./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor529443576

<...>
[    3.248983][   T86] acpid (86) used greatest stack depth: 23440 bytes left
[    3.479891][  T101] udevd[101]: starting version 3.2.11
[    3.559916][  T102] udevd[102]: starting eudev-3.2.11
[    4.252893][  T127] iptables-restor (127) used greatest stack depth: 22352 bytes left
[   12.998325][   T28] kauditd_printk_skb: 50 callbacks suppressed
[   12.998338][   T28] audit: type=1400 audit(1694984475.760:61): avc:  denied  { transition } for  pid=227 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   13.004648][   T28] audit: type=1400 audit(1694984475.760:62): avc:  denied  { noatsecure } for  pid=227 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   13.007901][   T28] audit: type=1400 audit(1694984475.760:63): avc:  denied  { write } for  pid=227 comm="sh" path="pipe:[13329]" dev="pipefs" ino=13329 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   13.012026][   T28] audit: type=1400 audit(1694984475.760:64): avc:  denied  { rlimitinh } for  pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   13.014906][   T28] audit: type=1400 audit(1694984475.760:65): avc:  denied  { siginh } for  pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.151' (ED25519) to the list of known hosts.
execve("./syz-executor529443576", ["./syz-executor529443576"], 0x7fff691c2830 /* 10 vars */) = 0
brk(NULL)                               = 0x555557113000
brk(0x555557113d00)                     = 0x555557113d00
arch_prctl(ARCH_SET_FS, 0x555557113380) = 0
set_tid_address(0x555557113650)         = 295
set_robust_list(0x555557113660, 24)     = 0
rseq(0x555557113ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor529443576", 4096) = 27
getrandom("\x61\x94\x17\xab\xcf\x76\xff\x2a", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555557113d00
brk(0x555557134d00)                     = 0x555557134d00
brk(0x555557135000)                     = 0x555557135000
mprotect(0x7fab497a8000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
mkdir("./syzkaller.X1cCx4", 0700)       = 0
chmod("./syzkaller.X1cCx4", 0777)       = 0
chdir("./syzkaller.X1cCx4")             = 0
mkdir("./0", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 296
./strace-static-x86_64: Process 296 attached
[pid   296] set_robust_list(0x555557113660, 24) = 0
[pid   296] chdir("./0")                = 0
[pid   296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   296] setpgid(0, 0)               = 0
[pid   296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   296] write(3, "1000", 4)         = 4
[pid   296] close(3)                    = 0
[pid   296] symlink("/dev/binderfs", "./binderfs") = 0
[pid   296] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   296] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   296] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   296] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   296] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   296] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   296] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   296] write(6, "7", 1)            = 1
[pid   296] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   21.173565][   T28] audit: type=1400 audit(1694984483.930:66): avc:  denied  { execmem } for  pid=295 comm="syz-executor529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   21.181573][   T28] audit: type=1400 audit(1694984483.940:67): avc:  denied  { bpf } for  pid=296 comm="syz-executor529" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   21.187355][   T28] audit: type=1400 audit(1694984483.940:68): avc:  denied  { prog_load } for  pid=296 comm="syz-executor529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   21.192133][   T28] audit: type=1400 audit(1694984483.940:69): avc:  denied  { perfmon } for  pid=296 comm="syz-executor529" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   21.198223][  T296] FAULT_INJECTION: forcing a failure.
[   21.198223][  T296] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   21.204086][   T28] audit: type=1400 audit(1694984483.940:70): avc:  denied  { prog_run } for  pid=296 comm="syz-executor529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   21.217710][  T296] CPU: 1 PID: 296 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   21.235854][   T28] audit: type=1400 audit(1694984483.950:71): avc:  denied  { map_create } for  pid=296 comm="syz-executor529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   21.245697][  T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   21.245706][  T296] Call Trace:
[   21.245710][  T296]  <TASK>
[   21.245714][  T296]  dump_stack_lvl+0x151/0x1b7
[   21.245741][  T296]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   21.245762][  T296]  ? yield_to_task_fair+0x190/0x190
[   21.264845][   T28] audit: type=1400 audit(1694984483.950:72): avc:  denied  { map_read map_write } for  pid=296 comm="syz-executor529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   21.274687][  T296]  dump_stack+0x15/0x17
[   21.319563][  T296]  should_fail_ex+0x3d0/0x520
[   21.324079][  T296]  should_fail_alloc_page+0x68/0x90
[   21.329111][  T296]  __alloc_pages+0x1f4/0x780
[   21.333540][  T296]  ? prep_new_page+0x110/0x110
[   21.338140][  T296]  ? __this_cpu_preempt_check+0x13/0x20
[   21.343519][  T296]  __folio_alloc+0x15/0x40
[   21.347774][  T296]  wp_page_copy+0x23c/0x1610
[   21.352201][  T296]  ? __switch_to+0x62c/0x1190
[   21.356725][  T296]  ? compat_start_thread+0x20/0x20
[   21.361661][  T296]  ? fault_dirty_shared_page+0x300/0x300
[   21.367128][  T296]  ? native_set_ldt+0x130/0x130
[   21.371819][  T296]  do_wp_page+0xbbf/0xd80
[   21.375988][  T296]  handle_mm_fault+0x15a2/0x2f40
[   21.380762][  T296]  ? numa_migrate_prep+0xe0/0xe0
[   21.385531][  T296]  ? lock_vma_under_rcu+0x47a/0x540
[   21.390568][  T296]  ? __kasan_check_write+0x14/0x20
[   21.395513][  T296]  ? fpregs_restore_userregs+0x130/0x290
[   21.400983][  T296]  exc_page_fault+0x3a6/0x6e0
[   21.405497][  T296]  asm_exc_page_fault+0x27/0x30
[   21.410182][  T296] RIP: 0033:0x7fab4970b4f0
[   21.414437][  T296] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   21.433878][  T296] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   21.439780][  T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   21.447591][  T296] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   21.455512][  T296] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   21.463414][  T296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid   296] exit_group(0)               = ?
[pid   296] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file0")                     = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 297 attached
, child_tidptr=0x555557113650) = 297
[pid   297] set_robust_list(0x555557113660, 24) = 0
[pid   297] chdir("./1")                = 0
[pid   297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   297] setpgid(0, 0)               = 0
[pid   297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   297] write(3, "1000", 4)         = 4
[pid   297] close(3)                    = 0
[pid   297] symlink("/dev/binderfs", "./binderfs") = 0
[pid   297] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   297] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   297] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   297] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   297] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   297] write(6, "7", 1)            = 1
[pid   297] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   21.471222][  T296] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   21.479039][  T296]  </TASK>
[   21.482191][  T296] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   21.497709][  T297] FAULT_INJECTION: forcing a failure.
[   21.497709][  T297] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   21.510784][  T297] CPU: 1 PID: 297 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   21.520620][  T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   21.531559][  T297] Call Trace:
[   21.534679][  T297]  <TASK>
[   21.537461][  T297]  dump_stack_lvl+0x151/0x1b7
[   21.541971][  T297]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   21.547272][  T297]  ? yield_to_task_fair+0x190/0x190
[   21.552304][  T297]  dump_stack+0x15/0x17
[   21.556295][  T297]  should_fail_ex+0x3d0/0x520
[   21.560813][  T297]  should_fail_alloc_page+0x68/0x90
[   21.565847][  T297]  __alloc_pages+0x1f4/0x780
[   21.570274][  T297]  ? prep_new_page+0x110/0x110
[   21.574872][  T297]  __folio_alloc+0x15/0x40
[   21.579123][  T297]  wp_page_copy+0x23c/0x1610
[   21.583551][  T297]  ? __switch_to+0x62c/0x1190
[   21.588187][  T297]  ? compat_start_thread+0x20/0x20
[   21.593137][  T297]  ? fault_dirty_shared_page+0x300/0x300
[   21.598599][  T297]  ? __kasan_check_write+0x14/0x20
[   21.603547][  T297]  do_wp_page+0xbbf/0xd80
[   21.607730][  T297]  handle_mm_fault+0x15a2/0x2f40
[   21.612494][  T297]  ? numa_migrate_prep+0xe0/0xe0
[   21.617262][  T297]  ? lock_vma_under_rcu+0x47a/0x540
[   21.622294][  T297]  ? __kasan_check_write+0x14/0x20
[   21.627239][  T297]  ? fpregs_restore_userregs+0x130/0x290
[   21.632718][  T297]  exc_page_fault+0x3a6/0x6e0
[   21.637221][  T297]  asm_exc_page_fault+0x27/0x30
[   21.641909][  T297] RIP: 0033:0x7fab4970b4f0
[   21.646297][  T297] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   21.665745][  T297] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid   297] exit_group(0)               = ?
[pid   297] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file0")                     = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 298
./strace-static-x86_64: Process 298 attached
[pid   298] set_robust_list(0x555557113660, 24) = 0
[pid   298] chdir("./2")                = 0
[pid   298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   298] setpgid(0, 0)               = 0
[pid   298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   298] write(3, "1000", 4)         = 4
[pid   298] close(3)                    = 0
[pid   298] symlink("/dev/binderfs", "./binderfs") = 0
[pid   298] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   298] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   298] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   298] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   298] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   298] write(6, "7", 1)            = 1
[pid   298] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   21.671647][  T297] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   21.679455][  T297] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   21.687265][  T297] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   21.695077][  T297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   21.702894][  T297] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   21.710703][  T297]  </TASK>
[   21.713621][  T297] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   21.738036][  T298] FAULT_INJECTION: forcing a failure.
[   21.738036][  T298] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   21.751190][  T298] CPU: 1 PID: 298 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   21.761071][  T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   21.770966][  T298] Call Trace:
[   21.774092][  T298]  <TASK>
[   21.776907][  T298]  dump_stack_lvl+0x151/0x1b7
[   21.781384][  T298]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   21.786679][  T298]  dump_stack+0x15/0x17
[   21.790670][  T298]  should_fail_ex+0x3d0/0x520
[   21.795184][  T298]  should_fail_alloc_page+0x68/0x90
[   21.800219][  T298]  __alloc_pages+0x1f4/0x780
[   21.804645][  T298]  ? prep_new_page+0x110/0x110
[   21.809244][  T298]  ? __this_cpu_preempt_check+0x13/0x20
[   21.814624][  T298]  __folio_alloc+0x15/0x40
[   21.818885][  T298]  wp_page_copy+0x23c/0x1610
[   21.823305][  T298]  ? __switch_to+0x62c/0x1190
[   21.827817][  T298]  ? compat_start_thread+0x20/0x20
[   21.832768][  T298]  ? fault_dirty_shared_page+0x300/0x300
[   21.838235][  T298]  do_wp_page+0xbbf/0xd80
[   21.842403][  T298]  handle_mm_fault+0x15a2/0x2f40
[   21.847175][  T298]  ? numa_migrate_prep+0xe0/0xe0
[   21.852127][  T298]  ? lock_vma_under_rcu+0x47a/0x540
[   21.857158][  T298]  ? __kasan_check_write+0x14/0x20
[   21.862107][  T298]  ? fpregs_restore_userregs+0x130/0x290
[   21.867574][  T298]  exc_page_fault+0x3a6/0x6e0
[   21.872088][  T298]  asm_exc_page_fault+0x27/0x30
[   21.876775][  T298] RIP: 0033:0x7fab4970b4f0
[   21.881025][  T298] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   21.900475][  T298] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   21.906371][  T298] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   21.914183][  T298] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   21.921996][  T298] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   21.929810][  T298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid   298] exit_group(0)               = ?
[pid   298] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs")                  = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file0")                     = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 300
./strace-static-x86_64: Process 300 attached
[pid   300] set_robust_list(0x555557113660, 24) = 0
[pid   300] chdir("./3")                = 0
[pid   300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   300] setpgid(0, 0)               = 0
[pid   300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   300] write(3, "1000", 4)         = 4
[pid   300] close(3)                    = 0
[pid   300] symlink("/dev/binderfs", "./binderfs") = 0
[pid   300] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   300] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   300] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   300] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   300] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   300] write(6, "7", 1)            = 1
[pid   300] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   300] exit_group(0)               = ?
[pid   300] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs")                  = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file0")                     = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 301 attached
 <unfinished ...>
[pid   301] set_robust_list(0x555557113660, 24) = 0
[pid   301] chdir("./4")                = 0
[pid   301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   301] setpgid(0, 0)               = 0
[pid   301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   301] write(3, "1000", 4)         = 4
[pid   301] close(3)                    = 0
[pid   301] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   295] <... clone resumed>, child_tidptr=0x555557113650) = 301
[pid   301] <... symlink resumed>)      = 0
[pid   301] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   301] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   301] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   301] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   301] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   301] write(6, "7", 1)            = 1
[pid   301] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   21.937687][  T298] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   21.945437][  T298]  </TASK>
[   21.949115][  T298] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   21.978011][  T301] FAULT_INJECTION: forcing a failure.
[   21.978011][  T301] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   21.991200][  T301] CPU: 0 PID: 301 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   22.001069][  T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   22.010981][  T301] Call Trace:
[   22.014090][  T301]  <TASK>
[   22.016880][  T301]  dump_stack_lvl+0x151/0x1b7
[   22.021396][  T301]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   22.026675][  T301]  ? yield_to_task_fair+0x190/0x190
[   22.031710][  T301]  dump_stack+0x15/0x17
[   22.035718][  T301]  should_fail_ex+0x3d0/0x520
[   22.040217][  T301]  should_fail_alloc_page+0x68/0x90
[   22.045255][  T301]  __alloc_pages+0x1f4/0x780
[   22.049679][  T301]  ? prep_new_page+0x110/0x110
[   22.054277][  T301]  ? __this_cpu_preempt_check+0x13/0x20
[   22.059660][  T301]  __folio_alloc+0x15/0x40
[   22.063915][  T301]  wp_page_copy+0x23c/0x1610
[   22.068345][  T301]  ? __switch_to+0x62c/0x1190
[   22.072854][  T301]  ? compat_start_thread+0x20/0x20
[   22.077802][  T301]  ? fault_dirty_shared_page+0x300/0x300
[   22.083270][  T301]  ? native_set_ldt+0x130/0x130
[   22.087974][  T301]  do_wp_page+0xbbf/0xd80
[   22.092123][  T301]  handle_mm_fault+0x15a2/0x2f40
[   22.096912][  T301]  ? numa_migrate_prep+0xe0/0xe0
[   22.101670][  T301]  ? lock_vma_under_rcu+0x47a/0x540
[   22.106706][  T301]  ? __kasan_check_write+0x14/0x20
[   22.111658][  T301]  ? fpregs_restore_userregs+0x130/0x290
[   22.117119][  T301]  exc_page_fault+0x3a6/0x6e0
[   22.121664][  T301]  asm_exc_page_fault+0x27/0x30
[   22.126323][  T301] RIP: 0033:0x7fab4970b4f0
[   22.130582][  T301] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   22.150030][  T301] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   22.155917][  T301] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   22.163757][  T301] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   22.171546][  T301] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   22.179358][  T301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid   301] exit_group(0)               = ?
[pid   301] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs")                  = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file0")                     = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 302 attached
, child_tidptr=0x555557113650) = 302
[pid   302] set_robust_list(0x555557113660, 24) = 0
[pid   302] chdir("./5")                = 0
[pid   302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   302] setpgid(0, 0)               = 0
[pid   302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   302] write(3, "1000", 4)         = 4
[pid   302] close(3)                    = 0
[pid   302] symlink("/dev/binderfs", "./binderfs") = 0
[pid   302] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   302] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   302] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   302] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   302] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   302] write(6, "7", 1)            = 1
[pid   302] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   302] exit_group(0)               = ?
[pid   302] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs")                  = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file0")                     = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 303
./strace-static-x86_64: Process 303 attached
[pid   303] set_robust_list(0x555557113660, 24) = 0
[pid   303] chdir("./6")                = 0
[pid   303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   303] setpgid(0, 0)               = 0
[pid   303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   303] write(3, "1000", 4)         = 4
[pid   303] close(3)                    = 0
[pid   303] symlink("/dev/binderfs", "./binderfs") = 0
[pid   303] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   303] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   303] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   303] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   303] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   303] write(6, "7", 1)            = 1
[pid   303] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   22.187269][  T301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   22.195081][  T301]  </TASK>
[   22.199156][  T301] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   22.233582][  T303] FAULT_INJECTION: forcing a failure.
[   22.233582][  T303] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   22.246740][  T303] CPU: 1 PID: 303 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   22.256621][  T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   22.266519][  T303] Call Trace:
[   22.269638][  T303]  <TASK>
[   22.272417][  T303]  dump_stack_lvl+0x151/0x1b7
[   22.276934][  T303]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   22.282226][  T303]  dump_stack+0x15/0x17
[   22.286221][  T303]  should_fail_ex+0x3d0/0x520
[   22.290732][  T303]  should_fail_alloc_page+0x68/0x90
[   22.295765][  T303]  __alloc_pages+0x1f4/0x780
[   22.300205][  T303]  ? prep_new_page+0x110/0x110
[   22.304805][  T303]  ? __this_cpu_preempt_check+0x13/0x20
[   22.310186][  T303]  __folio_alloc+0x15/0x40
[   22.314429][  T303]  wp_page_copy+0x23c/0x1610
[   22.318855][  T303]  ? __switch_to+0x62c/0x1190
[   22.323374][  T303]  ? compat_start_thread+0x20/0x20
[   22.328575][  T303]  ? fault_dirty_shared_page+0x300/0x300
[   22.334048][  T303]  do_wp_page+0xbbf/0xd80
[   22.338210][  T303]  handle_mm_fault+0x15a2/0x2f40
[   22.342985][  T303]  ? numa_migrate_prep+0xe0/0xe0
[   22.347758][  T303]  ? lock_vma_under_rcu+0x47a/0x540
[   22.352922][  T303]  ? __kasan_check_write+0x14/0x20
[   22.357865][  T303]  ? fpregs_restore_userregs+0x130/0x290
[   22.363414][  T303]  exc_page_fault+0x3a6/0x6e0
[   22.367930][  T303]  asm_exc_page_fault+0x27/0x30
[   22.372702][  T303] RIP: 0033:0x7fab4970b4f0
[   22.376962][  T303] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   22.396493][  T303] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   22.402390][  T303] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   22.410205][  T303] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   22.418014][  T303] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   22.425830][  T303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid   303] exit_group(0)               = ?
[pid   303] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs")                  = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file0")                     = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./6")                            = 0
mkdir("./7", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 304 attached
, child_tidptr=0x555557113650) = 304
[pid   304] set_robust_list(0x555557113660, 24) = 0
[pid   304] chdir("./7")                = 0
[pid   304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   304] setpgid(0, 0)               = 0
[pid   304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   304] write(3, "1000", 4)         = 4
[pid   304] close(3)                    = 0
[pid   304] symlink("/dev/binderfs", "./binderfs") = 0
[pid   304] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   304] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   304] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   304] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   304] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   304] write(6, "7", 1)            = 1
[pid   304] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   304] exit_group(0)               = ?
[pid   304] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs")                  = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file0")                     = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./7")                            = 0
mkdir("./8", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 305 attached
 <unfinished ...>
[pid   305] set_robust_list(0x555557113660, 24) = 0
[pid   305] chdir("./8")                = 0
[pid   305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   305] setpgid(0, 0)               = 0
[pid   305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] <... clone resumed>, child_tidptr=0x555557113650) = 305
[pid   305] <... openat resumed>)       = 3
[pid   305] write(3, "1000", 4)         = 4
[pid   305] close(3)                    = 0
[pid   305] symlink("/dev/binderfs", "./binderfs") = 0
[pid   305] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   305] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   305] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   305] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   305] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   305] write(6, "7", 1)            = 1
[   22.433639][  T303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   22.441455][  T303]  </TASK>
[   22.444472][  T303] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   22.486124][  T305] FAULT_INJECTION: forcing a failure.
