./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2238478279

<...>
Warning: Permanently added '10.128.10.29' (ED25519) to the list of known hosts.
execve("./syz-executor2238478279", ["./syz-executor2238478279"], 0x7ffff05f4c80 /* 10 vars */) = 0
brk(NULL)                               = 0x55557760b000
brk(0x55557760be00)                     = 0x55557760be00
arch_prctl(ARCH_SET_FS, 0x55557760b480) = 0
set_tid_address(0x55557760b750)         = 289
set_robust_list(0x55557760b760, 24)     = 0
rseq(0x55557760bda0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2238478279", 4096) = 28
getrandom("\x0b\xd6\xbc\x52\x65\x47\xb4\x08", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55557760be00
brk(0x55557762ce00)                     = 0x55557762ce00
brk(0x55557762d000)                     = 0x55557762d000
mprotect(0x7f42ed66b000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f42ed5c4a60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f42ed5cda00}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f42ed5c4a60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f42ed5cda00}, NULL, 8) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 290
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 291
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 292
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 293
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 294
./strace-static-x86_64: Process 294 attached
[pid   294] set_robust_list(0x55557760b760, 24) = 0
[pid   294] mkdir("./syzkaller.94a1pA", 0700) = 0
[pid   294] chmod("./syzkaller.94a1pA", 0777) = 0
[pid   294] chdir("./syzkaller.94a1pA") = 0
[pid   294] mkdir("./0", 0777)          = 0
./strace-static-x86_64: Process 293 attached
[pid   293] set_robust_list(0x55557760b760, 24) = 0
[pid   293] mkdir("./syzkaller.ECEMHG", 0700 <unfinished ...>
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   293] <... mkdir resumed>)        = 0
[pid   294] <... clone resumed>, child_tidptr=0x55557760b750) = 295
[pid   293] chmod("./syzkaller.ECEMHG", 0777) = 0
[pid   293] chdir("./syzkaller.ECEMHG") = 0
[pid   293] mkdir("./0", 0777)          = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 296
./strace-static-x86_64: Process 296 attached
[pid   296] set_robust_list(0x55557760b760, 24) = 0
[pid   296] chdir("./0")                = 0
[pid   296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   296] setpgid(0, 0)               = 0
[pid   296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 295 attached
./strace-static-x86_64: Process 292 attached
./strace-static-x86_64: Process 291 attached
./strace-static-x86_64: Process 290 attached
 <unfinished ...>
[pid   290] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   291] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   296] <... openat resumed>)       = 3
[pid   290] <... set_robust_list resumed>) = 0
[pid   291] <... set_robust_list resumed>) = 0
[pid   292] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   296] write(3, "1000", 4)         = 4
[pid   296] close(3)                    = 0
[pid   296] symlink("/dev/binderfs", "./binderfs"executing program
 <unfinished ...>
[pid   290] mkdir("./syzkaller.JUjwkx", 0700 <unfinished ...>
[pid   296] <... symlink resumed>)      = 0
[pid   296] write(1, "executing program\n", 18 <unfinished ...>
[pid   291] mkdir("./syzkaller.XOhIPP", 0700 <unfinished ...>
[pid   296] <... write resumed>)        = 18
[pid   296] perf_event_open( <unfinished ...>
[pid   290] <... mkdir resumed>)        = 0
[pid   290] chmod("./syzkaller.JUjwkx", 0777 <unfinished ...>
[pid   291] <... mkdir resumed>)        = 0
[pid   290] <... chmod resumed>)        = 0
[pid   290] chdir("./syzkaller.JUjwkx" <unfinished ...>
[pid   291] chmod("./syzkaller.XOhIPP", 0777 <unfinished ...>
[pid   292] <... set_robust_list resumed>) = 0
[pid   290] <... chdir resumed>)        = 0
[pid   296] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   295] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   292] mkdir("./syzkaller.ZQLnBA", 0700 <unfinished ...>
[pid   291] <... chmod resumed>)        = 0
[   24.006536][   T28] audit: type=1400 audit(1747369986.388:64): avc:  denied  { execmem } for  pid=289 comm="syz-executor223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   24.029817][   T28] audit: type=1400 audit(1747369986.408:65): avc:  denied  { open } for  pid=296 comm="syz-executor223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[pid   290] mkdir("./0", 0777 <unfinished ...>
[pid   296] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   295] <... set_robust_list resumed>) = 0
[pid   292] <... mkdir resumed>)        = 0
[pid   291] chdir("./syzkaller.XOhIPP" <unfinished ...>
[pid   290] <... mkdir resumed>)        = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   291] <... chdir resumed>)        = 0
[pid   291] mkdir("./0", 0777)          = 0
[pid   290] <... clone resumed>, child_tidptr=0x55557760b750) = 297
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   292] chmod("./syzkaller.ZQLnBA", 0777) = 0
[pid   292] chdir("./syzkaller.ZQLnBA") = 0
[pid   292] mkdir("./0", 0777)          = 0
[pid   291] <... clone resumed>, child_tidptr=0x55557760b750) = 298
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 299
[pid   295] chdir("./0")                = 0
[pid   295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   295] setpgid(0, 0)               = 0
[pid   295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   295] write(3, "1000", 4)         = 4
[pid   295] close(3)                    = 0
[pid   295] symlink("/dev/binderfs", "./binderfs") = 0
[pid   295] write(1, "executing program\n", 18executing program
) = 18
[pid   295] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   295] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 298 attached
./strace-static-x86_64: Process 299 attached
./strace-static-x86_64: Process 297 attached
 <unfinished ...>
[pid   298] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   299] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   298] <... set_robust_list resumed>) = 0
[pid   297] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   299] <... set_robust_list resumed>) = 0
[   24.050226][   T28] audit: type=1400 audit(1747369986.408:66): avc:  denied  { perfmon } for  pid=296 comm="syz-executor223" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   24.072653][   T28] audit: type=1400 audit(1747369986.408:67): avc:  denied  { kernel } for  pid=296 comm="syz-executor223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[pid   298] chdir("./0" <unfinished ...>
[pid   297] <... set_robust_list resumed>) = 0
[pid   299] chdir("./0")                = 0
[pid   298] <... chdir resumed>)        = 0
[pid   297] chdir("./0" <unfinished ...>
[pid   299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   298] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   297] <... chdir resumed>)        = 0
[pid   299] setpgid(0, 0 <unfinished ...>
[pid   298] <... prctl resumed>)        = 0
[pid   299] <... setpgid resumed>)      = 0
[pid   297] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   298] setpgid(0, 0 <unfinished ...>
[pid   299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   298] <... setpgid resumed>)      = 0
[pid   297] <... prctl resumed>)        = 0
[pid   299] <... openat resumed>)       = 3
[pid   298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   297] setpgid(0, 0 <unfinished ...>
[pid   299] write(3, "1000", 4)         = 4
[pid   298] <... openat resumed>)       = 3
[pid   297] <... setpgid resumed>)      = 0
[pid   295] <... bpf resumed>)          = 4
[pid   295] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   299] close(3 <unfinished ...>
[pid   298] write(3, "1000", 4 <unfinished ...>
[pid   299] <... close resumed>)        = 0
[pid   297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   298] <... write resumed>)        = 4
[pid   299] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   296] <... bpf resumed>)          = 4
[pid   298] close(3 <unfinished ...>
[pid   297] <... openat resumed>)       = 3
[pid   299] <... symlink resumed>)      = 0
executing program
[pid   299] write(1, "executing program\n", 18 <unfinished ...>
[pid   298] <... close resumed>)        = 0
[pid   297] write(3, "1000", 4 <unfinished ...>
[pid   296] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   299] <... write resumed>)        = 18
[pid   298] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   295] <... bpf resumed>)          = 5
[pid   297] <... write resumed>)        = 4
[pid   296] <... bpf resumed>)          = 5
[pid   298] <... symlink resumed>)      = 0
[pid   299] perf_event_open( <unfinished ...>
[pid   298] write(1, "executing program\n", 18 <unfinished ...>
[pid   297] close(3 <unfinished ...>
[pid   296] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWRexecuting program
 <unfinished ...>
[pid   297] <... close resumed>)        = 0
[pid   297] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   296] <... openat resumed>)       = 6
[pid   299] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   298] <... write resumed>)        = 18
[pid   297] <... symlink resumed>)      = 0
[pid   296] write(6, "1", 1 <unfinished ...>
[pid   298] perf_event_open( <unfinished ...>
[pid   297] write(1, "executing program\n", 18 <unfinished ...>
executing program
[pid   299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   296] <... write resumed>)        = 1
[pid   297] <... write resumed>)        = 18
[pid   298] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   297] perf_event_open( <unfinished ...>
[pid   299] <... bpf resumed>)          = 4
[pid   296] close(3 <unfinished ...>
[pid   298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   297] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   296] <... close resumed>)        = 0
[   24.093319][   T28] audit: type=1400 audit(1747369986.438:68): avc:  denied  { bpf } for  pid=295 comm="syz-executor223" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   24.114719][   T28] audit: type=1400 audit(1747369986.438:69): avc:  denied  { prog_load } for  pid=295 comm="syz-executor223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   24.136859][   T28] audit: type=1400 audit(1747369986.518:70): avc:  denied  { prog_run } for  pid=296 comm="syz-executor223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[pid   298] <... bpf resumed>)          = 4
[pid   299] <... bpf resumed>)          = 5
[pid   297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   299] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   297] <... bpf resumed>)          = 4
[pid   299] <... openat resumed>)       = 6
[pid   297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   299] write(6, "1", 1 <unfinished ...>
[pid   297] <... bpf resumed>)          = 5
[pid   299] <... write resumed>)        = 1
[pid   297] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   299] close(3 <unfinished ...>
[pid   297] <... openat resumed>)       = 6
[pid   299] <... close resumed>)        = 0
[   24.162615][  T296] FAULT_INJECTION: forcing a failure.
[   24.162615][  T296] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   24.169503][  T299] FAULT_INJECTION: forcing a failure.
[   24.169503][  T299] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   24.176723][  T296] CPU: 0 PID: 296 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   24.191042][  T297] FAULT_INJECTION: forcing a failure.
[   24.191042][  T297] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   24.200277][  T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   24.200313][  T296] Call Trace:
[   24.200320][  T296]  <TASK>
[   24.214477][  T295] FAULT_INJECTION: forcing a failure.
[   24.214477][  T295] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   24.224164][  T296]  __dump_stack+0x21/0x24
[   24.224210][  T296]  dump_stack_lvl+0xee/0x150
[   24.224234][  T296]  ? __cfi_dump_stack_lvl+0x8/0x8
[   24.224259][  T296]  dump_stack+0x15/0x24
[   24.224283][  T296]  should_fail_ex+0x3d4/0x520
[   24.224306][  T296]  should_fail_alloc_page+0x61/0x90
[   24.271937][  T296]  prepare_alloc_pages+0x148/0x5f0
[   24.277162][  T296]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   24.282424][  T296]  ? __kasan_record_aux_stack+0xb6/0xc0
[   24.288076][  T296]  ? call_rcu+0xd4/0xf90
[   24.292427][  T296]  __alloc_pages+0x115/0x3a0
[   24.297110][  T296]  ? __cfi___alloc_pages+0x10/0x10
[   24.302798][  T296]  ? __kasan_check_write+0x14/0x20
[   24.307952][  T296]  ? _raw_spin_lock+0x8e/0xe0
[   24.312674][  T296]  ? __cfi__raw_spin_lock+0x10/0x10
[   24.317878][  T296]  ? sched_clock_cpu+0x6e/0x250
[   24.322738][  T296]  __folio_alloc+0x12/0x40
[   24.327157][  T296]  wp_page_copy+0x280/0x15b0
[   24.332040][  T296]  ? __this_cpu_preempt_check+0x13/0x20
[   24.337679][  T296]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   24.344039][  T296]  ? fault_dirty_shared_page+0x310/0x310
[   24.349682][  T296]  ? _raw_spin_unlock+0x4c/0x70
[   24.354539][  T296]  ? finish_task_switch+0x16b/0x7b0
[   24.359741][  T296]  ? vm_normal_page+0x99/0x200
[   24.364619][  T296]  do_wp_page+0x9f2/0xfc0
[   24.369127][  T296]  handle_mm_fault+0x10e4/0x2640
[   24.375190][  T296]  ? __cfi_handle_mm_fault+0x10/0x10
[   24.380491][  T296]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   24.385937][  T296]  ? __this_cpu_preempt_check+0x13/0x20
[   24.391502][  T296]  ? xfd_validate_state+0x70/0x150
[   24.396622][  T296]  do_user_addr_fault+0x905/0x1050
[   24.401835][  T296]  exc_page_fault+0x51/0xb0
[   24.406338][  T296]  asm_exc_page_fault+0x27/0x30
[   24.411281][  T296] RIP: 0033:0x7f42ed5cde80
[   24.415694][  T296] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   24.435390][  T296] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   24.441525][  T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   24.449496][  T296] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[pid   297] write(6, "1", 1 <unfinished ...>
[pid   298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   297] <... write resumed>)        = 1
[pid   297] close(3)                    = 0
[pid   295] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   295] write(6, "1", 1)            = 1
[pid   295] close(3)                    = 0
[pid   298] <... bpf resumed>)          = 5
[   24.457469][  T296] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   24.465611][  T296] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[   24.473671][  T296] R13: 00007ffcb7e45088 R14: 00007ffcb7e44c90 R15: 0000000000000000
[   24.481850][  T296]  </TASK>
[   24.485612][  T296] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   24.487591][  T295] CPU: 1 PID: 295 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   24.503674][  T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   24.514008][  T295] Call Trace:
[   24.517471][  T295]  <TASK>
[   24.520515][  T295]  __dump_stack+0x21/0x24
[   24.524914][  T295]  dump_stack_lvl+0xee/0x150
[   24.529555][  T295]  ? __cfi_dump_stack_lvl+0x8/0x8
[   24.534853][  T295]  ? resched_curr+0x10e/0x380
[   24.539817][  T295]  ? __cfi_resched_curr+0x10/0x10
[   24.544874][  T295]  dump_stack+0x15/0x24
[   24.549058][  T295]  should_fail_ex+0x3d4/0x520
[   24.553761][  T295]  should_fail_alloc_page+0x61/0x90
[   24.559049][  T295]  prepare_alloc_pages+0x148/0x5f0
[pid   298] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   296] exit_group(0 <unfinished ...>
[pid   298] write(6, "1", 1 <unfinished ...>
[pid   296] <... exit_group resumed>)   = ?
[pid   298] <... write resumed>)        = 1
[pid   296] +++ exited with 0 +++
[pid   298] close(3 <unfinished ...>
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=10} ---
[pid   293] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   293] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./0/binderfs")      = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3)                    = 0
[pid   293] rmdir("./0")                = 0
[pid   293] mkdir("./1", 0777)          = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 300
[   24.564199][  T295]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   24.568218][  T298] FAULT_INJECTION: forcing a failure.
[   24.568218][  T298] name failslab, interval 1, probability 0, space 0, times 1
[   24.569866][  T295]  __alloc_pages+0x115/0x3a0
[   24.587221][  T295]  ? __cfi___alloc_pages+0x10/0x10
[   24.592366][  T295]  ? __kasan_check_write+0x14/0x20
[   24.597498][  T295]  ? _raw_spin_lock+0x8e/0xe0
[   24.602182][  T295]  ? __cfi__raw_spin_lock+0x10/0x10
[   24.607390][  T295]  ? __this_cpu_preempt_check+0x13/0x20
[   24.613123][  T295]  __folio_alloc+0x12/0x40
[   24.617652][  T295]  wp_page_copy+0x280/0x15b0
[   24.622260][  T295]  ? __this_cpu_preempt_check+0x13/0x20
[   24.627822][  T295]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   24.634249][  T295]  ? fault_dirty_shared_page+0x310/0x310
[   24.639897][  T295]  ? _raw_spin_unlock+0x4c/0x70
[   24.644790][  T295]  ? finish_task_switch+0x16b/0x7b0
[   24.650261][  T295]  ? vm_normal_page+0x99/0x200
[   24.655046][  T295]  do_wp_page+0x9f2/0xfc0
[   24.659387][  T295]  handle_mm_fault+0x10e4/0x2640
[   24.664349][  T295]  ? __cfi_handle_mm_fault+0x10/0x10
[   24.670142][  T295]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   24.675538][  T295]  ? __this_cpu_preempt_check+0x13/0x20
[   24.681188][  T295]  ? xfd_validate_state+0x70/0x150
[   24.686425][  T295]  do_user_addr_fault+0x905/0x1050
[   24.691600][  T295]  exc_page_fault+0x51/0xb0
[   24.696205][  T295]  asm_exc_page_fault+0x27/0x30
[   24.701087][  T295] RIP: 0033:0x7f42ed5cde80
[   24.705533][  T295] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   24.725848][  T295] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   24.731963][  T295] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   24.740558][  T295] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   24.748543][  T295] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   24.756623][  T295] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[   24.765151][  T295] R13: 00007ffcb7e45088 R14: 00007ffcb7e44c90 R15: 0000000000000000
[   24.775130][  T295]  </TASK>
[   24.778277][  T299] CPU: 0 PID: 299 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   24.788718][  T299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   24.799221][  T299] Call Trace:
[   24.802540][  T299]  <TASK>
[   24.805594][  T299]  __dump_stack+0x21/0x24
[   24.809958][  T299]  dump_stack_lvl+0xee/0x150
[   24.814646][  T299]  ? __cfi_dump_stack_lvl+0x8/0x8
[   24.819678][  T299]  ? __cfi_enqueue_task_fair+0x10/0x10
[   24.825430][  T299]  dump_stack+0x15/0x24
[   24.829619][  T299]  should_fail_ex+0x3d4/0x520
[   24.834443][  T299]  should_fail_alloc_page+0x61/0x90
[   24.840399][  T299]  prepare_alloc_pages+0x148/0x5f0
[   24.845569][  T299]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   24.850901][  T299]  __alloc_pages+0x115/0x3a0
[   24.855530][  T299]  ? __cfi___alloc_pages+0x10/0x10
[   24.860733][  T299]  ? __kasan_check_write+0x14/0x20
[   24.865974][  T299]  ? _raw_spin_lock+0x8e/0xe0
[   24.870846][  T299]  ? __cfi__raw_spin_lock+0x10/0x10
[   24.876330][  T299]  ? __this_cpu_preempt_check+0x13/0x20
[   24.881987][  T299]  __folio_alloc+0x12/0x40
[   24.886508][  T299]  wp_page_copy+0x280/0x15b0
[   24.891117][  T299]  ? __this_cpu_preempt_check+0x13/0x20
[   24.896859][  T299]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   24.903471][  T299]  ? fault_dirty_shared_page+0x310/0x310
[   24.909200][  T299]  ? _raw_spin_unlock+0x4c/0x70
[   24.914159][  T299]  ? finish_task_switch+0x16b/0x7b0
[   24.919365][  T299]  ? vm_normal_page+0x99/0x200
[   24.925630][  T299]  do_wp_page+0x9f2/0xfc0
[   24.930017][  T299]  handle_mm_fault+0x10e4/0x2640
[   24.935185][  T299]  ? __cfi_handle_mm_fault+0x10/0x10
[   24.940589][  T299]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   24.945804][  T299]  ? __this_cpu_preempt_check+0x13/0x20
[   24.951361][  T299]  ? xfd_validate_state+0x70/0x150
[   24.956495][  T299]  do_user_addr_fault+0x905/0x1050
[   24.962253][  T299]  exc_page_fault+0x51/0xb0
[   24.967010][  T299]  asm_exc_page_fault+0x27/0x30
[   24.972268][  T299] RIP: 0033:0x7f42ed5cde80
[   24.977307][  T299] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   24.998863][  T299] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   25.005114][  T299] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
./strace-static-x86_64: Process 300 attached
[   25.013166][  T299] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   25.021180][  T299] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   25.029148][  T299] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[   25.037221][  T299] R13: 00007ffcb7e45088 R14: 00007ffcb7e44c90 R15: 0000000000000000
[   25.045220][  T299]  </TASK>
[   25.048334][  T295] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   25.051741][  T298] CPU: 0 PID: 298 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   25.066125][  T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   25.076365][  T298] Call Trace:
[   25.079694][  T298]  <TASK>
[   25.082983][  T298]  __dump_stack+0x21/0x24
[   25.087334][  T298]  dump_stack_lvl+0xee/0x150
[   25.091931][  T298]  ? __cfi_dump_stack_lvl+0x8/0x8
[   25.097243][  T298]  dump_stack+0x15/0x24
[   25.101510][  T298]  should_fail_ex+0x3d4/0x520
[   25.106293][  T298]  __should_failslab+0xac/0xf0
[   25.111072][  T298]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   25.117100][  T298]  should_failslab+0x9/0x20
[   25.121839][  T298]  __kmem_cache_alloc_node+0x3d/0x2c0
[   25.127316][  T298]  ? __cfi_mutex_lock+0x10/0x10
[   25.132177][  T298]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   25.138164][  T298]  __kmalloc+0xa1/0x1e0
[   25.142320][  T298]  ? __kasan_check_write+0x14/0x20
[   25.147437][  T298]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   25.154031][  T298]  tracepoint_probe_unregister+0x1e6/0x8b0
[   25.160108][  T298]  trace_event_reg+0x21c/0x260
[   25.164901][  T298]  perf_trace_event_unreg+0xcc/0x1c0
[   25.170298][  T298]  perf_trace_destroy+0xbe/0x180
[   25.175709][  T298]  tp_perf_event_destroy+0x15/0x20
[   25.181090][  T298]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   25.187080][  T298]  _free_event+0x9cd/0xce0
[   25.191617][  T298]  perf_event_release_kernel+0x819/0x8a0
[   25.197261][  T298]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   25.203363][  T298]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   25.209524][  T298]  perf_release+0x3b/0x40
[   25.213860][  T298]  ? __cfi_perf_release+0x10/0x10
[   25.218888][  T298]  __fput+0x1fc/0x8f0
[   25.222966][  T298]  ____fput+0x15/0x20
[   25.227044][  T298]  task_work_run+0x1db/0x240
[   25.231653][  T298]  ? __cfi_task_work_run+0x10/0x10
[   25.236811][  T298]  ? task_work_add+0x2b1/0x330
[   25.241593][  T298]  ptrace_notify+0x221/0x250
[   25.246210][  T298]  ? __cfi_ptrace_notify+0x10/0x10
[   25.251411][  T298]  ? fput+0x15b/0x1a0
[   25.255389][  T298]  ? filp_close+0x111/0x160
[   25.260009][  T298]  ? close_fd+0x28b/0x300
[   25.264388][  T298]  syscall_exit_work+0x84/0x140
[   25.269262][  T298]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   25.275516][  T298]  syscall_exit_to_user_mode+0xd/0x30
[   25.280943][  T298]  do_syscall_64+0x58/0xa0
[   25.285485][  T298]  ? clear_bhb_loop+0x15/0x70
[   25.290206][  T298]  ? clear_bhb_loop+0x15/0x70
[   25.294919][  T298]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   25.300920][  T298] RIP: 0033:0x7f42ed5ffa89
[   25.305339][  T298] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   25.325299][  T298] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   25.333731][  T298] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   25.341734][  T298] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   25.349722][  T298] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   25.357699][  T298] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[pid   300] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   295] exit_group(0 <unfinished ...>
[pid   300] <... set_robust_list resumed>) = 0
[pid   295] <... exit_group resumed>)   = ?
