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   305] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   305] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   305] unshare(CLONE_NEWNS)        = 0
[pid   305] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   305] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   305] unshare(CLONE_NEWCGROUP)    = 0
[pid   305] unshare(CLONE_NEWUTS)       = 0
[pid   305] unshare(CLONE_SYSVSEM)      = 0
[pid   305] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   305] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   305] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   305] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   305] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   305] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   305] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   305] getpid()                    = 1
[pid   305] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   305] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   305] unshare(CLONE_NEWNET)       = 0
[pid   305] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   305] write(3, "0 65535", 7)      = 7
[pid   305] close(3)                    = 0
[pid   305] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid   305] dup2(3, 200)                = 200
[pid   305] close(3)                    = 0
[pid   305] ioctl(200, TUNSETIFF, 0x7fffe47e4100) = 0
[pid   305] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid   305] write(3, "0", 1)            = 1
[pid   305] close(3)                    = 0
[pid   305] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid   305] write(3, "0", 1)            = 1
[pid   305] close(3)                    = 0
[pid   305] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid   305] access("/proc/net", R_OK)   = 0
[pid   305] access("/proc/net/unix", R_OK) = 0
[pid   305] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid   305] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid   305] close(4)                    = 0
[pid   305] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid   305] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid   305] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid   305] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid   305] close(4)                    = 0
[pid   305] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid   305] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid   305] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid   305] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid   305] close(4)                    = 0
[pid   305] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid   305] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid   305] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid   305] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid   305] close(4)                    = 0
[pid   305] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid   305] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid   305] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid   305] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid   305] close(4)                    = 0
[pid   305] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid   305] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid   305] close(3)                    = 0
[pid   305] mkdir("/dev/binderfs", 0777) = 0
[pid   305] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   305] symlink("/dev/binderfs", "./binderfs") = 0
[pid   305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566795d0) = 2
[   33.551866][   T30] audit: type=1400 audit(1684489041.523:66): avc:  denied  { execmem } for  pid=304 comm="syz-executor375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   33.559929][   T30] audit: type=1400 audit(1684489041.523:67): avc:  denied  { integrity } for  pid=304 comm="syz-executor375" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[   33.567957][   T30] audit: type=1400 audit(1684489041.523:68): avc:  denied  { mounton } for  pid=305 comm="syz-executor375" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
./strace-static-x86_64: Process 306 attached
[pid   306] set_robust_list(0x5555566795e0, 24) = 0
[pid   306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   306] setpgid(0, 0)               = 0
[pid   306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   306] write(3, "1000", 4)         = 4
[pid   306] close(3)                    = 0
[pid   306] read(200, 0x7fffe47e3c60, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   306] futex(0x7f991fc5d4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f991fb65000
[pid   306] mprotect(0x7f991fb66000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   306] clone(child_stack=0x7f991fb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3], tls=0x7f991fb85700, child_tidptr=0x7f991fb859d0) = 3
[pid   306] futex(0x7f991fc5d4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   306] futex(0x7f991fc5d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 307 attached
 <unfinished ...>
[pid   307] set_robust_list(0x7f991fb859e0, 24) = 0
[pid   307] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   307] write(3, "57", 2)           = 2
[   33.584097][   T30] audit: type=1400 audit(1684489041.523:69): avc:  denied  { mount } for  pid=305 comm="syz-executor375" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   33.601558][  T307] FAULT_INJECTION: forcing a failure.