[   22.486124][  T305] name failslab, interval 1, probability 0, space 0, times 0
[   22.498913][  T305] CPU: 0 PID: 305 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   22.518753][  T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   22.528647][  T305] Call Trace:
[   22.531793][  T305]  <TASK>
[   22.534557][  T305]  dump_stack_lvl+0x151/0x1b7
[   22.539105][  T305]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   22.544363][  T305]  ? kern_path+0x147/0x1a0
[   22.548613][  T305]  ? kasan_set_track+0x60/0x70
[   22.553212][  T305]  ? kasan_save_free_info+0x2b/0x40
[   22.558247][  T305]  dump_stack+0x15/0x17
[   22.562238][  T305]  should_fail_ex+0x3d0/0x520
[   22.566756][  T305]  ? jbd2__journal_start+0x150/0x720
[   22.571874][  T305]  __should_failslab+0xaf/0xf0
[   22.576474][  T305]  should_failslab+0x9/0x20
[   22.580813][  T305]  kmem_cache_alloc+0x3b/0x2c0
[   22.585500][  T305]  ? avc_denied+0x1b0/0x1b0
[   22.589851][  T305]  jbd2__journal_start+0x150/0x720
[   22.594789][  T305]  __ext4_journal_start_sb+0x24d/0x4b0
[   22.600084][  T305]  ext4_dirty_inode+0x8f/0x100
[   22.604692][  T305]  ? __ext4_expand_extra_isize+0x420/0x420
[   22.610331][  T305]  __mark_inode_dirty+0x200/0xa60
[   22.615190][  T305]  touch_atime+0x378/0x540
[   22.619444][  T305]  ? current_time+0x2f0/0x2f0
[   22.623957][  T305]  unix_find_other+0x799/0x8e0
[   22.628556][  T305]  ? avc_has_perm+0x16f/0x260
[   22.633071][  T305]  ? unix_insert_bsd_socket+0x250/0x250
[   22.638449][  T305]  unix_dgram_sendmsg+0xc1f/0x2050
[   22.643399][  T305]  ? unix_dgram_poll+0x710/0x710
[   22.648176][  T305]  ? security_socket_sendmsg+0x82/0xb0
[   22.653468][  T305]  ? unix_dgram_poll+0x710/0x710
[   22.658239][  T305]  ____sys_sendmsg+0x5dc/0x9d0
[   22.662843][  T305]  ? __sys_sendmsg_sock+0x40/0x40
[   22.667711][  T305]  __sys_sendmmsg+0x3b9/0x6f0
[   22.672217][  T305]  ? __ia32_sys_sendmsg+0x90/0x90
[   22.677081][  T305]  ? __switch_to+0x62c/0x1190
[   22.681592][  T305]  ? __sched_clock_gtod_offset+0x100/0x100
[   22.687231][  T305]  ? _raw_spin_unlock+0x4c/0x70
[   22.692094][  T305]  ? finish_task_switch+0x167/0x7b0
[   22.697126][  T305]  ? __schedule+0xca1/0x1540
[   22.701555][  T305]  ? __kasan_check_write+0x14/0x20
[   22.706499][  T305]  ? __kasan_check_write+0x14/0x20
[   22.711446][  T305]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   22.716393][  T305]  ? _raw_spin_lock_irqsave+0x210/0x210
[   22.721775][  T305]  ? cgroup_update_frozen+0x15f/0x980
[   22.726987][  T305]  ? memset+0x35/0x40
[   22.730805][  T305]  ? __kasan_check_write+0x14/0x20
[   22.735751][  T305]  ? fpregs_restore_userregs+0x130/0x290
[   22.741224][  T305]  __x64_sys_sendmmsg+0xa0/0xb0
[   22.745908][  T305]  do_syscall_64+0x3d/0xb0
[   22.750160][  T305]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   22.755891][  T305] RIP: 0033:0x7fab497355a9
[   22.760141][  T305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid   305] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   305] exit_group(0)               = ?
[pid   305] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[   22.779586][  T305] RSP: 002b:00007ffca7df4b58 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   22.787836][  T305] RAX: ffffffffffffffda RBX: 00007ffca7df4b80 RCX: 00007fab497355a9
[   22.795644][  T305] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[   22.803455][  T305] RBP: 0000000000000001 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   22.811268][  T305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   22.819076][  T305] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   22.826892][  T305]  </TASK>
unlink("./8/binderfs")                  = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file0")                     = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./8")                            = 0
mkdir("./9", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 307
./strace-static-x86_64: Process 307 attached
[pid   307] set_robust_list(0x555557113660, 24) = 0
[   22.835456][   T19] ==================================================================
[   22.843324][   T19] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[   22.850012][   T19] Read of size 4 at addr ffff888121dc00f4 by task kworker/0:1/19
[   22.857575][   T19] 
[   22.859724][   T19] CPU: 0 PID: 19 Comm: kworker/0:1 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   22.869191][   T19] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   22.879093][   T19] Workqueue: events sk_psock_destroy
[pid   307] chdir("./9")                = 0
[pid   307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   307] setpgid(0, 0)               = 0
[pid   307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   307] write(3, "1000", 4)         = 4
[pid   307] close(3)                    = 0
[pid   307] symlink("/dev/binderfs", "./binderfs") = 0
[pid   307] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[   22.884047][  T309] FAULT_INJECTION: forcing a failure.
[   22.884047][  T309] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   22.884202][   T19] Call Trace:
[   22.884209][   T19]  <TASK>
[   22.903129][   T19]  dump_stack_lvl+0x151/0x1b7
[   22.907643][   T19]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   22.912936][   T19]  ? _printk+0xd1/0x111
[   22.916929][   T19]  ? __virt_addr_valid+0x242/0x2f0
[   22.921874][   T19]  print_report+0x158/0x4e0
[   22.926214][   T19]  ? __virt_addr_valid+0x242/0x2f0
[   22.931164][   T19]  ? kasan_complete_mode_report_info+0x90/0x1b0
[   22.937238][   T19]  ? consume_skb+0x3c/0x250
[   22.941579][   T19]  kasan_report+0x13c/0x170
[   22.945924][   T19]  ? consume_skb+0x3c/0x250
[   22.950261][   T19]  ? __kasan_check_write+0x14/0x20
[   22.955204][   T19]  kasan_check_range+0x294/0x2a0
[   22.959979][   T19]  __kasan_check_read+0x11/0x20
[   22.964669][   T19]  consume_skb+0x3c/0x250
[   22.968836][   T19]  __sk_msg_free+0x2dd/0x370
[   22.973259][   T19]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[   22.978905][   T19]  ? skb_dequeue+0x123/0x160
[   22.983328][   T19]  sk_psock_destroy+0x351/0x810
[   22.988016][   T19]  process_one_work+0x73d/0xcb0
[   22.992705][   T19]  worker_thread+0xa60/0x1260
[   22.997224][   T19]  ? __kasan_check_read+0x11/0x20
[   23.002078][   T19]  kthread+0x26d/0x300
[   23.005985][   T19]  ? worker_clr_flags+0x1a0/0x1a0
[   23.010843][   T19]  ? kthread_blkcg+0xd0/0xd0
[   23.015274][   T19]  ret_from_fork+0x1f/0x30
[   23.019527][   T19]  </TASK>
[   23.022387][   T19] 
[   23.022389][  T309] CPU: 1 PID: 309 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   23.024554][   T19] Allocated by task 304:
[   23.024562][   T19]  kasan_set_track+0x4b/0x70
[   23.034453][  T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   23.038530][   T19]  kasan_save_alloc_info+0x1f/0x30
[   23.042957][  T309] Call Trace:
[   23.042963][  T309]  <TASK>
[   23.052850][   T19]  __kasan_slab_alloc+0x6c/0x80
[   23.057801][  T309]  dump_stack_lvl+0x151/0x1b7
[   23.060927][   T19]  slab_post_alloc_hook+0x53/0x2c0
[   23.063704][  T309]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   23.068390][   T19]  kmem_cache_alloc_node+0x18a/0x2d0
[   23.072903][  T309]  ? yield_to_task_fair+0x190/0x190
[   23.077849][   T19]  __alloc_skb+0xcc/0x2c0
[   23.083150][  T309]  dump_stack+0x15/0x17
[   23.088268][   T19]  alloc_skb_with_frags+0xa6/0x680
[   23.093301][  T309]  should_fail_ex+0x3d0/0x520
[   23.097467][   T19]  sock_alloc_send_pskb+0x915/0xa50
[   23.101460][  T309]  should_fail_alloc_page+0x68/0x90
[   23.106407][   T19]  unix_dgram_sendmsg+0x5b1/0x2050
[   23.110925][  T309]  __alloc_pages+0x1f4/0x780
[   23.115956][   T19]  ____sys_sendmsg+0x5dc/0x9d0
[   23.120996][  T309]  ? prep_new_page+0x110/0x110
[   23.125936][   T19]  __sys_sendmmsg+0x3b9/0x6f0
[   23.130366][  T309]  ? __this_cpu_preempt_check+0x13/0x20
[   23.134966][   T19]  __x64_sys_sendmmsg+0xa0/0xb0
[   23.139565][  T309]  __folio_alloc+0x15/0x40
[   23.144082][   T19]  do_syscall_64+0x3d/0xb0
[   23.149459][  T309]  wp_page_copy+0x23c/0x1610
[   23.154148][   T19]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   23.158402][  T309]  ? __switch_to+0x62c/0x1190
[   23.162661][   T19] 
[   23.162665][   T19] Freed by task 19:
[   23.167084][  T309]  ? compat_start_thread+0x20/0x20
[   23.172809][   T19]  kasan_set_track+0x4b/0x70
[   23.177327][  T309]  ? fault_dirty_shared_page+0x300/0x300
[   23.179491][   T19]  kasan_save_free_info+0x2b/0x40
[   23.183138][  T309]  ? native_set_ldt+0x130/0x130
[   23.188085][   T19]  ____kasan_slab_free+0x131/0x180
[   23.192520][  T309]  do_wp_page+0xbbf/0xd80
[   23.197979][   T19]  __kasan_slab_free+0x11/0x20
[   23.203017][  T309]  handle_mm_fault+0x15a2/0x2f40
[   23.207704][   T19]  kmem_cache_free+0x291/0x510
[   23.212656][  T309]  ? numa_migrate_prep+0xe0/0xe0
[   23.216820][   T19]  kfree_skbmem+0x104/0x170
[   23.221420][  T309]  ? lock_vma_under_rcu+0x47a/0x540
[   23.226193][   T19]  kfree_skb_reason+0xdb/0x250
[   23.230797][  T309]  ? __kasan_check_write+0x14/0x20
[   23.235567][   T19]  sk_psock_destroy+0x143/0x810
[   23.239903][  T309]  ? fpregs_restore_userregs+0x130/0x290
[   23.244939][   T19]  process_one_work+0x73d/0xcb0
[   23.249541][  T309]  exc_page_fault+0x3a6/0x6e0
[   23.254485][   T19]  worker_thread+0xa60/0x1260
[   23.259175][  T309]  asm_exc_page_fault+0x27/0x30
[   23.264645][   T19]  kthread+0x26d/0x300
[   23.269331][  T309] RIP: 0033:0x7fab4970b4f0
[   23.273844][   T19]  ret_from_fork+0x1f/0x30
[   23.278359][  T309] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   23.283057][   T19] 
[   23.283062][   T19] The buggy address belongs to the object at ffff888121dc0000
[   23.283062][   T19]  which belongs to the cache skbuff_head_cache of size 256
[   23.286948][  T309] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   23.291204][   T19] The buggy address is located 244 bytes inside of
[   23.291204][   T19]  256-byte region [ffff888121dc0000, ffff888121dc0100)
[   23.295458][  T309] 
[   23.295463][  T309] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   23.314899][   T19] 
[   23.314903][   T19] The buggy address belongs to the physical page:
[   23.317070][  T309] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   23.331565][   T19] page:ffffea0004877000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121dc0
[   23.337471][  T309] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   23.350575][   T19] flags: 0x4000000000000200(slab|zone=1)
[   23.352743][  T309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   23.360560][   T19] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100232a80
[   23.362725][  T309] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   23.368979][   T19] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   23.376789][  T309]  </TASK>
[   23.386855][   T19] page dumped because: kasan: bad access detected
[   23.398820][  T309] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   23.400139][   T19] page_owner tracks the page as allocated
[   23.400145][   T19] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 290, tgid 290 (sshd), ts 22473276328, free_ts 22473263972
[   23.472362][   T19]  post_alloc_hook+0x213/0x220
[   23.476967][   T19]  prep_new_page+0x1b/0x110
[   23.478806][  T313] FAULT_INJECTION: forcing a failure.
[   23.478806][  T313] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   23.481293][   T19]  get_page_from_freelist+0x2762/0x27f0
[   23.481316][   T19]  __alloc_pages+0x3a1/0x780
[   23.481333][   T19]  new_slab+0xce/0x4c0
[   23.481351][   T19]  ___slab_alloc+0x6f9/0xb80
[   23.494667][  T313] CPU: 1 PID: 313 Comm: syz-executor529 Not tainted 6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   23.499693][   T19]  __slab_alloc+0x5d/0xa0
[   23.504119][  T313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   23.508028][   T19]  kmem_cache_alloc+0x1b9/0x2c0
[   23.512456][  T313] Call Trace:
[   23.512461][  T313]  <TASK>
[   23.522348][   T19]  skb_clone+0x1f8/0x380
[   23.526515][  T313]  dump_stack_lvl+0x151/0x1b7
[   23.536411][   T19]  dev_queue_xmit_nit+0x248/0xa90
[   23.541101][  T313]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   23.544219][   T19]  dev_hard_start_xmit+0x140/0x630
[   23.547002][  T313]  ? yield_to_task_fair+0x190/0x190
[   23.551077][   T19]  sch_direct_xmit+0x298/0x9b0
[   23.555594][  T313]  dump_stack+0x15/0x17
[   23.560454][   T19]  __dev_queue_xmit+0x17df/0x3660
[   23.565749][  T313]  should_fail_ex+0x3d0/0x520
[   23.570701][   T19]  ip_finish_output2+0xb60/0xf90
[   23.575733][  T313]  should_fail_alloc_page+0x68/0x90
[   23.580329][   T19]  __ip_finish_output+0x162/0x370
[   23.584322][  T313]  __alloc_pages+0x1f4/0x780
[   23.589184][   T19]  ip_finish_output+0x31/0x2a0
[   23.593702][  T313]  ? prep_new_page+0x110/0x110
[   23.598473][   T19] page last free stack trace:
[   23.598478][   T19]  free_unref_page_prepare+0x83d/0x850
[   23.603596][  T313]  ? __this_cpu_preempt_check+0x13/0x20
[   23.608455][   T19]  free_unref_page+0x8d/0x480
[   23.612887][  T313]  __folio_alloc+0x15/0x40
[   23.617480][   T19]  free_the_page+0x13/0x20
[   23.622082][  T313]  wp_page_copy+0x23c/0x1610
[   23.626596][   T19]  page_frag_free+0x108/0x120
[   23.631995][  T313]  ? __switch_to+0x62c/0x1190
[   23.637370][   T19]  skb_release_data+0x6ba/0x840
[   23.641888][  T313]  ? compat_start_thread+0x20/0x20
[   23.646138][   T19]  __kfree_skb+0x50/0x70
[   23.650389][  T313]  ? fault_dirty_shared_page+0x300/0x300
[   23.654816][   T19]  tcp_rcv_established+0xe39/0x1c60
[   23.659332][  T313]  ? native_set_ldt+0x130/0x130
[   23.663844][   T19]  tcp_v4_do_rcv+0x430/0xa20
[   23.668536][  T313]  do_wp_page+0xbbf/0xd80
[   23.673475][   T19]  __release_sock+0x145/0x410
[   23.677562][  T313]  handle_mm_fault+0x15a2/0x2f40
[   23.683026][   T19]  release_sock+0x65/0x1b0
[   23.688068][  T313]  ? numa_migrate_prep+0xe0/0xe0
[   23.692748][   T19]  tcp_sendmsg+0x3a/0x50
[   23.697176][  T313]  ? lock_vma_under_rcu+0x47a/0x540
[   23.701339][   T19]  inet_sendmsg+0xa1/0xc0
[   23.705860][  T313]  ? __kasan_check_write+0x14/0x20
[   23.710627][   T19]  sock_write_iter+0x394/0x4e0
[   23.714885][  T313]  ? fpregs_restore_userregs+0x130/0x290
[   23.719743][   T19]  vfs_write+0x902/0xeb0
[   23.723825][  T313]  exc_page_fault+0x3a6/0x6e0
[   23.728857][   T19]  ksys_write+0x199/0x2c0
[   23.733034][  T313]  asm_exc_page_fault+0x27/0x30
[   23.737968][   T19]  __x64_sys_write+0x7b/0x90
[   23.742573][  T313] RIP: 0033:0x7fab4970b4f0
[   23.748038][   T19] 
[   23.748042][   T19] Memory state around the buggy address:
[pid   307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   307] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   307] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   307] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   307] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   307] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   307] write(6, "7", 1)            = 1
[pid   307] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   307] exit_group(0)               = ?
[pid   307] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs")                  = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file0")                     = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./9")                            = 0
mkdir("./10", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 308
./strace-static-x86_64: Process 308 attached
[pid   308] set_robust_list(0x555557113660, 24) = 0
[pid   308] chdir("./10")               = 0
[pid   308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   308] setpgid(0, 0)               = 0
[pid   308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   308] write(3, "1000", 4)         = 4
[pid   308] close(3)                    = 0
[pid   308] symlink("/dev/binderfs", "./binderfs") = 0
[pid   308] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   308] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   308] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   308] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   308] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   308] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   308] write(6, "7", 1)            = 1
[pid   308] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   308] exit_group(0)               = ?
[pid   308] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs")                 = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./10")                           = 0
mkdir("./11", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 309
./strace-static-x86_64: Process 309 attached
[pid   309] set_robust_list(0x555557113660, 24) = 0
[pid   309] chdir("./11")               = 0
[pid   309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   309] setpgid(0, 0)               = 0
[pid   309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   309] write(3, "1000", 4)         = 4
[pid   309] close(3)                    = 0
[pid   309] symlink("/dev/binderfs", "./binderfs") = 0
[pid   309] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   309] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   309] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   309] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   309] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   309] write(6, "7", 1)            = 1
[pid   309] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   309] exit_group(0)               = ?
[pid   309] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=14} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs")                 = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./11")                           = 0
mkdir("./12", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 310
./strace-static-x86_64: Process 310 attached
[pid   310] set_robust_list(0x555557113660, 24) = 0
[pid   310] chdir("./12")               = 0
[pid   310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   310] setpgid(0, 0)               = 0
[pid   310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   310] write(3, "1000", 4)         = 4
[pid   310] close(3)                    = 0
[pid   310] symlink("/dev/binderfs", "./binderfs") = 0
[pid   310] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   310] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   310] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   310] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   310] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   310] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   310] write(6, "7", 1)            = 1
[pid   310] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   310] exit_group(0)               = ?
[pid   310] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs")                 = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./12")                           = 0
mkdir("./13", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 313
./strace-static-x86_64: Process 313 attached
[pid   313] set_robust_list(0x555557113660, 24) = 0
[pid   313] chdir("./13")               = 0
[pid   313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   313] setpgid(0, 0)               = 0
[pid   313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   313] write(3, "1000", 4)         = 4
[pid   313] close(3)                    = 0
[pid   313] symlink("/dev/binderfs", "./binderfs") = 0
[pid   313] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   313] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   313] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   313] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   313] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   313] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   313] write(6, "7", 1)            = 1
[pid   313] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   23.752120][  T313] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   23.756635][   T19]  ffff888121dbff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.760796][  T313] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   23.765487][   T19]  ffff888121dc0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.769911][  T313] 
[   23.769916][  T313] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   23.774168][   T19] >ffff888121dc0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[pid   313] exit_group(0)               = ?