[pid   300] chdir("./1")                = 0
[pid   295] +++ exited with 0 +++
[   25.365954][  T298] R13: 00007ffcb7e45088 R14: 00007ffcb7e44c90 R15: 0000000000000000
[   25.374146][  T298]  </TASK>
[   25.380582][  T297] CPU: 1 PID: 297 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   25.390981][  T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   25.401163][  T297] Call Trace:
[   25.404524][  T297]  <TASK>
[   25.407452][  T297]  __dump_stack+0x21/0x24
[   25.411965][  T297]  dump_stack_lvl+0xee/0x150
[   25.416558][  T297]  ? __cfi_dump_stack_lvl+0x8/0x8
[   25.421603][  T297]  dump_stack+0x15/0x24
[   25.425932][  T297]  should_fail_ex+0x3d4/0x520
[   25.430871][  T297]  should_fail_alloc_page+0x61/0x90
[   25.436202][  T297]  prepare_alloc_pages+0x148/0x5f0
[   25.441417][  T297]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   25.446741][  T297]  ? __kasan_record_aux_stack+0xb6/0xc0
[   25.452300][  T297]  ? call_rcu+0xd4/0xf90
[   25.456545][  T297]  ? ____fput+0x15/0x20
[   25.460737][  T297]  __alloc_pages+0x115/0x3a0
[   25.465352][  T297]  ? __cfi___alloc_pages+0x10/0x10
[   25.470477][  T297]  ? __kasan_check_write+0x14/0x20
[   25.475702][  T297]  ? _raw_spin_lock+0x8e/0xe0
[   25.480585][  T297]  ? __cfi__raw_spin_lock+0x10/0x10
[   25.485808][  T297]  ? __this_cpu_preempt_check+0x13/0x20
[   25.491547][  T297]  __folio_alloc+0x12/0x40
[   25.495971][  T297]  wp_page_copy+0x280/0x15b0
[   25.500667][  T297]  ? __this_cpu_preempt_check+0x13/0x20
[   25.506214][  T297]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   25.512557][  T297]  ? fault_dirty_shared_page+0x310/0x310
[   25.518241][  T297]  ? _raw_spin_unlock+0x4c/0x70
[   25.523122][  T297]  ? finish_task_switch+0x16b/0x7b0
[   25.528346][  T297]  ? vm_normal_page+0x99/0x200
[   25.533124][  T297]  do_wp_page+0x9f2/0xfc0
[   25.537559][  T297]  handle_mm_fault+0x10e4/0x2640
[   25.542590][  T297]  ? __cfi_handle_mm_fault+0x10/0x10
[   25.547984][  T297]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   25.553195][  T297]  ? __this_cpu_preempt_check+0x13/0x20
[   25.558827][  T297]  ? xfd_validate_state+0x70/0x150
[   25.563943][  T297]  do_user_addr_fault+0x905/0x1050
[   25.569143][  T297]  exc_page_fault+0x51/0xb0
[   25.573649][  T297]  asm_exc_page_fault+0x27/0x30
[   25.578794][  T297] RIP: 0033:0x7f42ed5cde80
[   25.583271][  T297] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   25.603078][  T297] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   25.609332][  T297] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
executing program
[pid   300] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   298] <... close resumed>)        = 0
[pid   300] <... prctl resumed>)        = 0
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=295, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
[pid   300] setpgid(0, 0)               = 0
[pid   300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   294] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... openat resumed>)       = 3
[pid   294] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] write(3, "1000", 4 <unfinished ...>
[pid   294] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   300] <... write resumed>)        = 4
[pid   294] <... openat resumed>)       = 3
[pid   300] close(3 <unfinished ...>
[pid   294] newfstatat(3, "",  <unfinished ...>
[pid   300] <... close resumed>)        = 0
[pid   294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   294] getdents64(3,  <unfinished ...>
[pid   300] <... symlink resumed>)      = 0
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   300] write(1, "executing program\n", 18 <unfinished ...>
[pid   294] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... write resumed>)        = 18
[pid   294] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] perf_event_open( <unfinished ...>
[pid   294] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./0/binderfs")      = 0
[pid   294] getdents64(3,  <unfinished ...>
[pid   298] exit_group(0 <unfinished ...>
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[   25.617396][  T297] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   25.625540][  T297] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   25.633787][  T297] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[   25.642079][  T297] R13: 00007ffcb7e45088 R14: 00007ffcb7e44c90 R15: 0000000000000000
[   25.650071][  T297]  </TASK>
[   25.654031][  T299] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[pid   294] rmdir("./0" <unfinished ...>
[pid   299] exit_group(0 <unfinished ...>
[pid   298] <... exit_group resumed>)   = ?
[pid   294] <... rmdir resumed>)        = 0
[pid   294] mkdir("./1", 0777)          = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 302
[pid   300] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16) = 5
[pid   300] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   300] write(6, "1", 1)            = 1
[pid   300] close(3./strace-static-x86_64: Process 302 attached
 <unfinished ...>
[pid   299] <... exit_group resumed>)   = ?
[pid   297] exit_group(0)               = ?
[pid   302] set_robust_list(0x55557760b760, 24) = 0
[pid   302] chdir("./1")                = 0
[pid   302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   302] setpgid(0, 0)               = 0
[pid   302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   302] write(3, "1000", 4)         = 4
[pid   302] close(3)                    = 0
[pid   302] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   302] write(1, "executing program\n", 18) = 18
[   25.662821][  T297] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   25.667071][  T300] FAULT_INJECTION: forcing a failure.
[   25.667071][  T300] name failslab, interval 1, probability 0, space 0, times 0
[   25.683474][  T300] CPU: 1 PID: 300 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   25.693663][  T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   25.703836][  T300] Call Trace:
[   25.707132][  T300]  <TASK>
[   25.710087][  T300]  __dump_stack+0x21/0x24
[   25.714419][  T300]  dump_stack_lvl+0xee/0x150
[   25.719029][  T300]  ? __cfi_dump_stack_lvl+0x8/0x8
[   25.724060][  T300]  dump_stack+0x15/0x24
[   25.728314][  T300]  should_fail_ex+0x3d4/0x520
[   25.733084][  T300]  __should_failslab+0xac/0xf0
[   25.737859][  T300]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   25.744029][  T300]  should_failslab+0x9/0x20
[   25.748728][  T300]  __kmem_cache_alloc_node+0x3d/0x2c0
[   25.754123][  T300]  ? __cfi_mutex_lock+0x10/0x10
[   25.758997][  T300]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   25.765613][  T300]  __kmalloc+0xa1/0x1e0
[   25.770407][  T300]  ? __kasan_check_write+0x14/0x20
[   25.775652][  T300]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   25.782264][  T300]  tracepoint_probe_unregister+0x1e6/0x8b0
[   25.788164][  T300]  trace_event_reg+0x21c/0x260
[   25.792932][  T300]  perf_trace_event_unreg+0xcc/0x1c0
[   25.798256][  T300]  perf_trace_destroy+0xbe/0x180
[   25.803210][  T300]  tp_perf_event_destroy+0x15/0x20
[   25.808324][  T300]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   25.814128][  T300]  _free_event+0x9cd/0xce0
[   25.818731][  T300]  perf_event_release_kernel+0x819/0x8a0
[   25.824393][  T300]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   25.830645][  T300]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   25.836822][  T300]  perf_release+0x3b/0x40
[   25.841147][  T300]  ? __cfi_perf_release+0x10/0x10
[   25.846188][  T300]  __fput+0x1fc/0x8f0
[   25.850178][  T300]  ____fput+0x15/0x20
[   25.854152][  T300]  task_work_run+0x1db/0x240
[   25.858836][  T300]  ? __cfi_task_work_run+0x10/0x10
[   25.864046][  T300]  ? task_work_add+0x2b1/0x330
[   25.868824][  T300]  ptrace_notify+0x221/0x250
[   25.873433][  T300]  ? __cfi_ptrace_notify+0x10/0x10
[   25.878601][  T300]  ? fput+0x15b/0x1a0
[   25.882677][  T300]  ? filp_close+0x111/0x160
[   25.887191][  T300]  ? close_fd+0x28b/0x300
[   25.891532][  T300]  syscall_exit_work+0x84/0x140
[   25.896399][  T300]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   25.902550][  T300]  syscall_exit_to_user_mode+0xd/0x30
[   25.907961][  T300]  do_syscall_64+0x58/0xa0
[   25.912484][  T300]  ? clear_bhb_loop+0x15/0x70
[   25.917191][  T300]  ? clear_bhb_loop+0x15/0x70
[   25.921873][  T300]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   25.927900][  T300] RIP: 0033:0x7f42ed5ffa89
[   25.932328][  T300] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   25.952133][  T300] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   25.960555][  T300] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[pid   302] perf_event_open( <unfinished ...>
[pid   299] +++ exited with 0 +++
[pid   298] +++ exited with 0 +++
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=19} ---
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
[pid   292] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   291] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   292] <... restart_syscall resumed>) = 0
[pid   291] <... restart_syscall resumed>) = 0
[pid   291] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   291] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   291] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   292] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   291] <... openat resumed>)       = 3
[pid   291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] unlink("./0/binderfs")      = 0
[pid   292] <... openat resumed>)       = 3
[pid   291] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] close(3)                    = 0
[pid   291] rmdir("./0" <unfinished ...>
[pid   292] newfstatat(3, "",  <unfinished ...>
[pid   291] <... rmdir resumed>)        = 0
[pid   291] mkdir("./1", 0777 <unfinished ...>
[pid   292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] <... mkdir resumed>)        = 0
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   292] getdents64(3,  <unfinished ...>
[pid   291] <... clone resumed>, child_tidptr=0x55557760b750) = 303
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
./strace-static-x86_64: Process 303 attached
[pid   303] set_robust_list(0x55557760b760, 24) = 0
[pid   303] chdir("./1")                = 0
[pid   303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   303] setpgid(0, 0)               = 0
[pid   303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   292] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   303] <... openat resumed>)       = 3
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   303] write(3, "1000", 4 <unfinished ...>
[pid   292] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid   303] <... write resumed>)        = 4
[pid   292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   303] close(3 <unfinished ...>
[pid   292] unlink("./0/binderfs" <unfinished ...>
[pid   303] <... close resumed>)        = 0
[pid   303] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   292] <... unlink resumed>)       = 0
[pid   292] getdents64(3, executing program
0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] close(3)                    = 0
[pid   303] <... symlink resumed>)      = 0
[pid   292] rmdir("./0" <unfinished ...>
[pid   303] write(1, "executing program\n", 18) = 18
[pid   303] perf_event_open( <unfinished ...>
[pid   292] <... rmdir resumed>)        = 0
[pid   292] mkdir("./1", 0777 <unfinished ...>
[pid   302] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   300] <... close resumed>)        = 0
[pid   297] +++ exited with 0 +++
[pid   292] <... mkdir resumed>)        = 0
[pid   303] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=12} ---
[pid   303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   302] <... bpf resumed>)          = 4
[pid   300] exit_group(0 <unfinished ...>
[pid   290] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   290] <... restart_syscall resumed>) = 0
[pid   302] <... bpf resumed>)          = 5
[pid   292] <... clone resumed>, child_tidptr=0x55557760b750) = 304
[pid   302] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   300] <... exit_group resumed>)   = ?
[pid   290] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   302] write(6, "1", 1 <unfinished ...>
[pid   290] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   302] <... write resumed>)        = 1
[pid   290] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   302] close(3 <unfinished ...>
[pid   290] <... openat resumed>)       = 3
[pid   302] <... close resumed>)        = 0
[   25.968530][  T300] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   25.976632][  T300] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   25.985047][  T300] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   25.993048][  T300] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000001
[   26.001038][  T300]  </TASK>
[pid   290] newfstatat(3, "", ./strace-static-x86_64: Process 304 attached
 <unfinished ...>
[pid   303] <... bpf resumed>)          = 4
[pid   300] +++ exited with 0 +++
[pid   290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid   290] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid   293] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   290] unlink("./0/binderfs" <unfinished ...>
[pid   304] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   293] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./1/binderfs")      = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3)                    = 0
[pid   293] rmdir("./1")                = 0
[pid   293] mkdir("./2", 0777)          = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 305
[pid   303] <... bpf resumed>)          = 5
[pid   303] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   303] write(6, "1", 1)            = 1
[pid   303] close(3 <unfinished ...>
[pid   304] <... set_robust_list resumed>) = 0
[pid   304] chdir("./1")                = 0
[pid   304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   304] setpgid(0, 0)               = 0
[pid   304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   304] write(3, "1000", 4)         = 4
[pid   304] close(3)                    = 0
[pid   304] symlink("/dev/binderfs", "./binderfs") = 0
[pid   304] write(1, "executing program\n", 18executing program
) = 18
[   26.020216][  T302] FAULT_INJECTION: forcing a failure.
[   26.020216][  T302] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   26.034813][  T302] CPU: 0 PID: 302 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   26.040891][  T303] FAULT_INJECTION: forcing a failure.