[   33.601558][  T307] name failslab, interval 1, probability 0, space 0, times 1
[   33.607095][   T30] audit: type=1400 audit(1684489041.533:70): avc:  denied  { mounton } for  pid=305 comm="syz-executor375" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   33.619112][  T307] CPU: 1 PID: 307 Comm: syz-executor375 Not tainted 5.15.106-syzkaller-00249-g19c0ed55a470 #0
[   33.651440][  T307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   33.661444][  T307] Call Trace:
[   33.664573][  T307]  <TASK>
[   33.667349][  T307]  dump_stack_lvl+0x151/0x1b7
[   33.671857][  T307]  ? io_uring_drop_tctx_refs+0x190/0x190
[   33.677414][  T307]  dump_stack+0x15/0x17
[   33.681408][  T307]  should_fail+0x3c6/0x510
[   33.685658][  T307]  __should_failslab+0xa4/0xe0
[   33.690259][  T307]  ? anon_vma_fork+0x1be/0x500
[   33.694858][  T307]  should_failslab+0x9/0x20
[   33.699203][  T307]  slab_pre_alloc_hook+0x37/0xd0
[   33.703974][  T307]  ? anon_vma_fork+0x1be/0x500
[   33.708573][  T307]  kmem_cache_alloc+0x44/0x200
[   33.713171][  T307]  anon_vma_fork+0x1be/0x500
[   33.717598][  T307]  ? vm_area_dup+0x17a/0x230
[   33.722024][  T307]  dup_mm+0x8c5/0x12c0
[   33.725937][  T307]  ? copy_init_mm+0x20/0x20
[   33.730278][  T307]  copy_mm+0x107/0x1b0
[   33.734185][  T307]  copy_process+0x12bc/0x3260
[   33.738693][  T307]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   33.743634][  T307]  ? __kasan_check_write+0x14/0x20
[   33.748590][  T307]  kernel_clone+0x21e/0x9e0
[   33.752924][  T307]  ? _raw_spin_unlock_irq+0x4e/0x70
[   33.758046][  T307]  ? create_io_thread+0x1e0/0x1e0
[   33.762917][  T307]  __x64_sys_clone+0x23f/0x290
[   33.767505][  T307]  ? __do_sys_vfork+0x130/0x130
[   33.772194][  T307]  ? __kasan_check_read+0x11/0x20
[   33.777052][  T307]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   33.782867][  T307]  do_syscall_64+0x3d/0xb0
[   33.787123][  T307]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   33.792857][  T307] RIP: 0033:0x7f991fbd4829
[   33.797105][  T307] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   33.816629][  T307] RSP: 002b:00007f991fb852f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   33.824876][  T307] RAX: ffffffffffffffda RBX: 00007f991fc5d4a8 RCX: 00007f991fbd4829
[   33.832684][  T307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022002000
[   33.840513][  T307] RBP: 00007f991fc5d4a0 R08: 0000000000000000 R09: 0000000000003735
[pid   307] clone(child_stack=NULL, flags=CLONE_PTRACE|CLONE_NEWCGROUP|CLONE_NEWPID <unfinished ...>
[pid   306] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   307] <... clone resumed>)        = -1 ENOMEM (Cannot allocate memory)
[pid   307] futex(0x7f991fc5d4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   307] futex(0x7f991fc5d4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   306] close(3)                    = 0
[pid   306] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   306] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   306] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   306] exit_group(0 <unfinished ...>
[pid   307] <... futex resumed>)        = ?
[pid   306] <... exit_group resumed>)   = ?
[pid   307] +++ exited with 0 +++
[pid   306] +++ exited with 0 +++
[pid   305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   305] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566795d0) = 4
./strace-static-x86_64: Process 308 attached
[pid   308] set_robust_list(0x5555566795e0, 24) = 0
[pid   308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   308] setpgid(0, 0)               = 0
[pid   308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   308] write(3, "1000", 4)         = 4
[pid   308] close(3)                    = 0
[pid   308] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid   308] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid   308] read(200, 0x7fffe47e3c60, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   308] futex(0x7f991fc5d4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f991fb65000
[   33.848305][  T307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   33.856382][  T307] R13: 00007f991fb85300 R14: 00007f991fb85400 R15: 0000000000022000
[   33.864491][  T307]  </TASK>
[   33.869436][   T30] audit: type=1400 audit(1684489041.553:71): avc:  denied  { create } for  pid=301 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[pid   308] mprotect(0x7f991fb66000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   308] clone(child_stack=0x7f991fb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5], tls=0x7f991fb85700, child_tidptr=0x7f991fb859d0) = 5
[pid   308] futex(0x7f991fc5d4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   308] futex(0x7f991fc5d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 309 attached
 <unfinished ...>
[pid   309] set_robust_list(0x7f991fb859e0, 24) = 0
[pid   309] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   309] write(3, "57", 2)           = 2
[   33.889992][   T30] audit: type=1400 audit(1684489041.553:72): avc:  denied  { write } for  pid=301 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   33.902171][  T309] FAULT_INJECTION: forcing a failure.