[pid   313] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs")                 = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./13")                           = 0
mkdir("./14", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 315
./strace-static-x86_64: Process 315 attached
[pid   315] set_robust_list(0x555557113660, 24) = 0
[pid   315] chdir("./14")               = 0
[pid   315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   315] setpgid(0, 0)               = 0
[pid   315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   315] write(3, "1000", 4)         = 4
[pid   315] close(3)                    = 0
[pid   315] symlink("/dev/binderfs", "./binderfs") = 0
[pid   315] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   315] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   315] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   315] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   315] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   315] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   315] write(6, "7", 1)            = 1
[pid   315] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   23.776331][  T313] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   23.781802][   T19]                                                              ^
[   23.781810][   T19]  ffff888121dc0100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   23.801249][  T313] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   23.809146][   T19]  ffff888121dc0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.815046][  T313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   23.822945][   T19] ==================================================================
[   23.823649][   T19] Disabling lock debugging due to kernel taint
[   23.825114][  T313] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   23.825131][  T313]  </TASK>
[   23.848672][  T313] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   23.871078][  T315] FAULT_INJECTION: forcing a failure.
[   23.871078][  T315] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   23.932592][  T315] CPU: 1 PID: 315 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   23.943863][  T315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   23.953752][  T315] Call Trace:
[   23.956875][  T315]  <TASK>
[   23.959655][  T315]  dump_stack_lvl+0x151/0x1b7
[   23.964168][  T315]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   23.969466][  T315]  ? yield_to_task_fair+0x190/0x190
[   23.974496][  T315]  dump_stack+0x15/0x17
[   23.978613][  T315]  should_fail_ex+0x3d0/0x520
[   23.983244][  T315]  should_fail_alloc_page+0x68/0x90
[   23.988363][  T315]  __alloc_pages+0x1f4/0x780
[   23.992792][  T315]  ? prep_new_page+0x110/0x110
[   23.997391][  T315]  ? __this_cpu_preempt_check+0x13/0x20
[   24.002773][  T315]  __folio_alloc+0x15/0x40
[   24.007547][  T315]  wp_page_copy+0x23c/0x1610
[   24.011975][  T315]  ? __switch_to+0x62c/0x1190
[   24.016484][  T315]  ? compat_start_thread+0x20/0x20
[   24.021443][  T315]  ? fault_dirty_shared_page+0x300/0x300
[   24.026904][  T315]  ? native_set_ldt+0x130/0x130
[   24.031589][  T315]  do_wp_page+0xbbf/0xd80
[   24.035759][  T315]  handle_mm_fault+0x15a2/0x2f40
[   24.040619][  T315]  ? numa_migrate_prep+0xe0/0xe0
[   24.045387][  T315]  ? lock_vma_under_rcu+0x47a/0x540
[   24.050429][  T315]  ? __kasan_check_write+0x14/0x20
[   24.055372][  T315]  ? fpregs_restore_userregs+0x130/0x290
[   24.060846][  T315]  exc_page_fault+0x3a6/0x6e0
[   24.065357][  T315]  asm_exc_page_fault+0x27/0x30
[   24.070041][  T315] RIP: 0033:0x7fab4970b4f0
[   24.074292][  T315] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   24.093821][  T315] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   24.099723][  T315] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   24.107545][  T315] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   24.115347][  T315] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   24.123160][  T315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   24.130979][  T315] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   24.138789][  T315]  </TASK>
[pid   315] exit_group(0)               = ?
[pid   315] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs")                 = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./14")                           = 0
mkdir("./15", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 318
./strace-static-x86_64: Process 318 attached
[pid   318] set_robust_list(0x555557113660, 24) = 0
[pid   318] chdir("./15")               = 0
[pid   318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   318] setpgid(0, 0)               = 0
[pid   318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   318] write(3, "1000", 4)         = 4
[pid   318] close(3)                    = 0
[pid   318] symlink("/dev/binderfs", "./binderfs") = 0
[pid   318] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   318] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   318] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   318] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   318] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   318] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   318] write(6, "7", 1)            = 1
[pid   318] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   24.142594][  T315] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   24.167161][  T318] FAULT_INJECTION: forcing a failure.
[   24.167161][  T318] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   24.180325][  T318] CPU: 1 PID: 318 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   24.191679][  T318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   24.201577][  T318] Call Trace:
[   24.204702][  T318]  <TASK>
[   24.207475][  T318]  dump_stack_lvl+0x151/0x1b7
[   24.211992][  T318]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   24.217287][  T318]  dump_stack+0x15/0x17
[   24.221279][  T318]  should_fail_ex+0x3d0/0x520
[   24.225792][  T318]  should_fail_alloc_page+0x68/0x90
[   24.230825][  T318]  __alloc_pages+0x1f4/0x780
[   24.235255][  T318]  ? prep_new_page+0x110/0x110
[   24.239852][  T318]  ? __this_cpu_preempt_check+0x13/0x20
[   24.245235][  T318]  __folio_alloc+0x15/0x40
[   24.249490][  T318]  wp_page_copy+0x23c/0x1610
[   24.253919][  T318]  ? __switch_to+0x62c/0x1190
[   24.258446][  T318]  ? compat_start_thread+0x20/0x20
[   24.263374][  T318]  ? fault_dirty_shared_page+0x300/0x300
[   24.268859][  T318]  do_wp_page+0xbbf/0xd80
[   24.273012][  T318]  handle_mm_fault+0x15a2/0x2f40
[   24.277785][  T318]  ? numa_migrate_prep+0xe0/0xe0
[   24.282558][  T318]  ? lock_vma_under_rcu+0x47a/0x540
[   24.287593][  T318]  ? __kasan_check_write+0x14/0x20
[   24.292625][  T318]  ? fpregs_restore_userregs+0x130/0x290
[   24.298095][  T318]  exc_page_fault+0x3a6/0x6e0
[   24.302608][  T318]  asm_exc_page_fault+0x27/0x30
[   24.307293][  T318] RIP: 0033:0x7fab4970b4f0
[   24.311549][  T318] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   24.330993][  T318] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   24.336891][  T318] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid   318] exit_group(0)               = ?
[pid   318] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs")                 = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./15")                           = 0
mkdir("./16", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 319 attached
, child_tidptr=0x555557113650) = 319
[pid   319] set_robust_list(0x555557113660, 24) = 0
[pid   319] chdir("./16")               = 0
[pid   319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   319] setpgid(0, 0)               = 0
[pid   319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   319] write(3, "1000", 4)         = 4
[pid   319] close(3)                    = 0
[pid   319] symlink("/dev/binderfs", "./binderfs") = 0
[pid   319] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   319] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   319] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   319] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   319] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   319] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   319] write(6, "7", 1)            = 1
[pid   319] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   24.344712][  T318] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   24.352516][  T318] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   24.360332][  T318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   24.368140][  T318] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   24.375955][  T318]  </TASK>
[   24.378960][  T318] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   24.401016][  T319] FAULT_INJECTION: forcing a failure.
[   24.401016][  T319] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   24.414141][  T319] CPU: 0 PID: 319 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   24.425434][  T319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   24.435331][  T319] Call Trace:
[   24.438456][  T319]  <TASK>
[   24.441233][  T319]  dump_stack_lvl+0x151/0x1b7
[   24.445746][  T319]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   24.451040][  T319]  ? yield_to_task_fair+0x190/0x190
[   24.456075][  T319]  dump_stack+0x15/0x17
[   24.460068][  T319]  should_fail_ex+0x3d0/0x520
[   24.464582][  T319]  should_fail_alloc_page+0x68/0x90
[   24.469620][  T319]  __alloc_pages+0x1f4/0x780
[   24.474044][  T319]  ? prep_new_page+0x110/0x110
[   24.478644][  T319]  ? __this_cpu_preempt_check+0x13/0x20
[   24.484028][  T319]  __folio_alloc+0x15/0x40
[   24.488279][  T319]  wp_page_copy+0x23c/0x1610
[   24.492704][  T319]  ? __switch_to+0x62c/0x1190
[   24.497218][  T319]  ? compat_start_thread+0x20/0x20
[   24.502165][  T319]  ? fault_dirty_shared_page+0x300/0x300
[   24.507635][  T319]  ? native_set_ldt+0x130/0x130
[   24.512323][  T319]  do_wp_page+0xbbf/0xd80
[   24.516488][  T319]  handle_mm_fault+0x15a2/0x2f40
[   24.521271][  T319]  ? numa_migrate_prep+0xe0/0xe0
[   24.526036][  T319]  ? lock_vma_under_rcu+0x47a/0x540
[   24.531073][  T319]  ? __kasan_check_write+0x14/0x20
[   24.536017][  T319]  ? fpregs_restore_userregs+0x130/0x290
[   24.541485][  T319]  exc_page_fault+0x3a6/0x6e0
[   24.546000][  T319]  asm_exc_page_fault+0x27/0x30
[   24.550686][  T319] RIP: 0033:0x7fab4970b4f0
[   24.554939][  T319] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   24.574382][  T319] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   24.580284][  T319] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   24.588097][  T319] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid   319] exit_group(0)               = ?
[pid   319] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs")                 = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./16")                           = 0
mkdir("./17", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 320
./strace-static-x86_64: Process 320 attached
[pid   320] set_robust_list(0x555557113660, 24) = 0
[pid   320] chdir("./17")               = 0
[pid   320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   320] setpgid(0, 0)               = 0
[pid   320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   320] write(3, "1000", 4)         = 4
[pid   320] close(3)                    = 0
[pid   320] symlink("/dev/binderfs", "./binderfs") = 0
[pid   320] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   320] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   320] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   320] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   320] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   320] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   320] write(6, "7", 1)            = 1
[pid   320] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   24.595912][  T319] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   24.603721][  T319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   24.611534][  T319] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   24.619347][  T319]  </TASK>
[   24.622267][  T319] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   24.641426][  T320] FAULT_INJECTION: forcing a failure.
[   24.641426][  T320] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   24.654589][  T320] CPU: 0 PID: 320 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   24.665935][  T320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   24.675831][  T320] Call Trace:
[   24.678949][  T320]  <TASK>
[   24.681733][  T320]  dump_stack_lvl+0x151/0x1b7
[   24.686241][  T320]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   24.691536][  T320]  ? unix_dgram_poll+0x710/0x710
[   24.696311][  T320]  dump_stack+0x15/0x17
[   24.700307][  T320]  should_fail_ex+0x3d0/0x520
[   24.704815][  T320]  should_fail_alloc_page+0x68/0x90
[   24.709849][  T320]  __alloc_pages+0x1f4/0x780
[   24.714278][  T320]  ? prep_new_page+0x110/0x110
[   24.718887][  T320]  ? __this_cpu_preempt_check+0x13/0x20
[   24.724258][  T320]  __folio_alloc+0x15/0x40
[   24.728513][  T320]  wp_page_copy+0x23c/0x1610
[   24.733039][  T320]  ? __switch_to+0x62c/0x1190
[   24.737545][  T320]  ? compat_start_thread+0x20/0x20
[   24.742492][  T320]  ? fault_dirty_shared_page+0x300/0x300
[   24.747961][  T320]  ? native_set_ldt+0x130/0x130
[   24.752650][  T320]  do_wp_page+0xbbf/0xd80
[   24.756819][  T320]  handle_mm_fault+0x15a2/0x2f40
[   24.761597][  T320]  ? numa_migrate_prep+0xe0/0xe0
[   24.766364][  T320]  ? lock_vma_under_rcu+0x47a/0x540
[   24.771397][  T320]  ? __kasan_check_write+0x14/0x20
[   24.776341][  T320]  ? fpregs_restore_userregs+0x130/0x290
[   24.781813][  T320]  exc_page_fault+0x3a6/0x6e0
[   24.786351][  T320]  asm_exc_page_fault+0x27/0x30
[   24.791011][  T320] RIP: 0033:0x7fab4970b4f0
[   24.795276][  T320] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   24.814708][  T320] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   24.820629][  T320] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   24.828423][  T320] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   24.836233][  T320] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   24.844046][  T320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid   320] exit_group(0)               = ?
[pid   320] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs")                 = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./17")                           = 0
mkdir("./18", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 322 attached
, child_tidptr=0x555557113650) = 322
[pid   322] set_robust_list(0x555557113660, 24) = 0
[pid   322] chdir("./18")               = 0
[pid   322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   322] setpgid(0, 0)               = 0
[pid   322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   322] write(3, "1000", 4)         = 4
[pid   322] close(3)                    = 0
[pid   322] symlink("/dev/binderfs", "./binderfs") = 0
[pid   322] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   322] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   322] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   322] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   322] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   322] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   322] write(6, "7", 1)            = 1
[pid   322] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   24.851858][  T320] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   24.859676][  T320]  </TASK>
[   24.878455][  T322] FAULT_INJECTION: forcing a failure.
[   24.878455][  T322] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   24.891582][  T322] CPU: 0 PID: 322 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   24.902822][  T322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   24.912719][  T322] Call Trace:
[   24.915841][  T322]  <TASK>
[   24.918633][  T322]  dump_stack_lvl+0x151/0x1b7
[   24.923135][  T322]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   24.928429][  T322]  ? __sched_clock_gtod_offset+0x100/0x100
[   24.934130][  T322]  dump_stack+0x15/0x17
[   24.938064][  T322]  should_fail_ex+0x3d0/0x520
[   24.942577][  T322]  should_fail_alloc_page+0x68/0x90
[   24.947613][  T322]  __alloc_pages+0x1f4/0x780
[   24.952039][  T322]  ? prep_new_page+0x110/0x110
[   24.956642][  T322]  ? __this_cpu_preempt_check+0x13/0x20
[   24.962032][  T322]  __folio_alloc+0x15/0x40
[   24.966275][  T322]  wp_page_copy+0x23c/0x1610
[   24.970700][  T322]  ? __switch_to+0x62c/0x1190
[   24.975217][  T322]  ? compat_start_thread+0x20/0x20
[   24.980162][  T322]  ? fault_dirty_shared_page+0x300/0x300
[   24.985635][  T322]  do_wp_page+0xbbf/0xd80
[   24.989800][  T322]  handle_mm_fault+0x15a2/0x2f40
[   24.994576][  T322]  ? numa_migrate_prep+0xe0/0xe0
[   24.999348][  T322]  ? lock_vma_under_rcu+0x47a/0x540
[   25.004382][  T322]  ? __kasan_check_write+0x14/0x20
[   25.009325][  T322]  ? fpregs_restore_userregs+0x130/0x290
[   25.014795][  T322]  exc_page_fault+0x3a6/0x6e0
[   25.019308][  T322]  asm_exc_page_fault+0x27/0x30
[   25.023996][  T322] RIP: 0033:0x7fab4970b4f0
[   25.028248][  T322] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   25.047785][  T322] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid   322] exit_group(0)               = ?
[pid   322] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs")                 = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./18")                           = 0
mkdir("./19", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 323
./strace-static-x86_64: Process 323 attached
[pid   323] set_robust_list(0x555557113660, 24) = 0
[pid   323] chdir("./19")               = 0
[pid   323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   323] setpgid(0, 0)               = 0
[pid   323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   323] write(3, "1000", 4)         = 4
[pid   323] close(3)                    = 0
[pid   323] symlink("/dev/binderfs", "./binderfs") = 0
[pid   323] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   323] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   323] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   323] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   323] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   323] write(6, "7", 1)            = 1
[pid   323] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   323] exit_group(0)               = ?
[pid   323] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs")                 = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./19")                           = 0
mkdir("./20", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 324
./strace-static-x86_64: Process 324 attached
[pid   324] set_robust_list(0x555557113660, 24) = 0
[pid   324] chdir("./20")               = 0
[pid   324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   324] setpgid(0, 0)               = 0
[pid   324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   324] write(3, "1000", 4)         = 4
[pid   324] close(3)                    = 0
[pid   324] symlink("/dev/binderfs", "./binderfs") = 0
[pid   324] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   324] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   324] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   324] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   324] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   324] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   324] write(6, "7", 1)            = 1
[pid   324] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   25.053687][  T322] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   25.061498][  T322] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   25.069310][  T322] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   25.077123][  T322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   25.084936][  T322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.092749][  T322]  </TASK>
[   25.110840][  T324] FAULT_INJECTION: forcing a failure.
[   25.110840][  T324] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   25.124050][  T324] CPU: 0 PID: 324 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   25.135325][  T324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   25.145314][  T324] Call Trace:
[   25.148439][  T324]  <TASK>
[   25.151218][  T324]  dump_stack_lvl+0x151/0x1b7
[   25.155731][  T324]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.161027][  T324]  ? yield_to_task_fair+0x190/0x190
[   25.166062][  T324]  dump_stack+0x15/0x17
[   25.170052][  T324]  should_fail_ex+0x3d0/0x520
[   25.174565][  T324]  should_fail_alloc_page+0x68/0x90
[   25.179603][  T324]  __alloc_pages+0x1f4/0x780
[   25.184034][  T324]  ? prep_new_page+0x110/0x110
[   25.188629][  T324]  ? __this_cpu_preempt_check+0x13/0x20
[   25.194008][  T324]  __folio_alloc+0x15/0x40
[   25.198266][  T324]  wp_page_copy+0x23c/0x1610
[   25.202691][  T324]  ? __switch_to+0x62c/0x1190
[   25.207205][  T324]  ? compat_start_thread+0x20/0x20
[   25.212154][  T324]  ? fault_dirty_shared_page+0x300/0x300
[   25.217621][  T324]  do_wp_page+0xbbf/0xd80
[   25.221788][  T324]  handle_mm_fault+0x15a2/0x2f40
[   25.226562][  T324]  ? numa_migrate_prep+0xe0/0xe0
[   25.231332][  T324]  ? lock_vma_under_rcu+0x47a/0x540
[   25.236369][  T324]  ? __kasan_check_write+0x14/0x20
[   25.241315][  T324]  ? fpregs_restore_userregs+0x130/0x290
[   25.246788][  T324]  exc_page_fault+0x3a6/0x6e0
[   25.251299][  T324]  asm_exc_page_fault+0x27/0x30
[   25.255984][  T324] RIP: 0033:0x7fab4970b4f0
[   25.260237][  T324] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   25.279678][  T324] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   25.285580][  T324] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   25.293397][  T324] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   25.301205][  T324] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid   324] exit_group(0)               = ?
[pid   324] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs")                 = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./20")                           = 0
mkdir("./21", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 325
./strace-static-x86_64: Process 325 attached
[pid   325] set_robust_list(0x555557113660, 24) = 0
[pid   325] chdir("./21")               = 0
[pid   325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   325] setpgid(0, 0)               = 0
[pid   325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   325] write(3, "1000", 4)         = 4
[pid   325] close(3)                    = 0
[pid   325] symlink("/dev/binderfs", "./binderfs") = 0
[pid   325] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   325] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   325] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   325] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   325] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   325] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   325] write(6, "7", 1)            = 1
[pid   325] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   25.309017][  T324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   25.316828][  T324] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.324644][  T324]  </TASK>
[   25.339157][  T325] FAULT_INJECTION: forcing a failure.
[   25.339157][  T325] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   25.352400][  T325] CPU: 1 PID: 325 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   25.363758][  T325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   25.373650][  T325] Call Trace:
[   25.376772][  T325]  <TASK>
[   25.379549][  T325]  dump_stack_lvl+0x151/0x1b7
[   25.384063][  T325]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.389360][  T325]  dump_stack+0x15/0x17
[   25.393350][  T325]  should_fail_ex+0x3d0/0x520
[   25.397864][  T325]  should_fail_alloc_page+0x68/0x90
[   25.402896][  T325]  __alloc_pages+0x1f4/0x780
[   25.407326][  T325]  ? prep_new_page+0x110/0x110
[   25.411928][  T325]  ? __this_cpu_preempt_check+0x13/0x20
[   25.417307][  T325]  __folio_alloc+0x15/0x40
[   25.421560][  T325]  wp_page_copy+0x23c/0x1610
[   25.425993][  T325]  ? __switch_to+0x62c/0x1190
[   25.430591][  T325]  ? compat_start_thread+0x20/0x20
[   25.435538][  T325]  ? fault_dirty_shared_page+0x300/0x300
[   25.441006][  T325]  do_wp_page+0xbbf/0xd80
[   25.445196][  T325]  handle_mm_fault+0x15a2/0x2f40
[   25.449946][  T325]  ? numa_migrate_prep+0xe0/0xe0
[   25.454717][  T325]  ? lock_vma_under_rcu+0x47a/0x540
[   25.459752][  T325]  ? __kasan_check_write+0x14/0x20
[   25.464698][  T325]  ? fpregs_restore_userregs+0x130/0x290
[   25.470262][  T325]  exc_page_fault+0x3a6/0x6e0
[   25.474769][  T325]  asm_exc_page_fault+0x27/0x30
[   25.479457][  T325] RIP: 0033:0x7fab4970b4f0
[   25.483711][  T325] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   25.503152][  T325] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid   325] exit_group(0)               = ?