[   26.040891][  T303] name failslab, interval 1, probability 0, space 0, times 0
[   26.045003][  T302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   26.045019][  T302] Call Trace:
[   26.045025][  T302]  <TASK>
[   26.045033][  T302]  __dump_stack+0x21/0x24
[   26.045065][  T302]  dump_stack_lvl+0xee/0x150
[   26.045090][  T302]  ? __cfi_dump_stack_lvl+0x8/0x8
[   26.045118][  T302]  dump_stack+0x15/0x24
[   26.092517][  T302]  should_fail_ex+0x3d4/0x520
[   26.097305][  T302]  should_fail_alloc_page+0x61/0x90
[   26.102518][  T302]  prepare_alloc_pages+0x148/0x5f0
[   26.107644][  T302]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   26.112848][  T302]  ? __kasan_record_aux_stack+0xb6/0xc0
[   26.118418][  T302]  ? call_rcu+0xd4/0xf90
[   26.122766][  T302]  ? ____fput+0x15/0x20
[   26.126932][  T302]  __alloc_pages+0x115/0x3a0
[   26.131534][  T302]  ? __cfi___alloc_pages+0x10/0x10
[   26.136670][  T302]  ? __kasan_check_write+0x14/0x20
[   26.141791][  T302]  ? _raw_spin_lock+0x8e/0xe0
[   26.146856][  T302]  ? __cfi__raw_spin_lock+0x10/0x10
[   26.152427][  T302]  ? __this_cpu_preempt_check+0x13/0x20
[   26.158073][  T302]  __folio_alloc+0x12/0x40
[   26.162555][  T302]  wp_page_copy+0x280/0x15b0
[pid   304] perf_event_open( <unfinished ...>
[pid   290] <... unlink resumed>)       = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] close(3)                    = 0
[pid   290] rmdir("./0")                = 0
[pid   290] mkdir("./1", 0777)          = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 306
./strace-static-x86_64: Process 306 attached
[pid   306] set_robust_list(0x55557760b760, 24) = 0
[pid   306] chdir("./1")                = 0
[pid   306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   306] setpgid(0, 0)               = 0
[pid   306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   306] write(3, "1000", 4)         = 4
[pid   306] close(3)                    = 0
[pid   306] symlink("/dev/binderfs", "./binderfs") = 0
[pid   306] write(1, "executing program\n", 18executing program
) = 18
[   26.167158][  T302]  ? __this_cpu_preempt_check+0x13/0x20
[   26.172810][  T302]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   26.179161][  T302]  ? fault_dirty_shared_page+0x310/0x310
[   26.185516][  T302]  ? _raw_spin_unlock+0x4c/0x70
[   26.190562][  T302]  ? finish_task_switch+0x16b/0x7b0
[   26.195785][  T302]  ? vm_normal_page+0x99/0x200
[   26.200560][  T302]  do_wp_page+0x9f2/0xfc0
[   26.204917][  T302]  handle_mm_fault+0x10e4/0x2640
[   26.209916][  T302]  ? __cfi_handle_mm_fault+0x10/0x10
[   26.215500][  T302]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   26.220790][  T302]  ? __this_cpu_preempt_check+0x13/0x20
[   26.226448][  T302]  ? xfd_validate_state+0x70/0x150
[   26.231574][  T302]  do_user_addr_fault+0x905/0x1050
[   26.236699][  T302]  exc_page_fault+0x51/0xb0
[   26.241220][  T302]  asm_exc_page_fault+0x27/0x30
[   26.246184][  T302] RIP: 0033:0x7f42ed5cde80
[   26.250607][  T302] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[pid   306] perf_event_open(./strace-static-x86_64: Process 305 attached
 <unfinished ...>
[pid   305] set_robust_list(0x55557760b760, 24) = 0
[pid   305] chdir("./2")                = 0
[pid   305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   305] setpgid(0, 0)               = 0
[pid   305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   305] write(3, "1000", 4)         = 4
[pid   305] close(3)                    = 0
[pid   305] symlink("/dev/binderfs", "./binderfs") = 0
[pid   305] write(1, "executing program\n", 18executing program
) = 18
[   26.270226][  T302] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   26.276304][  T302] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   26.284370][  T302] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   26.292357][  T302] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   26.300348][  T302] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   26.308349][  T302] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000001
[   26.316519][  T302]  </TASK>
[   26.319544][  T303] CPU: 1 PID: 303 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   26.330010][  T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   26.340152][  T303] Call Trace:
[   26.343428][  T303]  <TASK>
[   26.346358][  T303]  __dump_stack+0x21/0x24
[   26.350783][  T303]  dump_stack_lvl+0xee/0x150
[   26.355378][  T303]  ? __cfi_dump_stack_lvl+0x8/0x8
[   26.360408][  T303]  dump_stack+0x15/0x24
[   26.364572][  T303]  should_fail_ex+0x3d4/0x520
[   26.369251][  T303]  __should_failslab+0xac/0xf0
[   26.374202][  T303]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   26.380206][  T303]  should_failslab+0x9/0x20
[   26.384751][  T303]  __kmem_cache_alloc_node+0x3d/0x2c0
[   26.390312][  T303]  ? __cfi_mutex_lock+0x10/0x10
[   26.395186][  T303]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   26.401185][  T303]  __kmalloc+0xa1/0x1e0
[   26.405450][  T303]  ? __kasan_check_write+0x14/0x20
[   26.410565][  T303]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   26.417249][  T303]  tracepoint_probe_unregister+0x1e6/0x8b0
[   26.423058][  T303]  trace_event_reg+0x21c/0x260
[   26.427949][  T303]  perf_trace_event_unreg+0xcc/0x1c0
[   26.433265][  T303]  perf_trace_destroy+0xbe/0x180
[   26.438219][  T303]  tp_perf_event_destroy+0x15/0x20
[   26.443325][  T303]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   26.449151][  T303]  _free_event+0x9cd/0xce0
[   26.453582][  T303]  perf_event_release_kernel+0x819/0x8a0
[   26.459266][  T303]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   26.465562][  T303]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   26.471737][  T303]  perf_release+0x3b/0x40
[   26.476189][  T303]  ? __cfi_perf_release+0x10/0x10
[   26.481299][  T303]  __fput+0x1fc/0x8f0
[   26.485296][  T303]  ____fput+0x15/0x20
[   26.489304][  T303]  task_work_run+0x1db/0x240
[   26.493914][  T303]  ? __cfi_task_work_run+0x10/0x10
[   26.499047][  T303]  ? task_work_add+0x2b1/0x330
[   26.503850][  T303]  ptrace_notify+0x221/0x250
[   26.508630][  T303]  ? __cfi_ptrace_notify+0x10/0x10
[   26.513759][  T303]  ? fput+0x15b/0x1a0
[   26.517860][  T303]  ? filp_close+0x111/0x160
[   26.522385][  T303]  ? close_fd+0x28b/0x300
[   26.526720][  T303]  syscall_exit_work+0x84/0x140
[   26.531594][  T303]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   26.537753][  T303]  syscall_exit_to_user_mode+0xd/0x30
[   26.543148][  T303]  do_syscall_64+0x58/0xa0
[   26.547578][  T303]  ? clear_bhb_loop+0x15/0x70
[   26.552249][  T303]  ? clear_bhb_loop+0x15/0x70
[   26.556995][  T303]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   26.563007][  T303] RIP: 0033:0x7f42ed5ffa89
[   26.567446][  T303] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   26.587140][  T303] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   26.595845][  T303] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   26.603818][  T303] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   26.611804][  T303] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[pid   305] perf_event_open( <unfinished ...>
[pid   302] exit_group(0)               = ?
[pid   303] <... close resumed>)        = 0
[pid   303] exit_group(0)               = ?
[pid   304] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   302] +++ exited with 0 +++
[pid   306] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   305] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid   306] <... bpf resumed>)          = 4
[pid   305] <... bpf resumed>)          = 4
[pid   294] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   304] <... bpf resumed>)          = 4
[pid   304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   294] <... restart_syscall resumed>) = 0
[pid   294] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./1/binderfs")      = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[pid   294] rmdir("./1")                = 0
[pid   294] mkdir("./2", 0777)          = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 307 attached
 <unfinished ...>
[pid   307] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   294] <... clone resumed>, child_tidptr=0x55557760b750) = 307
[pid   307] <... set_robust_list resumed>) = 0
[pid   307] chdir("./2")                = 0
[pid   307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   307] setpgid(0, 0)               = 0
[pid   307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
executing program
[pid   307] write(3, "1000", 4)         = 4
[pid   307] close(3)                    = 0
[pid   307] symlink("/dev/binderfs", "./binderfs") = 0
[pid   307] write(1, "executing program\n", 18) = 18
[pid   307] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   306] <... bpf resumed>)          = 5
[pid   305] <... bpf resumed>)          = 5
[pid   303] +++ exited with 0 +++
[pid   304] <... bpf resumed>)          = 5
[   26.619836][  T303] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   26.627809][  T303] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000001
[   26.635815][  T303]  </TASK>
[   26.639931][  T302] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   26.677334][  T304] FAULT_INJECTION: forcing a failure.
[   26.677334][  T304] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   26.677860][  T307] FAULT_INJECTION: forcing a failure.
[   26.677860][  T307] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   26.690856][  T305] FAULT_INJECTION: forcing a failure.
[   26.690856][  T305] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   26.707542][  T307] CPU: 0 PID: 307 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[pid   306] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   305] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   304] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=25} ---
[pid   306] <... openat resumed>)       = 6
[pid   291] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   304] <... openat resumed>)       = 6
[pid   305] <... openat resumed>)       = 6
[pid   304] write(6, "1", 1 <unfinished ...>
[pid   305] write(6, "1", 1 <unfinished ...>
[pid   306] write(6, "1", 1 <unfinished ...>
[pid   304] <... write resumed>)        = 1
[pid   305] <... write resumed>)        = 1
[pid   306] <... write resumed>)        = 1
[pid   304] close(3 <unfinished ...>
[pid   305] close(3 <unfinished ...>
[pid   306] close(3 <unfinished ...>
[pid   307] <... bpf resumed>)          = 5
[pid   304] <... close resumed>)        = 0
[pid   307] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   305] <... close resumed>)        = 0
[pid   307] <... openat resumed>)       = 6
[pid   307] write(6, "1", 1)            = 1
[pid   307] close(3)                    = 0
[pid   291] <... restart_syscall resumed>) = 0
[pid   291] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] unlink("./1/binderfs")      = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] close(3)                    = 0
[pid   291] rmdir("./1")                = 0
[pid   291] mkdir("./2", 0777)          = 0
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 308
[   26.717298][  T306] FAULT_INJECTION: forcing a failure.
[   26.717298][  T306] name failslab, interval 1, probability 0, space 0, times 0
[   26.727265][  T307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   26.727279][  T307] Call Trace:
[   26.727285][  T307]  <TASK>
[   26.727292][  T307]  __dump_stack+0x21/0x24
[   26.760535][  T307]  dump_stack_lvl+0xee/0x150
[   26.765247][  T307]  ? __cfi_dump_stack_lvl+0x8/0x8
[   26.770549][  T307]  ? resched_curr+0x10e/0x380
[   26.775707][  T307]  ? __cfi_resched_curr+0x10/0x10
[   26.780853][  T307]  dump_stack+0x15/0x24
[   26.785036][  T307]  should_fail_ex+0x3d4/0x520
[   26.789836][  T307]  should_fail_alloc_page+0x61/0x90
[   26.795050][  T307]  prepare_alloc_pages+0x148/0x5f0
[   26.800345][  T307]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   26.805564][  T307]  __alloc_pages+0x115/0x3a0
[   26.810168][  T307]  ? __cfi___alloc_pages+0x10/0x10
[   26.815291][  T307]  ? __kasan_check_write+0x14/0x20
[   26.820419][  T307]  ? _raw_spin_lock+0x8e/0xe0
[   26.825104][  T307]  ? __cfi__raw_spin_lock+0x10/0x10
[   26.830314][  T307]  ? __this_cpu_preempt_check+0x13/0x20
[   26.835978][  T307]  __folio_alloc+0x12/0x40
[   26.840405][  T307]  wp_page_copy+0x280/0x15b0
[   26.845010][  T307]  ? __this_cpu_preempt_check+0x13/0x20
[   26.850557][  T307]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   26.856798][  T307]  ? fault_dirty_shared_page+0x310/0x310
[   26.862446][  T307]  ? _raw_spin_unlock+0x4c/0x70
[   26.867319][  T307]  ? finish_task_switch+0x16b/0x7b0
[   26.872552][  T307]  ? vm_normal_page+0x99/0x200
[   26.877344][  T307]  do_wp_page+0x9f2/0xfc0
[   26.881777][  T307]  handle_mm_fault+0x10e4/0x2640
[   26.886734][  T307]  ? __cfi_handle_mm_fault+0x10/0x10
[   26.892108][  T307]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   26.897314][  T307]  ? __this_cpu_preempt_check+0x13/0x20
[   26.902878][  T307]  ? xfd_validate_state+0x70/0x150
[   26.908003][  T307]  do_user_addr_fault+0x905/0x1050
[   26.913125][  T307]  exc_page_fault+0x51/0xb0
[   26.917736][  T307]  asm_exc_page_fault+0x27/0x30
[   26.922594][  T307] RIP: 0033:0x7f42ed5cde80
[   26.927011][  T307] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   26.947056][  T307] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   26.953132][  T307] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   26.961208][  T307] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   26.969288][  T307] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   26.977804][  T307] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   26.986509][  T307] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000002
[   26.995238][  T307]  </TASK>
[   26.999233][  T306] CPU: 1 PID: 306 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   27.002784][  T307] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
./strace-static-x86_64: Process 308 attached
[pid   307] exit_group(0)               = ?
[pid   308] set_robust_list(0x55557760b760, 24) = 0
[pid   308] chdir("./2")                = 0
[pid   308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   308] setpgid(0, 0)               = 0
[pid   308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   308] write(3, "1000", 4)         = 4
[pid   308] close(3)                    = 0
[pid   308] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   308] write(1, "executing program\n", 18) = 18
[   27.010381][  T306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   27.010398][  T306] Call Trace:
[   27.010405][  T306]  <TASK>
[   27.010412][  T306]  __dump_stack+0x21/0x24
[   27.010445][  T306]  dump_stack_lvl+0xee/0x150
[   27.010469][  T306]  ? __cfi_dump_stack_lvl+0x8/0x8
[   27.010496][  T306]  dump_stack+0x15/0x24
[   27.010519][  T306]  should_fail_ex+0x3d4/0x520
[   27.063321][  T306]  __should_failslab+0xac/0xf0
[   27.069585][  T306]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   27.075924][  T306]  should_failslab+0x9/0x20
[   27.080459][  T306]  __kmem_cache_alloc_node+0x3d/0x2c0
[   27.085938][  T306]  ? __cfi_mutex_lock+0x10/0x10
[   27.090827][  T306]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   27.096935][  T306]  __kmalloc+0xa1/0x1e0
[   27.101118][  T306]  ? __kasan_check_write+0x14/0x20
[   27.106428][  T306]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   27.113053][  T306]  tracepoint_probe_unregister+0x1e6/0x8b0
[   27.119092][  T306]  trace_event_reg+0x21c/0x260
[   27.123978][  T306]  perf_trace_event_unreg+0xcc/0x1c0
[   27.129645][  T306]  perf_trace_destroy+0xbe/0x180
[   27.134619][  T306]  tp_perf_event_destroy+0x15/0x20
[   27.139738][  T306]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   27.145562][  T306]  _free_event+0x9cd/0xce0
[   27.150057][  T306]  perf_event_release_kernel+0x819/0x8a0
[   27.156004][  T306]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   27.162308][  T306]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   27.168655][  T306]  perf_release+0x3b/0x40
[   27.173188][  T306]  ? __cfi_perf_release+0x10/0x10
[   27.179112][  T306]  __fput+0x1fc/0x8f0
[   27.183222][  T306]  ____fput+0x15/0x20
[   27.187762][  T306]  task_work_run+0x1db/0x240
[   27.192879][  T306]  ? __cfi_task_work_run+0x10/0x10
[   27.198107][  T306]  ? task_work_add+0x2b1/0x330
[   27.202890][  T306]  ptrace_notify+0x221/0x250
[   27.207965][  T306]  ? __cfi_ptrace_notify+0x10/0x10
[   27.214228][  T306]  ? fput+0x15b/0x1a0
[   27.219007][  T306]  ? filp_close+0x111/0x160
[   27.225877][  T306]  ? close_fd+0x28b/0x300
[   27.230493][  T306]  syscall_exit_work+0x84/0x140
[   27.235358][  T306]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   27.242165][  T306]  syscall_exit_to_user_mode+0xd/0x30
[   27.247646][  T306]  do_syscall_64+0x58/0xa0
[   27.252255][  T306]  ? clear_bhb_loop+0x15/0x70
[   27.256945][  T306]  ? clear_bhb_loop+0x15/0x70
[   27.262084][  T306]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   27.268858][  T306] RIP: 0033:0x7f42ed5ffa89
[   27.273459][  T306] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   27.293064][  T306] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   27.301490][  T306] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   27.309467][  T306] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   27.317964][  T306] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   27.325933][  T306] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   27.333913][  T306] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000001
[   27.341899][  T306]  </TASK>
[   27.345131][  T304] CPU: 0 PID: 304 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   27.355392][  T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   27.365548][  T304] Call Trace:
[   27.368841][  T304]  <TASK>
[   27.371788][  T304]  __dump_stack+0x21/0x24
[   27.376472][  T304]  dump_stack_lvl+0xee/0x150
[   27.381195][  T304]  ? __cfi_dump_stack_lvl+0x8/0x8
[   27.386518][  T304]  dump_stack+0x15/0x24
[   27.390817][  T304]  should_fail_ex+0x3d4/0x520
[   27.395712][  T304]  should_fail_alloc_page+0x61/0x90
[   27.401642][  T304]  prepare_alloc_pages+0x148/0x5f0
[   27.408385][  T304]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   27.414089][  T304]  ? __kasan_record_aux_stack+0xb6/0xc0
[   27.419932][  T304]  ? call_rcu+0xd4/0xf90
[   27.424220][  T304]  ? ____fput+0x15/0x20
[   27.428405][  T304]  __alloc_pages+0x115/0x3a0
[   27.433030][  T304]  ? __cfi___alloc_pages+0x10/0x10
[   27.438153][  T304]  ? __kasan_check_write+0x14/0x20
[   27.443367][  T304]  ? _raw_spin_lock+0x8e/0xe0
[   27.448316][  T304]  ? __cfi__raw_spin_lock+0x10/0x10
[   27.453616][  T304]  ? sched_clock_cpu+0x6e/0x250
[   27.458475][  T304]  __folio_alloc+0x12/0x40
[   27.463048][  T304]  wp_page_copy+0x280/0x15b0
[   27.467681][  T304]  ? __this_cpu_preempt_check+0x13/0x20
[   27.473248][  T304]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   27.480054][  T304]  ? fault_dirty_shared_page+0x310/0x310
[   27.485815][  T304]  ? _raw_spin_unlock+0x4c/0x70
[   27.490911][  T304]  ? finish_task_switch+0x16b/0x7b0
[   27.496136][  T304]  ? vm_normal_page+0x99/0x200
[   27.501102][  T304]  do_wp_page+0x9f2/0xfc0
[   27.506065][  T304]  handle_mm_fault+0x10e4/0x2640
[   27.511214][  T304]  ? __cfi_handle_mm_fault+0x10/0x10
[   27.517304][  T304]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   27.524001][  T304]  ? __this_cpu_preempt_check+0x13/0x20
[   27.529939][  T304]  ? xfd_validate_state+0x70/0x150
[   27.537394][  T304]  do_user_addr_fault+0x905/0x1050
[   27.542687][  T304]  exc_page_fault+0x51/0xb0
[   27.547212][  T304]  asm_exc_page_fault+0x27/0x30
[   27.552960][  T304] RIP: 0033:0x7f42ed5cde80
[   27.557828][  T304] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   27.582140][  T304] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   27.588659][  T304] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   27.599772][  T304] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   27.611328][  T304] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   27.621345][  T304] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[pid   308] perf_event_open( <unfinished ...>
[pid   307] +++ exited with 0 +++
[pid   304] exit_group(0)               = ?
[pid   304] +++ exited with 0 +++
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
[pid   294] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   294] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   27.630018][  T304] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000001
[   27.640216][  T304]  </TASK>
[   27.643362][  T305] CPU: 1 PID: 305 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   27.645652][  T304] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   27.655465][  T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   27.655483][  T305] Call Trace:
[pid   294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./2/binderfs")      = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[pid   294] rmdir("./2")                = 0
[pid   294] mkdir("./3", 0777)          = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 309
./strace-static-x86_64: Process 309 attached
[pid   309] set_robust_list(0x55557760b760, 24) = 0
[pid   309] chdir("./3")                = 0
[   27.655490][  T305]  <TASK>
[   27.655498][  T305]  __dump_stack+0x21/0x24
[   27.655530][  T305]  dump_stack_lvl+0xee/0x150
[   27.655554][  T305]  ? __cfi_dump_stack_lvl+0x8/0x8
[   27.655577][  T305]  ? resched_curr+0x1b0/0x380
[   27.655597][  T305]  ? __cfi_resched_curr+0x10/0x10
[   27.709463][  T305]  dump_stack+0x15/0x24
[   27.714882][  T305]  should_fail_ex+0x3d4/0x520
[   27.721077][  T305]  should_fail_alloc_page+0x61/0x90
[   27.726476][  T305]  prepare_alloc_pages+0x148/0x5f0
[pid   309] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program
) = 0
[pid   309] setpgid(0, 0)               = 0
[pid   309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   309] write(3, "1000", 4)         = 4
[pid   309] close(3)                    = 0
[pid   309] symlink("/dev/binderfs", "./binderfs") = 0
[pid   309] write(1, "executing program\n", 18) = 18
[   27.731860][  T305]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   27.738691][  T305]  __alloc_pages+0x115/0x3a0
[   27.744384][  T305]  ? __cfi___alloc_pages+0x10/0x10
[   27.749517][  T305]  ? __kasan_check_write+0x14/0x20
[   27.754676][  T305]  ? _raw_spin_lock+0x8e/0xe0
[   27.759459][  T305]  ? __cfi__raw_spin_lock+0x10/0x10
[   27.765604][  T305]  ? sched_clock_cpu+0x6e/0x250
[   27.770925][  T305]  __folio_alloc+0x12/0x40
[   27.775640][  T305]  wp_page_copy+0x280/0x15b0
[   27.780593][  T305]  ? __this_cpu_preempt_check+0x13/0x20
[   27.786517][  T305]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   27.792779][  T305]  ? fault_dirty_shared_page+0x310/0x310
[   27.798433][  T305]  ? _raw_spin_unlock+0x4c/0x70
[   27.803307][  T305]  ? finish_task_switch+0x16b/0x7b0
[   27.808593][  T305]  ? vm_normal_page+0x99/0x200
[   27.813709][  T305]  do_wp_page+0x9f2/0xfc0
[   27.818160][  T305]  handle_mm_fault+0x10e4/0x2640
[   27.823499][  T305]  ? __cfi_handle_mm_fault+0x10/0x10
[   27.828979][  T305]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   27.834746][  T305]  ? __this_cpu_preempt_check+0x13/0x20
[   27.840403][  T305]  ? xfd_validate_state+0x70/0x150
[   27.845891][  T305]  do_user_addr_fault+0x905/0x1050
[   27.851733][  T305]  exc_page_fault+0x51/0xb0
[   27.856335][  T305]  asm_exc_page_fault+0x27/0x30
[   27.861279][  T305] RIP: 0033:0x7f42ed5cde80
[pid   309] perf_event_open(executing program
 <unfinished ...>
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=12} ---
[pid   292] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   292] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   292] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   292] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   292] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] unlink("./1/binderfs")      = 0
[pid   292] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] close(3)                    = 0
[pid   292] rmdir("./1")                = 0
[pid   292] mkdir("./2", 0777)          = 0
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 310
./strace-static-x86_64: Process 310 attached
[pid   310] set_robust_list(0x55557760b760, 24) = 0
[pid   310] chdir("./2")                = 0
[pid   310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   310] setpgid(0, 0)               = 0
[pid   310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   310] write(3, "1000", 4)         = 4
[pid   310] close(3)                    = 0
[pid   310] symlink("/dev/binderfs", "./binderfs") = 0
[pid   310] write(1, "executing program\n", 18) = 18
[pid   310] perf_event_open( <unfinished ...>
[pid   306] <... close resumed>)        = 0
[   27.865794][  T305] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   27.887012][  T305] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   27.893386][  T305] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   27.901486][  T305] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   27.909466][  T305] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   27.917442][  T305] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[pid   306] exit_group(0)               = ?