[   33.902171][  T309] name failslab, interval 1, probability 0, space 0, times 0
[   33.911382][   T30] audit: type=1400 audit(1684489041.553:73): avc:  denied  { nlmsg_read } for  pid=301 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   33.923604][  T309] CPU: 1 PID: 309 Comm: syz-executor375 Not tainted 5.15.106-syzkaller-00249-g19c0ed55a470 #0
[   33.944080][   T30] audit: type=1400 audit(1684489041.553:74): avc:  denied  { module_request } for  pid=301 comm="strace-static-x" kmod="net-pf-16-proto-4-type-16" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   33.953946][  T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   33.953958][  T309] Call Trace:
[   33.953964][  T309]  <TASK>
[   33.953972][  T309]  dump_stack_lvl+0x151/0x1b7
[   33.976888][   T30] audit: type=1400 audit(1684489041.553:75): avc:  denied  { read } for  pid=301 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   33.986755][  T309]  ? io_uring_drop_tctx_refs+0x190/0x190
[   34.031082][  T309]  dump_stack+0x15/0x17
[   34.035070][  T309]  should_fail+0x3c6/0x510
[   34.039410][  T309]  __should_failslab+0xa4/0xe0
[   34.044009][  T309]  ? anon_vma_clone+0x9a/0x4c0
[   34.048611][  T309]  should_failslab+0x9/0x20
[   34.052946][  T309]  slab_pre_alloc_hook+0x37/0xd0
[   34.057721][  T309]  ? anon_vma_clone+0x9a/0x4c0
[   34.062321][  T309]  kmem_cache_alloc+0x44/0x200
[   34.066925][  T309]  anon_vma_clone+0x9a/0x4c0
[   34.071352][  T309]  anon_vma_fork+0x91/0x500
[   34.075688][  T309]  ? anon_vma_name+0x43/0x70
[   34.080222][  T309]  ? vm_area_dup+0x17a/0x230
[   34.084629][  T309]  dup_mm+0x8c5/0x12c0
[   34.088538][  T309]  ? copy_init_mm+0x20/0x20
[   34.092874][  T309]  copy_mm+0x107/0x1b0
[   34.096781][  T309]  copy_process+0x12bc/0x3260
[   34.101295][  T309]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   34.106239][  T309]  ? __kasan_check_write+0x14/0x20
[   34.111188][  T309]  kernel_clone+0x21e/0x9e0
[   34.115530][  T309]  ? _raw_spin_unlock_irq+0x4e/0x70
[   34.120562][  T309]  ? create_io_thread+0x1e0/0x1e0
[   34.125424][  T309]  __x64_sys_clone+0x23f/0x290
[   34.130022][  T309]  ? __do_sys_vfork+0x130/0x130
[   34.134708][  T309]  ? __kasan_check_read+0x11/0x20
[   34.139655][  T309]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   34.145469][  T309]  do_syscall_64+0x3d/0xb0
[   34.149720][  T309]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.155448][  T309] RIP: 0033:0x7f991fbd4829
[   34.159712][  T309] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   34.179147][  T309] RSP: 002b:00007f991fb852f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   34.187390][  T309] RAX: ffffffffffffffda RBX: 00007f991fc5d4a8 RCX: 00007f991fbd4829
[   34.195199][  T309] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022002000
[pid   309] clone(child_stack=NULL, flags=CLONE_PTRACE|CLONE_NEWCGROUP|CLONE_NEWPID <unfinished ...>
[pid   308] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   309] <... clone resumed>)        = 6
[pid   309] futex(0x7f991fc5d4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   308] close(3)                    = 0
[pid   308] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(5)                    = -1 EBADF (Bad file descriptor)
./strace-static-x86_64: Process 310 attached
[pid   309] futex(0x7f991fc5d4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   308] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   308] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   308] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   308] exit_group(0)               = ?
[pid   309] <... futex resumed>)        = ?
[pid   309] +++ exited with 0 +++
[pid   308] +++ exited with 0 +++
[pid   305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
[pid   305] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566795d0) = 7
./strace-static-x86_64: Process 311 attached
[pid   311] set_robust_list(0x5555566795e0, 24) = 0
[pid   311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   311] setpgid(0, 0)               = 0
[pid   311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   311] write(3, "1000", 4)         = 4
[pid   311] close(3)                    = 0
[pid   311] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid   311] read(200, 0x7fffe47e3c60, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   311] futex(0x7f991fc5d4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f991fb65000
[pid   311] mprotect(0x7f991fb66000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   311] clone(child_stack=0x7f991fb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 312 attached
 <unfinished ...>
[pid   312] set_robust_list(0x7f991fb859e0, 24 <unfinished ...>
[pid   311] <... clone resumed>, parent_tid=[8], tls=0x7f991fb85700, child_tidptr=0x7f991fb859d0) = 8
[pid   312] <... set_robust_list resumed>) = 0
[pid   311] futex(0x7f991fc5d4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   312] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   311] <... futex resumed>)        = 0
[pid   311] futex(0x7f991fc5d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   312] <... openat resumed>)       = 3
[pid   312] write(3, "57", 2)           = 2
[   34.203100][  T309] RBP: 00007f991fc5d4a0 R08: 0000000000000000 R09: 0000000000003735
[   34.210908][  T309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   34.218836][  T309] R13: 00007f991fb85300 R14: 00007f991fb85400 R15: 0000000000022000
[   34.226623][  T309]  </TASK>
[   34.245988][  T312] FAULT_INJECTION: forcing a failure.