[pid   325] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs")                 = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./21")                           = 0
mkdir("./22", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 326
./strace-static-x86_64: Process 326 attached
[pid   326] set_robust_list(0x555557113660, 24) = 0
[pid   326] chdir("./22")               = 0
[pid   326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   326] setpgid(0, 0)               = 0
[pid   326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   326] write(3, "1000", 4)         = 4
[pid   326] close(3)                    = 0
[pid   326] symlink("/dev/binderfs", "./binderfs") = 0
[pid   326] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   326] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   326] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   326] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   326] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   326] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   326] write(6, "7", 1)            = 1
[pid   326] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   25.509064][  T325] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   25.516871][  T325] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   25.524678][  T325] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   25.532488][  T325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   25.540302][  T325] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.548114][  T325]  </TASK>
[   25.560707][  T326] FAULT_INJECTION: forcing a failure.
[   25.560707][  T326] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   25.573785][  T326] CPU: 0 PID: 326 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   25.585075][  T326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   25.594971][  T326] Call Trace:
[   25.598104][  T326]  <TASK>
[   25.600920][  T326]  dump_stack_lvl+0x151/0x1b7
[   25.605387][  T326]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.610685][  T326]  dump_stack+0x15/0x17
[   25.614674][  T326]  should_fail_ex+0x3d0/0x520
[   25.619190][  T326]  should_fail_alloc_page+0x68/0x90
[   25.624226][  T326]  __alloc_pages+0x1f4/0x780
[   25.628651][  T326]  ? prep_new_page+0x110/0x110
[   25.633253][  T326]  ? __this_cpu_preempt_check+0x13/0x20
[   25.638633][  T326]  __folio_alloc+0x15/0x40
[   25.642886][  T326]  wp_page_copy+0x23c/0x1610
[   25.647312][  T326]  ? __switch_to+0x62c/0x1190
[   25.651829][  T326]  ? compat_start_thread+0x20/0x20
[   25.656775][  T326]  ? fault_dirty_shared_page+0x300/0x300
[   25.662245][  T326]  do_wp_page+0xbbf/0xd80
[   25.666408][  T326]  handle_mm_fault+0x15a2/0x2f40
[   25.671186][  T326]  ? numa_migrate_prep+0xe0/0xe0
[   25.675959][  T326]  ? lock_vma_under_rcu+0x47a/0x540
[   25.681004][  T326]  ? __kasan_check_write+0x14/0x20
[   25.685942][  T326]  ? fpregs_restore_userregs+0x130/0x290
[   25.691417][  T326]  exc_page_fault+0x3a6/0x6e0
[   25.695927][  T326]  asm_exc_page_fault+0x27/0x30
[   25.700606][  T326] RIP: 0033:0x7fab4970b4f0
[   25.705036][  T326] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   25.724478][  T326] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   25.730378][  T326] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   25.738191][  T326] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   25.746003][  T326] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   25.753814][  T326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid   326] exit_group(0)               = ?
[pid   326] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs")                 = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./22")                           = 0
mkdir("./23", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 327 attached
 <unfinished ...>
[pid   327] set_robust_list(0x555557113660, 24) = 0
[pid   327] chdir("./23")               = 0
[pid   327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   327] setpgid(0, 0)               = 0
[pid   327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] <... clone resumed>, child_tidptr=0x555557113650) = 327
[pid   327] <... openat resumed>)       = 3
[pid   327] write(3, "1000", 4)         = 4
[pid   327] close(3)                    = 0
[pid   327] symlink("/dev/binderfs", "./binderfs") = 0
[pid   327] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   327] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   327] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   327] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   327] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   327] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   327] write(6, "7", 1)            = 1
[pid   327] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   25.761632][  T326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.769530][  T326]  </TASK>
[   25.780534][  T327] FAULT_INJECTION: forcing a failure.
[   25.780534][  T327] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   25.793625][  T327] CPU: 0 PID: 327 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   25.804921][  T327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   25.814816][  T327] Call Trace:
[   25.817938][  T327]  <TASK>
[   25.820718][  T327]  dump_stack_lvl+0x151/0x1b7
[   25.825235][  T327]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.830525][  T327]  dump_stack+0x15/0x17
[   25.834512][  T327]  should_fail_ex+0x3d0/0x520
[   25.839028][  T327]  should_fail_alloc_page+0x68/0x90
[   25.844083][  T327]  __alloc_pages+0x1f4/0x780
[   25.848489][  T327]  ? prep_new_page+0x110/0x110
[   25.853089][  T327]  ? __this_cpu_preempt_check+0x13/0x20
[   25.858470][  T327]  __folio_alloc+0x15/0x40
[   25.862730][  T327]  wp_page_copy+0x23c/0x1610
[   25.867148][  T327]  ? __switch_to+0x62c/0x1190
[   25.871666][  T327]  ? compat_start_thread+0x20/0x20
[   25.876616][  T327]  ? fault_dirty_shared_page+0x300/0x300
[   25.882082][  T327]  do_wp_page+0xbbf/0xd80
[   25.886245][  T327]  handle_mm_fault+0x15a2/0x2f40
[   25.891030][  T327]  ? numa_migrate_prep+0xe0/0xe0
[   25.895818][  T327]  ? lock_vma_under_rcu+0x47a/0x540
[   25.900833][  T327]  ? __kasan_check_write+0x14/0x20
[   25.905774][  T327]  ? fpregs_restore_userregs+0x130/0x290
[   25.911242][  T327]  exc_page_fault+0x3a6/0x6e0
[   25.915759][  T327]  asm_exc_page_fault+0x27/0x30
[   25.920444][  T327] RIP: 0033:0x7fab4970b4f0
[   25.924696][  T327] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   25.944141][  T327] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   25.950041][  T327] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid   327] exit_group(0)               = ?
[pid   327] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs")                 = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./23")                           = 0
mkdir("./24", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 329
./strace-static-x86_64: Process 329 attached
[pid   329] set_robust_list(0x555557113660, 24) = 0
[pid   329] chdir("./24")               = 0
[pid   329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   329] setpgid(0, 0)               = 0
[pid   329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   329] write(3, "1000", 4)         = 4
[pid   329] close(3)                    = 0
[pid   329] symlink("/dev/binderfs", "./binderfs") = 0
[pid   329] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   329] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   329] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   329] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   329] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   329] write(6, "7", 1)            = 1
[pid   329] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   329] exit_group(0)               = ?
[pid   329] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs")                 = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./24")                           = 0
mkdir("./25", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 330 attached
, child_tidptr=0x555557113650) = 330
[pid   330] set_robust_list(0x555557113660, 24) = 0
[pid   330] chdir("./25")               = 0
[pid   330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   330] setpgid(0, 0)               = 0
[pid   330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   330] write(3, "1000", 4)         = 4
[pid   330] close(3)                    = 0
[pid   330] symlink("/dev/binderfs", "./binderfs") = 0
[pid   330] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   330] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   330] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   330] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   330] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   330] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   330] write(6, "7", 1)            = 1
[pid   330] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   330] exit_group(0)               = ?
[pid   330] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs")                 = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./25")                           = 0
mkdir("./26", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 331
./strace-static-x86_64: Process 331 attached
[pid   331] set_robust_list(0x555557113660, 24) = 0
[pid   331] chdir("./26")               = 0
[pid   331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   331] setpgid(0, 0)               = 0
[pid   331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   331] write(3, "1000", 4)         = 4
[pid   331] close(3)                    = 0
[pid   331] symlink("/dev/binderfs", "./binderfs") = 0
[pid   331] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   331] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   331] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   331] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   331] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   331] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   331] write(6, "7", 1)            = 1
[pid   331] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   331] exit_group(0)               = ?
[pid   331] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs")                 = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./26")                           = 0
mkdir("./27", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 332
./strace-static-x86_64: Process 332 attached
[pid   332] set_robust_list(0x555557113660, 24) = 0
[pid   332] chdir("./27")               = 0
[pid   332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   332] setpgid(0, 0)               = 0
[pid   332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   332] write(3, "1000", 4)         = 4
[pid   332] close(3)                    = 0
[pid   332] symlink("/dev/binderfs", "./binderfs") = 0
[pid   332] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   332] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   332] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   332] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   332] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   332] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   332] write(6, "7", 1)            = 1
[pid   332] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   332] exit_group(0)               = ?
[pid   332] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs")                 = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./27")                           = 0
mkdir("./28", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 333
./strace-static-x86_64: Process 333 attached
[pid   333] set_robust_list(0x555557113660, 24) = 0
[pid   333] chdir("./28")               = 0
[pid   333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   333] setpgid(0, 0)               = 0
[pid   333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   333] write(3, "1000", 4)         = 4
[pid   333] close(3)                    = 0
[pid   333] symlink("/dev/binderfs", "./binderfs") = 0
[pid   333] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   333] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   333] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   333] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   333] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   333] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   333] write(6, "7", 1)            = 1
[pid   333] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   333] exit_group(0)               = ?
[pid   333] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   25.957853][  T327] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   25.965667][  T327] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   25.973476][  T327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   25.981288][  T327] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.989106][  T327]  </TASK>
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs")                 = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./28")                           = 0
mkdir("./29", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 334
./strace-static-x86_64: Process 334 attached
[pid   334] set_robust_list(0x555557113660, 24) = 0
[pid   334] chdir("./29")               = 0
[pid   334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   334] setpgid(0, 0)               = 0
[pid   334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   334] write(3, "1000", 4)         = 4
[pid   334] close(3)                    = 0
[pid   334] symlink("/dev/binderfs", "./binderfs") = 0
[pid   334] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   334] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   334] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   334] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   334] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   334] write(6, "7", 1)            = 1
[pid   334] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   26.055316][  T334] FAULT_INJECTION: forcing a failure.
[   26.055316][  T334] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   26.068532][  T334] CPU: 1 PID: 334 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   26.079863][  T334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   26.089755][  T334] Call Trace:
[   26.092883][  T334]  <TASK>
[   26.095660][  T334]  dump_stack_lvl+0x151/0x1b7
[   26.100174][  T334]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   26.105467][  T334]  ? yield_to_task_fair+0x190/0x190
[   26.110501][  T334]  dump_stack+0x15/0x17
[   26.114494][  T334]  should_fail_ex+0x3d0/0x520
[   26.119008][  T334]  should_fail_alloc_page+0x68/0x90
[   26.124044][  T334]  __alloc_pages+0x1f4/0x780
[   26.128474][  T334]  ? prep_new_page+0x110/0x110
[   26.133070][  T334]  ? __this_cpu_preempt_check+0x13/0x20
[   26.138452][  T334]  __folio_alloc+0x15/0x40
[   26.142706][  T334]  wp_page_copy+0x23c/0x1610
[   26.147156][  T334]  ? __switch_to+0x62c/0x1190
[   26.151651][  T334]  ? compat_start_thread+0x20/0x20
[   26.156591][  T334]  ? fault_dirty_shared_page+0x300/0x300
[   26.162064][  T334]  ? native_set_ldt+0x130/0x130
[   26.166749][  T334]  do_wp_page+0xbbf/0xd80
[   26.170915][  T334]  handle_mm_fault+0x15a2/0x2f40
[   26.175690][  T334]  ? numa_migrate_prep+0xe0/0xe0
[   26.180465][  T334]  ? lock_vma_under_rcu+0x47a/0x540
[   26.185497][  T334]  ? __kasan_check_write+0x14/0x20
[   26.190446][  T334]  ? fpregs_restore_userregs+0x130/0x290
[   26.195915][  T334]  exc_page_fault+0x3a6/0x6e0
[   26.200428][  T334]  asm_exc_page_fault+0x27/0x30
[   26.205111][  T334] RIP: 0033:0x7fab4970b4f0
[   26.209365][  T334] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   26.228815][  T334] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   26.234713][  T334] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   26.242523][  T334] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid   334] exit_group(0)               = ?
[pid   334] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs")                 = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./29")                           = 0
mkdir("./30", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 335 attached
 <unfinished ...>
[pid   335] set_robust_list(0x555557113660, 24) = 0
[pid   295] <... clone resumed>, child_tidptr=0x555557113650) = 335
[pid   335] chdir("./30")               = 0
[pid   335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   335] setpgid(0, 0)               = 0
[pid   335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   335] write(3, "1000", 4)         = 4
[pid   335] close(3)                    = 0
[pid   335] symlink("/dev/binderfs", "./binderfs") = 0
[pid   335] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   335] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   335] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   335] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   335] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   335] write(6, "7", 1)            = 1
[pid   335] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   26.250333][  T334] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   26.258147][  T334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   26.265963][  T334] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.273823][  T334]  </TASK>
[   26.286372][  T335] FAULT_INJECTION: forcing a failure.
[   26.286372][  T335] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   26.299432][  T335] CPU: 1 PID: 335 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   26.310759][  T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   26.320654][  T335] Call Trace:
[   26.323772][  T335]  <TASK>
[   26.326577][  T335]  dump_stack_lvl+0x151/0x1b7
[   26.331062][  T335]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   26.336357][  T335]  ? yield_to_task_fair+0x190/0x190
[   26.341394][  T335]  dump_stack+0x15/0x17
[   26.345384][  T335]  should_fail_ex+0x3d0/0x520
[   26.349917][  T335]  should_fail_alloc_page+0x68/0x90
[   26.354933][  T335]  __alloc_pages+0x1f4/0x780
[   26.359499][  T335]  ? prep_new_page+0x110/0x110
[   26.364097][  T335]  ? __this_cpu_preempt_check+0x13/0x20
[   26.369478][  T335]  __folio_alloc+0x15/0x40
[   26.373729][  T335]  wp_page_copy+0x23c/0x1610
[   26.378167][  T335]  ? __switch_to+0x62c/0x1190
[   26.382668][  T335]  ? compat_start_thread+0x20/0x20
[   26.387617][  T335]  ? fault_dirty_shared_page+0x300/0x300
[   26.393088][  T335]  ? native_set_ldt+0x130/0x130
[   26.397775][  T335]  do_wp_page+0xbbf/0xd80
[   26.401939][  T335]  handle_mm_fault+0x15a2/0x2f40
[   26.406738][  T335]  ? numa_migrate_prep+0xe0/0xe0
[   26.411493][  T335]  ? lock_vma_under_rcu+0x47a/0x540
[   26.416520][  T335]  ? __kasan_check_write+0x14/0x20
[   26.421466][  T335]  ? fpregs_restore_userregs+0x130/0x290
[   26.426936][  T335]  exc_page_fault+0x3a6/0x6e0
[   26.431453][  T335]  asm_exc_page_fault+0x27/0x30
[   26.436138][  T335] RIP: 0033:0x7fab4970b4f0
[   26.440389][  T335] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   26.459956][  T335] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   26.465865][  T335] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   26.473666][  T335] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   26.481513][  T335] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   26.489295][  T335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   26.497109][  T335] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[pid   335] exit_group(0)               = ?
[pid   335] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs")                 = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./30")                           = 0
mkdir("./31", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 336 attached
, child_tidptr=0x555557113650) = 336
[pid   336] set_robust_list(0x555557113660, 24) = 0
[pid   336] chdir("./31")               = 0
[pid   336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   336] setpgid(0, 0)               = 0
[pid   336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   336] write(3, "1000", 4)         = 4
[pid   336] close(3)                    = 0
[pid   336] symlink("/dev/binderfs", "./binderfs") = 0
[pid   336] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   336] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   336] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   336] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   336] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   336] write(6, "7", 1)            = 1
[pid   336] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   26.504919][  T335]  </TASK>
[   26.507875][  T335] pagefault_out_of_memory: 7 callbacks suppressed
[   26.507887][  T335] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   26.534329][  T336] FAULT_INJECTION: forcing a failure.
[   26.534329][  T336] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   26.547435][  T336] CPU: 1 PID: 336 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   26.558700][  T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   26.568598][  T336] Call Trace:
[   26.571719][  T336]  <TASK>
[   26.574498][  T336]  dump_stack_lvl+0x151/0x1b7
[   26.579009][  T336]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   26.584308][  T336]  ? __sched_clock_gtod_offset+0x100/0x100
[   26.590084][  T336]  dump_stack+0x15/0x17
[   26.594063][  T336]  should_fail_ex+0x3d0/0x520
[   26.598579][  T336]  should_fail_alloc_page+0x68/0x90
[   26.603611][  T336]  __alloc_pages+0x1f4/0x780
[   26.608037][  T336]  ? prep_new_page+0x110/0x110
[   26.612637][  T336]  ? __this_cpu_preempt_check+0x13/0x20
[   26.618023][  T336]  __folio_alloc+0x15/0x40
[   26.622273][  T336]  wp_page_copy+0x23c/0x1610
[   26.626698][  T336]  ? __switch_to+0x62c/0x1190
[   26.631216][  T336]  ? compat_start_thread+0x20/0x20
[   26.636159][  T336]  ? fault_dirty_shared_page+0x300/0x300
[   26.641808][  T336]  do_wp_page+0xbbf/0xd80
[   26.645970][  T336]  handle_mm_fault+0x15a2/0x2f40
[   26.650744][  T336]  ? numa_migrate_prep+0xe0/0xe0
[   26.655513][  T336]  ? lock_vma_under_rcu+0x47a/0x540
[   26.660549][  T336]  ? __kasan_check_write+0x14/0x20
[   26.665499][  T336]  ? fpregs_restore_userregs+0x130/0x290
[   26.670964][  T336]  exc_page_fault+0x3a6/0x6e0
[   26.675479][  T336]  asm_exc_page_fault+0x27/0x30
[   26.680164][  T336] RIP: 0033:0x7fab4970b4f0
[   26.684417][  T336] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   26.703874][  T336] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   26.709853][  T336] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   26.717664][  T336] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   26.725477][  T336] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   26.733285][  T336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   26.741101][  T336] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.748913][  T336]  </TASK>
[pid   336] exit_group(0)               = ?
[pid   336] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs")                 = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./31")                           = 0
mkdir("./32", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 337 attached
 <unfinished ...>
[pid   337] set_robust_list(0x555557113660, 24) = 0
[pid   337] chdir("./32")               = 0
[pid   337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   337] setpgid(0, 0)               = 0
[pid   337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] <... clone resumed>, child_tidptr=0x555557113650) = 337
[pid   337] <... openat resumed>)       = 3
[pid   337] write(3, "1000", 4)         = 4
[pid   337] close(3)                    = 0
[pid   337] symlink("/dev/binderfs", "./binderfs") = 0
[pid   337] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   337] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   337] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   337] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   337] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   337] write(6, "7", 1)            = 1
[pid   337] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   26.752001][  T336] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   26.771303][  T337] FAULT_INJECTION: forcing a failure.