[pid   305] exit_group(0 <unfinished ...>
[pid   310] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   309] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   308] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   305] <... exit_group resumed>)   = ?
[pid   306] +++ exited with 0 +++
[pid   310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=11} ---
[pid   310] <... bpf resumed>)          = 4
[pid   309] <... bpf resumed>)          = 4
[pid   290] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   308] <... bpf resumed>)          = 4
[pid   290] <... restart_syscall resumed>) = 0
[pid   308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   290] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] unlink("./1/binderfs")      = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] close(3)                    = 0
[pid   290] rmdir("./1")                = 0
[pid   290] mkdir("./2", 0777)          = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 312
./strace-static-x86_64: Process 312 attached
[pid   312] set_robust_list(0x55557760b760, 24) = 0
[pid   312] chdir("./2")                = 0
[pid   312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   312] setpgid(0, 0)               = 0
[pid   312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   312] write(3, "1000", 4)         = 4
[pid   312] close(3)                    = 0
[pid   312] symlink("/dev/binderfs", "./binderfs") = 0
[pid   312] write(1, "executing program\n", 18executing program
) = 18
[pid   312] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   310] <... bpf resumed>)          = 5
[pid   309] <... bpf resumed>)          = 5
[pid   308] <... bpf resumed>)          = 5
[pid   305] +++ exited with 0 +++
[pid   310] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   308] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   310] write(6, "1", 1 <unfinished ...>
[pid   309] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=49} ---
[pid   310] <... write resumed>)        = 1
[pid   310] close(3)                    = 0
[pid   308] <... openat resumed>)       = 6
[pid   293] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   309] <... openat resumed>)       = 6
[pid   309] write(6, "1", 1 <unfinished ...>
[   27.925612][  T305] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000002
[   27.933888][  T305]  </TASK>
[   27.938716][  T305] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   27.967180][  T310] FAULT_INJECTION: forcing a failure.
[   27.967180][  T310] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[pid   308] write(6, "1", 1 <unfinished ...>
[pid   293] <... restart_syscall resumed>) = 0
[pid   312] <... bpf resumed>)          = 5
[pid   309] <... write resumed>)        = 1
[pid   308] <... write resumed>)        = 1
[pid   312] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   309] close(3 <unfinished ...>
[pid   308] close(3 <unfinished ...>
[pid   312] <... openat resumed>)       = 6
[pid   308] <... close resumed>)        = 0
[pid   309] <... close resumed>)        = 0
[pid   312] write(6, "1", 1)            = 1
[pid   312] close(3 <unfinished ...>
[   27.983213][  T308] FAULT_INJECTION: forcing a failure.
[   27.983213][  T308] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   27.983456][  T312] FAULT_INJECTION: forcing a failure.
[   27.983456][  T312] name failslab, interval 1, probability 0, space 0, times 0
[   27.997507][  T309] FAULT_INJECTION: forcing a failure.
[   27.997507][  T309] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[pid   293] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./2/binderfs")      = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3)                    = 0
[pid   293] rmdir("./2")                = 0
[pid   293] mkdir("./3", 0777)          = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 313
[   28.012283][  T310] CPU: 0 PID: 310 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   28.037031][  T310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   28.048797][  T310] Call Trace:
[   28.052090][  T310]  <TASK>
[   28.055198][  T310]  __dump_stack+0x21/0x24
[   28.059587][  T310]  dump_stack_lvl+0xee/0x150
[   28.064418][  T310]  ? __cfi_dump_stack_lvl+0x8/0x8
[   28.069746][  T310]  dump_stack+0x15/0x24
[   28.074020][  T310]  should_fail_ex+0x3d4/0x520
[   28.078847][  T310]  should_fail_alloc_page+0x61/0x90
[   28.084215][  T310]  prepare_alloc_pages+0x148/0x5f0
[   28.089352][  T310]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   28.094650][  T310]  ? __kasan_record_aux_stack+0xb6/0xc0
[   28.100208][  T310]  ? call_rcu+0xd4/0xf90
[   28.104455][  T310]  ? ____fput+0x15/0x20
[   28.108629][  T310]  __alloc_pages+0x115/0x3a0
[   28.113297][  T310]  ? __cfi___alloc_pages+0x10/0x10
[   28.118555][  T310]  ? __kasan_check_write+0x14/0x20
[   28.124994][  T310]  ? _raw_spin_lock+0x8e/0xe0
[   28.129824][  T310]  ? __cfi__raw_spin_lock+0x10/0x10
[   28.135298][  T310]  ? __this_cpu_preempt_check+0x13/0x20
[   28.143085][  T310]  __folio_alloc+0x12/0x40
[   28.147880][  T310]  wp_page_copy+0x280/0x15b0
[   28.152866][  T310]  ? __this_cpu_preempt_check+0x13/0x20
[   28.158839][  T310]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   28.165513][  T310]  ? fault_dirty_shared_page+0x310/0x310
[   28.171440][  T310]  ? _raw_spin_unlock+0x4c/0x70
[   28.177297][  T310]  ? finish_task_switch+0x16b/0x7b0
[   28.182611][  T310]  ? vm_normal_page+0x99/0x200
[   28.187477][  T310]  do_wp_page+0x9f2/0xfc0
[   28.191917][  T310]  handle_mm_fault+0x10e4/0x2640
[   28.197324][  T310]  ? __cfi_handle_mm_fault+0x10/0x10
[   28.202617][  T310]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   28.207837][  T310]  ? __this_cpu_preempt_check+0x13/0x20
[   28.213475][  T310]  ? xfd_validate_state+0x70/0x150
[   28.218599][  T310]  do_user_addr_fault+0x905/0x1050
[   28.223728][  T310]  exc_page_fault+0x51/0xb0
[   28.228685][  T310]  asm_exc_page_fault+0x27/0x30
[   28.234085][  T310] RIP: 0033:0x7f42ed5cde80
[   28.239649][  T310] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   28.263569][  T310] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   28.270448][  T310] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   28.281315][  T310] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   28.289507][  T310] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   28.297829][  T310] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   28.306789][  T310] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000002
[   28.315094][  T310]  </TASK>
[   28.318211][  T312] CPU: 1 PID: 312 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   28.320027][  T310] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   28.329611][  T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   28.329629][  T312] Call Trace:
[   28.329636][  T312]  <TASK>
[   28.329645][  T312]  __dump_stack+0x21/0x24
[   28.359702][  T312]  dump_stack_lvl+0xee/0x150
[   28.364702][  T312]  ? __cfi_dump_stack_lvl+0x8/0x8
[   28.370040][  T312]  dump_stack+0x15/0x24
[   28.375088][  T312]  should_fail_ex+0x3d4/0x520
[   28.380949][  T312]  __should_failslab+0xac/0xf0
[   28.386355][  T312]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   28.392536][  T312]  should_failslab+0x9/0x20
[   28.397348][  T312]  __kmem_cache_alloc_node+0x3d/0x2c0
[   28.403042][  T312]  ? __cfi_mutex_lock+0x10/0x10
[   28.408077][  T312]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   28.414603][  T312]  __kmalloc+0xa1/0x1e0
[   28.418785][  T312]  ? __kasan_check_write+0x14/0x20
[   28.424037][  T312]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   28.430754][  T312]  tracepoint_probe_unregister+0x1e6/0x8b0
[   28.436600][  T312]  trace_event_reg+0x21c/0x260
[   28.442088][  T312]  perf_trace_event_unreg+0xcc/0x1c0
[   28.447675][  T312]  perf_trace_destroy+0xbe/0x180
[   28.452858][  T312]  tp_perf_event_destroy+0x15/0x20
[   28.458169][  T312]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   28.464344][  T312]  _free_event+0x9cd/0xce0
[   28.468876][  T312]  perf_event_release_kernel+0x819/0x8a0
[   28.474813][  T312]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   28.481996][  T312]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   28.488267][  T312]  perf_release+0x3b/0x40
[   28.492831][  T312]  ? __cfi_perf_release+0x10/0x10
[   28.498097][  T312]  __fput+0x1fc/0x8f0
[   28.503797][  T312]  ____fput+0x15/0x20
[   28.507911][  T312]  task_work_run+0x1db/0x240
[   28.512646][  T312]  ? __cfi_task_work_run+0x10/0x10
[   28.517970][  T312]  ? task_work_add+0x2b1/0x330
[   28.523194][  T312]  ptrace_notify+0x221/0x250
[   28.528015][  T312]  ? __cfi_ptrace_notify+0x10/0x10
[   28.533337][  T312]  ? fput+0x15b/0x1a0
[   28.537513][  T312]  ? filp_close+0x111/0x160
[   28.542256][  T312]  ? close_fd+0x28b/0x300
[   28.546611][  T312]  syscall_exit_work+0x84/0x140
[   28.551468][  T312]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   28.557690][  T312]  syscall_exit_to_user_mode+0xd/0x30
[   28.563344][  T312]  do_syscall_64+0x58/0xa0
[   28.567863][  T312]  ? clear_bhb_loop+0x15/0x70
[   28.572862][  T312]  ? clear_bhb_loop+0x15/0x70
[   28.577768][  T312]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   28.584316][  T312] RIP: 0033:0x7f42ed5ffa89
[   28.589034][  T312] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   28.609127][  T312] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   28.618049][  T312] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   28.626478][  T312] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
executing program
./strace-static-x86_64: Process 313 attached
[pid   310] exit_group(0 <unfinished ...>
[pid   313] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   310] <... exit_group resumed>)   = ?
[pid   313] <... set_robust_list resumed>) = 0
[pid   313] chdir("./3")                = 0
[pid   313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   313] setpgid(0, 0)               = 0
[pid   313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   313] write(3, "1000", 4)         = 4
[pid   313] close(3)                    = 0
[pid   313] symlink("/dev/binderfs", "./binderfs") = 0
[pid   313] write(1, "executing program\n", 18) = 18
[   28.634727][  T312] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   28.642721][  T312] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   28.650704][  T312] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000002
[   28.658822][  T312]  </TASK>
[   28.662247][  T309] CPU: 0 PID: 309 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   28.673152][  T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   28.683487][  T309] Call Trace:
[   28.686859][  T309]  <TASK>
[   28.689793][  T309]  __dump_stack+0x21/0x24
[   28.694177][  T309]  dump_stack_lvl+0xee/0x150
[   28.698797][  T309]  ? __cfi_dump_stack_lvl+0x8/0x8
[   28.703873][  T309]  dump_stack+0x15/0x24
[   28.708045][  T309]  should_fail_ex+0x3d4/0x520
[   28.712758][  T309]  should_fail_alloc_page+0x61/0x90
[   28.717998][  T309]  prepare_alloc_pages+0x148/0x5f0
[   28.723138][  T309]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   28.728437][  T309]  ? __kasan_record_aux_stack+0xb6/0xc0
[   28.733998][  T309]  ? call_rcu+0xd4/0xf90
[   28.738418][  T309]  ? ____fput+0x15/0x20
[   28.742666][  T309]  __alloc_pages+0x115/0x3a0
[   28.747269][  T309]  ? __cfi___alloc_pages+0x10/0x10
[   28.752482][  T309]  ? __kasan_check_write+0x14/0x20
[   28.757654][  T309]  ? _raw_spin_lock+0x8e/0xe0
[   28.762567][  T309]  ? __cfi__raw_spin_lock+0x10/0x10
[   28.767796][  T309]  ? __this_cpu_preempt_check+0x13/0x20
[   28.774248][  T309]  __folio_alloc+0x12/0x40
[   28.779347][  T309]  wp_page_copy+0x280/0x15b0
[   28.784152][  T309]  ? __this_cpu_preempt_check+0x13/0x20
[   28.790683][  T309]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   28.797654][  T309]  ? fault_dirty_shared_page+0x310/0x310
[   28.803499][  T309]  ? _raw_spin_unlock+0x4c/0x70
[   28.808389][  T309]  ? finish_task_switch+0x16b/0x7b0
[   28.813763][  T309]  ? vm_normal_page+0x99/0x200
[   28.818652][  T309]  do_wp_page+0x9f2/0xfc0
[   28.823269][  T309]  handle_mm_fault+0x10e4/0x2640
[   28.828411][  T309]  ? __cfi_handle_mm_fault+0x10/0x10
[   28.833781][  T309]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   28.839314][  T309]  ? __this_cpu_preempt_check+0x13/0x20
[   28.845202][  T309]  ? xfd_validate_state+0x70/0x150
[   28.851392][  T309]  do_user_addr_fault+0x905/0x1050
[   28.858256][  T309]  exc_page_fault+0x51/0xb0
[   28.866886][  T309]  asm_exc_page_fault+0x27/0x30
[   28.872852][  T309] RIP: 0033:0x7f42ed5cde80
[   28.877741][  T309] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   28.898232][  T309] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   28.904844][  T309] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   28.913100][  T309] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   28.921831][  T309] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   28.930897][  T309] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   28.939937][  T309] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000003
[   28.951246][  T309]  </TASK>
[   28.956844][  T308] CPU: 1 PID: 308 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   28.959115][  T309] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   28.970835][  T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   28.970855][  T308] Call Trace:
[   28.970862][  T308]  <TASK>
[   28.970870][  T308]  __dump_stack+0x21/0x24
[   28.970902][  T308]  dump_stack_lvl+0xee/0x150
[   28.970926][  T308]  ? __cfi_dump_stack_lvl+0x8/0x8
[   28.970953][  T308]  dump_stack+0x15/0x24
[   29.021021][  T308]  should_fail_ex+0x3d4/0x520
[   29.025933][  T308]  should_fail_alloc_page+0x61/0x90
[   29.033303][  T308]  prepare_alloc_pages+0x148/0x5f0
[   29.039236][  T308]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   29.044859][  T308]  ? __kasan_record_aux_stack+0xb6/0xc0
[   29.051511][  T308]  ? call_rcu+0xd4/0xf90
[   29.056229][  T308]  ? ____fput+0x15/0x20
[   29.060755][  T308]  __alloc_pages+0x115/0x3a0
[   29.065726][  T308]  ? __cfi___alloc_pages+0x10/0x10
[   29.071019][  T308]  ? __kasan_check_write+0x14/0x20
[   29.076542][  T308]  ? _raw_spin_lock+0x8e/0xe0
[   29.081939][  T308]  ? __cfi__raw_spin_lock+0x10/0x10
[   29.087628][  T308]  ? sched_clock_cpu+0x6e/0x250
[   29.092624][  T308]  __folio_alloc+0x12/0x40
[   29.097062][  T308]  wp_page_copy+0x280/0x15b0
[   29.101754][  T308]  ? __this_cpu_preempt_check+0x13/0x20
[   29.107405][  T308]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   29.113698][  T308]  ? fault_dirty_shared_page+0x310/0x310
[   29.119527][  T308]  ? _raw_spin_unlock+0x4c/0x70
[   29.124592][  T308]  ? finish_task_switch+0x16b/0x7b0
[   29.129972][  T308]  ? vm_normal_page+0x99/0x200
[   29.134835][  T308]  do_wp_page+0x9f2/0xfc0
[   29.139379][  T308]  handle_mm_fault+0x10e4/0x2640
[   29.144512][  T308]  ? __cfi_handle_mm_fault+0x10/0x10
[   29.150157][  T308]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   29.155656][  T308]  ? __this_cpu_preempt_check+0x13/0x20
[   29.161336][  T308]  ? xfd_validate_state+0x70/0x150
[   29.167379][  T308]  do_user_addr_fault+0x905/0x1050
[   29.173407][  T308]  exc_page_fault+0x51/0xb0
[   29.178349][  T308]  asm_exc_page_fault+0x27/0x30
[   29.183840][  T308] RIP: 0033:0x7f42ed5cde80
[   29.188895][  T308] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   29.210459][  T308] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   29.216557][  T308] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   29.224643][  T308] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[pid   313] perf_event_open( <unfinished ...>
[pid   309] exit_group(0)               = ?
[pid   310] +++ exited with 0 +++
[pid   309] +++ exited with 0 +++
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
[pid   292] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   308] exit_group(0 <unfinished ...>
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=24} ---
[pid   292] <... restart_syscall resumed>) = 0
[pid   312] <... close resumed>)        = 0
[pid   308] <... exit_group resumed>)   = ?
[pid   312] exit_group(0)               = ?
[pid   294] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   312] +++ exited with 0 +++
[pid   294] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   292] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   294] <... openat resumed>)       = 3
[pid   292] <... openat resumed>)       = 3
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
[pid   294] newfstatat(3, "",  <unfinished ...>
[pid   292] newfstatat(3, "",  <unfinished ...>
[pid   290] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3,  <unfinished ...>
[pid   292] getdents64(3,  <unfinished ...>
[pid   313] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   313] <... bpf resumed>)          = 4
[pid   294] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16) = 5
[pid   313] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   294] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   313] write(6, "1", 1)            = 1
[pid   313] close(3 <unfinished ...>
[pid   294] newfstatat(AT_FDCWD, "./3/binderfs",  <unfinished ...>
[pid   292] newfstatat(AT_FDCWD, "./2/binderfs",  <unfinished ...>
[pid   290] <... restart_syscall resumed>) = 0
[pid   294] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   294] unlink("./3/binderfs" <unfinished ...>
[pid   292] unlink("./2/binderfs" <unfinished ...>
[pid   290] <... openat resumed>)       = 3
[pid   290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] <... unlink resumed>)       = 0
[pid   290] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   290] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] unlink("./2/binderfs" <unfinished ...>
[pid   294] <... unlink resumed>)       = 0
[pid   292] getdents64(3,  <unfinished ...>
[pid   290] <... unlink resumed>)       = 0
[pid   294] getdents64(3,  <unfinished ...>
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] close(3)                    = 0
[pid   290] rmdir("./2")                = 0
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] close(3 <unfinished ...>
[pid   290] mkdir("./3", 0777 <unfinished ...>
[pid   294] close(3 <unfinished ...>
[pid   292] <... close resumed>)        = 0
[pid   290] <... mkdir resumed>)        = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   294] <... close resumed>)        = 0
[pid   292] rmdir("./2" <unfinished ...>
[pid   290] <... clone resumed>, child_tidptr=0x55557760b750) = 314
[pid   294] rmdir("./3"./strace-static-x86_64: Process 314 attached
)                = 0
[pid   292] <... rmdir resumed>)        = 0
[pid   294] mkdir("./4", 0777)          = 0
[pid   292] mkdir("./3", 0777)          = 0
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 316
[pid   292] <... clone resumed>, child_tidptr=0x55557760b750) = 315
[pid   314] set_robust_list(0x55557760b760, 24) = 0
[pid   314] chdir("./3")                = 0
[   29.232718][  T308] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   29.240797][  T308] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   29.248869][  T308] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000002
[   29.256939][  T308]  </TASK>
[   29.266325][  T313] FAULT_INJECTION: forcing a failure.