[   34.245988][  T312] name failslab, interval 1, probability 0, space 0, times 0
[   34.258518][  T312] CPU: 1 PID: 312 Comm: syz-executor375 Not tainted 5.15.106-syzkaller-00249-g19c0ed55a470 #0
[   34.268585][  T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   34.278479][  T312] Call Trace:
[   34.281603][  T312]  <TASK>
[   34.284378][  T312]  dump_stack_lvl+0x151/0x1b7
[   34.288897][  T312]  ? io_uring_drop_tctx_refs+0x190/0x190
[   34.294364][  T312]  dump_stack+0x15/0x17
[   34.298356][  T312]  should_fail+0x3c6/0x510
[   34.302607][  T312]  __should_failslab+0xa4/0xe0
[   34.307227][  T312]  ? anon_vma_clone+0x9a/0x4c0
[   34.311807][  T312]  should_failslab+0x9/0x20
[   34.316153][  T312]  slab_pre_alloc_hook+0x37/0xd0
[   34.320927][  T312]  ? anon_vma_clone+0x9a/0x4c0
[   34.325521][  T312]  kmem_cache_alloc+0x44/0x200
[   34.330163][  T312]  anon_vma_clone+0x9a/0x4c0
[   34.334547][  T312]  anon_vma_fork+0x91/0x500
[   34.338885][  T312]  ? anon_vma_name+0x43/0x70
[pid   312] clone(child_stack=NULL, flags=CLONE_PTRACE|CLONE_NEWCGROUP|CLONE_NEWPID <unfinished ...>
[pid   310] exit(0)                     = ?
[   34.343315][  T312]  ? vm_area_dup+0x17a/0x230
[   34.347911][  T312]  dup_mm+0x8c5/0x12c0
[   34.351760][  T312]  ? copy_init_mm+0x20/0x20
[   34.356101][  T312]  copy_mm+0x107/0x1b0
[   34.359998][  T312]  copy_process+0x12bc/0x3260
[   34.364520][  T312]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   34.369459][  T312]  ? __kasan_check_write+0x14/0x20
[   34.374407][  T312]  kernel_clone+0x21e/0x9e0
[   34.378748][  T312]  ? _raw_spin_unlock_irq+0x4e/0x70
[   34.383784][  T312]  ? create_io_thread+0x1e0/0x1e0
[   34.388641][  T312]  __x64_sys_clone+0x23f/0x290
[   34.393247][  T312]  ? __do_sys_vfork+0x130/0x130
[   34.397928][  T312]  ? __kasan_check_read+0x11/0x20
[   34.402791][  T312]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   34.408603][  T312]  do_syscall_64+0x3d/0xb0
[   34.412858][  T312]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.418586][  T312] RIP: 0033:0x7f991fbd4829
[   34.422837][  T312] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid   311] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   310] +++ exited with 0 +++
[pid   305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   305] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   312] <... clone resumed>)        = 9
[pid   312] futex(0x7f991fc5d4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   312] futex(0x7f991fc5d4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 314 attached
 <unfinished ...>
[pid   311] close(3)                    = 0
[pid   311] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   311] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   311] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   311] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   311] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   311] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   311] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   311] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   311] exit_group(0 <unfinished ...>
[pid   312] <... futex resumed>)        = ?
[pid   311] <... exit_group resumed>)   = ?
[pid   312] +++ exited with 0 +++
[pid   311] +++ exited with 0 +++
[pid   305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 315 attached
, child_tidptr=0x5555566795d0) = 10
[pid   315] set_robust_list(0x5555566795e0, 24) = 0
[pid   315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   315] setpgid(0, 0)               = 0
[pid   315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   315] write(3, "1000", 4)         = 4
[pid   315] close(3)                    = 0
[pid   315] read(200, 0x7fffe47e3c60, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   315] futex(0x7f991fc5d4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f991fb65000
[pid   315] mprotect(0x7f991fb66000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   315] clone(child_stack=0x7f991fb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 316 attached
, parent_tid=[11], tls=0x7f991fb85700, child_tidptr=0x7f991fb859d0) = 11
[pid   316] set_robust_list(0x7f991fb859e0, 24) = 0
[pid   316] futex(0x7f991fc5d4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   315] futex(0x7f991fc5d4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   316] <... futex resumed>)        = 0
[pid   316] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   316] write(3, "57", 2)           = 2
[   34.442287][  T312] RSP: 002b:00007f991fb852f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   34.450522][  T312] RAX: ffffffffffffffda RBX: 00007f991fc5d4a8 RCX: 00007f991fbd4829
[   34.458334][  T312] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022002000
[   34.466148][  T312] RBP: 00007f991fc5d4a0 R08: 0000000000000000 R09: 0000000000003735
[   34.474138][  T312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   34.482028][  T312] R13: 00007f991fb85300 R14: 00007f991fb85400 R15: 0000000000022000
[   34.489845][  T312]  </TASK>
[   34.507861][  T316] FAULT_INJECTION: forcing a failure.