[   26.771303][  T337] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   26.784414][  T337] CPU: 1 PID: 337 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   26.795767][  T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   26.805661][  T337] Call Trace:
[   26.808789][  T337]  <TASK>
[   26.811563][  T337]  dump_stack_lvl+0x151/0x1b7
[   26.816078][  T337]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   26.821372][  T337]  dump_stack+0x15/0x17
[   26.825363][  T337]  should_fail_ex+0x3d0/0x520
[   26.829879][  T337]  should_fail_alloc_page+0x68/0x90
[   26.834911][  T337]  __alloc_pages+0x1f4/0x780
[   26.839340][  T337]  ? prep_new_page+0x110/0x110
[   26.843941][  T337]  ? __this_cpu_preempt_check+0x13/0x20
[   26.849325][  T337]  __folio_alloc+0x15/0x40
[   26.853575][  T337]  wp_page_copy+0x23c/0x1610
[   26.858003][  T337]  ? __switch_to+0x62c/0x1190
[   26.862515][  T337]  ? compat_start_thread+0x20/0x20
[   26.867462][  T337]  ? fault_dirty_shared_page+0x300/0x300
[   26.872932][  T337]  do_wp_page+0xbbf/0xd80
[   26.877100][  T337]  handle_mm_fault+0x15a2/0x2f40
[   26.881873][  T337]  ? numa_migrate_prep+0xe0/0xe0
[   26.886643][  T337]  ? lock_vma_under_rcu+0x47a/0x540
[   26.891687][  T337]  ? __kasan_check_write+0x14/0x20
[   26.896630][  T337]  ? fpregs_restore_userregs+0x130/0x290
[   26.902095][  T337]  exc_page_fault+0x3a6/0x6e0
[   26.906614][  T337]  asm_exc_page_fault+0x27/0x30
[   26.911293][  T337] RIP: 0033:0x7fab4970b4f0
[   26.915550][  T337] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   26.934991][  T337] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   26.940893][  T337] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   26.948706][  T337] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid   337] exit_group(0)               = ?
[pid   337] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs")                 = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./32")                           = 0
mkdir("./33", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 339 attached
, child_tidptr=0x555557113650) = 339
[pid   339] set_robust_list(0x555557113660, 24) = 0
[pid   339] chdir("./33")               = 0
[pid   339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   339] setpgid(0, 0)               = 0
[pid   339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   339] write(3, "1000", 4)         = 4
[pid   339] close(3)                    = 0
[pid   339] symlink("/dev/binderfs", "./binderfs") = 0
[pid   339] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   339] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   339] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   339] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   339] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   339] write(6, "7", 1)            = 1
[pid   339] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   26.956517][  T337] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   26.964435][  T337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   26.972247][  T337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.980148][  T337]  </TASK>
[   26.983144][  T337] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   27.004669][  T339] FAULT_INJECTION: forcing a failure.
[   27.004669][  T339] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   27.017811][  T339] CPU: 1 PID: 339 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   27.029166][  T339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   27.039060][  T339] Call Trace:
[   27.042187][  T339]  <TASK>
[   27.044961][  T339]  dump_stack_lvl+0x151/0x1b7
[   27.049474][  T339]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   27.054788][  T339]  ? __sched_clock_gtod_offset+0x100/0x100
[   27.060417][  T339]  dump_stack+0x15/0x17
[   27.064404][  T339]  should_fail_ex+0x3d0/0x520
[   27.068917][  T339]  should_fail_alloc_page+0x68/0x90
[   27.073953][  T339]  __alloc_pages+0x1f4/0x780
[   27.078379][  T339]  ? prep_new_page+0x110/0x110
[   27.082979][  T339]  ? __this_cpu_preempt_check+0x13/0x20
[   27.088367][  T339]  __folio_alloc+0x15/0x40
[   27.092616][  T339]  wp_page_copy+0x23c/0x1610
[   27.097045][  T339]  ? __switch_to+0x62c/0x1190
[   27.101553][  T339]  ? compat_start_thread+0x20/0x20
[   27.106509][  T339]  ? fault_dirty_shared_page+0x300/0x300
[   27.111973][  T339]  do_wp_page+0xbbf/0xd80
[   27.116137][  T339]  handle_mm_fault+0x15a2/0x2f40
[   27.120913][  T339]  ? numa_migrate_prep+0xe0/0xe0
[   27.125690][  T339]  ? lock_vma_under_rcu+0x47a/0x540
[   27.130722][  T339]  ? __kasan_check_write+0x14/0x20
[   27.135667][  T339]  ? fpregs_restore_userregs+0x130/0x290
[   27.141136][  T339]  exc_page_fault+0x3a6/0x6e0
[   27.145648][  T339]  asm_exc_page_fault+0x27/0x30
[   27.150368][  T339] RIP: 0033:0x7fab4970b4f0
[   27.154593][  T339] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   27.174034][  T339] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   27.179936][  T339] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   27.187743][  T339] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   27.195555][  T339] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid   339] exit_group(0)               = ?
[pid   339] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs")                 = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./33")                           = 0
mkdir("./34", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 340
./strace-static-x86_64: Process 340 attached
[pid   340] set_robust_list(0x555557113660, 24) = 0
[pid   340] chdir("./34")               = 0
[pid   340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   340] setpgid(0, 0)               = 0
[pid   340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   340] write(3, "1000", 4)         = 4
[pid   340] close(3)                    = 0
[pid   340] symlink("/dev/binderfs", "./binderfs") = 0
[pid   340] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   340] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   340] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   340] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   340] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   340] write(6, "7", 1)            = 1
[pid   340] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   27.203371][  T339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   27.211180][  T339] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.218996][  T339]  </TASK>
[   27.222695][  T339] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   27.243672][  T340] FAULT_INJECTION: forcing a failure.
[   27.243672][  T340] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   27.256775][  T340] CPU: 1 PID: 340 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   27.268045][  T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   27.277943][  T340] Call Trace:
[   27.281064][  T340]  <TASK>
[   27.283843][  T340]  dump_stack_lvl+0x151/0x1b7
[   27.288358][  T340]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   27.293652][  T340]  dump_stack+0x15/0x17
[   27.297643][  T340]  should_fail_ex+0x3d0/0x520
[   27.302157][  T340]  should_fail_alloc_page+0x68/0x90
[   27.307192][  T340]  __alloc_pages+0x1f4/0x780
[   27.311620][  T340]  ? prep_new_page+0x110/0x110
[   27.316236][  T340]  ? __this_cpu_preempt_check+0x13/0x20
[   27.321599][  T340]  __folio_alloc+0x15/0x40
[   27.325854][  T340]  wp_page_copy+0x23c/0x1610
[   27.330283][  T340]  ? __switch_to+0x62c/0x1190
[   27.334815][  T340]  ? compat_start_thread+0x20/0x20
[   27.339743][  T340]  ? fault_dirty_shared_page+0x300/0x300
[   27.345217][  T340]  do_wp_page+0xbbf/0xd80
[   27.349376][  T340]  handle_mm_fault+0x15a2/0x2f40
[   27.354152][  T340]  ? numa_migrate_prep+0xe0/0xe0
[   27.358924][  T340]  ? lock_vma_under_rcu+0x47a/0x540
[   27.363961][  T340]  ? __kasan_check_write+0x14/0x20
[   27.368907][  T340]  ? fpregs_restore_userregs+0x130/0x290
[   27.374375][  T340]  exc_page_fault+0x3a6/0x6e0
[   27.378889][  T340]  asm_exc_page_fault+0x27/0x30
[   27.383580][  T340] RIP: 0033:0x7fab4970b4f0
[   27.387829][  T340] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   27.407285][  T340] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   27.413176][  T340] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   27.420989][  T340] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   27.428796][  T340] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   27.436726][  T340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   27.444531][  T340] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.452346][  T340]  </TASK>
[pid   340] exit_group(0)               = ?
[pid   340] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs")                 = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./34")                           = 0
mkdir("./35", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 341
./strace-static-x86_64: Process 341 attached
[pid   341] set_robust_list(0x555557113660, 24) = 0
[pid   341] chdir("./35")               = 0
[pid   341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   341] setpgid(0, 0)               = 0
[pid   341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   341] write(3, "1000", 4)         = 4
[pid   341] close(3)                    = 0
[pid   341] symlink("/dev/binderfs", "./binderfs") = 0
[pid   341] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   341] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   341] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   341] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   341] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   341] write(6, "7", 1)            = 1
[pid   341] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   27.455551][  T340] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   27.474031][  T341] FAULT_INJECTION: forcing a failure.
[   27.474031][  T341] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   27.487129][  T341] CPU: 0 PID: 341 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   27.498424][  T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   27.508319][  T341] Call Trace:
[   27.511443][  T341]  <TASK>
[   27.514219][  T341]  dump_stack_lvl+0x151/0x1b7
[   27.518733][  T341]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   27.524031][  T341]  dump_stack+0x15/0x17
[   27.528020][  T341]  should_fail_ex+0x3d0/0x520
[   27.532537][  T341]  should_fail_alloc_page+0x68/0x90
[   27.537578][  T341]  __alloc_pages+0x1f4/0x780
[   27.542006][  T341]  ? prep_new_page+0x110/0x110
[   27.546638][  T341]  ? __this_cpu_preempt_check+0x13/0x20
[   27.551977][  T341]  __folio_alloc+0x15/0x40
[   27.556231][  T341]  wp_page_copy+0x23c/0x1610
[   27.560659][  T341]  ? __switch_to+0x62c/0x1190
[   27.565173][  T341]  ? compat_start_thread+0x20/0x20
[   27.570131][  T341]  ? fault_dirty_shared_page+0x300/0x300
[   27.575591][  T341]  do_wp_page+0xbbf/0xd80
[   27.579796][  T341]  handle_mm_fault+0x15a2/0x2f40
[   27.584620][  T341]  ? numa_migrate_prep+0xe0/0xe0
[   27.589387][  T341]  ? lock_vma_under_rcu+0x47a/0x540
[   27.594425][  T341]  ? __kasan_check_write+0x14/0x20
[   27.599380][  T341]  ? fpregs_restore_userregs+0x130/0x290
[   27.604847][  T341]  exc_page_fault+0x3a6/0x6e0
[   27.609355][  T341]  asm_exc_page_fault+0x27/0x30
[   27.614038][  T341] RIP: 0033:0x7fab4970b4f0
[   27.618292][  T341] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   27.637739][  T341] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   27.643637][  T341] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   27.651451][  T341] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid   341] exit_group(0)               = ?
[pid   341] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs")                 = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./35")                           = 0
mkdir("./36", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 342
./strace-static-x86_64: Process 342 attached
[pid   342] set_robust_list(0x555557113660, 24) = 0
[pid   342] chdir("./36")               = 0
[pid   342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   342] setpgid(0, 0)               = 0
[pid   342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   342] write(3, "1000", 4)         = 4
[pid   342] close(3)                    = 0
[pid   342] symlink("/dev/binderfs", "./binderfs") = 0
[pid   342] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   342] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   342] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   342] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   342] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   342] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   342] write(6, "7", 1)            = 1
[pid   342] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   27.659262][  T341] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   27.667176][  T341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   27.674990][  T341] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.682816][  T341]  </TASK>
[   27.686786][  T341] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   27.701507][  T342] FAULT_INJECTION: forcing a failure.
[   27.701507][  T342] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   27.714666][  T342] CPU: 1 PID: 342 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   27.725999][  T342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   27.735895][  T342] Call Trace:
[   27.739024][  T342]  <TASK>
[   27.741801][  T342]  dump_stack_lvl+0x151/0x1b7
[   27.746309][  T342]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   27.751604][  T342]  ? yield_to_task_fair+0x190/0x190
[   27.756637][  T342]  dump_stack+0x15/0x17
[   27.760628][  T342]  should_fail_ex+0x3d0/0x520
[   27.765145][  T342]  should_fail_alloc_page+0x68/0x90
[   27.770179][  T342]  __alloc_pages+0x1f4/0x780
[   27.774604][  T342]  ? prep_new_page+0x110/0x110
[   27.779207][  T342]  ? __this_cpu_preempt_check+0x13/0x20
[   27.784587][  T342]  __folio_alloc+0x15/0x40
[   27.788843][  T342]  wp_page_copy+0x23c/0x1610
[   27.793291][  T342]  ? __switch_to+0x62c/0x1190
[   27.797781][  T342]  ? compat_start_thread+0x20/0x20
[   27.802727][  T342]  ? fault_dirty_shared_page+0x300/0x300
[   27.808195][  T342]  ? native_set_ldt+0x130/0x130
[   27.812890][  T342]  do_wp_page+0xbbf/0xd80
[   27.817050][  T342]  handle_mm_fault+0x15a2/0x2f40
[   27.821828][  T342]  ? numa_migrate_prep+0xe0/0xe0
[   27.826946][  T342]  ? lock_vma_under_rcu+0x47a/0x540
[   27.831981][  T342]  ? __kasan_check_write+0x14/0x20
[   27.836928][  T342]  ? fpregs_restore_userregs+0x130/0x290
[   27.842397][  T342]  exc_page_fault+0x3a6/0x6e0
[   27.846910][  T342]  asm_exc_page_fault+0x27/0x30
[   27.851595][  T342] RIP: 0033:0x7fab4970b4f0
[   27.855852][  T342] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   27.875296][  T342] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   27.881194][  T342] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   27.889006][  T342] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   27.896819][  T342] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   27.904631][  T342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid   342] exit_group(0)               = ?
[pid   342] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs")                 = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./36")                           = 0
mkdir("./37", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 343
./strace-static-x86_64: Process 343 attached
[pid   343] set_robust_list(0x555557113660, 24) = 0
[pid   343] chdir("./37")               = 0
[pid   343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   343] setpgid(0, 0)               = 0
[pid   343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   343] write(3, "1000", 4)         = 4
[pid   343] close(3)                    = 0
[pid   343] symlink("/dev/binderfs", "./binderfs") = 0
[pid   343] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   343] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   343] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   343] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   343] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   343] write(6, "7", 1)            = 1
[pid   343] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   27.912441][  T342] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.920258][  T342]  </TASK>
[   27.923190][  T342] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   27.925345][   T28] audit: type=1400 audit(1694984490.680:73): avc:  denied  { remove_name } for  pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   27.942073][  T343] FAULT_INJECTION: forcing a failure.
[   27.942073][  T343] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   27.953222][   T28] audit: type=1400 audit(1694984490.680:74): avc:  denied  { rename } for  pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   27.965647][  T343] CPU: 1 PID: 343 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   27.998549][  T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   28.008450][  T343] Call Trace:
[   28.011568][  T343]  <TASK>
[   28.014342][  T343]  dump_stack_lvl+0x151/0x1b7
[   28.018857][  T343]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   28.024151][  T343]  ? yield_to_task_fair+0x190/0x190
[   28.029227][  T343]  dump_stack+0x15/0x17
[   28.033178][  T343]  should_fail_ex+0x3d0/0x520
[   28.037691][  T343]  should_fail_alloc_page+0x68/0x90
[   28.042726][  T343]  __alloc_pages+0x1f4/0x780
[   28.047155][  T343]  ? prep_new_page+0x110/0x110
[   28.051752][  T343]  ? __this_cpu_preempt_check+0x13/0x20
[   28.057135][  T343]  __folio_alloc+0x15/0x40
[   28.061386][  T343]  wp_page_copy+0x23c/0x1610
[   28.065815][  T343]  ? __switch_to+0x62c/0x1190
[   28.070328][  T343]  ? compat_start_thread+0x20/0x20
[   28.075278][  T343]  ? fault_dirty_shared_page+0x300/0x300
[   28.080743][  T343]  ? native_set_ldt+0x130/0x130
[   28.085433][  T343]  do_wp_page+0xbbf/0xd80
[   28.089601][  T343]  handle_mm_fault+0x15a2/0x2f40
[   28.094372][  T343]  ? numa_migrate_prep+0xe0/0xe0
[   28.099144][  T343]  ? lock_vma_under_rcu+0x47a/0x540
[   28.104181][  T343]  ? __kasan_check_write+0x14/0x20
[   28.109126][  T343]  ? fpregs_restore_userregs+0x130/0x290
[   28.114594][  T343]  exc_page_fault+0x3a6/0x6e0
[   28.119111][  T343]  asm_exc_page_fault+0x27/0x30
[   28.123794][  T343] RIP: 0033:0x7fab4970b4f0
[   28.128054][  T343] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   28.147492][  T343] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   28.153395][  T343] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid   343] exit_group(0)               = ?
[pid   343] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs")                 = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./37")                           = 0
mkdir("./38", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 345
./strace-static-x86_64: Process 345 attached
[pid   345] set_robust_list(0x555557113660, 24) = 0
[pid   345] chdir("./38")               = 0
[pid   345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   345] setpgid(0, 0)               = 0
[pid   345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   345] write(3, "1000", 4)         = 4
[pid   345] close(3)                    = 0
[pid   345] symlink("/dev/binderfs", "./binderfs") = 0
[pid   345] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   345] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   345] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   345] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   345] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   345] write(6, "7", 1)            = 1
[pid   345] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   28.161208][  T343] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   28.169018][  T343] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   28.176828][  T343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   28.184642][  T343] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.192462][  T343]  </TASK>
[   28.195877][  T343] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   28.212824][  T345] FAULT_INJECTION: forcing a failure.
[   28.212824][  T345] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   28.226025][  T345] CPU: 0 PID: 345 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   28.237357][  T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   28.247250][  T345] Call Trace:
[   28.250380][  T345]  <TASK>
[   28.253152][  T345]  dump_stack_lvl+0x151/0x1b7
[   28.257667][  T345]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   28.262961][  T345]  ? yield_to_task_fair+0x190/0x190
[   28.268002][  T345]  dump_stack+0x15/0x17
[   28.271993][  T345]  should_fail_ex+0x3d0/0x520
[   28.276505][  T345]  should_fail_alloc_page+0x68/0x90
[   28.281544][  T345]  __alloc_pages+0x1f4/0x780
[   28.285963][  T345]  ? prep_new_page+0x110/0x110
[   28.290563][  T345]  ? __this_cpu_preempt_check+0x13/0x20
[   28.295943][  T345]  __folio_alloc+0x15/0x40
[   28.300209][  T345]  wp_page_copy+0x23c/0x1610
[   28.304623][  T345]  ? __switch_to+0x62c/0x1190
[   28.309136][  T345]  ? compat_start_thread+0x20/0x20
[   28.314082][  T345]  ? fault_dirty_shared_page+0x300/0x300
[   28.319552][  T345]  ? native_set_ldt+0x130/0x130
[   28.324240][  T345]  do_wp_page+0xbbf/0xd80
[   28.328408][  T345]  handle_mm_fault+0x15a2/0x2f40
[   28.333182][  T345]  ? numa_migrate_prep+0xe0/0xe0
[   28.337955][  T345]  ? lock_vma_under_rcu+0x47a/0x540
[   28.342990][  T345]  ? __kasan_check_write+0x14/0x20
[   28.347938][  T345]  ? fpregs_restore_userregs+0x130/0x290
[   28.353410][  T345]  exc_page_fault+0x3a6/0x6e0
[   28.357919][  T345]  asm_exc_page_fault+0x27/0x30
[   28.362604][  T345] RIP: 0033:0x7fab4970b4f0
[   28.366863][  T345] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   28.386300][  T345] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   28.392204][  T345] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   28.400014][  T345] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   28.407827][  T345] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid   345] exit_group(0)               = ?
[pid   345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs")                 = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./38")                           = 0
mkdir("./39", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 346
./strace-static-x86_64: Process 346 attached
[pid   346] set_robust_list(0x555557113660, 24) = 0
[pid   346] chdir("./39")               = 0
[pid   346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   346] setpgid(0, 0)               = 0
[pid   346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   346] write(3, "1000", 4)         = 4
[pid   346] close(3)                    = 0
[pid   346] symlink("/dev/binderfs", "./binderfs") = 0
[pid   346] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   346] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   346] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   346] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   346] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   346] write(6, "7", 1)            = 1
[pid   346] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   28.415639][  T345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   28.423462][  T345] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.431267][  T345]  </TASK>
[   28.434316][  T345] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   28.451800][  T346] FAULT_INJECTION: forcing a failure.