[   29.266325][  T313] name failslab, interval 1, probability 0, space 0, times 0
[pid   314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   314] setpgid(0, 0)               = 0
[pid   314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   314] write(3, "1000", 4)         = 4
[pid   314] close(3)                    = 0
[pid   314] symlink("/dev/binderfs", "./binderfs") = 0
[pid   314] write(1, "executing program\n", 18executing program
) = 18
[pid   314] perf_event_open(./strace-static-x86_64: Process 315 attached
 <unfinished ...>
[pid   315] set_robust_list(0x55557760b760, 24) = 0
[pid   315] chdir("./3")                = 0
[pid   315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   315] setpgid(0, 0)               = 0
[pid   315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   315] write(3, "1000", 4)         = 4
[pid   315] close(3)                    = 0
[pid   315] symlink("/dev/binderfs", "./binderfs") = 0
[pid   315] write(1, "executing program\n", 18executing program
) = 18
[pid   315] perf_event_open(./strace-static-x86_64: Process 316 attached
 <unfinished ...>
[pid   316] set_robust_list(0x55557760b760, 24) = 0
[pid   316] chdir("./4")                = 0
[pid   316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   316] setpgid(0, 0)               = 0
[pid   316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   316] write(3, "1000", 4)         = 4
[pid   316] close(3)                    = 0
[pid   316] symlink("/dev/binderfs", "./binderfs") = 0
[pid   316] write(1, "executing program\n", 18executing program
) = 18
[   29.284870][  T313] CPU: 0 PID: 313 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   29.295075][  T313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   29.305235][  T313] Call Trace:
[   29.308615][  T313]  <TASK>
[   29.311587][  T313]  __dump_stack+0x21/0x24
[   29.316069][  T313]  dump_stack_lvl+0xee/0x150
[   29.320866][  T313]  ? __cfi_dump_stack_lvl+0x8/0x8
[   29.326464][  T313]  dump_stack+0x15/0x24
[   29.330687][  T313]  should_fail_ex+0x3d4/0x520
[   29.335611][  T313]  __should_failslab+0xac/0xf0
[   29.340525][  T313]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   29.346539][  T313]  should_failslab+0x9/0x20
[   29.351204][  T313]  __kmem_cache_alloc_node+0x3d/0x2c0
[   29.356751][  T313]  ? __cfi_mutex_lock+0x10/0x10
[   29.361634][  T313]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   29.367684][  T313]  __kmalloc+0xa1/0x1e0
[   29.372072][  T313]  ? __kasan_check_write+0x14/0x20
[   29.377667][  T313]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   29.385501][  T313]  tracepoint_probe_unregister+0x1e6/0x8b0
[   29.391501][  T313]  trace_event_reg+0x21c/0x260
[   29.396369][  T313]  perf_trace_event_unreg+0xcc/0x1c0
[   29.402195][  T313]  perf_trace_destroy+0xbe/0x180
[   29.407754][  T313]  tp_perf_event_destroy+0x15/0x20
[   29.412961][  T313]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   29.418850][  T313]  _free_event+0x9cd/0xce0
[   29.423275][  T313]  perf_event_release_kernel+0x819/0x8a0
[   29.428919][  T313]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   29.435000][  T313]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   29.441179][  T313]  perf_release+0x3b/0x40
[   29.445604][  T313]  ? __cfi_perf_release+0x10/0x10
[   29.450676][  T313]  __fput+0x1fc/0x8f0
[   29.454664][  T313]  ____fput+0x15/0x20
[   29.458644][  T313]  task_work_run+0x1db/0x240
[   29.463235][  T313]  ? __cfi_task_work_run+0x10/0x10
[   29.468355][  T313]  ? task_work_add+0x2b1/0x330
[   29.473473][  T313]  ptrace_notify+0x221/0x250
[   29.478442][  T313]  ? __cfi_ptrace_notify+0x10/0x10
[   29.483752][  T313]  ? fput+0x15b/0x1a0
[   29.487813][  T313]  ? filp_close+0x111/0x160
[   29.492325][  T313]  ? close_fd+0x28b/0x300
[   29.496670][  T313]  syscall_exit_work+0x84/0x140
[   29.501532][  T313]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   29.507691][  T313]  syscall_exit_to_user_mode+0xd/0x30
[   29.513070][  T313]  do_syscall_64+0x58/0xa0
[   29.517582][  T313]  ? clear_bhb_loop+0x15/0x70
[   29.522269][  T313]  ? clear_bhb_loop+0x15/0x70
[   29.526949][  T313]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   29.532872][  T313] RIP: 0033:0x7f42ed5ffa89
[   29.537289][  T313] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   29.557163][  T313] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   29.565761][  T313] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   29.573919][  T313] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   29.582096][  T313] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[pid   316] perf_event_open( <unfinished ...>
[pid   313] <... close resumed>)        = 0
[pid   308] +++ exited with 0 +++
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=37} ---
[pid   291] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   313] exit_group(0 <unfinished ...>
[pid   314] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   313] <... exit_group resumed>)   = ?
[pid   315] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   316] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   314] <... bpf resumed>)          = 4
[pid   314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   315] <... bpf resumed>)          = 4
[pid   315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   291] <... restart_syscall resumed>) = 0
[pid   291] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] unlink("./2/binderfs")      = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] close(3)                    = 0
[pid   291] rmdir("./2")                = 0
[pid   291] mkdir("./3", 0777)          = 0
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 317
./strace-static-x86_64: Process 317 attached
[pid   317] set_robust_list(0x55557760b760, 24) = 0
[pid   317] chdir("./3")                = 0
[pid   317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   317] setpgid(0, 0)               = 0
[pid   317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   317] write(3, "1000", 4)         = 4
[pid   317] close(3)                    = 0
[pid   316] <... bpf resumed>)          = 5
[pid   313] +++ exited with 0 +++
[pid   314] <... bpf resumed>)          = 5
[pid   316] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   315] <... bpf resumed>)          = 5
[pid   317] symlink("/dev/binderfs", "./binderfs") = 0
[pid   315] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   314] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   316] <... openat resumed>)       = 6
[pid   315] <... openat resumed>)       = 6
[pid   314] <... openat resumed>)       = 6
[pid   314] write(6, "1", 1executing program
)            = 1
[pid   317] write(1, "executing program\n", 18 <unfinished ...>
[pid   314] close(3 <unfinished ...>
[pid   317] <... write resumed>)        = 18
[pid   314] <... close resumed>)        = 0
[pid   316] write(6, "1", 1 <unfinished ...>
[pid   315] write(6, "1", 1 <unfinished ...>
[pid   293] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   316] <... write resumed>)        = 1
[pid   315] <... write resumed>)        = 1
[pid   293] <... restart_syscall resumed>) = 0
[pid   316] close(3 <unfinished ...>
[   29.590102][  T313] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   29.598248][  T313] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000003
[   29.606226][  T313]  </TASK>
[   29.627424][  T314] FAULT_INJECTION: forcing a failure.
[   29.627424][  T314] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[pid   315] close(3 <unfinished ...>
[pid   317] perf_event_open( <unfinished ...>
[pid   316] <... close resumed>)        = 0
[pid   293] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./3/binderfs")      = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3)                    = 0
[pid   293] rmdir("./3")                = 0
[pid   293] mkdir("./4", 0777)          = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 318
[   29.638757][  T315] FAULT_INJECTION: forcing a failure.
[   29.638757][  T315] name failslab, interval 1, probability 0, space 0, times 0
[   29.641063][  T314] CPU: 0 PID: 314 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   29.654539][  T316] FAULT_INJECTION: forcing a failure.
[   29.654539][  T316] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   29.663557][  T314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   29.663578][  T314] Call Trace:
[   29.663585][  T314]  <TASK>
[   29.663594][  T314]  __dump_stack+0x21/0x24
[   29.663627][  T314]  dump_stack_lvl+0xee/0x150
[   29.663650][  T314]  ? __cfi_dump_stack_lvl+0x8/0x8
[   29.663677][  T314]  dump_stack+0x15/0x24
[   29.663701][  T314]  should_fail_ex+0x3d4/0x520
[   29.663724][  T314]  should_fail_alloc_page+0x61/0x90
[   29.722541][  T314]  prepare_alloc_pages+0x148/0x5f0
[   29.728306][  T314]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   29.734570][  T314]  ? __kasan_record_aux_stack+0xb6/0xc0
[   29.740236][  T314]  ? call_rcu+0xd4/0xf90
[   29.744515][  T314]  ? ____fput+0x15/0x20
[   29.748805][  T314]  __alloc_pages+0x115/0x3a0
[   29.753434][  T314]  ? __cfi___alloc_pages+0x10/0x10
[   29.758583][  T314]  ? __kasan_check_write+0x14/0x20
[   29.763723][  T314]  ? _raw_spin_lock+0x8e/0xe0
[   29.768464][  T314]  ? __cfi__raw_spin_lock+0x10/0x10
[   29.774309][  T314]  ? __this_cpu_preempt_check+0x13/0x20
[   29.780750][  T314]  __folio_alloc+0x12/0x40
[   29.785832][  T314]  wp_page_copy+0x280/0x15b0
[   29.793261][  T314]  ? __this_cpu_preempt_check+0x13/0x20
[   29.798929][  T314]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   29.805470][  T314]  ? fault_dirty_shared_page+0x310/0x310
[   29.812883][  T314]  ? _raw_spin_unlock+0x4c/0x70
[   29.817765][  T314]  ? finish_task_switch+0x16b/0x7b0
[   29.823849][  T314]  ? vm_normal_page+0x99/0x200
[   29.829246][  T314]  do_wp_page+0x9f2/0xfc0
[   29.834218][  T314]  handle_mm_fault+0x10e4/0x2640
[   29.839283][  T314]  ? __cfi_handle_mm_fault+0x10/0x10
[   29.844799][  T314]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   29.850292][  T314]  ? __this_cpu_preempt_check+0x13/0x20
[   29.855876][  T314]  ? xfd_validate_state+0x70/0x150
[   29.861098][  T314]  do_user_addr_fault+0x905/0x1050
[   29.866832][  T314]  exc_page_fault+0x51/0xb0
[   29.871362][  T314]  asm_exc_page_fault+0x27/0x30
[   29.877031][  T314] RIP: 0033:0x7f42ed5cde80
[   29.881703][  T314] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   29.901819][  T314] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   29.907909][  T314] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   29.916015][  T314] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   29.924002][  T314] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   29.931995][  T314] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   29.940415][  T314] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000003
[   29.948428][  T314]  </TASK>
[   29.951554][  T316] CPU: 1 PID: 316 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   29.962172][  T316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   29.972763][  T316] Call Trace:
[   29.976578][  T316]  <TASK>
[   29.979611][  T316]  __dump_stack+0x21/0x24
[   29.984218][  T316]  dump_stack_lvl+0xee/0x150
[   29.988854][  T316]  ? __cfi_dump_stack_lvl+0x8/0x8
[   29.993898][  T316]  dump_stack+0x15/0x24
[   29.998061][  T316]  should_fail_ex+0x3d4/0x520
[   30.002761][  T316]  should_fail_alloc_page+0x61/0x90
[   30.008053][  T316]  prepare_alloc_pages+0x148/0x5f0
[   30.013326][  T316]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   30.018528][  T316]  ? memset+0x35/0x40
[   30.022717][  T316]  __alloc_pages+0x115/0x3a0
[   30.027488][  T316]  ? __cfi___alloc_pages+0x10/0x10
[   30.032610][  T316]  ? __kasan_check_write+0x14/0x20
[   30.037817][  T316]  ? _raw_spin_lock+0x8e/0xe0
[   30.042505][  T316]  ? __cfi__raw_spin_lock+0x10/0x10
[   30.047763][  T316]  ? __this_cpu_preempt_check+0x13/0x20
[   30.053399][  T316]  __folio_alloc+0x12/0x40
[   30.057923][  T316]  wp_page_copy+0x280/0x15b0
[   30.062655][  T316]  ? __this_cpu_preempt_check+0x13/0x20
[   30.068254][  T316]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   30.075046][  T316]  ? fault_dirty_shared_page+0x310/0x310
[   30.082380][  T316]  ? _raw_spin_unlock+0x4c/0x70
[   30.087253][  T316]  ? finish_task_switch+0x16b/0x7b0
[   30.092581][  T316]  ? vm_normal_page+0x99/0x200
[   30.097371][  T316]  do_wp_page+0x9f2/0xfc0
[   30.101723][  T316]  handle_mm_fault+0x10e4/0x2640
[   30.106779][  T316]  ? __cfi_handle_mm_fault+0x10/0x10
[   30.112283][  T316]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   30.117531][  T316]  ? __this_cpu_preempt_check+0x13/0x20
[   30.123182][  T316]  ? xfd_validate_state+0x70/0x150
[   30.128604][  T316]  do_user_addr_fault+0x905/0x1050
[   30.133754][  T316]  exc_page_fault+0x51/0xb0
[   30.138279][  T316]  asm_exc_page_fault+0x27/0x30
[   30.143276][  T316] RIP: 0033:0x7f42ed5cde80
[   30.147717][  T316] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   30.168026][  T316] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   30.174130][  T316] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   30.182361][  T316] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
./strace-static-x86_64: Process 318 attached
[pid   318] set_robust_list(0x55557760b760, 24) = 0
[pid   318] chdir("./4")                = 0
[pid   318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   318] setpgid(0, 0)               = 0
[pid   318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   318] write(3, "1000", 4)         = 4
[pid   318] close(3)                    = 0
[pid   318] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   318] write(1, "executing program\n", 18) = 18
[   30.191200][  T316] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   30.199264][  T316] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   30.207349][  T316] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000004
[   30.215338][  T316]  </TASK>
[   30.220854][  T314] pagefault_out_of_memory: 1 callbacks suppressed
[   30.220869][  T314] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[pid   318] perf_event_open( <unfinished ...>
[pid   314] exit_group(0)               = ?
[pid   316] exit_group(0)               = ?
[   30.224041][  T315] CPU: 1 PID: 315 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   30.230031][  T316] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   30.234773][  T315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   30.262591][  T315] Call Trace:
[   30.265885][  T315]  <TASK>
[   30.268918][  T315]  __dump_stack+0x21/0x24
[   30.273515][  T315]  dump_stack_lvl+0xee/0x150
[   30.278108][  T315]  ? __cfi_dump_stack_lvl+0x8/0x8
[   30.283133][  T315]  dump_stack+0x15/0x24
[   30.287316][  T315]  should_fail_ex+0x3d4/0x520
[   30.292018][  T315]  __should_failslab+0xac/0xf0
[   30.296802][  T315]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   30.302790][  T315]  should_failslab+0x9/0x20
[   30.307491][  T315]  __kmem_cache_alloc_node+0x3d/0x2c0
[   30.312877][  T315]  ? __cfi_mutex_lock+0x10/0x10
[   30.317744][  T315]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   30.323739][  T315]  __kmalloc+0xa1/0x1e0
[   30.327902][  T315]  ? __kasan_check_write+0x14/0x20
[   30.333105][  T315]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   30.339704][  T315]  tracepoint_probe_unregister+0x1e6/0x8b0
[   30.345603][  T315]  trace_event_reg+0x21c/0x260
[   30.350374][  T315]  perf_trace_event_unreg+0xcc/0x1c0
[   30.355662][  T315]  perf_trace_destroy+0xbe/0x180
[   30.360689][  T315]  tp_perf_event_destroy+0x15/0x20
[   30.365796][  T315]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   30.371610][  T315]  _free_event+0x9cd/0xce0
[   30.376096][  T315]  perf_event_release_kernel+0x819/0x8a0
[   30.381745][  T315]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   30.387933][  T315]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   30.394223][  T315]  perf_release+0x3b/0x40
[   30.399141][  T315]  ? __cfi_perf_release+0x10/0x10
[   30.404682][  T315]  __fput+0x1fc/0x8f0
[   30.408715][  T315]  ____fput+0x15/0x20
[   30.412972][  T315]  task_work_run+0x1db/0x240
[   30.418286][  T315]  ? __cfi_task_work_run+0x10/0x10
[   30.423426][  T315]  ? task_work_add+0x2b1/0x330
[   30.428321][  T315]  ptrace_notify+0x221/0x250
[   30.433011][  T315]  ? __cfi_ptrace_notify+0x10/0x10
[   30.438237][  T315]  ? fput+0x15b/0x1a0
[   30.442221][  T315]  ? filp_close+0x111/0x160
[   30.446732][  T315]  ? close_fd+0x28b/0x300
[   30.452132][  T315]  syscall_exit_work+0x84/0x140
[   30.457745][  T315]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   30.468271][  T315]  syscall_exit_to_user_mode+0xd/0x30
[   30.477183][  T315]  do_syscall_64+0x58/0xa0
[   30.483338][  T315]  ? clear_bhb_loop+0x15/0x70
[   30.489210][  T315]  ? clear_bhb_loop+0x15/0x70
[   30.493988][  T315]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   30.500006][  T315] RIP: 0033:0x7f42ed5ffa89
[   30.504435][  T315] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   30.524048][  T315] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   30.532477][  T315] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[pid   314] +++ exited with 0 +++
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid   290] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] unlink("./3/binderfs")      = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] close(3)                    = 0
[pid   290] rmdir("./3")                = 0
[pid   290] mkdir("./4", 0777)          = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 319
./strace-static-x86_64: Process 319 attached
[pid   319] set_robust_list(0x55557760b760, 24) = 0
[pid   319] chdir("./4")                = 0
[pid   319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   319] setpgid(0, 0)               = 0
[pid   319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   319] write(3, "1000", 4)         = 4
[pid   319] close(3)                    = 0
[pid   319] symlink("/dev/binderfs", "./binderfs") = 0
[pid   319] write(1, "executing program\n", 18executing program
) = 18
[pid   319] perf_event_open( <unfinished ...>
[pid   317] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   316] +++ exited with 0 +++
[pid   318] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   315] <... close resumed>)        = 0
[pid   318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   315] exit_group(0 <unfinished ...>
[pid   318] <... bpf resumed>)          = 4
[pid   317] <... bpf resumed>)          = 4
[pid   315] <... exit_group resumed>)   = ?
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=17} ---
[pid   318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   294] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   319] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   294] <... restart_syscall resumed>) = 0
[pid   319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   294] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   319] <... bpf resumed>)          = 4
[pid   294] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   294] <... openat resumed>)       = 3
[pid   294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./4/binderfs")      = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[pid   294] rmdir("./4")                = 0
[pid   294] mkdir("./5", 0777)          = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 320 attached
, child_tidptr=0x55557760b750) = 320
[pid   320] set_robust_list(0x55557760b760, 24) = 0
[pid   320] chdir("./5")                = 0
[pid   320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   320] setpgid(0, 0)               = 0
[pid   320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   320] write(3, "1000", 4)         = 4
[pid   320] close(3)                    = 0
[pid   320] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   320] write(1, "executing program\n", 18) = 18
[pid   320] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   318] <... bpf resumed>)          = 5
[pid   317] <... bpf resumed>)          = 5
[pid   315] +++ exited with 0 +++
[pid   320] <... bpf resumed>)          = 5
[pid   319] <... bpf resumed>)          = 5
[pid   318] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   317] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   320] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   319] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   318] <... openat resumed>)       = 6
[pid   317] <... openat resumed>)       = 6
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=12} ---
[pid   320] <... openat resumed>)       = 6
[pid   319] <... openat resumed>)       = 6
[pid   318] write(6, "1", 1 <unfinished ...>
[pid   317] write(6, "1", 1 <unfinished ...>
[pid   320] write(6, "1", 1 <unfinished ...>
[pid   319] write(6, "1", 1 <unfinished ...>
[pid   318] <... write resumed>)        = 1
[pid   317] <... write resumed>)        = 1
[   30.540580][  T315] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   30.548748][  T315] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   30.556759][  T315] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   30.565697][  T315] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000003
[   30.575504][  T315]  </TASK>
[pid   292] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   320] <... write resumed>)        = 1
[pid   319] <... write resumed>)        = 1
[pid   318] close(3 <unfinished ...>
[pid   317] close(3 <unfinished ...>
[pid   320] close(3 <unfinished ...>
[pid   319] close(3 <unfinished ...>
[pid   318] <... close resumed>)        = 0
[pid   317] <... close resumed>)        = 0
[pid   320] <... close resumed>)        = 0
[   30.618316][  T317] FAULT_INJECTION: forcing a failure.