[   34.507861][  T316] name failslab, interval 1, probability 0, space 0, times 0
[   34.520837][  T316] CPU: 1 PID: 316 Comm: syz-executor375 Not tainted 5.15.106-syzkaller-00249-g19c0ed55a470 #0
[   34.530976][  T316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   34.540868][  T316] Call Trace:
[   34.543995][  T316]  <TASK>
[   34.546772][  T316]  dump_stack_lvl+0x151/0x1b7
[   34.551286][  T316]  ? io_uring_drop_tctx_refs+0x190/0x190
[   34.557101][  T316]  dump_stack+0x15/0x17
[   34.561089][  T316]  should_fail+0x3c6/0x510
[   34.565346][  T316]  __should_failslab+0xa4/0xe0
[   34.569944][  T316]  ? anon_vma_fork+0x1be/0x500
[   34.574544][  T316]  should_failslab+0x9/0x20
[   34.578883][  T316]  slab_pre_alloc_hook+0x37/0xd0
[   34.583656][  T316]  ? anon_vma_fork+0x1be/0x500
[   34.588256][  T316]  kmem_cache_alloc+0x44/0x200
[   34.592965][  T316]  anon_vma_fork+0x1be/0x500
[   34.597390][  T316]  ? vm_area_dup+0x17a/0x230
[   34.601815][  T316]  dup_mm+0x8c5/0x12c0
[pid   316] clone(child_stack=NULL, flags=CLONE_PTRACE|CLONE_NEWCGROUP|CLONE_NEWPID <unfinished ...>
[pid   314] exit(0)                     = ?
[pid   314] +++ exited with 0 +++
[pid   305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   305] restart_syscall(<... resuming interrupted clone ...>) = 0
[   34.605724][  T316]  ? copy_init_mm+0x20/0x20
[   34.610062][  T316]  copy_mm+0x107/0x1b0
[   34.613965][  T316]  copy_process+0x12bc/0x3260
[   34.618482][  T316]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   34.623428][  T316]  ? __kasan_check_write+0x14/0x20
[   34.628374][  T316]  kernel_clone+0x21e/0x9e0
[   34.632718][  T316]  ? _raw_spin_unlock_irq+0x4e/0x70
[   34.637750][  T316]  ? create_io_thread+0x1e0/0x1e0
[   34.642610][  T316]  __x64_sys_clone+0x23f/0x290
[   34.647215][  T316]  ? __do_sys_vfork+0x130/0x130
[   34.651988][  T316]  ? __kasan_check_read+0x11/0x20
[   34.656850][  T316]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   34.662667][  T316]  do_syscall_64+0x3d/0xb0
[   34.666918][  T316]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.672725][  T316] RIP: 0033:0x7f991fbd4829
[   34.676982][  T316] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   34.696424][  T316] RSP: 002b:00007f991fb852f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   34.704666][  T316] RAX: ffffffffffffffda RBX: 00007f991fc5d4a8 RCX: 00007f991fbd4829
[   34.712478][  T316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022002000
[   34.720307][  T316] RBP: 00007f991fc5d4a0 R08: 0000000000000000 R09: 0000000000003735
[   34.728192][  T316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   34.736004][  T316] R13: 00007f991fb85300 R14: 00007f991fb85400 R15: 0000000000022000
[   34.743947][  T316]  </TASK>
[   34.747532][  T316] ------------[ cut here ]------------
[   34.752936][  T316] refcount_t: underflow; use-after-free.