[   28.451800][  T346] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   28.464890][  T346] CPU: 0 PID: 346 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   28.476180][  T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   28.486078][  T346] Call Trace:
[   28.489202][  T346]  <TASK>
[   28.491982][  T346]  dump_stack_lvl+0x151/0x1b7
[   28.496493][  T346]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   28.501786][  T346]  ? __sched_clock_gtod_offset+0x100/0x100
[   28.507428][  T346]  dump_stack+0x15/0x17
[   28.511425][  T346]  should_fail_ex+0x3d0/0x520
[   28.515938][  T346]  should_fail_alloc_page+0x68/0x90
[   28.520973][  T346]  __alloc_pages+0x1f4/0x780
[   28.525397][  T346]  ? prep_new_page+0x110/0x110
[   28.529997][  T346]  ? __this_cpu_preempt_check+0x13/0x20
[   28.535384][  T346]  __folio_alloc+0x15/0x40
[   28.539632][  T346]  wp_page_copy+0x23c/0x1610
[   28.544058][  T346]  ? __switch_to+0x62c/0x1190
[   28.548572][  T346]  ? compat_start_thread+0x20/0x20
[   28.553518][  T346]  ? fault_dirty_shared_page+0x300/0x300
[   28.558986][  T346]  ? native_set_ldt+0x130/0x130
[   28.563676][  T346]  do_wp_page+0xbbf/0xd80
[   28.567848][  T346]  handle_mm_fault+0x15a2/0x2f40
[   28.572623][  T346]  ? numa_migrate_prep+0xe0/0xe0
[   28.577389][  T346]  ? lock_vma_under_rcu+0x47a/0x540
[   28.582426][  T346]  exc_page_fault+0x3a6/0x6e0
[   28.586943][  T346]  asm_exc_page_fault+0x27/0x30
[   28.591622][  T346] RIP: 0033:0x7fab4970b4f0
[   28.595876][  T346] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   28.615319][  T346] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   28.621220][  T346] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   28.629036][  T346] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   28.636851][  T346] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   28.644656][  T346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   28.652472][  T346] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.660282][  T346]  </TASK>
[pid   346] exit_group(0)               = ?
[pid   346] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs")                 = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./39")                           = 0
mkdir("./40", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 347
./strace-static-x86_64: Process 347 attached
[pid   347] set_robust_list(0x555557113660, 24) = 0
[pid   347] chdir("./40")               = 0
[pid   347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   347] setpgid(0, 0)               = 0
[pid   347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   347] write(3, "1000", 4)         = 4
[pid   347] close(3)                    = 0
[pid   347] symlink("/dev/binderfs", "./binderfs") = 0
[pid   347] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   347] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   347] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   347] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   347] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   347] write(6, "7", 1)            = 1
[pid   347] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   28.663208][  T346] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   28.683022][  T347] FAULT_INJECTION: forcing a failure.
[   28.683022][  T347] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   28.696179][  T347] CPU: 1 PID: 347 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   28.707536][  T347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   28.717431][  T347] Call Trace:
[   28.720555][  T347]  <TASK>
[   28.723332][  T347]  dump_stack_lvl+0x151/0x1b7
[   28.727847][  T347]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   28.733143][  T347]  ? __sched_clock_gtod_offset+0x100/0x100
[   28.738783][  T347]  dump_stack+0x15/0x17
[   28.742774][  T347]  should_fail_ex+0x3d0/0x520
[   28.747293][  T347]  should_fail_alloc_page+0x68/0x90
[   28.752326][  T347]  __alloc_pages+0x1f4/0x780
[   28.756756][  T347]  ? prep_new_page+0x110/0x110
[   28.761353][  T347]  ? __this_cpu_preempt_check+0x13/0x20
[   28.766735][  T347]  __folio_alloc+0x15/0x40
[   28.770986][  T347]  wp_page_copy+0x23c/0x1610
[   28.775413][  T347]  ? __switch_to+0x62c/0x1190
[   28.779929][  T347]  ? compat_start_thread+0x20/0x20
[   28.784962][  T347]  ? fault_dirty_shared_page+0x300/0x300
[   28.790436][  T347]  do_wp_page+0xbbf/0xd80
[   28.794597][  T347]  handle_mm_fault+0x15a2/0x2f40
[   28.799375][  T347]  ? numa_migrate_prep+0xe0/0xe0
[   28.804144][  T347]  ? lock_vma_under_rcu+0x47a/0x540
[   28.809182][  T347]  ? __kasan_check_write+0x14/0x20
[   28.814126][  T347]  ? fpregs_restore_userregs+0x130/0x290
[   28.819596][  T347]  exc_page_fault+0x3a6/0x6e0
[   28.824112][  T347]  asm_exc_page_fault+0x27/0x30
[   28.828793][  T347] RIP: 0033:0x7fab4970b4f0
[   28.833050][  T347] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   28.852489][  T347] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   28.858400][  T347] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid   347] exit_group(0)               = ?
[pid   347] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs")                 = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./40")                           = 0
mkdir("./41", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 348
./strace-static-x86_64: Process 348 attached
[pid   348] set_robust_list(0x555557113660, 24) = 0
[pid   348] chdir("./41")               = 0
[pid   348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   348] setpgid(0, 0)               = 0
[pid   348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   348] write(3, "1000", 4)         = 4
[pid   348] close(3)                    = 0
[pid   348] symlink("/dev/binderfs", "./binderfs") = 0
[pid   348] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   348] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   348] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   348] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   348] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   348] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   348] write(6, "7", 1)            = 1
[pid   348] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   348] exit_group(0)               = ?
[pid   348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs")                 = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./41")                           = 0
mkdir("./42", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 349
./strace-static-x86_64: Process 349 attached
[pid   349] set_robust_list(0x555557113660, 24) = 0
[pid   349] chdir("./42")               = 0
[pid   349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   349] setpgid(0, 0)               = 0
[pid   349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   349] write(3, "1000", 4)         = 4
[pid   349] close(3)                    = 0
[pid   349] symlink("/dev/binderfs", "./binderfs") = 0
[pid   349] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   349] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   349] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   349] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   349] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   349] write(6, "7", 1)            = 1
[pid   349] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   349] exit_group(0)               = ?
[pid   349] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs")                 = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./42")                           = 0
mkdir("./43", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 350 attached
 <unfinished ...>
[pid   350] set_robust_list(0x555557113660, 24) = 0
[pid   350] chdir("./43")               = 0
[pid   350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   350] setpgid(0, 0)               = 0
[pid   350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   350] write(3, "1000", 4)         = 4
[pid   350] close(3)                    = 0
[pid   350] symlink("/dev/binderfs", "./binderfs") = 0
[pid   295] <... clone resumed>, child_tidptr=0x555557113650) = 350
[pid   350] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   350] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   350] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   350] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   350] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   350] write(6, "7", 1)            = 1
[pid   350] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   350] exit_group(0)               = ?
[pid   350] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs")                 = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./43")                           = 0
mkdir("./44", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 351
./strace-static-x86_64: Process 351 attached
[pid   351] set_robust_list(0x555557113660, 24) = 0
[pid   351] chdir("./44")               = 0
[pid   351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   351] setpgid(0, 0)               = 0
[pid   351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   351] write(3, "1000", 4)         = 4
[pid   351] close(3)                    = 0
[pid   351] symlink("/dev/binderfs", "./binderfs") = 0
[pid   351] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   351] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   351] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   351] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   351] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   351] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   351] write(6, "7", 1)            = 1
[pid   351] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   351] exit_group(0)               = ?
[pid   351] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   28.866206][  T347] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   28.874015][  T347] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   28.881827][  T347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   28.889639][  T347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.897627][  T347]  </TASK>
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs")                 = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./44")                           = 0
mkdir("./45", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 352
./strace-static-x86_64: Process 352 attached
[pid   352] set_robust_list(0x555557113660, 24) = 0
[pid   352] chdir("./45")               = 0
[pid   352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   352] setpgid(0, 0)               = 0
[pid   352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   352] write(3, "1000", 4)         = 4
[pid   352] close(3)                    = 0
[pid   352] symlink("/dev/binderfs", "./binderfs") = 0
[pid   352] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   352] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   352] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   352] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   352] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   352] write(6, "7", 1)            = 1
[pid   352] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   28.954317][  T352] FAULT_INJECTION: forcing a failure.
[   28.954317][  T352] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   28.967437][  T352] CPU: 1 PID: 352 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   28.978705][  T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   28.988600][  T352] Call Trace:
[   28.991723][  T352]  <TASK>
[   28.994510][  T352]  dump_stack_lvl+0x151/0x1b7
[   28.999017][  T352]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   29.004310][  T352]  ? yield_to_task_fair+0x190/0x190
[   29.009354][  T352]  dump_stack+0x15/0x17
[   29.013431][  T352]  should_fail_ex+0x3d0/0x520
[   29.017944][  T352]  should_fail_alloc_page+0x68/0x90
[   29.022976][  T352]  __alloc_pages+0x1f4/0x780
[   29.027406][  T352]  ? prep_new_page+0x110/0x110
[   29.032007][  T352]  __folio_alloc+0x15/0x40
[   29.036265][  T352]  wp_page_copy+0x23c/0x1610
[   29.040684][  T352]  ? __switch_to+0x62c/0x1190
[   29.045201][  T352]  ? compat_start_thread+0x20/0x20
[   29.050149][  T352]  ? fault_dirty_shared_page+0x300/0x300
[   29.055614][  T352]  ? __kasan_check_write+0x14/0x20
[   29.060565][  T352]  do_wp_page+0xbbf/0xd80
[   29.064736][  T352]  handle_mm_fault+0x15a2/0x2f40
[   29.069511][  T352]  ? numa_migrate_prep+0xe0/0xe0
[   29.074282][  T352]  ? lock_vma_under_rcu+0x47a/0x540
[   29.079313][  T352]  ? __kasan_check_write+0x14/0x20
[   29.084257][  T352]  ? fpregs_restore_userregs+0x130/0x290
[   29.089828][  T352]  exc_page_fault+0x3a6/0x6e0
[   29.094244][  T352]  asm_exc_page_fault+0x27/0x30
[   29.098933][  T352] RIP: 0033:0x7fab4970b4f0
[   29.103182][  T352] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   29.122626][  T352] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   29.128531][  T352] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   29.136350][  T352] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   29.144149][  T352] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid   352] exit_group(0)               = ?
[pid   352] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs")                 = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./45")                           = 0
mkdir("./46", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 354
./strace-static-x86_64: Process 354 attached
[pid   354] set_robust_list(0x555557113660, 24) = 0
[pid   354] chdir("./46")               = 0
[pid   354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   354] setpgid(0, 0)               = 0
[pid   354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   354] write(3, "1000", 4)         = 4
[pid   354] close(3)                    = 0
[pid   354] symlink("/dev/binderfs", "./binderfs") = 0
[pid   354] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   354] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   354] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   354] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   354] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   354] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   354] write(6, "7", 1)            = 1
[pid   354] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   29.151962][  T352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   29.159776][  T352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   29.167599][  T352]  </TASK>
[   29.184893][  T354] FAULT_INJECTION: forcing a failure.
[   29.184893][  T354] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   29.198304][  T354] CPU: 0 PID: 354 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   29.209658][  T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   29.219562][  T354] Call Trace:
[   29.222687][  T354]  <TASK>
[   29.225475][  T354]  dump_stack_lvl+0x151/0x1b7
[   29.229971][  T354]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   29.235265][  T354]  ? __sched_clock_gtod_offset+0x100/0x100
[   29.240905][  T354]  dump_stack+0x15/0x17
[   29.244898][  T354]  should_fail_ex+0x3d0/0x520
[   29.249418][  T354]  should_fail_alloc_page+0x68/0x90
[   29.254445][  T354]  __alloc_pages+0x1f4/0x780
[   29.258878][  T354]  ? prep_new_page+0x110/0x110
[   29.263481][  T354]  ? __this_cpu_preempt_check+0x13/0x20
[   29.268853][  T354]  __folio_alloc+0x15/0x40
[   29.273891][  T354]  wp_page_copy+0x23c/0x1610
[   29.278406][  T354]  ? __switch_to+0x62c/0x1190
[   29.282921][  T354]  ? compat_start_thread+0x20/0x20
[   29.287872][  T354]  ? fault_dirty_shared_page+0x300/0x300
[   29.293345][  T354]  do_wp_page+0xbbf/0xd80
[   29.297526][  T354]  handle_mm_fault+0x15a2/0x2f40
[   29.302274][  T354]  ? numa_migrate_prep+0xe0/0xe0
[   29.307134][  T354]  ? lock_vma_under_rcu+0x47a/0x540
[   29.312169][  T354]  ? __kasan_check_write+0x14/0x20
[   29.317116][  T354]  ? fpregs_restore_userregs+0x130/0x290
[   29.322583][  T354]  exc_page_fault+0x3a6/0x6e0
[   29.327103][  T354]  asm_exc_page_fault+0x27/0x30
[   29.331784][  T354] RIP: 0033:0x7fab4970b4f0
[   29.336040][  T354] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[pid   354] exit_group(0)               = ?
[pid   354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs")                 = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./46")                           = 0
mkdir("./47", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 355
./strace-static-x86_64: Process 355 attached
[pid   355] set_robust_list(0x555557113660, 24) = 0
[pid   355] chdir("./47")               = 0
[pid   355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   355] setpgid(0, 0)               = 0
[pid   355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   355] write(3, "1000", 4)         = 4
[pid   355] close(3)                    = 0
[pid   355] symlink("/dev/binderfs", "./binderfs") = 0
[pid   355] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   355] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   355] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   355] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   355] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   355] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   355] write(6, "7", 1)            = 1
[pid   355] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   29.355479][  T354] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   29.361380][  T354] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   29.369192][  T354] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   29.377008][  T354] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   29.384822][  T354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   29.392630][  T354] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   29.400444][  T354]  </TASK>
[   29.413372][  T355] FAULT_INJECTION: forcing a failure.
[   29.413372][  T355] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   29.426428][  T355] CPU: 1 PID: 355 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   29.437755][  T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   29.447654][  T355] Call Trace:
[   29.450773][  T355]  <TASK>
[   29.453549][  T355]  dump_stack_lvl+0x151/0x1b7
[   29.458069][  T355]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   29.463360][  T355]  ? yield_to_task_fair+0x190/0x190
[   29.468399][  T355]  dump_stack+0x15/0x17
[   29.472389][  T355]  should_fail_ex+0x3d0/0x520
[   29.476908][  T355]  should_fail_alloc_page+0x68/0x90
[   29.481938][  T355]  __alloc_pages+0x1f4/0x780
[   29.486468][  T355]  ? prep_new_page+0x110/0x110
[   29.491065][  T355]  ? __this_cpu_preempt_check+0x13/0x20
[   29.496445][  T355]  __folio_alloc+0x15/0x40
[   29.500699][  T355]  wp_page_copy+0x23c/0x1610
[   29.505125][  T355]  ? __switch_to+0x62c/0x1190
[   29.509638][  T355]  ? compat_start_thread+0x20/0x20
[   29.514588][  T355]  ? fault_dirty_shared_page+0x300/0x300
[   29.520056][  T355]  ? native_set_ldt+0x130/0x130
[   29.524742][  T355]  do_wp_page+0xbbf/0xd80
[   29.528914][  T355]  handle_mm_fault+0x15a2/0x2f40
[   29.533856][  T355]  ? numa_migrate_prep+0xe0/0xe0
[   29.538628][  T355]  ? lock_vma_under_rcu+0x47a/0x540
[   29.543662][  T355]  ? __kasan_check_write+0x14/0x20
[   29.548616][  T355]  ? fpregs_restore_userregs+0x130/0x290
[   29.554080][  T355]  exc_page_fault+0x3a6/0x6e0
[   29.558594][  T355]  asm_exc_page_fault+0x27/0x30
[   29.563280][  T355] RIP: 0033:0x7fab4970b4f0
[   29.567534][  T355] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   29.586980][  T355] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   29.592881][  T355] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   29.600692][  T355] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid   355] exit_group(0)               = ?
[pid   355] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs")                 = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./47")                           = 0
mkdir("./48", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 356 attached
, child_tidptr=0x555557113650) = 356
[pid   356] set_robust_list(0x555557113660, 24) = 0
[pid   356] chdir("./48")               = 0
[pid   356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   356] setpgid(0, 0)               = 0
[pid   356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   356] write(3, "1000", 4)         = 4
[pid   356] close(3)                    = 0
[pid   356] symlink("/dev/binderfs", "./binderfs") = 0
[pid   356] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   356] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   356] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   356] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   356] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   356] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   356] write(6, "7", 1)            = 1
[pid   356] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   29.608503][  T355] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   29.616316][  T355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   29.624127][  T355] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   29.631951][  T355]  </TASK>
[   29.648243][  T356] FAULT_INJECTION: forcing a failure.
[   29.648243][  T356] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   29.661420][  T356] CPU: 1 PID: 356 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   29.672796][  T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   29.682691][  T356] Call Trace:
[   29.685816][  T356]  <TASK>
[   29.688593][  T356]  dump_stack_lvl+0x151/0x1b7
[   29.693104][  T356]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   29.698399][  T356]  ? yield_to_task_fair+0x190/0x190
[   29.703436][  T356]  dump_stack+0x15/0x17
[   29.707426][  T356]  should_fail_ex+0x3d0/0x520
[   29.711942][  T356]  should_fail_alloc_page+0x68/0x90
[   29.716976][  T356]  __alloc_pages+0x1f4/0x780
[   29.721401][  T356]  ? prep_new_page+0x110/0x110
[   29.726003][  T356]  ? __this_cpu_preempt_check+0x13/0x20
[   29.731382][  T356]  __folio_alloc+0x15/0x40
[   29.735635][  T356]  wp_page_copy+0x23c/0x1610
[   29.740063][  T356]  ? __switch_to+0x62c/0x1190
[   29.744580][  T356]  ? compat_start_thread+0x20/0x20
[   29.749524][  T356]  ? fault_dirty_shared_page+0x300/0x300
[   29.754996][  T356]  ? native_set_ldt+0x130/0x130
[   29.759683][  T356]  do_wp_page+0xbbf/0xd80
[   29.763851][  T356]  handle_mm_fault+0x15a2/0x2f40
[   29.768623][  T356]  ? numa_migrate_prep+0xe0/0xe0
[   29.773507][  T356]  ? lock_vma_under_rcu+0x47a/0x540
[   29.778537][  T356]  ? __kasan_check_write+0x14/0x20
[   29.783481][  T356]  ? fpregs_restore_userregs+0x130/0x290
[   29.788951][  T356]  exc_page_fault+0x3a6/0x6e0
[   29.793463][  T356]  asm_exc_page_fault+0x27/0x30
[   29.798151][  T356] RIP: 0033:0x7fab4970b4f0
[   29.802406][  T356] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   29.821846][  T356] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   29.827748][  T356] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   29.835561][  T356] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   29.843372][  T356] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   29.851189][  T356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid   356] exit_group(0)               = ?
[pid   356] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs")                 = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./48")                           = 0
mkdir("./49", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 357
./strace-static-x86_64: Process 357 attached
[pid   357] set_robust_list(0x555557113660, 24) = 0
[pid   357] chdir("./49")               = 0
[pid   357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   357] setpgid(0, 0)               = 0
[pid   357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   357] write(3, "1000", 4)         = 4
[pid   357] close(3)                    = 0
[pid   357] symlink("/dev/binderfs", "./binderfs") = 0
[pid   357] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   357] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   357] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   357] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   357] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   357] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   357] write(6, "7", 1)            = 1
[pid   357] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   357] exit_group(0)               = ?
[pid   357] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs")                 = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./49")                           = 0
mkdir("./50", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 358
./strace-static-x86_64: Process 358 attached
[pid   358] set_robust_list(0x555557113660, 24) = 0
[pid   358] chdir("./50")               = 0
[pid   358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   358] setpgid(0, 0)               = 0
[pid   358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   358] write(3, "1000", 4)         = 4
[pid   358] close(3)                    = 0
[pid   358] symlink("/dev/binderfs", "./binderfs") = 0
[pid   358] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   358] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   358] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   358] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   358] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   358] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   358] write(6, "7", 1)            = 1
[pid   358] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   29.858998][  T356] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   29.866815][  T356]  </TASK>
[   29.893787][  T358] FAULT_INJECTION: forcing a failure.