[   30.618316][  T317] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   30.618375][  T318] FAULT_INJECTION: forcing a failure.
[   30.618375][  T318] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   30.635436][  T320] FAULT_INJECTION: forcing a failure.
[   30.635436][  T320] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   30.648929][  T319] FAULT_INJECTION: forcing a failure.
[pid   292] <... restart_syscall resumed>) = 0
[   30.648929][  T319] name failslab, interval 1, probability 0, space 0, times 0
[   30.663589][  T317] CPU: 0 PID: 317 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   30.687624][  T317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   30.698152][  T317] Call Trace:
[   30.701434][  T317]  <TASK>
[   30.704386][  T317]  __dump_stack+0x21/0x24
[   30.708727][  T317]  dump_stack_lvl+0xee/0x150
[   30.713374][  T317]  ? __cfi_dump_stack_lvl+0x8/0x8
[   30.718549][  T317]  dump_stack+0x15/0x24
[   30.723022][  T317]  should_fail_ex+0x3d4/0x520
[   30.727812][  T317]  should_fail_alloc_page+0x61/0x90
[   30.733243][  T317]  prepare_alloc_pages+0x148/0x5f0
[   30.738570][  T317]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   30.743871][  T317]  ? __kasan_record_aux_stack+0xb6/0xc0
[   30.749873][  T317]  ? call_rcu+0xd4/0xf90
[   30.754134][  T317]  ? ____fput+0x15/0x20
[   30.758446][  T317]  __alloc_pages+0x115/0x3a0
[   30.763142][  T317]  ? __cfi___alloc_pages+0x10/0x10
[pid   292] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   292] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   292] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   292] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] unlink("./3/binderfs")      = 0
[pid   292] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] close(3)                    = 0
[pid   292] rmdir("./3")                = 0
[pid   292] mkdir("./4", 0777)          = 0
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 321
[   30.768266][  T317]  ? __kasan_check_write+0x14/0x20
[   30.774351][  T317]  ? _raw_spin_lock+0x8e/0xe0
[   30.779830][  T317]  ? __cfi__raw_spin_lock+0x10/0x10
[   30.785054][  T317]  ? __this_cpu_preempt_check+0x13/0x20
[   30.790665][  T317]  __folio_alloc+0x12/0x40
[   30.795509][  T317]  wp_page_copy+0x280/0x15b0
[   30.800135][  T317]  ? __this_cpu_preempt_check+0x13/0x20
[   30.805698][  T317]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   30.811944][  T317]  ? fault_dirty_shared_page+0x310/0x310
[   30.817590][  T317]  ? _raw_spin_unlock+0x4c/0x70
[   30.822539][  T317]  ? finish_task_switch+0x16b/0x7b0
[   30.827930][  T317]  ? vm_normal_page+0x99/0x200
[   30.832811][  T317]  do_wp_page+0x9f2/0xfc0
[   30.837153][  T317]  handle_mm_fault+0x10e4/0x2640
[   30.842123][  T317]  ? __cfi_handle_mm_fault+0x10/0x10
[   30.847414][  T317]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   30.852623][  T317]  ? __this_cpu_preempt_check+0x13/0x20
[   30.858174][  T317]  ? xfd_validate_state+0x70/0x150
[   30.863471][  T317]  do_user_addr_fault+0x905/0x1050
[   30.868680][  T317]  exc_page_fault+0x51/0xb0
[   30.873546][  T317]  asm_exc_page_fault+0x27/0x30
[   30.878421][  T317] RIP: 0033:0x7f42ed5cde80
[   30.882976][  T317] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   30.902677][  T317] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   30.908762][  T317] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   30.917389][  T317] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   30.925824][  T317] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   30.934171][  T317] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   30.942542][  T317] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000003
[   30.950549][  T317]  </TASK>
[   30.953944][  T320] CPU: 0 PID: 320 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   30.964140][  T320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   30.975025][  T320] Call Trace:
[   30.978318][  T320]  <TASK>
[   30.981302][  T320]  __dump_stack+0x21/0x24
[   30.985744][  T320]  dump_stack_lvl+0xee/0x150
[   30.990353][  T320]  ? __cfi_dump_stack_lvl+0x8/0x8
[   30.995635][  T320]  dump_stack+0x15/0x24
[   30.999812][  T320]  should_fail_ex+0x3d4/0x520
[   31.004676][  T320]  should_fail_alloc_page+0x61/0x90
[   31.009967][  T320]  prepare_alloc_pages+0x148/0x5f0
[   31.015704][  T320]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   31.022351][  T320]  ? __kasan_record_aux_stack+0xb6/0xc0
[   31.031080][  T320]  ? call_rcu+0xd4/0xf90
[   31.036923][  T320]  __alloc_pages+0x115/0x3a0
[   31.041635][  T320]  ? __cfi___alloc_pages+0x10/0x10
[   31.046782][  T320]  ? __kasan_check_write+0x14/0x20
[   31.051914][  T320]  ? _raw_spin_lock+0x8e/0xe0
[   31.056610][  T320]  ? __cfi__raw_spin_lock+0x10/0x10
[   31.061814][  T320]  ? __this_cpu_preempt_check+0x13/0x20
[   31.067369][  T320]  __folio_alloc+0x12/0x40
[   31.071903][  T320]  wp_page_copy+0x280/0x15b0
[   31.076610][  T320]  ? __this_cpu_preempt_check+0x13/0x20
[   31.082280][  T320]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   31.088533][  T320]  ? fault_dirty_shared_page+0x310/0x310
[   31.094191][  T320]  ? _raw_spin_unlock+0x4c/0x70
[   31.099051][  T320]  ? finish_task_switch+0x16b/0x7b0
[   31.104261][  T320]  ? vm_normal_page+0x99/0x200
[   31.109136][  T320]  do_wp_page+0x9f2/0xfc0
[   31.113498][  T320]  handle_mm_fault+0x10e4/0x2640
[   31.118730][  T320]  ? __cfi_handle_mm_fault+0x10/0x10
[   31.125603][  T320]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   31.132041][  T320]  ? __this_cpu_preempt_check+0x13/0x20
[   31.137608][  T320]  ? xfd_validate_state+0x70/0x150
[   31.143108][  T320]  do_user_addr_fault+0x905/0x1050
[   31.149507][  T320]  exc_page_fault+0x51/0xb0
[   31.154416][  T320]  asm_exc_page_fault+0x27/0x30
[   31.159282][  T320] RIP: 0033:0x7f42ed5cde80
[   31.164280][  T320] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   31.186330][  T320] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   31.193689][  T320] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   31.202569][  T320] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   31.212137][  T320] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   31.220481][  T320] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   31.229794][  T320] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000005
[   31.238530][  T320]  </TASK>
[   31.241855][  T319] CPU: 1 PID: 319 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   31.253242][  T319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   31.264266][  T319] Call Trace:
[   31.268012][  T319]  <TASK>
[   31.271658][  T319]  __dump_stack+0x21/0x24
[   31.276088][  T319]  dump_stack_lvl+0xee/0x150
[   31.280883][  T319]  ? __cfi_dump_stack_lvl+0x8/0x8
[   31.285928][  T319]  dump_stack+0x15/0x24
[   31.290092][  T319]  should_fail_ex+0x3d4/0x520
[   31.294785][  T319]  __should_failslab+0xac/0xf0
[   31.299551][  T319]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   31.305535][  T319]  should_failslab+0x9/0x20
[   31.310046][  T319]  __kmem_cache_alloc_node+0x3d/0x2c0
[   31.315423][  T319]  ? __cfi_mutex_lock+0x10/0x10
executing program
./strace-static-x86_64: Process 321 attached
[pid   321] set_robust_list(0x55557760b760, 24) = 0
[pid   321] chdir("./4")                = 0
[pid   321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   321] setpgid(0, 0)               = 0
[pid   321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   321] write(3, "1000", 4)         = 4
[pid   321] close(3)                    = 0
[pid   321] symlink("/dev/binderfs", "./binderfs") = 0
[pid   321] write(1, "executing program\n", 18) = 18
[   31.320288][  T319]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   31.326304][  T319]  __kmalloc+0xa1/0x1e0
[   31.330746][  T319]  ? __kasan_check_write+0x14/0x20
[   31.335876][  T319]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   31.342490][  T319]  tracepoint_probe_unregister+0x1e6/0x8b0
[   31.348338][  T319]  trace_event_reg+0x21c/0x260
[   31.353582][  T319]  perf_trace_event_unreg+0xcc/0x1c0
[   31.359786][  T319]  perf_trace_destroy+0xbe/0x180
[   31.364844][  T319]  tp_perf_event_destroy+0x15/0x20
[   31.370812][  T319]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   31.376730][  T319]  _free_event+0x9cd/0xce0
[   31.381262][  T319]  perf_event_release_kernel+0x819/0x8a0
[   31.387009][  T319]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   31.393225][  T319]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   31.399875][  T319]  perf_release+0x3b/0x40
[   31.404310][  T319]  ? __cfi_perf_release+0x10/0x10
[   31.409397][  T319]  __fput+0x1fc/0x8f0
[   31.413480][  T319]  ____fput+0x15/0x20
[   31.417477][  T319]  task_work_run+0x1db/0x240
[   31.422078][  T319]  ? __cfi_task_work_run+0x10/0x10
[   31.427204][  T319]  ? task_work_add+0x2b1/0x330
[   31.432328][  T319]  ptrace_notify+0x221/0x250
[   31.437466][  T319]  ? __cfi_ptrace_notify+0x10/0x10
[   31.442598][  T319]  ? fput+0x15b/0x1a0
[   31.446594][  T319]  ? filp_close+0x111/0x160
[   31.451106][  T319]  ? close_fd+0x28b/0x300
[   31.455561][  T319]  syscall_exit_work+0x84/0x140
[   31.460431][  T319]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   31.466602][  T319]  syscall_exit_to_user_mode+0xd/0x30
[   31.472202][  T319]  do_syscall_64+0x58/0xa0
[   31.477033][  T319]  ? clear_bhb_loop+0x15/0x70
[   31.482168][  T319]  ? clear_bhb_loop+0x15/0x70
[   31.487228][  T319]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   31.493150][  T319] RIP: 0033:0x7f42ed5ffa89
[   31.497578][  T319] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   31.517392][  T319] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   31.526062][  T319] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   31.534881][  T319] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   31.543058][  T319] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   31.546005][  T317] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   31.551909][  T319] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[pid   321] perf_event_open( <unfinished ...>
[pid   320] exit_group(0)               = ?
[pid   320] +++ exited with 0 +++
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid   294] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   317] exit_group(0)               = ?
[pid   317] +++ exited with 0 +++
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
[   31.551931][  T319] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000004
[   31.551951][  T319]  </TASK>
[   31.582162][  T318] CPU: 0 PID: 318 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   31.595187][  T318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   31.595997][  T320] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   31.606130][  T318] Call Trace:
[   31.606145][  T318]  <TASK>
[pid   291] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   294] <... restart_syscall resumed>) = 0
[pid   291] <... restart_syscall resumed>) = 0
[pid   294] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   291] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   294] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   291] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   291] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   294] <... openat resumed>)       = 3
[pid   291] <... openat resumed>)       = 3
[pid   294] newfstatat(3, "",  <unfinished ...>
[pid   291] newfstatat(3, "",  <unfinished ...>
[pid   294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3,  <unfinished ...>
[pid   291] getdents64(3,  <unfinished ...>
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   291] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   294] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   291] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./5/binderfs",  <unfinished ...>
[pid   291] newfstatat(AT_FDCWD, "./3/binderfs",  <unfinished ...>
[pid   294] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./5/binderfs" <unfinished ...>
[pid   291] unlink("./3/binderfs" <unfinished ...>
[pid   294] <... unlink resumed>)       = 0
[pid   291] <... unlink resumed>)       = 0
[pid   294] getdents64(3,  <unfinished ...>
[pid   291] getdents64(3,  <unfinished ...>
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3 <unfinished ...>
[pid   291] close(3 <unfinished ...>
[pid   294] <... close resumed>)        = 0
[pid   291] <... close resumed>)        = 0
[pid   294] rmdir("./5" <unfinished ...>
[pid   291] rmdir("./3" <unfinished ...>
[pid   294] <... rmdir resumed>)        = 0
[pid   291] <... rmdir resumed>)        = 0
[pid   294] mkdir("./6", 0777 <unfinished ...>
[pid   291] mkdir("./4", 0777 <unfinished ...>
[pid   294] <... mkdir resumed>)        = 0
[pid   291] <... mkdir resumed>)        = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   294] <... clone resumed>, child_tidptr=0x55557760b750) = 323
[pid   291] <... clone resumed>, child_tidptr=0x55557760b750) = 322
./strace-static-x86_64: Process 323 attached
[pid   323] set_robust_list(0x55557760b760, 24) = 0
[pid   323] chdir("./6")                = 0
[pid   323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   323] setpgid(0, 0)               = 0
[pid   323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   323] write(3, "1000", 4)         = 4
[pid   323] close(3)                    = 0
[pid   323] symlink("/dev/binderfs", "./binderfs") = 0
[pid   323] write(1, "executing program\n", 18executing program
) = 18
[pid   323] perf_event_open(./strace-static-x86_64: Process 322 attached
 <unfinished ...>
[pid   322] set_robust_list(0x55557760b760, 24) = 0
[pid   322] chdir("./4")                = 0
[pid   322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   322] setpgid(0, 0)               = 0
[pid   322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   322] write(3, "1000", 4)         = 4
[pid   322] close(3)                    = 0
[pid   322] symlink("/dev/binderfs", "./binderfs") = 0
[pid   322] write(1, "executing program\n", 18executing program
) = 18
[   31.606154][  T318]  __dump_stack+0x21/0x24
[   31.606194][  T318]  dump_stack_lvl+0xee/0x150
[   31.631878][  T318]  ? __cfi_dump_stack_lvl+0x8/0x8
[   31.637154][  T318]  dump_stack+0x15/0x24
[   31.641722][  T318]  should_fail_ex+0x3d4/0x520
[   31.646739][  T318]  should_fail_alloc_page+0x61/0x90
[   31.652846][  T318]  prepare_alloc_pages+0x148/0x5f0
[   31.658664][  T318]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   31.665188][  T318]  ? __kasan_record_aux_stack+0xb6/0xc0
[   31.673228][  T318]  ? call_rcu+0xd4/0xf90
[   31.677775][  T318]  ? ____fput+0x15/0x20
[   31.682207][  T318]  __alloc_pages+0x115/0x3a0
[   31.687099][  T318]  ? __cfi___alloc_pages+0x10/0x10
[   31.692759][  T318]  ? __kasan_check_write+0x14/0x20
[   31.697888][  T318]  ? _raw_spin_lock+0x8e/0xe0
[   31.703278][  T318]  ? __cfi__raw_spin_lock+0x10/0x10
[   31.708477][  T318]  ? __this_cpu_preempt_check+0x13/0x20
[   31.714024][  T318]  __folio_alloc+0x12/0x40
[   31.718760][  T318]  wp_page_copy+0x280/0x15b0
[   31.723913][  T318]  ? __this_cpu_preempt_check+0x13/0x20
[   31.729566][  T318]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   31.736710][  T318]  ? fault_dirty_shared_page+0x310/0x310
[   31.742921][  T318]  ? _raw_spin_unlock+0x4c/0x70
[   31.747968][  T318]  ? finish_task_switch+0x16b/0x7b0
[   31.753203][  T318]  ? vm_normal_page+0x99/0x200
[   31.758148][  T318]  do_wp_page+0x9f2/0xfc0
[   31.763203][  T318]  handle_mm_fault+0x10e4/0x2640
[   31.768668][  T318]  ? __cfi_handle_mm_fault+0x10/0x10
[   31.776338][  T318]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   31.781846][  T318]  ? __this_cpu_preempt_check+0x13/0x20
[   31.788244][  T318]  ? xfd_validate_state+0x70/0x150
[   31.793653][  T318]  do_user_addr_fault+0x905/0x1050
[   31.798878][  T318]  exc_page_fault+0x51/0xb0
[   31.803383][  T318]  asm_exc_page_fault+0x27/0x30
[   31.808524][  T318] RIP: 0033:0x7f42ed5cde80
[   31.812938][  T318] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   31.832822][  T318] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   31.839001][  T318] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   31.847173][  T318] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   31.855164][  T318] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[pid   322] perf_event_open( <unfinished ...>
[pid   319] <... close resumed>)        = 0
[pid   321] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   319] exit_group(0 <unfinished ...>
[pid   323] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   322] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   319] <... exit_group resumed>)   = ?
[pid   322] <... bpf resumed>)          = 4
[pid   321] <... bpf resumed>)          = 4
[pid   319] +++ exited with 0 +++
[pid   318] exit_group(0 <unfinished ...>
[pid   323] <... bpf resumed>)          = 4
[pid   322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16) = 5
[pid   321] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   321] write(6, "1", 1)            = 1
[pid   321] close(3)                    = 0
[pid   323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   322] <... bpf resumed>)          = 5
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=16} ---
[pid   323] <... bpf resumed>)          = 5
[pid   322] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   290] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   323] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   322] <... openat resumed>)       = 6
[pid   323] <... openat resumed>)       = 6
[pid   322] write(6, "1", 1 <unfinished ...>
[pid   323] write(6, "1", 1 <unfinished ...>
[pid   322] <... write resumed>)        = 1
[   31.864190][  T318] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   31.876368][  T318] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000004
[   31.885847][  T318]  </TASK>
[   31.889467][  T318] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   31.902796][  T321] FAULT_INJECTION: forcing a failure.
[   31.902796][  T321] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   31.905445][  T323] FAULT_INJECTION: forcing a failure.
[pid   323] <... write resumed>)        = 1
[pid   322] close(3 <unfinished ...>
[pid   323] close(3 <unfinished ...>
[pid   322] <... close resumed>)        = 0
[pid   318] <... exit_group resumed>)   = ?
[pid   290] <... restart_syscall resumed>) = 0
[pid   290] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] unlink("./4/binderfs")      = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] close(3)                    = 0
[pid   290] rmdir("./4")                = 0
[pid   290] mkdir("./5", 0777)          = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 324
[   31.905445][  T323] name failslab, interval 1, probability 0, space 0, times 0
[   31.925950][  T321] CPU: 0 PID: 321 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   31.937428][  T322] FAULT_INJECTION: forcing a failure.