[   34.758716][  T316] WARNING: CPU: 1 PID: 316 at lib/refcount.c:28 refcount_warn_saturate+0x158/0x1a0
[   34.768121][  T316] Modules linked in:
[   34.771824][  T316] CPU: 1 PID: 316 Comm: syz-executor375 Not tainted 5.15.106-syzkaller-00249-g19c0ed55a470 #0
[   34.781979][  T316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   34.792112][  T316] RIP: 0010:refcount_warn_saturate+0x158/0x1a0
[   34.798299][  T316] Code: 04 01 48 c7 c7 c0 9b 82 85 e8 54 99 dd fe 0f 0b eb 8b e8 7b 15 0c ff c6 05 89 b8 9e 04 01 48 c7 c7 20 9c 82 85 e8 38 99 dd fe <0f> 0b e9 6c ff ff ff e8 5c 15 0c ff c6 05 6b b8 9e 04 01 48 c7 c7
[   34.818179][  T316] RSP: 0018:ffffc90000a37948 EFLAGS: 00010246
[   34.824190][  T316] RAX: be22c527fd235b00 RBX: 0000000000000003 RCX: ffff888117eb8000
[   34.832113][  T316] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   34.840077][  T316] RBP: ffffc90000a37958 R08: ffffffff815748e5 R09: ffffed103ee265e8
[   34.848035][  T316] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11023605b3c
[   34.855924][  T316] R13: ffff88811b02d9e0 R14: 0000000000000003 R15: ffff88811b3abac1
[   34.863785][  T316] FS:  00007f991fb85700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   34.872682][  T316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.879072][  T316] CR2: 00007fffe47ed7c0 CR3: 000000011b0b3000 CR4: 00000000003506b0
[   34.886899][  T316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.894748][  T316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.902622][  T316] Call Trace:
[   34.905690][  T316]  <TASK>
[   34.908492][  T316]  vm_area_free_no_check+0x123/0x130
[   34.913588][  T316]  dup_mm+0xd73/0x12c0
[   34.917523][  T316]  ? copy_init_mm+0x20/0x20
[   34.921832][  T316]  copy_mm+0x107/0x1b0
[   34.925731][  T316]  copy_process+0x12bc/0x3260
[   34.930366][  T316]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   34.935456][  T316]  ? __kasan_check_write+0x14/0x20
[   34.940435][  T316]  kernel_clone+0x21e/0x9e0
[   34.944743][  T316]  ? _raw_spin_unlock_irq+0x4e/0x70
[   34.949889][  T316]  ? create_io_thread+0x1e0/0x1e0
[   34.954731][  T316]  __x64_sys_clone+0x23f/0x290
[   34.959369][  T316]  ? __do_sys_vfork+0x130/0x130
[   34.964017][  T316]  ? __kasan_check_read+0x11/0x20
[   34.968907][  T316]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   34.974688][  T316]  do_syscall_64+0x3d/0xb0
[   34.978968][  T316]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.984665][  T316] RIP: 0033:0x7f991fbd4829
[   34.988944][  T316] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   35.008881][  T316] RSP: 002b:00007f991fb852f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   35.017239][  T316] RAX: ffffffffffffffda RBX: 00007f991fc5d4a8 RCX: 00007f991fbd4829
[   35.025025][  T316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022002000
[   35.032971][  T316] RBP: 00007f991fc5d4a0 R08: 0000000000000000 R09: 0000000000003735
[   35.040787][  T316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   35.048589][  T316] R13: 00007f991fb85300 R14: 00007f991fb85400 R15: 0000000000022000
[   35.056376][  T316]  </TASK>
[pid   315] futex(0x7f991fc5d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   316] <... clone resumed>)        = -1 ENOMEM (Cannot allocate memory)
[pid   316] futex(0x7f991fc5d4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   315] <... futex resumed>)        = 0
[pid   316] futex(0x7f991fc5d4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   315] close(3)                    = 0
[pid   315] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   315] exit_group(0 <unfinished ...>
[pid   316] <... futex resumed>)        = ?
[pid   315] <... exit_group resumed>)   = ?
[pid   316] +++ exited with 0 +++
[pid   315] +++ exited with 0 +++
[pid   305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=31} ---
[pid   305] restart_syscall(<... resuming interrupted restart_syscall ...>) = 0
[pid   305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566795d0) = 12
./strace-static-x86_64: Process 317 attached
[pid   317] set_robust_list(0x5555566795e0, 24) = 0
[pid   317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   317] setpgid(0, 0)               = 0
[pid   317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   317] write(3, "1000", 4)         = 4
[pid   317] close(3)                    = 0
[pid   317] read(200, 0x7fffe47e3c60, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid   317] futex(0x7f991fc5d4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f991fb65000
[pid   317] mprotect(0x7f991fb66000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   317] clone(child_stack=0x7f991fb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[13], tls=0x7f991fb85700, child_tidptr=0x7f991fb859d0) = 13
[pid   317] futex(0x7f991fc5d4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   317] futex(0x7f991fc5d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 318 attached
 <unfinished ...>
[pid   318] set_robust_list(0x7f991fb859e0, 24) = 0
[pid   318] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   318] write(3, "57", 2)           = 2
[   35.059286][  T316] ---[ end trace 792378fce1501f91 ]---
[   35.074073][  T318] FAULT_INJECTION: forcing a failure.