[   29.893787][  T358] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   29.907140][  T358] CPU: 0 PID: 358 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   29.918495][  T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   29.928368][  T358] Call Trace:
[   29.931491][  T358]  <TASK>
[   29.934269][  T358]  dump_stack_lvl+0x151/0x1b7
[   29.938786][  T358]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   29.944165][  T358]  ? __sched_clock_gtod_offset+0x100/0x100
[   29.949805][  T358]  dump_stack+0x15/0x17
[   29.953799][  T358]  should_fail_ex+0x3d0/0x520
[   29.958315][  T358]  should_fail_alloc_page+0x68/0x90
[   29.963352][  T358]  __alloc_pages+0x1f4/0x780
[   29.967774][  T358]  ? prep_new_page+0x110/0x110
[   29.972388][  T358]  ? __this_cpu_preempt_check+0x13/0x20
[   29.977761][  T358]  __folio_alloc+0x15/0x40
[   29.982009][  T358]  wp_page_copy+0x23c/0x1610
[   29.986434][  T358]  ? __switch_to+0x62c/0x1190
[   29.990952][  T358]  ? compat_start_thread+0x20/0x20
[   29.995894][  T358]  ? fault_dirty_shared_page+0x300/0x300
[   30.001365][  T358]  do_wp_page+0xbbf/0xd80
[   30.005531][  T358]  handle_mm_fault+0x15a2/0x2f40
[   30.010312][  T358]  ? numa_migrate_prep+0xe0/0xe0
[   30.015083][  T358]  ? lock_vma_under_rcu+0x47a/0x540
[   30.020114][  T358]  ? __kasan_check_write+0x14/0x20
[   30.025061][  T358]  ? fpregs_restore_userregs+0x130/0x290
[   30.030530][  T358]  exc_page_fault+0x3a6/0x6e0
[   30.035043][  T358]  asm_exc_page_fault+0x27/0x30
[   30.039732][  T358] RIP: 0033:0x7fab4970b4f0
[   30.044000][  T358] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   30.063427][  T358] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   30.069328][  T358] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   30.077138][  T358] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   30.084951][  T358] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid   358] exit_group(0)               = ?
[pid   358] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs")                 = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./50")                           = 0
mkdir("./51", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 360
./strace-static-x86_64: Process 360 attached
[pid   360] set_robust_list(0x555557113660, 24) = 0
[pid   360] chdir("./51")               = 0
[pid   360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   360] setpgid(0, 0)               = 0
[pid   360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   360] write(3, "1000", 4)         = 4
[pid   360] close(3)                    = 0
[pid   360] symlink("/dev/binderfs", "./binderfs") = 0
[pid   360] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   360] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   360] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   360] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   360] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   360] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   360] write(6, "7", 1)            = 1
[pid   360] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   30.092762][  T358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   30.100576][  T358] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   30.108397][  T358]  </TASK>
[   30.123396][  T360] FAULT_INJECTION: forcing a failure.
[   30.123396][  T360] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   30.136494][  T360] CPU: 1 PID: 360 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   30.147764][  T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   30.157659][  T360] Call Trace:
[   30.160785][  T360]  <TASK>
[   30.163575][  T360]  dump_stack_lvl+0x151/0x1b7
[   30.168078][  T360]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   30.173369][  T360]  ? __sched_clock_gtod_offset+0x100/0x100
[   30.179013][  T360]  dump_stack+0x15/0x17
[   30.183004][  T360]  should_fail_ex+0x3d0/0x520
[   30.187521][  T360]  should_fail_alloc_page+0x68/0x90
[   30.192556][  T360]  __alloc_pages+0x1f4/0x780
[   30.196989][  T360]  ? prep_new_page+0x110/0x110
[   30.201581][  T360]  ? __this_cpu_preempt_check+0x13/0x20
[   30.206961][  T360]  __folio_alloc+0x15/0x40
[   30.211216][  T360]  wp_page_copy+0x23c/0x1610
[   30.215643][  T360]  ? __switch_to+0x62c/0x1190
[   30.220158][  T360]  ? compat_start_thread+0x20/0x20
[   30.225103][  T360]  ? fault_dirty_shared_page+0x300/0x300
[   30.230580][  T360]  do_wp_page+0xbbf/0xd80
[   30.234738][  T360]  handle_mm_fault+0x15a2/0x2f40
[   30.239519][  T360]  ? numa_migrate_prep+0xe0/0xe0
[   30.244286][  T360]  ? lock_vma_under_rcu+0x47a/0x540
[   30.249320][  T360]  ? __kasan_check_write+0x14/0x20
[   30.254267][  T360]  ? fpregs_restore_userregs+0x130/0x290
[   30.259737][  T360]  exc_page_fault+0x3a6/0x6e0
[   30.264248][  T360]  asm_exc_page_fault+0x27/0x30
[   30.268935][  T360] RIP: 0033:0x7fab4970b4f0
[   30.273194][  T360] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[pid   360] exit_group(0)               = ?
[pid   360] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs")                 = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./51")                           = 0
mkdir("./52", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 361
./strace-static-x86_64: Process 361 attached
[pid   361] set_robust_list(0x555557113660, 24) = 0
[pid   361] chdir("./52")               = 0
[pid   361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   361] setpgid(0, 0)               = 0
[pid   361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   361] write(3, "1000", 4)         = 4
[pid   361] close(3)                    = 0
[pid   361] symlink("/dev/binderfs", "./binderfs") = 0
[pid   361] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   361] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   361] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   361] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   361] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   361] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   361] write(6, "7", 1)            = 1
[pid   361] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   30.292639][  T360] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   30.298535][  T360] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   30.306348][  T360] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   30.314158][  T360] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   30.321970][  T360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   30.329781][  T360] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   30.337602][  T360]  </TASK>
[   30.351058][  T361] FAULT_INJECTION: forcing a failure.
[   30.351058][  T361] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   30.364137][  T361] CPU: 1 PID: 361 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   30.375428][  T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   30.385326][  T361] Call Trace:
[   30.388450][  T361]  <TASK>
[   30.391230][  T361]  dump_stack_lvl+0x151/0x1b7
[   30.395768][  T361]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   30.401036][  T361]  ? yield_to_task_fair+0x190/0x190
[   30.406071][  T361]  dump_stack+0x15/0x17
[   30.410064][  T361]  should_fail_ex+0x3d0/0x520
[   30.414576][  T361]  should_fail_alloc_page+0x68/0x90
[   30.419617][  T361]  __alloc_pages+0x1f4/0x780
[   30.424045][  T361]  ? prep_new_page+0x110/0x110
[   30.428641][  T361]  ? __this_cpu_preempt_check+0x13/0x20
[   30.434021][  T361]  __folio_alloc+0x15/0x40
[   30.438270][  T361]  wp_page_copy+0x23c/0x1610
[   30.442701][  T361]  ? __switch_to+0x62c/0x1190
[   30.447211][  T361]  ? compat_start_thread+0x20/0x20
[   30.452159][  T361]  ? fault_dirty_shared_page+0x300/0x300
[   30.457628][  T361]  ? native_set_ldt+0x130/0x130
[   30.462338][  T361]  do_wp_page+0xbbf/0xd80
[   30.466485][  T361]  handle_mm_fault+0x15a2/0x2f40
[   30.471258][  T361]  ? numa_migrate_prep+0xe0/0xe0
[   30.476028][  T361]  ? lock_vma_under_rcu+0x47a/0x540
[   30.481071][  T361]  ? __kasan_check_write+0x14/0x20
[   30.486011][  T361]  ? fpregs_restore_userregs+0x130/0x290
[   30.491479][  T361]  exc_page_fault+0x3a6/0x6e0
[   30.495993][  T361]  asm_exc_page_fault+0x27/0x30
[   30.500681][  T361] RIP: 0033:0x7fab4970b4f0
[   30.504934][  T361] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   30.524376][  T361] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   30.530283][  T361] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   30.538089][  T361] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid   361] exit_group(0)               = ?
[pid   361] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs")                 = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./52")                           = 0
mkdir("./53", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 362
./strace-static-x86_64: Process 362 attached
[pid   362] set_robust_list(0x555557113660, 24) = 0
[pid   362] chdir("./53")               = 0
[pid   362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   362] setpgid(0, 0)               = 0
[pid   362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   362] write(3, "1000", 4)         = 4
[pid   362] close(3)                    = 0
[pid   362] symlink("/dev/binderfs", "./binderfs") = 0
[pid   362] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   362] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   362] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   362] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   362] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   362] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   362] write(6, "7", 1)            = 1
[pid   362] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   362] exit_group(0)               = ?
[pid   362] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs")                 = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./53")                           = 0
mkdir("./54", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 363
./strace-static-x86_64: Process 363 attached
[pid   363] set_robust_list(0x555557113660, 24) = 0
[pid   363] chdir("./54")               = 0
[pid   363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   363] setpgid(0, 0)               = 0
[pid   363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   363] write(3, "1000", 4)         = 4
[pid   363] close(3)                    = 0
[pid   363] symlink("/dev/binderfs", "./binderfs") = 0
[pid   363] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   363] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   363] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   363] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   363] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   363] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   363] write(6, "7", 1)            = 1
[pid   363] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   30.545901][  T361] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   30.553714][  T361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   30.561524][  T361] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   30.569343][  T361]  </TASK>
[   30.593568][  T363] FAULT_INJECTION: forcing a failure.
[   30.593568][  T363] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   30.606762][  T363] CPU: 0 PID: 363 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   30.618143][  T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   30.628049][  T363] Call Trace:
[   30.631162][  T363]  <TASK>
[   30.633941][  T363]  dump_stack_lvl+0x151/0x1b7
[   30.638454][  T363]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   30.643749][  T363]  ? yield_to_task_fair+0x190/0x190
[   30.648786][  T363]  dump_stack+0x15/0x17
[   30.652780][  T363]  should_fail_ex+0x3d0/0x520
[   30.657289][  T363]  should_fail_alloc_page+0x68/0x90
[   30.662322][  T363]  __alloc_pages+0x1f4/0x780
[   30.666752][  T363]  ? prep_new_page+0x110/0x110
[   30.671358][  T363]  ? __this_cpu_preempt_check+0x13/0x20
[   30.676735][  T363]  __folio_alloc+0x15/0x40
[   30.681082][  T363]  wp_page_copy+0x23c/0x1610
[   30.685505][  T363]  ? __switch_to+0x62c/0x1190
[   30.690015][  T363]  ? compat_start_thread+0x20/0x20
[   30.694961][  T363]  ? fault_dirty_shared_page+0x300/0x300
[   30.700431][  T363]  ? native_set_ldt+0x130/0x130
[   30.705115][  T363]  do_wp_page+0xbbf/0xd80
[   30.709284][  T363]  handle_mm_fault+0x15a2/0x2f40
[   30.714058][  T363]  ? numa_migrate_prep+0xe0/0xe0
[   30.718872][  T363]  ? lock_vma_under_rcu+0x47a/0x540
[   30.723869][  T363]  ? __kasan_check_write+0x14/0x20
[   30.728812][  T363]  ? fpregs_restore_userregs+0x130/0x290
[   30.734282][  T363]  exc_page_fault+0x3a6/0x6e0
[   30.738806][  T363]  asm_exc_page_fault+0x27/0x30
[   30.743484][  T363] RIP: 0033:0x7fab4970b4f0
[   30.747734][  T363] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   30.767267][  T363] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   30.773165][  T363] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   30.780978][  T363] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid   363] exit_group(0)               = ?
[pid   363] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs")                 = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./54")                           = 0
mkdir("./55", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 364 attached
, child_tidptr=0x555557113650) = 364
[pid   364] set_robust_list(0x555557113660, 24) = 0
[pid   364] chdir("./55")               = 0
[pid   364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   364] setpgid(0, 0)               = 0
[pid   364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   364] write(3, "1000", 4)         = 4
[pid   364] close(3)                    = 0
[pid   364] symlink("/dev/binderfs", "./binderfs") = 0
[pid   364] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   364] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   364] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   364] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   364] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   364] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   364] write(6, "7", 1)            = 1
[   30.788789][  T363] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   30.796599][  T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   30.804420][  T363] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   30.812231][  T363]  </TASK>
[   30.826337][  T364] FAULT_INJECTION: forcing a failure.
[   30.826337][  T364] name failslab, interval 1, probability 0, space 0, times 0
[   30.838889][  T364] CPU: 0 PID: 364 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   30.850223][  T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   30.860117][  T364] Call Trace:
[   30.863241][  T364]  <TASK>
[   30.866017][  T364]  dump_stack_lvl+0x151/0x1b7
[   30.870532][  T364]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   30.875841][  T364]  ? kern_path+0x147/0x1a0
[   30.880080][  T364]  ? kasan_set_track+0x60/0x70
[   30.884678][  T364]  ? kasan_save_free_info+0x2b/0x40
[   30.889717][  T364]  dump_stack+0x15/0x17
[   30.893707][  T364]  should_fail_ex+0x3d0/0x520
[   30.898221][  T364]  ? jbd2__journal_start+0x150/0x720
[   30.903348][  T364]  __should_failslab+0xaf/0xf0
[   30.907943][  T364]  should_failslab+0x9/0x20
[   30.912282][  T364]  kmem_cache_alloc+0x3b/0x2c0
[   30.916887][  T364]  ? avc_denied+0x1b0/0x1b0
[   30.921228][  T364]  jbd2__journal_start+0x150/0x720
[   30.926176][  T364]  __ext4_journal_start_sb+0x24d/0x4b0
[   30.931466][  T364]  ext4_dirty_inode+0x8f/0x100
[   30.936064][  T364]  ? __ext4_expand_extra_isize+0x420/0x420
[   30.941708][  T364]  __mark_inode_dirty+0x200/0xa60
[   30.946572][  T364]  touch_atime+0x378/0x540
[   30.950824][  T364]  ? current_time+0x2f0/0x2f0
[   30.955437][  T364]  unix_find_other+0x799/0x8e0
[   30.960034][  T364]  ? avc_has_perm+0x16f/0x260
[   30.964549][  T364]  ? unix_insert_bsd_socket+0x250/0x250
[   30.969937][  T364]  unix_dgram_sendmsg+0xc1f/0x2050
[   30.974881][  T364]  ? unix_dgram_poll+0x710/0x710
[   30.979653][  T364]  ? security_socket_sendmsg+0x82/0xb0
[   30.984950][  T364]  ? unix_dgram_poll+0x710/0x710
[   30.989724][  T364]  ____sys_sendmsg+0x5dc/0x9d0
[   30.994327][  T364]  ? __sys_sendmsg_sock+0x40/0x40
[   30.999183][  T364]  __sys_sendmmsg+0x3b9/0x6f0
[   31.003703][  T364]  ? __ia32_sys_sendmsg+0x90/0x90
[   31.008554][  T364]  ? __switch_to+0x62c/0x1190
[   31.013090][  T364]  ? __sched_clock_gtod_offset+0x100/0x100
[   31.018726][  T364]  ? _raw_spin_unlock+0x4c/0x70
[   31.023402][  T364]  ? finish_task_switch+0x167/0x7b0
[   31.028433][  T364]  ? __schedule+0xca1/0x1540
[   31.032860][  T364]  ? __kasan_check_write+0x14/0x20
[   31.037813][  T364]  ? __kasan_check_write+0x14/0x20
[   31.042753][  T364]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   31.047706][  T364]  ? _raw_spin_lock_irqsave+0x210/0x210
[   31.053083][  T364]  ? cgroup_update_frozen+0x15f/0x980
[   31.058291][  T364]  ? memset+0x35/0x40
[   31.062115][  T364]  ? __kasan_check_write+0x14/0x20
[   31.067056][  T364]  ? fpregs_restore_userregs+0x130/0x290
[   31.072527][  T364]  __x64_sys_sendmmsg+0xa0/0xb0
[   31.077213][  T364]  do_syscall_64+0x3d/0xb0
[   31.081467][  T364]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   31.087195][  T364] RIP: 0033:0x7fab497355a9
[   31.091452][  T364] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   31.110894][  T364] RSP: 002b:00007ffca7df4b58 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   31.119143][  T364] RAX: ffffffffffffffda RBX: 00007ffca7df4b80 RCX: 00007fab497355a9
[   31.126955][  T364] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[   31.134764][  T364] RBP: 0000000000000001 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid   364] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   364] exit_group(0)               = ?
[pid   364] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs")                 = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./55")                           = 0
mkdir("./56", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 366
./strace-static-x86_64: Process 366 attached
[pid   366] set_robust_list(0x555557113660, 24) = 0
[pid   366] chdir("./56")               = 0
[pid   366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   366] setpgid(0, 0)               = 0
[pid   366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "1000", 4)         = 4
[pid   366] close(3)                    = 0
[pid   366] symlink("/dev/binderfs", "./binderfs") = 0
[pid   366] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   366] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   366] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   366] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   366] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   366] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   366] write(6, "7", 1)            = 1
[pid   366] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   31.142573][  T364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   31.150388][  T364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   31.158201][  T364]  </TASK>
[   31.173175][  T366] FAULT_INJECTION: forcing a failure.
[   31.173175][  T366] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   31.186254][  T366] CPU: 0 PID: 366 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   31.197636][  T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   31.207533][  T366] Call Trace:
[   31.210651][  T366]  <TASK>
[   31.213427][  T366]  dump_stack_lvl+0x151/0x1b7
[   31.217944][  T366]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   31.223239][  T366]  dump_stack+0x15/0x17
[   31.227230][  T366]  should_fail_ex+0x3d0/0x520
[   31.231746][  T366]  should_fail_alloc_page+0x68/0x90
[   31.236778][  T366]  __alloc_pages+0x1f4/0x780
[   31.241204][  T366]  ? prep_new_page+0x110/0x110
[   31.245804][  T366]  ? __this_cpu_preempt_check+0x13/0x20
[   31.251202][  T366]  __folio_alloc+0x15/0x40
[   31.255441][  T366]  wp_page_copy+0x23c/0x1610
[   31.259865][  T366]  ? __switch_to+0x62c/0x1190
[   31.264385][  T366]  ? compat_start_thread+0x20/0x20
[   31.269413][  T366]  ? fault_dirty_shared_page+0x300/0x300
[   31.274884][  T366]  do_wp_page+0xbbf/0xd80
[   31.279049][  T366]  handle_mm_fault+0x15a2/0x2f40
[   31.283825][  T366]  ? numa_migrate_prep+0xe0/0xe0
[   31.288597][  T366]  ? lock_vma_under_rcu+0x47a/0x540
[   31.293631][  T366]  ? __kasan_check_write+0x14/0x20
[   31.298579][  T366]  ? fpregs_restore_userregs+0x130/0x290
[   31.304050][  T366]  exc_page_fault+0x3a6/0x6e0
[   31.308560][  T366]  asm_exc_page_fault+0x27/0x30
[   31.313248][  T366] RIP: 0033:0x7fab4970b4f0
[   31.317500][  T366] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   31.336946][  T366] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid   366] exit_group(0)               = ?
[pid   366] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs")                 = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./56")                           = 0
mkdir("./57", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 368 attached
, child_tidptr=0x555557113650) = 368
[pid   368] set_robust_list(0x555557113660, 24) = 0
[pid   368] chdir("./57")               = 0
[pid   368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   368] setpgid(0, 0)               = 0
[pid   368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   368] write(3, "1000", 4)         = 4
[pid   368] close(3)                    = 0
[pid   368] symlink("/dev/binderfs", "./binderfs") = 0
[pid   368] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   368] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   368] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   368] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   368] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   368] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   368] write(6, "7", 1)            = 1
[pid   368] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   31.342848][  T366] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   31.350658][  T366] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   31.358473][  T366] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   31.366284][  T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   31.374092][  T366] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   31.381909][  T366]  </TASK>
[   31.398164][  T368] FAULT_INJECTION: forcing a failure.