[   31.937428][  T322] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   31.944753][  T321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   31.944773][  T321] Call Trace:
[   31.944779][  T321]  <TASK>
[   31.944789][  T321]  __dump_stack+0x21/0x24
[   31.988825][  T321]  dump_stack_lvl+0xee/0x150
[   31.994176][  T321]  ? __cfi_dump_stack_lvl+0x8/0x8
[   31.999950][  T321]  ? __cfi_enqueue_task_fair+0x10/0x10
[   32.005608][  T321]  dump_stack+0x15/0x24
[   32.009966][  T321]  should_fail_ex+0x3d4/0x520
[   32.014836][  T321]  should_fail_alloc_page+0x61/0x90
[   32.021570][  T321]  prepare_alloc_pages+0x148/0x5f0
[   32.027423][  T321]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   32.033343][  T321]  __alloc_pages+0x115/0x3a0
[   32.038264][  T321]  ? __cfi___alloc_pages+0x10/0x10
[   32.044992][  T321]  ? __kasan_check_write+0x14/0x20
[   32.051826][  T321]  ? _raw_spin_lock+0x8e/0xe0
[   32.056859][  T321]  ? __cfi__raw_spin_lock+0x10/0x10
[   32.064069][  T321]  ? __this_cpu_preempt_check+0x13/0x20
[   32.070634][  T321]  __folio_alloc+0x12/0x40
[   32.076470][  T321]  wp_page_copy+0x280/0x15b0
[   32.082326][  T321]  ? __this_cpu_preempt_check+0x13/0x20
[   32.089200][  T321]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   32.095688][  T321]  ? fault_dirty_shared_page+0x310/0x310
[   32.102675][  T321]  ? _raw_spin_unlock+0x4c/0x70
[   32.107550][  T321]  ? finish_task_switch+0x16b/0x7b0
[   32.113029][  T321]  ? vm_normal_page+0x99/0x200
[   32.118817][  T321]  do_wp_page+0x9f2/0xfc0
[   32.124444][  T321]  handle_mm_fault+0x10e4/0x2640
[   32.130605][  T321]  ? __cfi_handle_mm_fault+0x10/0x10
[   32.136597][  T321]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   32.142491][  T321]  ? __this_cpu_preempt_check+0x13/0x20
[   32.148318][  T321]  ? xfd_validate_state+0x70/0x150
[   32.153580][  T321]  do_user_addr_fault+0x905/0x1050
[   32.159792][  T321]  exc_page_fault+0x51/0xb0
[   32.164853][  T321]  asm_exc_page_fault+0x27/0x30
[   32.171212][  T321] RIP: 0033:0x7f42ed5cde80
[   32.177122][  T321] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   32.200826][  T321] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   32.207693][  T321] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   32.216046][  T321] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   32.224734][  T321] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   32.232979][  T321] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   32.241427][  T321] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000004
[   32.249449][  T321]  </TASK>
[   32.252671][  T323] CPU: 0 PID: 323 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   32.263295][  T323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   32.273850][  T323] Call Trace:
[   32.277330][  T323]  <TASK>
[   32.280405][  T323]  __dump_stack+0x21/0x24
[   32.284752][  T323]  dump_stack_lvl+0xee/0x150
[   32.289496][  T323]  ? __cfi_dump_stack_lvl+0x8/0x8
[   32.294737][  T323]  dump_stack+0x15/0x24
[   32.299097][  T323]  should_fail_ex+0x3d4/0x520
[   32.304073][  T323]  __should_failslab+0xac/0xf0
[   32.309029][  T323]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   32.315188][  T323]  should_failslab+0x9/0x20
[   32.319894][  T323]  __kmem_cache_alloc_node+0x3d/0x2c0
[   32.325295][  T323]  ? __cfi_mutex_lock+0x10/0x10
[   32.330356][  T323]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   32.336478][  T323]  __kmalloc+0xa1/0x1e0
[   32.340774][  T323]  ? __kasan_check_write+0x14/0x20
[   32.345918][  T323]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   32.352522][  T323]  tracepoint_probe_unregister+0x1e6/0x8b0
[   32.358774][  T323]  trace_event_reg+0x21c/0x260
[   32.363615][  T323]  perf_trace_event_unreg+0xcc/0x1c0
[   32.370305][  T323]  perf_trace_destroy+0xbe/0x180
./strace-static-x86_64: Process 324 attached
[pid   324] set_robust_list(0x55557760b760, 24) = 0
[pid   324] chdir("./5")                = 0
[pid   324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   324] setpgid(0, 0)               = 0
[pid   324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   324] write(3, "1000", 4)         = 4
[pid   324] close(3)                    = 0
[pid   324] symlink("/dev/binderfs", "./binderfs") = 0
[pid   324] write(1, "executing program\n", 18executing program
) = 18
[   32.375686][  T323]  tp_perf_event_destroy+0x15/0x20
[   32.383112][  T323]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   32.394809][  T323]  _free_event+0x9cd/0xce0
[   32.401234][  T323]  perf_event_release_kernel+0x819/0x8a0
[   32.406974][  T323]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   32.413354][  T323]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   32.419629][  T323]  perf_release+0x3b/0x40
[   32.424111][  T323]  ? __cfi_perf_release+0x10/0x10
[   32.429448][  T323]  __fput+0x1fc/0x8f0
[   32.433620][  T323]  ____fput+0x15/0x20
[   32.438269][  T323]  task_work_run+0x1db/0x240
[   32.442974][  T323]  ? __cfi_task_work_run+0x10/0x10
[   32.448093][  T323]  ? task_work_add+0x2b1/0x330
[   32.452892][  T323]  ptrace_notify+0x221/0x250
[   32.458114][  T323]  ? __cfi_ptrace_notify+0x10/0x10
[   32.463532][  T323]  ? fput+0x15b/0x1a0
[   32.467756][  T323]  ? filp_close+0x111/0x160
[   32.472522][  T323]  ? close_fd+0x28b/0x300
[   32.478179][  T323]  syscall_exit_work+0x84/0x140
[   32.484287][  T323]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   32.491716][  T323]  syscall_exit_to_user_mode+0xd/0x30
[   32.497197][  T323]  do_syscall_64+0x58/0xa0
[   32.501633][  T323]  ? clear_bhb_loop+0x15/0x70
[   32.506410][  T323]  ? clear_bhb_loop+0x15/0x70
[   32.511534][  T323]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   32.517543][  T323] RIP: 0033:0x7f42ed5ffa89
[   32.522254][  T323] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   32.545235][  T323] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   32.554176][  T323] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   32.565521][  T323] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   32.574828][  T323] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   32.584294][  T323] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   32.593460][  T323] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000006
[   32.602711][  T323]  </TASK>
[   32.606304][  T322] CPU: 1 PID: 322 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   32.606713][  T321] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   32.618233][  T322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   32.618254][  T322] Call Trace:
[   32.618261][  T322]  <TASK>
[   32.618271][  T322]  __dump_stack+0x21/0x24
[   32.618304][  T322]  dump_stack_lvl+0xee/0x150
[   32.618329][  T322]  ? __cfi_dump_stack_lvl+0x8/0x8
[   32.618357][  T322]  dump_stack+0x15/0x24
[   32.665159][  T322]  should_fail_ex+0x3d4/0x520
[   32.671183][  T322]  should_fail_alloc_page+0x61/0x90
[   32.677200][  T322]  prepare_alloc_pages+0x148/0x5f0
[   32.683212][  T322]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   32.688699][  T322]  ? __kasan_record_aux_stack+0xb6/0xc0
[   32.694921][  T322]  __alloc_pages+0x115/0x3a0
[   32.699796][  T322]  ? __cfi___alloc_pages+0x10/0x10
[   32.707852][  T322]  ? __kasan_check_write+0x14/0x20
[   32.713703][  T322]  ? _raw_spin_lock+0x8e/0xe0
[   32.719999][  T322]  ? __cfi__raw_spin_lock+0x10/0x10
[   32.725489][  T322]  ? __this_cpu_preempt_check+0x13/0x20
[   32.731261][  T322]  __folio_alloc+0x12/0x40
[   32.735879][  T322]  wp_page_copy+0x280/0x15b0
[   32.740764][  T322]  ? __this_cpu_preempt_check+0x13/0x20
[   32.746339][  T322]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   32.752586][  T322]  ? fault_dirty_shared_page+0x310/0x310
[   32.758786][  T322]  ? _raw_spin_unlock+0x4c/0x70
[   32.764043][  T322]  ? finish_task_switch+0x16b/0x7b0
[   32.769797][  T322]  ? vm_normal_page+0x99/0x200
[   32.775735][  T322]  do_wp_page+0x9f2/0xfc0
[   32.780477][  T322]  handle_mm_fault+0x10e4/0x2640
[   32.787320][  T322]  ? __cfi_handle_mm_fault+0x10/0x10
[   32.793531][  T322]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   32.801101][  T322]  ? __this_cpu_preempt_check+0x13/0x20
[   32.807021][  T322]  ? xfd_validate_state+0x70/0x150
[   32.812890][  T322]  do_user_addr_fault+0x905/0x1050
[   32.818226][  T322]  exc_page_fault+0x51/0xb0
[   32.823307][  T322]  asm_exc_page_fault+0x27/0x30
[   32.829569][  T322] RIP: 0033:0x7f42ed5cde80
[   32.834269][  T322] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   32.857851][  T322] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   32.864303][  T322] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid   324] perf_event_open( <unfinished ...>
[pid   323] <... close resumed>)        = 0
[pid   321] exit_group(0 <unfinished ...>
[pid   318] +++ exited with 0 +++
[pid   323] exit_group(0 <unfinished ...>
[pid   321] <... exit_group resumed>)   = ?
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=45} ---
[pid   323] <... exit_group resumed>)   = ?
[pid   321] +++ exited with 0 +++
[pid   293] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid   293] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   293] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./4/binderfs")      = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3)                    = 0
[pid   293] rmdir("./4")                = 0
[pid   293] mkdir("./5", 0777)          = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 325 attached
 <unfinished ...>
[pid   322] exit_group(0)               = ?
[pid   293] <... clone resumed>, child_tidptr=0x55557760b750) = 325
[pid   325] set_robust_list(0x55557760b760, 24) = 0
[pid   325] chdir("./5")                = 0
[pid   325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   292] <... restart_syscall resumed>) = 0
[pid   325] setpgid(0, 0)               = 0
[pid   292] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   292] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   325] <... openat resumed>)       = 3
[pid   292] newfstatat(3, "",  <unfinished ...>
[pid   325] write(3, "1000", 4 <unfinished ...>
[pid   292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   325] <... write resumed>)        = 4
[pid   292] getdents64(3,  <unfinished ...>
[pid   325] close(3 <unfinished ...>
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   325] <... close resumed>)        = 0
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   325] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   292] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] unlink("./4/binderfs")      = 0
[pid   325] <... symlink resumed>)      = 0
[pid   292] getdents64(3,  <unfinished ...>
[pid   325] write(1, "executing program\n", 18 <unfinished ...>
executing program
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] close(3 <unfinished ...>
[pid   325] <... write resumed>)        = 18
[pid   292] <... close resumed>)        = 0
[pid   292] rmdir("./4" <unfinished ...>
[pid   324] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   323] +++ exited with 0 +++
[pid   324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
[pid   292] <... rmdir resumed>)        = 0
[pid   325] perf_event_open( <unfinished ...>
[pid   292] mkdir("./5", 0777)          = 0
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   324] <... bpf resumed>)          = 4
[pid   292] <... clone resumed>, child_tidptr=0x55557760b750) = 326
./strace-static-x86_64: Process 326 attached
[pid   324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   326] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   325] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   294] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   326] <... set_robust_list resumed>) = 0
[pid   294] <... openat resumed>)       = 3
[pid   326] chdir("./5" <unfinished ...>
[pid   325] <... bpf resumed>)          = 4
[pid   294] newfstatat(3, "",  <unfinished ...>
[pid   326] <... chdir resumed>)        = 0
[pid   294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   326] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   294] getdents64(3,  <unfinished ...>
[pid   326] <... prctl resumed>)        = 0
[pid   325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./6/binderfs",  <unfinished ...>
[pid   326] setpgid(0, 0 <unfinished ...>
[pid   294] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   326] <... setpgid resumed>)      = 0
[pid   294] unlink("./6/binderfs" <unfinished ...>
[pid   326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   294] <... unlink resumed>)       = 0
[pid   326] write(3, "1000", 4 <unfinished ...>
[pid   294] getdents64(3,  <unfinished ...>
[pid   326] <... write resumed>)        = 4
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   326] close(3 <unfinished ...>
[pid   294] close(3 <unfinished ...>
[pid   326] <... close resumed>)        = 0
[pid   326] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   294] <... close resumed>)        = 0
[pid   326] write(1, "executing program\n", 18) = 18
[pid   326] perf_event_open( <unfinished ...>
[pid   294] rmdir("./6" <unfinished ...>
[pid   326] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   294] <... rmdir resumed>)        = 0
[pid   326] <... bpf resumed>)          = 4
[pid   294] mkdir("./7", 0777 <unfinished ...>
[pid   326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   294] <... mkdir resumed>)        = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 327 attached
, child_tidptr=0x55557760b750) = 327
[pid   327] set_robust_list(0x55557760b760, 24) = 0
[pid   327] chdir("./7")                = 0
[pid   327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   327] setpgid(0, 0)               = 0
[pid   327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   327] write(3, "1000", 4)         = 4
[pid   327] close(3)                    = 0
[pid   327] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   327] write(1, "executing program\n", 18) = 18
[pid   327] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   322] +++ exited with 0 +++
[pid   324] <... bpf resumed>)          = 5
[pid   324] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=22} ---
[pid   324] <... openat resumed>)       = 6
[pid   291] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   327] <... bpf resumed>)          = 5
[pid   326] <... bpf resumed>)          = 5
[pid   325] <... bpf resumed>)          = 5
[pid   324] write(6, "1", 1)            = 1
[pid   324] close(3)                    = 0
[pid   325] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[   32.878283][  T322] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   32.887548][  T322] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   32.895883][  T322] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   32.904022][  T322] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000004
[   32.913090][  T322]  </TASK>
[   32.916608][  T322] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[pid   325] write(6, "1", 1)            = 1
[pid   325] close(3)                    = 0
[pid   291] <... restart_syscall resumed>) = 0
[pid   326] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   326] write(6, "1", 1)            = 1
[   32.957881][  T324] FAULT_INJECTION: forcing a failure.
[   32.957881][  T324] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   32.958856][  T325] FAULT_INJECTION: forcing a failure.
[   32.958856][  T325] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   32.974773][  T324] CPU: 1 PID: 324 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   32.992047][  T326] FAULT_INJECTION: forcing a failure.
[pid   326] close(3)                    = 0
[pid   327] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   327] write(6, "1", 1)            = 1
[   32.992047][  T326] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   33.001054][  T324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   33.001073][  T324] Call Trace:
[   33.001081][  T324]  <TASK>
[   33.001090][  T324]  __dump_stack+0x21/0x24
[   33.001122][  T324]  dump_stack_lvl+0xee/0x150
[   33.001146][  T324]  ? __cfi_dump_stack_lvl+0x8/0x8
[   33.017477][  T327] FAULT_INJECTION: forcing a failure.
[   33.017477][  T327] name failslab, interval 1, probability 0, space 0, times 0
[   33.025821][  T324]  ? __cfi_enqueue_task_fair+0x10/0x10
[   33.025866][  T324]  dump_stack+0x15/0x24
[   33.025892][  T324]  should_fail_ex+0x3d4/0x520
[   33.079993][  T324]  should_fail_alloc_page+0x61/0x90
[   33.086005][  T324]  prepare_alloc_pages+0x148/0x5f0
[   33.091294][  T324]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   33.096872][  T324]  __alloc_pages+0x115/0x3a0
[   33.101670][  T324]  ? __cfi___alloc_pages+0x10/0x10
[   33.108044][  T324]  ? newidle_balance+0x81f/0xda0
[   33.113123][  T324]  ? __kasan_check_write+0x14/0x20
[   33.118366][  T324]  ? _raw_spin_lock+0x8e/0xe0
[   33.123380][  T324]  ? __cfi__raw_spin_lock+0x10/0x10
[   33.129091][  T324]  ? sched_clock_cpu+0x6e/0x250
[   33.134424][  T324]  __folio_alloc+0x12/0x40
[   33.139222][  T324]  wp_page_copy+0x280/0x15b0
[   33.144122][  T324]  ? __this_cpu_preempt_check+0x13/0x20
[   33.150048][  T324]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   33.156489][  T324]  ? fault_dirty_shared_page+0x310/0x310
[   33.162930][  T324]  ? __kasan_check_write+0x14/0x20
[   33.168702][  T324]  ? finish_task_switch+0x209/0x7b0
[   33.174300][  T324]  ? vm_normal_page+0x99/0x200
[   33.180029][  T324]  do_wp_page+0x9f2/0xfc0
[   33.184580][  T324]  handle_mm_fault+0x10e4/0x2640
[   33.189810][  T324]  ? __cfi_handle_mm_fault+0x10/0x10
[   33.195382][  T324]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   33.201591][  T324]  ? __cfi_ptrace_notify+0x10/0x10
[   33.206821][  T324]  ? __cfi_blkcg_maybe_throttle_current+0x10/0x10
[   33.213874][  T324]  do_user_addr_fault+0x905/0x1050
[   33.220615][  T324]  exc_page_fault+0x51/0xb0
[   33.226382][  T324]  asm_exc_page_fault+0x27/0x30
[   33.233820][  T324] RIP: 0033:0x7f42ed5cde80
[   33.239452][  T324] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   33.262909][  T324] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   33.269351][  T324] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   33.278938][  T324] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   33.287563][  T324] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   33.297732][  T324] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   33.305836][  T324] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000005
[   33.315569][  T324]  </TASK>
[   33.319297][  T327] CPU: 0 PID: 327 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   33.320991][  T324] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   33.331246][  T327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   33.331267][  T327] Call Trace:
[   33.331274][  T327]  <TASK>
[   33.331284][  T327]  __dump_stack+0x21/0x24
[   33.331322][  T327]  dump_stack_lvl+0xee/0x150
[   33.331347][  T327]  ? __cfi_dump_stack_lvl+0x8/0x8
[   33.331376][  T327]  dump_stack+0x15/0x24
[   33.331400][  T327]  should_fail_ex+0x3d4/0x520
[   33.331424][  T327]  __should_failslab+0xac/0xf0
[   33.331444][  T327]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   33.331468][  T327]  should_failslab+0x9/0x20
[   33.405116][  T327]  __kmem_cache_alloc_node+0x3d/0x2c0
[   33.411703][  T327]  ? __cfi_mutex_lock+0x10/0x10
[   33.416615][  T327]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   33.422602][  T327]  __kmalloc+0xa1/0x1e0
[   33.426775][  T327]  ? __kasan_check_write+0x14/0x20
[   33.432249][  T327]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   33.439344][  T327]  tracepoint_probe_unregister+0x1e6/0x8b0
[   33.445504][  T327]  trace_event_reg+0x21c/0x260
[   33.450404][  T327]  perf_trace_event_unreg+0xcc/0x1c0
[   33.455970][  T327]  perf_trace_destroy+0xbe/0x180
[   33.461621][  T327]  tp_perf_event_destroy+0x15/0x20
[   33.467485][  T327]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   33.475053][  T327]  _free_event+0x9cd/0xce0
[   33.479769][  T327]  perf_event_release_kernel+0x819/0x8a0
[   33.486177][  T327]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   33.493919][  T327]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   33.500998][  T327]  perf_release+0x3b/0x40
[   33.505343][  T327]  ? __cfi_perf_release+0x10/0x10
[   33.510599][  T327]  __fput+0x1fc/0x8f0
[   33.514587][  T327]  ____fput+0x15/0x20
[   33.520508][  T327]  task_work_run+0x1db/0x240
[   33.525657][  T327]  ? __cfi_task_work_run+0x10/0x10
[   33.531577][  T327]  ? task_work_add+0x2b1/0x330
[   33.536372][  T327]  ptrace_notify+0x221/0x250
[   33.541443][  T327]  ? __cfi_ptrace_notify+0x10/0x10
[   33.547116][  T327]  ? fput+0x15b/0x1a0
[   33.551500][  T327]  ? filp_close+0x111/0x160
[   33.556201][  T327]  ? close_fd+0x28b/0x300
[   33.562338][  T327]  syscall_exit_work+0x84/0x140
[   33.567866][  T327]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   33.574826][  T327]  syscall_exit_to_user_mode+0xd/0x30
[   33.580753][  T327]  do_syscall_64+0x58/0xa0
[   33.585460][  T327]  ? clear_bhb_loop+0x15/0x70
[   33.590424][  T327]  ? clear_bhb_loop+0x15/0x70
[   33.595988][  T327]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   33.602271][  T327] RIP: 0033:0x7f42ed5ffa89
[   33.606896][  T327] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   33.631281][  T327] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   33.640271][  T327] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   33.648955][  T327] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[pid   327] close(3executing program
 <unfinished ...>
[pid   324] exit_group(0 <unfinished ...>
[pid   291] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] unlink("./4/binderfs")      = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] close(3)                    = 0
[pid   291] rmdir("./4")                = 0
[pid   291] mkdir("./5", 0777)          = 0
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 328
[pid   324] <... exit_group resumed>)   = ?