[   35.074073][  T318] name failslab, interval 1, probability 0, space 0, times 0
[   35.086652][  T318] CPU: 1 PID: 318 Comm: syz-executor375 Tainted: G        W         5.15.106-syzkaller-00249-g19c0ed55a470 #0
[   35.098024][  T318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   35.107917][  T318] Call Trace:
[   35.111043][  T318]  <TASK>
[   35.113814][  T318]  dump_stack_lvl+0x151/0x1b7
[   35.118338][  T318]  ? io_uring_drop_tctx_refs+0x190/0x190
[   35.123796][  T318]  dump_stack+0x15/0x17
[   35.127788][  T318]  should_fail+0x3c6/0x510
[   35.132043][  T318]  __should_failslab+0xa4/0xe0
[   35.136729][  T318]  ? anon_vma_fork+0xf7/0x500
[   35.141245][  T318]  should_failslab+0x9/0x20
[   35.145585][  T318]  slab_pre_alloc_hook+0x37/0xd0
[   35.150361][  T318]  ? anon_vma_fork+0xf7/0x500
[   35.154871][  T318]  kmem_cache_alloc+0x44/0x200
[   35.159597][  T318]  anon_vma_fork+0xf7/0x500
[   35.163932][  T318]  ? anon_vma_name+0x43/0x70
[   35.168361][  T318]  ? vm_area_dup+0x17a/0x230
[   35.172784][  T318]  dup_mm+0x8c5/0x12c0
[   35.176696][  T318]  ? copy_init_mm+0x20/0x20
[   35.181039][  T318]  copy_mm+0x107/0x1b0
[   35.184936][  T318]  copy_process+0x12bc/0x3260
[   35.189450][  T318]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   35.194396][  T318]  ? __kasan_check_write+0x14/0x20
[   35.199342][  T318]  kernel_clone+0x21e/0x9e0
[   35.203684][  T318]  ? _raw_spin_unlock_irq+0x4e/0x70
[   35.208718][  T318]  ? create_io_thread+0x1e0/0x1e0
[   35.213579][  T318]  __x64_sys_clone+0x23f/0x290
[   35.218180][  T318]  ? __do_sys_vfork+0x130/0x130
[   35.222866][  T318]  ? __kasan_check_read+0x11/0x20
[   35.227723][  T318]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   35.233555][  T318]  do_syscall_64+0x3d/0xb0
[   35.237790][  T318]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   35.243521][  T318] RIP: 0033:0x7f991fbd4829
[   35.247777][  T318] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   35.267215][  T318] RSP: 002b:00007f991fb852f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   35.275632][  T318] RAX: ffffffffffffffda RBX: 00007f991fc5d4a8 RCX: 00007f991fbd4829
[   35.283531][  T318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022002000
[   35.291344][  T318] RBP: 00007f991fc5d4a0 R08: 0000000000000000 R09: 0000000000003735
[   35.299154][  T318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[pid   318] clone(child_stack=NULL, flags=CLONE_PTRACE|CLONE_NEWCGROUP|CLONE_NEWPID) = -1 ENOMEM (Cannot allocate memory)
[pid   317] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   318] futex(0x7f991fc5d4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   317] close(3 <unfinished ...>
[pid   318] <... futex resumed>)        = 0
[pid   317] <... close resumed>)        = 0
[pid   318] futex(0x7f991fc5d4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   317] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   317] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   317] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   317] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   317] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   317] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   317] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   317] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   317] exit_group(0 <unfinished ...>
[pid   318] <... futex resumed>)        = ?
[pid   317] <... exit_group resumed>)   = ?