[   31.398164][  T368] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   31.411329][  T368] CPU: 0 PID: 368 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   31.422656][  T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   31.432552][  T368] Call Trace:
[   31.435681][  T368]  <TASK>
[   31.438474][  T368]  dump_stack_lvl+0x151/0x1b7
[   31.442968][  T368]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   31.448262][  T368]  ? yield_to_task_fair+0x190/0x190
[   31.453298][  T368]  dump_stack+0x15/0x17
[   31.457290][  T368]  should_fail_ex+0x3d0/0x520
[   31.461803][  T368]  should_fail_alloc_page+0x68/0x90
[   31.466838][  T368]  __alloc_pages+0x1f4/0x780
[   31.471268][  T368]  ? prep_new_page+0x110/0x110
[   31.475866][  T368]  ? __this_cpu_preempt_check+0x13/0x20
[   31.481246][  T368]  __folio_alloc+0x15/0x40
[   31.485499][  T368]  wp_page_copy+0x23c/0x1610
[   31.489926][  T368]  ? __switch_to+0x62c/0x1190
[   31.494440][  T368]  ? compat_start_thread+0x20/0x20
[   31.499386][  T368]  ? fault_dirty_shared_page+0x300/0x300
[   31.504856][  T368]  ? native_set_ldt+0x130/0x130
[   31.509544][  T368]  do_wp_page+0xbbf/0xd80
[   31.513709][  T368]  handle_mm_fault+0x15a2/0x2f40
[   31.518484][  T368]  ? numa_migrate_prep+0xe0/0xe0
[   31.523257][  T368]  ? lock_vma_under_rcu+0x47a/0x540
[   31.528292][  T368]  ? __kasan_check_write+0x14/0x20
[   31.533238][  T368]  ? fpregs_restore_userregs+0x130/0x290
[   31.538710][  T368]  exc_page_fault+0x3a6/0x6e0
[   31.543222][  T368]  asm_exc_page_fault+0x27/0x30
[   31.547907][  T368] RIP: 0033:0x7fab4970b4f0
[   31.552160][  T368] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   31.571609][  T368] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   31.577512][  T368] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   31.585331][  T368] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[pid   368] exit_group(0)               = ?
[pid   368] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs")                 = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./57")                           = 0
mkdir("./58", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 369
./strace-static-x86_64: Process 369 attached
[pid   369] set_robust_list(0x555557113660, 24) = 0
[pid   369] chdir("./58")               = 0
[pid   369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   369] setpgid(0, 0)               = 0
[pid   369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   369] write(3, "1000", 4)         = 4
[pid   369] close(3)                    = 0
[pid   369] symlink("/dev/binderfs", "./binderfs") = 0
[pid   369] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   369] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   369] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   369] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   369] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   369] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   369] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   369] write(6, "7", 1)            = 1
[pid   369] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   369] exit_group(0)               = ?
[pid   369] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs")                 = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./58")                           = 0
mkdir("./59", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 370
./strace-static-x86_64: Process 370 attached
[pid   370] set_robust_list(0x555557113660, 24) = 0
[pid   370] chdir("./59")               = 0
[pid   370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   370] setpgid(0, 0)               = 0
[pid   370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   370] write(3, "1000", 4)         = 4
[pid   370] close(3)                    = 0
[pid   370] symlink("/dev/binderfs", "./binderfs") = 0
[pid   370] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   370] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   370] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   370] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   370] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   370] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   370] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   370] write(6, "7", 1)            = 1
[   31.593136][  T368] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   31.600949][  T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   31.608757][  T368] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   31.616570][  T368]  </TASK>
[   31.619632][  T368] pagefault_out_of_memory: 10 callbacks suppressed
[   31.619642][  T368] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[pid   370] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   31.657133][  T370] FAULT_INJECTION: forcing a failure.
[   31.657133][  T370] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   31.670503][  T370] CPU: 1 PID: 370 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   31.681859][  T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   31.691815][  T370] Call Trace:
[   31.694878][  T370]  <TASK>
[   31.697655][  T370]  dump_stack_lvl+0x151/0x1b7
[   31.702177][  T370]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   31.707462][  T370]  ? __sched_clock_gtod_offset+0x100/0x100
[   31.713214][  T370]  dump_stack+0x15/0x17
[   31.717292][  T370]  should_fail_ex+0x3d0/0x520
[   31.721811][  T370]  should_fail_alloc_page+0x68/0x90
[   31.726841][  T370]  __alloc_pages+0x1f4/0x780
[   31.731275][  T370]  ? prep_new_page+0x110/0x110
[   31.735873][  T370]  __folio_alloc+0x15/0x40
[   31.740118][  T370]  wp_page_copy+0x23c/0x1610
[   31.744546][  T370]  ? __switch_to+0x62c/0x1190
[   31.749061][  T370]  ? compat_start_thread+0x20/0x20
[   31.754014][  T370]  ? fault_dirty_shared_page+0x300/0x300
[   31.759481][  T370]  do_wp_page+0xbbf/0xd80
[   31.763644][  T370]  handle_mm_fault+0x15a2/0x2f40
[   31.768425][  T370]  ? numa_migrate_prep+0xe0/0xe0
[   31.773195][  T370]  ? lock_vma_under_rcu+0x47a/0x540
[   31.778227][  T370]  ? __kasan_check_write+0x14/0x20
[   31.783173][  T370]  ? fpregs_restore_userregs+0x130/0x290
[   31.788646][  T370]  exc_page_fault+0x3a6/0x6e0
[   31.793153][  T370]  asm_exc_page_fault+0x27/0x30
[   31.797850][  T370] RIP: 0033:0x7fab4970b4f0
[   31.802099][  T370] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   31.821543][  T370] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   31.827444][  T370] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   31.835252][  T370] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   31.843066][  T370] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[pid   370] exit_group(0)               = ?
[pid   370] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs")                 = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./59")                           = 0
mkdir("./60", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 371
./strace-static-x86_64: Process 371 attached
[pid   371] set_robust_list(0x555557113660, 24) = 0
[pid   371] chdir("./60")               = 0
[pid   371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   371] setpgid(0, 0)               = 0
[pid   371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   371] write(3, "1000", 4)         = 4
[pid   371] close(3)                    = 0
[pid   371] symlink("/dev/binderfs", "./binderfs") = 0
[pid   371] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   371] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   371] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   371] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   371] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   371] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   371] write(6, "7", 1)            = 1
[pid   371] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   31.850881][  T370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   31.858688][  T370] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   31.866508][  T370]  </TASK>
[   31.870209][  T370] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   31.888639][  T371] FAULT_INJECTION: forcing a failure.
[   31.888639][  T371] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   31.901737][  T371] CPU: 1 PID: 371 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   31.913027][  T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   31.922921][  T371] Call Trace:
[   31.926046][  T371]  <TASK>
[   31.928823][  T371]  dump_stack_lvl+0x151/0x1b7
[   31.933338][  T371]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   31.938634][  T371]  ? yield_to_task_fair+0x190/0x190
[   31.943678][  T371]  dump_stack+0x15/0x17
[   31.947659][  T371]  should_fail_ex+0x3d0/0x520
[   31.952178][  T371]  should_fail_alloc_page+0x68/0x90
[   31.957208][  T371]  __alloc_pages+0x1f4/0x780
[   31.961634][  T371]  ? prep_new_page+0x110/0x110
[   31.966234][  T371]  ? __this_cpu_preempt_check+0x13/0x20
[   31.971618][  T371]  __folio_alloc+0x15/0x40
[   31.975883][  T371]  wp_page_copy+0x23c/0x1610
[   31.980294][  T371]  ? __switch_to+0x62c/0x1190
[   31.984896][  T371]  ? compat_start_thread+0x20/0x20
[   31.989843][  T371]  ? fault_dirty_shared_page+0x300/0x300
[   31.995309][  T371]  ? native_set_ldt+0x130/0x130
[   32.000002][  T371]  do_wp_page+0xbbf/0xd80
[   32.004171][  T371]  handle_mm_fault+0x15a2/0x2f40
[   32.008944][  T371]  ? numa_migrate_prep+0xe0/0xe0
[   32.013717][  T371]  ? lock_vma_under_rcu+0x47a/0x540
[   32.018752][  T371]  ? __kasan_check_write+0x14/0x20
[   32.023692][  T371]  ? fpregs_restore_userregs+0x130/0x290
[   32.029171][  T371]  exc_page_fault+0x3a6/0x6e0
[   32.033677][  T371]  asm_exc_page_fault+0x27/0x30
[   32.038363][  T371] RIP: 0033:0x7fab4970b4f0
[   32.042624][  T371] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   32.062232][  T371] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   32.068137][  T371] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   32.075946][  T371] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   32.083762][  T371] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   32.091580][  T371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   32.099384][  T371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[pid   371] exit_group(0)               = ?
[pid   371] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs")                 = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./60")                           = 0
mkdir("./61", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 372
./strace-static-x86_64: Process 372 attached
[pid   372] set_robust_list(0x555557113660, 24) = 0
[pid   372] chdir("./61")               = 0
[pid   372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   372] setpgid(0, 0)               = 0
[pid   372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   372] write(3, "1000", 4)         = 4
[pid   372] close(3)                    = 0
[pid   372] symlink("/dev/binderfs", "./binderfs") = 0
[pid   372] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   372] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   372] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   372] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   372] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   372] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   372] write(6, "7", 1)            = 1
[pid   372] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[pid   372] exit_group(0)               = ?
[pid   372] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs")                 = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./61")                           = 0
mkdir("./62", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 373 attached
 <unfinished ...>
[pid   373] set_robust_list(0x555557113660, 24) = 0
[pid   373] chdir("./62")               = 0
[pid   373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   373] setpgid(0, 0)               = 0
[pid   373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   373] write(3, "1000", 4)         = 4
[pid   373] close(3)                    = 0
[pid   373] symlink("/dev/binderfs", "./binderfs") = 0
[pid   373] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   373] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72 <unfinished ...>
[pid   295] <... clone resumed>, child_tidptr=0x555557113650) = 373
[pid   373] <... bpf resumed>)          = 4
[pid   373] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   373] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   373] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   373] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   373] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   373] write(6, "7", 1)            = 1
[pid   373] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   32.107199][  T371]  </TASK>
[   32.110169][  T371] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   32.134849][  T373] FAULT_INJECTION: forcing a failure.
[   32.134849][  T373] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   32.148007][  T373] CPU: 0 PID: 373 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   32.159362][  T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   32.169259][  T373] Call Trace:
[   32.172381][  T373]  <TASK>
[   32.175161][  T373]  dump_stack_lvl+0x151/0x1b7
[   32.179671][  T373]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   32.184967][  T373]  ? yield_to_task_fair+0x190/0x190
[   32.189999][  T373]  dump_stack+0x15/0x17
[   32.193994][  T373]  should_fail_ex+0x3d0/0x520
[   32.198507][  T373]  should_fail_alloc_page+0x68/0x90
[   32.203546][  T373]  __alloc_pages+0x1f4/0x780
[   32.207971][  T373]  ? prep_new_page+0x110/0x110
[   32.212571][  T373]  __folio_alloc+0x15/0x40
[   32.216823][  T373]  wp_page_copy+0x23c/0x1610
[   32.221248][  T373]  ? __switch_to+0x62c/0x1190
[   32.225761][  T373]  ? compat_start_thread+0x20/0x20
[   32.230709][  T373]  ? fault_dirty_shared_page+0x300/0x300
[   32.236179][  T373]  ? __kasan_check_write+0x14/0x20
[   32.241126][  T373]  do_wp_page+0xbbf/0xd80
[   32.245297][  T373]  handle_mm_fault+0x15a2/0x2f40
[   32.250069][  T373]  ? numa_migrate_prep+0xe0/0xe0
[   32.254842][  T373]  ? lock_vma_under_rcu+0x47a/0x540
[   32.259878][  T373]  ? __kasan_check_write+0x14/0x20
[   32.264820][  T373]  ? fpregs_restore_userregs+0x130/0x290
[   32.270386][  T373]  exc_page_fault+0x3a6/0x6e0
[   32.274904][  T373]  asm_exc_page_fault+0x27/0x30
[   32.279586][  T373] RIP: 0033:0x7fab4970b4f0
[   32.283840][  T373] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   32.303285][  T373] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid   373] exit_group(0)               = ?
[pid   373] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs")                 = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./62")                           = 0
mkdir("./63", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 375
./strace-static-x86_64: Process 375 attached
[pid   375] set_robust_list(0x555557113660, 24) = 0
[pid   375] chdir("./63")               = 0
[pid   375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   375] setpgid(0, 0)               = 0
[pid   375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   375] write(3, "1000", 4)         = 4
[pid   375] close(3)                    = 0
[pid   375] symlink("/dev/binderfs", "./binderfs") = 0
[pid   375] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   375] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   375] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   375] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   375] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   375] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   375] write(6, "7", 1)            = 1
[pid   375] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   32.309183][  T373] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   32.316999][  T373] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   32.324811][  T373] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   32.332624][  T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   32.340521][  T373] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   32.348334][  T373]  </TASK>
[   32.351593][  T373] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   32.369532][  T375] FAULT_INJECTION: forcing a failure.
[   32.369532][  T375] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   32.382594][  T375] CPU: 0 PID: 375 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   32.393899][  T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   32.403797][  T375] Call Trace:
[   32.406924][  T375]  <TASK>
[   32.409701][  T375]  dump_stack_lvl+0x151/0x1b7
[   32.414213][  T375]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   32.419511][  T375]  dump_stack+0x15/0x17
[   32.423543][  T375]  should_fail_ex+0x3d0/0x520
[   32.428016][  T375]  should_fail_alloc_page+0x68/0x90
[   32.433047][  T375]  __alloc_pages+0x1f4/0x780
[   32.437476][  T375]  ? prep_new_page+0x110/0x110
[   32.442155][  T375]  ? __this_cpu_preempt_check+0x13/0x20
[   32.447545][  T375]  __folio_alloc+0x15/0x40
[   32.451796][  T375]  wp_page_copy+0x23c/0x1610
[   32.456226][  T375]  ? __switch_to+0x62c/0x1190
[   32.460734][  T375]  ? compat_start_thread+0x20/0x20
[   32.465680][  T375]  ? fault_dirty_shared_page+0x300/0x300
[   32.471157][  T375]  do_wp_page+0xbbf/0xd80
[   32.475322][  T375]  handle_mm_fault+0x15a2/0x2f40
[   32.480093][  T375]  ? numa_migrate_prep+0xe0/0xe0
[   32.484865][  T375]  ? lock_vma_under_rcu+0x47a/0x540
[   32.489903][  T375]  ? __kasan_check_write+0x14/0x20
[   32.494848][  T375]  ? fpregs_restore_userregs+0x130/0x290
[   32.500335][  T375]  exc_page_fault+0x3a6/0x6e0
[   32.504833][  T375]  asm_exc_page_fault+0x27/0x30
[   32.509518][  T375] RIP: 0033:0x7fab4970b4f0
[   32.513775][  T375] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   32.533211][  T375] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[   32.539120][  T375] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   32.546927][  T375] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   32.554737][  T375] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   32.562549][  T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[pid   375] exit_group(0)               = ?
[pid   375] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs")                 = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./63")                           = 0
mkdir("./64", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 376
./strace-static-x86_64: Process 376 attached
[pid   376] set_robust_list(0x555557113660, 24) = 0
[pid   376] chdir("./64")               = 0
[pid   376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   376] setpgid(0, 0)               = 0
[pid   376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   376] write(3, "1000", 4)         = 4
[pid   376] close(3)                    = 0
[pid   376] symlink("/dev/binderfs", "./binderfs") = 0
[pid   376] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   376] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   376] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   376] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   376] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   376] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   376] write(6, "7", 1)            = 1
[pid   376] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   32.570450][  T375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   32.578269][  T375]  </TASK>
[   32.581172][  T375] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   32.597915][  T376] FAULT_INJECTION: forcing a failure.
[   32.597915][  T376] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   32.611119][  T376] CPU: 0 PID: 376 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   32.622454][  T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   32.632352][  T376] Call Trace:
[   32.635477][  T376]  <TASK>
[   32.638254][  T376]  dump_stack_lvl+0x151/0x1b7
[   32.642766][  T376]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   32.648065][  T376]  dump_stack+0x15/0x17
[   32.652053][  T376]  should_fail_ex+0x3d0/0x520
[   32.656578][  T376]  should_fail_alloc_page+0x68/0x90
[   32.661609][  T376]  __alloc_pages+0x1f4/0x780
[   32.666030][  T376]  ? prep_new_page+0x110/0x110
[   32.670633][  T376]  ? __this_cpu_preempt_check+0x13/0x20
[   32.676011][  T376]  __folio_alloc+0x15/0x40
[   32.680273][  T376]  wp_page_copy+0x23c/0x1610
[   32.684702][  T376]  ? __switch_to+0x62c/0x1190
[   32.689216][  T376]  ? compat_start_thread+0x20/0x20
[   32.694157][  T376]  ? fault_dirty_shared_page+0x300/0x300
[   32.699650][  T376]  do_wp_page+0xbbf/0xd80
[   32.703790][  T376]  handle_mm_fault+0x15a2/0x2f40
[   32.708738][  T376]  ? numa_migrate_prep+0xe0/0xe0
[   32.713511][  T376]  ? lock_vma_under_rcu+0x47a/0x540
[   32.718548][  T376]  ? __kasan_check_write+0x14/0x20
[   32.723492][  T376]  ? fpregs_restore_userregs+0x130/0x290
[   32.728958][  T376]  exc_page_fault+0x3a6/0x6e0
[   32.733472][  T376]  asm_exc_page_fault+0x27/0x30
[   32.738161][  T376] RIP: 0033:0x7fab4970b4f0
[   32.742411][  T376] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d fd 0a 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 b0 38 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 38 0a 00 4c
[   32.761857][  T376] RSP: 002b:00007ffca7df4b00 EFLAGS: 00010246
[pid   376] exit_group(0)               = ?
[pid   376] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571146f0 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs")                 = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFSOCK|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file0")                    = 0
getdents64(3, 0x5555571146f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./64")                           = 0
mkdir("./65", 0777)                     = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557113650) = 377
./strace-static-x86_64: Process 377 attached
[pid   377] set_robust_list(0x555557113660, 24) = 0
[pid   377] chdir("./65")               = 0
[pid   377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   377] setpgid(0, 0)               = 0
[pid   377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   377] write(3, "1000", 4)         = 4
[pid   377] close(3)                    = 0
[pid   377] symlink("/dev/binderfs", "./binderfs") = 0
[pid   377] socket(AF_UNIX, SOCK_DGRAM, 0) = 3
[pid   377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000540, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
[pid   377] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   377] bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
[pid   377] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000180, value=0x200000c0, flags=BPF_ANY}, 32) = 0
[pid   377] bind(3, {sa_family=AF_UNIX, sun_path="./file0"}, 110) = 0
[pid   377] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   377] write(6, "7", 1)            = 1
[pid   377] sendmmsg(3, [{msg_hdr={msg_name={sa_family=AF_UNIX, sun_path="./file0"}, msg_namelen=110, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, 0) = 1
[   32.767758][  T376] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   32.775571][  T376] RDX: 0000000000000001 RSI: 00007fab497ac120 RDI: 0000000000000000
[   32.783384][  T376] RBP: 00007fab497ac120 R08: 00007ffca7df48f7 R09: 00007ffca7dfd198
[   32.791193][  T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   32.799006][  T376] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   32.806825][  T376]  </TASK>
[   32.810003][  T376] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   32.826302][  T377] FAULT_INJECTION: forcing a failure.
[   32.826302][  T377] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   32.839392][  T377] CPU: 1 PID: 377 Comm: syz-executor529 Tainted: G    B              6.1.25-syzkaller-00013-gd3212c2dbaba #0
[   32.850690][  T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   32.860583][  T377] Call Trace:
[   32.863710][  T377]  <TASK>
[   32.866487][  T377]  dump_stack_lvl+0x151/0x1b7
[   32.871000][  T377]  ? nf_tcp_handle_invalid+0x3f1/0x3f1