[pid   318] +++ exited with 0 +++
[pid   317] +++ exited with 0 +++
[pid   305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[   35.306978][  T318] R13: 00007f991fb85300 R14: 00007f991fb85400 R15: 0000000000022000
[   35.314780][  T318]  </TASK>
[   35.326583][  T305] BUG: unable to handle page fault for address: ffffed180000000b
[   35.334122][  T305] #PF: supervisor read access in kernel mode
[   35.339932][  T305] #PF: error_code(0x0000) - not-present page
[   35.345750][  T305] PGD 23fff2067 P4D 23fff2067 PUD 0 
[   35.350871][  T305] Oops: 0000 [#1] PREEMPT SMP KASAN
[   35.356251][  T305] CPU: 0 PID: 305 Comm: syz-executor375 Tainted: G        W         5.15.106-syzkaller-00249-g19c0ed55a470 #0
[   35.367707][  T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   35.377691][  T305] RIP: 0010:__rb_insert_augmented+0x36b/0x610
[   35.383599][  T305] Code: 49 89 5d 00 48 83 e3 fc 43 80 3c 26 00 74 08 4c 89 ff e8 c8 09 2b ff 4d 89 2f 48 85 db 74 2a 4c 8d 73 10 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 06 09 2b ff 48 8d 43 08 4c 39 7b
[   35.403131][  T305] RSP: 0018:ffffc900009578d8 EFLAGS: 00010a02
[   35.409019][  T305] RAX: 1ffff1180000000b RBX: ffff88c000000048 RCX: ffff88811e990000
[   35.416934][  T305] RDX: 0000000000000000 RSI: ffff88811b037d10 RDI: ffff88811b391410
[   35.424746][  T305] RBP: ffffc90000957940 R08: dffffc0000000000 R09: ffff88811b037d18
[   35.432556][  T305] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   35.440369][  T305] R13: ffff88811b037d10 R14: ffff88c000000058 R15: ffff88811b3abac0
[   35.448177][  T305] FS:  0000555556679300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   35.456944][  T305] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.463370][  T305] CR2: ffffed180000000b CR3: 000000011b217000 CR4: 00000000003506b0
[   35.471194][  T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.479000][  T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.487073][  T305] Call Trace:
[   35.490168][  T305]  <TASK>
[   35.492944][  T305]  ? anon_vma_interval_tree_iter_next+0x390/0x390
[   35.499196][  T305]  vma_interval_tree_insert_after+0x2be/0x2d0
[   35.505096][  T305]  dup_mm+0xa11/0x12c0
[   35.509001][  T305]  ? copy_init_mm+0x20/0x20
[   35.513356][  T305]  copy_mm+0x107/0x1b0
[   35.517244][  T305]  copy_process+0x12bc/0x3260
[   35.521759][  T305]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   35.526703][  T305]  ? __kasan_check_write+0x14/0x20
[   35.531659][  T305]  kernel_clone+0x21e/0x9e0
[   35.535992][  T305]  ? _raw_spin_unlock_irq+0x4e/0x70
[   35.541025][  T305]  ? create_io_thread+0x1e0/0x1e0
[   35.545887][  T305]  __x64_sys_clone+0x23f/0x290
[   35.550492][  T305]  ? __do_sys_vfork+0x130/0x130
[   35.555174][  T305]  ? __kasan_check_read+0x11/0x20
[   35.560036][  T305]  ? syscall_enter_from_user_mode+0x70/0x1b0
[   35.565848][  T305]  do_syscall_64+0x3d/0xb0
[   35.570106][  T305]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   35.575829][  T305] RIP: 0033:0x7f991fbd318b
[   35.580087][  T305] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00
[   35.599621][  T305] RSP: 002b:00007fffe47e4040 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   35.608030][  T305] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f991fbd318b
[   35.615928][  T305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   35.623738][  T305] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000555556679300
[   35.631551][  T305] R10: 00005555566795d0 R11: 0000000000000246 R12: 0000000000000000
[   35.639378][  T305] R13: 00007fffe47e40d0 R14: 00007fffe47e40c0 R15: 00007fffe47e407c
[   35.647179][  T305]  </TASK>
[   35.650035][  T305] Modules linked in:
[   35.653771][  T305] CR2: ffffed180000000b
[   35.657793][  T305] ---[ end trace 792378fce1501f92 ]---
[   35.663056][  T305] RIP: 0010:__rb_insert_augmented+0x36b/0x610
[   35.668957][  T305] Code: 49 89 5d 00 48 83 e3 fc 43 80 3c 26 00 74 08 4c 89 ff e8 c8 09 2b ff 4d 89 2f 48 85 db 74 2a 4c 8d 73 10 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 06 09 2b ff 48 8d 43 08 4c 39 7b
[   35.688516][  T305] RSP: 0018:ffffc900009578d8 EFLAGS: 00010a02
[   35.694404][  T305] RAX: 1ffff1180000000b RBX: ffff88c000000048 RCX: ffff88811e990000
[   35.702217][  T305] RDX: 0000000000000000 RSI: ffff88811b037d10 RDI: ffff88811b391410
[   35.710030][  T305] RBP: ffffc90000957940 R08: dffffc0000000000 R09: ffff88811b037d18
[   35.718013][  T305] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   35.725824][  T305] R13: ffff88811b037d10 R14: ffff88c000000058 R15: ffff88811b3abac0
[   35.733633][  T305] FS:  0000555556679300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   35.742399][  T305] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.748823][  T305] CR2: ffffed180000000b CR3: 000000011b217000 CR4: 00000000003506b0
[   35.756637][  T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.764534][  T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.772344][  T305] Kernel panic - not syncing: Fatal exception
[   35.778408][  T305] Kernel Offset: disabled
[   35.782536][  T305] Rebooting in 86400 seconds..