./strace-static-x86_64: Process 328 attached
[pid   328] set_robust_list(0x55557760b760, 24) = 0
[pid   328] chdir("./5")                = 0
[pid   328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   328] setpgid(0, 0)               = 0
[pid   328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   328] write(3, "1000", 4)         = 4
[pid   328] close(3)                    = 0
[pid   328] symlink("/dev/binderfs", "./binderfs") = 0
[pid   328] write(1, "executing program\n", 18) = 18
[   33.657146][  T327] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   33.667660][  T327] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   33.677612][  T327] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000007
[   33.687038][  T327]  </TASK>
[   33.692379][  T326] CPU: 1 PID: 326 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   33.708176][  T326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   33.722400][  T326] Call Trace:
[   33.726783][  T326]  <TASK>
[   33.730761][  T326]  __dump_stack+0x21/0x24
[   33.735649][  T326]  dump_stack_lvl+0xee/0x150
[   33.740384][  T326]  ? __cfi_dump_stack_lvl+0x8/0x8
[   33.745793][  T326]  ? __cfi_enqueue_task_fair+0x10/0x10
[   33.753378][  T326]  dump_stack+0x15/0x24
[   33.758778][  T326]  should_fail_ex+0x3d4/0x520
[   33.764573][  T326]  should_fail_alloc_page+0x61/0x90
[   33.769906][  T326]  prepare_alloc_pages+0x148/0x5f0
[   33.778572][  T326]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   33.784513][  T326]  __alloc_pages+0x115/0x3a0
[   33.789912][  T326]  ? __cfi___alloc_pages+0x10/0x10
[   33.796131][  T326]  ? __kasan_check_write+0x14/0x20
[   33.803012][  T326]  ? _raw_spin_lock+0x8e/0xe0
[   33.808686][  T326]  ? __cfi__raw_spin_lock+0x10/0x10
[   33.814696][  T326]  ? __this_cpu_preempt_check+0x13/0x20
[   33.820448][  T326]  __folio_alloc+0x12/0x40
[   33.825967][  T326]  wp_page_copy+0x280/0x15b0
[   33.830671][  T326]  ? __this_cpu_preempt_check+0x13/0x20
[   33.836935][  T326]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   33.843745][  T326]  ? fault_dirty_shared_page+0x310/0x310
[   33.849415][  T326]  ? _raw_spin_unlock+0x4c/0x70
[   33.854282][  T326]  ? finish_task_switch+0x16b/0x7b0
[   33.860288][  T326]  ? vm_normal_page+0x99/0x200
[   33.865872][  T326]  do_wp_page+0x9f2/0xfc0
[   33.870843][  T326]  handle_mm_fault+0x10e4/0x2640
[   33.876511][  T326]  ? __cfi_handle_mm_fault+0x10/0x10
[   33.882797][  T326]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   33.888135][  T326]  ? __this_cpu_preempt_check+0x13/0x20
[   33.893882][  T326]  ? xfd_validate_state+0x70/0x150
[   33.899504][  T326]  do_user_addr_fault+0x905/0x1050
[   33.904943][  T326]  exc_page_fault+0x51/0xb0
[   33.909671][  T326]  asm_exc_page_fault+0x27/0x30
[   33.918809][  T326] RIP: 0033:0x7f42ed5cde80
[   33.927880][  T326] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   33.952169][  T326] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   33.958559][  T326] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   33.969280][  T326] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   33.977758][  T326] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   33.986301][  T326] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   33.996069][  T326] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000005
[   34.004448][  T326]  </TASK>
[   34.007658][  T325] CPU: 0 PID: 325 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   34.018019][  T325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   34.028464][  T325] Call Trace:
[   34.032969][  T325]  <TASK>
[   34.035977][  T325]  __dump_stack+0x21/0x24
[   34.041481][  T325]  dump_stack_lvl+0xee/0x150
[   34.046533][  T325]  ? __cfi_dump_stack_lvl+0x8/0x8
[   34.053071][  T325]  ? __cfi_enqueue_task_fair+0x10/0x10
[   34.059415][  T325]  dump_stack+0x15/0x24
[   34.063824][  T325]  should_fail_ex+0x3d4/0x520
[   34.069496][  T325]  should_fail_alloc_page+0x61/0x90
[   34.076707][  T325]  prepare_alloc_pages+0x148/0x5f0
[   34.083124][  T325]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   34.089742][  T325]  __alloc_pages+0x115/0x3a0
[   34.094374][  T325]  ? __cfi___alloc_pages+0x10/0x10
[   34.100804][  T325]  ? __kasan_check_write+0x14/0x20
[   34.109424][  T325]  ? _raw_spin_lock+0x8e/0xe0
[   34.115338][  T325]  ? __cfi__raw_spin_lock+0x10/0x10
[   34.120831][  T325]  ? __this_cpu_preempt_check+0x13/0x20
[   34.126788][  T325]  __folio_alloc+0x12/0x40
[   34.131658][  T325]  wp_page_copy+0x280/0x15b0
[   34.137007][  T325]  ? __this_cpu_preempt_check+0x13/0x20
[   34.143093][  T325]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   34.150278][  T325]  ? fault_dirty_shared_page+0x310/0x310
[   34.156290][  T325]  ? _raw_spin_unlock+0x4c/0x70
[   34.161994][  T325]  ? finish_task_switch+0x16b/0x7b0
[   34.170750][  T325]  ? vm_normal_page+0x99/0x200
[   34.176783][  T325]  do_wp_page+0x9f2/0xfc0
[   34.182020][  T325]  handle_mm_fault+0x10e4/0x2640
[   34.189017][  T325]  ? __cfi_handle_mm_fault+0x10/0x10
[   34.195046][  T325]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   34.200567][  T325]  ? __this_cpu_preempt_check+0x13/0x20
[   34.206397][  T325]  ? xfd_validate_state+0x70/0x150
[   34.211975][  T325]  do_user_addr_fault+0x905/0x1050
[   34.218243][  T325]  exc_page_fault+0x51/0xb0
[   34.223687][  T325]  asm_exc_page_fault+0x27/0x30
[   34.229118][  T325] RIP: 0033:0x7f42ed5cde80
[   34.234803][  T325] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   34.255729][  T325] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   34.262166][  T325] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   34.272158][  T325] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   34.281306][  T325] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   34.291621][  T325] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   34.301254][  T325] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000005
[   34.309468][  T325]  </TASK>
[pid   328] perf_event_open( <unfinished ...>
[pid   326] exit_group(0 <unfinished ...>
[pid   324] +++ exited with 0 +++
[pid   326] <... exit_group resumed>)   = ?
[pid   326] +++ exited with 0 +++
[pid   327] <... close resumed>)        = 0
[pid   327] exit_group(0 <unfinished ...>
[pid   325] exit_group(0 <unfinished ...>
[pid   328] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=20} ---
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid   325] <... exit_group resumed>)   = ?
[pid   328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   327] <... exit_group resumed>)   = ?
[pid   325] +++ exited with 0 +++
[pid   292] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   290] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=38} ---
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   290] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   293] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   292] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   290] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   292] <... openat resumed>)       = 3
[pid   290] <... openat resumed>)       = 3
[pid   292] newfstatat(3, "",  <unfinished ...>
[pid   290] newfstatat(3, "",  <unfinished ...>
[pid   328] <... bpf resumed>)          = 4
[pid   292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   292] getdents64(3,  <unfinished ...>
[pid   290] getdents64(3,  <unfinished ...>
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   290] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   290] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] newfstatat(AT_FDCWD, "./5/binderfs",  <unfinished ...>
[pid   290] newfstatat(AT_FDCWD, "./5/binderfs",  <unfinished ...>
[pid   292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] unlink("./5/binderfs" <unfinished ...>
[pid   290] unlink("./5/binderfs" <unfinished ...>
[pid   328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   292] <... unlink resumed>)       = 0
[pid   290] <... unlink resumed>)       = 0
[pid   292] getdents64(3,  <unfinished ...>
[pid   290] getdents64(3,  <unfinished ...>
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] close(3)                    = 0
[pid   292] rmdir("./5" <unfinished ...>
[pid   290] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] close(3)                    = 0
[pid   292] <... rmdir resumed>)        = 0
[pid   290] rmdir("./5" <unfinished ...>
[pid   292] mkdir("./6", 0777 <unfinished ...>
[pid   290] <... rmdir resumed>)        = 0
[pid   290] mkdir("./6", 0777)          = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   292] <... mkdir resumed>)        = 0
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 330 attached
./strace-static-x86_64: Process 331 attached
 <unfinished ...>
[pid   290] <... clone resumed>, child_tidptr=0x55557760b750) = 330
[pid   292] <... clone resumed>, child_tidptr=0x55557760b750) = 331
[pid   331] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   330] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   331] <... set_robust_list resumed>) = 0
[pid   330] <... set_robust_list resumed>) = 0
[pid   331] chdir("./6")                = 0
[pid   331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   331] setpgid(0, 0)               = 0
[pid   293] <... restart_syscall resumed>) = 0
[pid   293] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   330] chdir("./6" <unfinished ...>
[pid   293] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   293] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   330] <... chdir resumed>)        = 0
[pid   293] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./5/binderfs")      = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3)                    = 0
[pid   293] rmdir("./5" <unfinished ...>
[pid   330] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   293] <... rmdir resumed>)        = 0
[pid   293] mkdir("./6", 0777 <unfinished ...>
[pid   330] <... prctl resumed>)        = 0
[pid   293] <... mkdir resumed>)        = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   330] setpgid(0, 0./strace-static-x86_64: Process 332 attached
 <unfinished ...>
[pid   293] <... clone resumed>, child_tidptr=0x55557760b750) = 332
[pid   332] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   330] <... setpgid resumed>)      = 0
[pid   331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   332] <... set_robust_list resumed>) = 0
[pid   332] chdir("./6" <unfinished ...>
[pid   331] <... openat resumed>)       = 3
[pid   332] <... chdir resumed>)        = 0
[pid   332] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   331] write(3, "1000", 4)         = 4
[pid   332] <... prctl resumed>)        = 0
[pid   331] close(3 <unfinished ...>
[pid   332] setpgid(0, 0 <unfinished ...>
[pid   331] <... close resumed>)        = 0
[pid   332] <... setpgid resumed>)      = 0
[pid   331] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   331] <... symlink resumed>)      = 0
[pid   332] <... openat resumed>)       = 3
[pid   332] write(3, "1000", 4)         = 4
[pid   332] close(3 <unfinished ...>
[pid   331] write(1, "executing program\n", 18executing program
 <unfinished ...>
[pid   332] <... close resumed>)        = 0
[pid   331] <... write resumed>)        = 18
[pid   331] perf_event_open( <unfinished ...>
[pid   332] symlink("/dev/binderfs", "./binderfs") = 0
[pid   331] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   328] <... bpf resumed>)          = 5
[pid   327] +++ exited with 0 +++
[pid   328] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   328] write(6, "1", 1)            = 1
[pid   330] <... openat resumed>)       = 3
[pid   328] close(3 <unfinished ...>
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=11} ---
[pid   328] <... close resumed>)        = 0
[pid   332] write(1, "executing program\n", 18 <unfinished ...>
[pid   331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   330] write(3, "1000", 4 <unfinished ...>
[pid   294] restart_syscall(<... resuming interrupted clone ...>executing program
 <unfinished ...>
[pid   330] <... write resumed>)        = 4
[pid   294] <... restart_syscall resumed>) = 0
[pid   332] <... write resumed>)        = 18
[pid   330] close(3 <unfinished ...>
[pid   332] perf_event_open( <unfinished ...>
[pid   330] <... close resumed>)        = 0
[pid   332] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   330] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   294] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   294] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   330] <... symlink resumed>)      = 0
[pid   294] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   330] write(1, "executing program\n", 18 <unfinished ...>
[pid   294] <... openat resumed>)       = 3
[pid   294] newfstatat(3, "", executing program
 <unfinished ...>
[pid   330] <... write resumed>)        = 18
[pid   294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3,  <unfinished ...>
[pid   330] perf_event_open( <unfinished ...>
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./7/binderfs")      = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[pid   294] rmdir("./7")                = 0
[pid   294] mkdir("./8", 0777)          = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 333
[   34.312961][  T326] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   34.315825][  T325] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   34.349383][  T328] FAULT_INJECTION: forcing a failure.
[   34.349383][  T328] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   34.369131][  T328] CPU: 0 PID: 328 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   34.381610][  T328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   34.392627][  T328] Call Trace:
[   34.396103][  T328]  <TASK>
[   34.399117][  T328]  __dump_stack+0x21/0x24
[   34.403790][  T328]  dump_stack_lvl+0xee/0x150
[   34.408487][  T328]  ? __cfi_dump_stack_lvl+0x8/0x8
[   34.413649][  T328]  dump_stack+0x15/0x24
./strace-static-x86_64: Process 333 attached
[pid   332] <... bpf resumed>)          = 4
[pid   331] <... bpf resumed>)          = 4
[pid   330] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16) = 5
[pid   332] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   332] write(6, "1", 1)            = 1
[pid   332] close(3)                    = 0
[pid   330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16) = 5
[pid   330] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   330] write(6, "1", 1)            = 1
[pid   330] close(3)                    = 0
[pid   331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16) = 5
[pid   331] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   331] write(6, "1", 1)            = 1
[   34.418121][  T328]  should_fail_ex+0x3d4/0x520
[   34.423508][  T328]  should_fail_alloc_page+0x61/0x90
[   34.429683][  T332] FAULT_INJECTION: forcing a failure.
[   34.429683][  T332] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   34.430006][  T328]  prepare_alloc_pages+0x148/0x5f0
[   34.430048][  T328]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   34.430071][  T328]  ? __kasan_record_aux_stack+0xb6/0xc0
[   34.446924][  T330] FAULT_INJECTION: forcing a failure.
[pid   331] close(3 <unfinished ...>
[pid   333] set_robust_list(0x55557760b760, 24) = 0
[pid   333] chdir("./8")                = 0
[pid   333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   333] setpgid(0, 0)               = 0
[pid   333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   333] write(3, "1000", 4)         = 4
[pid   333] close(3)                    = 0
[pid   333] symlink("/dev/binderfs", "./binderfs") = 0
[pid   333] write(1, "executing program\n", 18executing program
) = 18
[   34.446924][  T330] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   34.449793][  T328]  ? call_rcu+0xd4/0xf90
[   34.458725][  T331] FAULT_INJECTION: forcing a failure.
[   34.458725][  T331] name failslab, interval 1, probability 0, space 0, times 0
[   34.461166][  T328]  ? ____fput+0x15/0x20
[   34.461204][  T328]  __alloc_pages+0x115/0x3a0
[   34.461230][  T328]  ? __cfi___alloc_pages+0x10/0x10
[   34.461255][  T328]  ? __kasan_check_write+0x14/0x20
[   34.461282][  T328]  ? _raw_spin_lock+0x8e/0xe0
[   34.461305][  T328]  ? __cfi__raw_spin_lock+0x10/0x10
[   34.461330][  T328]  ? __this_cpu_preempt_check+0x13/0x20
[   34.461356][  T328]  __folio_alloc+0x12/0x40
[   34.539284][  T328]  wp_page_copy+0x280/0x15b0
[   34.545056][  T328]  ? __this_cpu_preempt_check+0x13/0x20
[   34.550774][  T328]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   34.557663][  T328]  ? fault_dirty_shared_page+0x310/0x310
[   34.564035][  T328]  ? _raw_spin_unlock+0x4c/0x70
[   34.569175][  T328]  ? finish_task_switch+0x16b/0x7b0
[   34.574931][  T328]  ? vm_normal_page+0x99/0x200
[   34.581665][  T328]  do_wp_page+0x9f2/0xfc0
[   34.586073][  T328]  handle_mm_fault+0x10e4/0x2640
[   34.593610][  T328]  ? __cfi_handle_mm_fault+0x10/0x10
[   34.599103][  T328]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   34.604433][  T328]  ? __this_cpu_preempt_check+0x13/0x20
[   34.610829][  T328]  ? xfd_validate_state+0x70/0x150
[   34.616581][  T328]  do_user_addr_fault+0x905/0x1050
[   34.621991][  T328]  exc_page_fault+0x51/0xb0
[   34.626517][  T328]  asm_exc_page_fault+0x27/0x30
[   34.631599][  T328] RIP: 0033:0x7f42ed5cde80
[   34.636956][  T328] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   34.658067][  T328] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   34.664679][  T328] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   34.673428][  T328] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   34.684358][  T328] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   34.693917][  T328] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   34.702456][  T328] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000005
[   34.710637][  T328]  </TASK>
[   34.713686][  T332] CPU: 1 PID: 332 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   34.724559][  T332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   34.734912][  T332] Call Trace:
[   34.738291][  T332]  <TASK>
[   34.741316][  T332]  __dump_stack+0x21/0x24
[   34.745683][  T332]  dump_stack_lvl+0xee/0x150
[   34.750298][  T332]  ? __cfi_dump_stack_lvl+0x8/0x8
[   34.755443][  T332]  ? __cfi_enqueue_task_fair+0x10/0x10
[   34.761159][  T332]  dump_stack+0x15/0x24
[   34.765501][  T332]  should_fail_ex+0x3d4/0x520
[   34.770193][  T332]  should_fail_alloc_page+0x61/0x90
[   34.775685][  T332]  prepare_alloc_pages+0x148/0x5f0
[   34.780828][  T332]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   34.786131][  T332]  __alloc_pages+0x115/0x3a0
[   34.790737][  T332]  ? __cfi___alloc_pages+0x10/0x10
[   34.796087][  T332]  ? __kasan_check_write+0x14/0x20
[   34.801222][  T332]  ? _raw_spin_lock+0x8e/0xe0
[   34.805923][  T332]  ? __cfi__raw_spin_lock+0x10/0x10
[   34.811193][  T332]  ? __this_cpu_preempt_check+0x13/0x20
[   34.816926][  T332]  __folio_alloc+0x12/0x40
[   34.822070][  T332]  wp_page_copy+0x280/0x15b0
[   34.826689][  T332]  ? __this_cpu_preempt_check+0x13/0x20
[   34.832421][  T332]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   34.838697][  T332]  ? fault_dirty_shared_page+0x310/0x310
[   34.844360][  T332]  ? _raw_spin_unlock+0x4c/0x70
[   34.849224][  T332]  ? finish_task_switch+0x16b/0x7b0
[   34.854431][  T332]  ? vm_normal_page+0x99/0x200
[   34.859828][  T332]  do_wp_page+0x9f2/0xfc0
[   34.864369][  T332]  handle_mm_fault+0x10e4/0x2640
[pid   333] perf_event_open( <unfinished ...>
[pid   328] exit_group(0)               = ?
[   34.869341][  T332]  ? __cfi_handle_mm_fault+0x10/0x10
[   34.874651][  T332]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   34.879887][  T332]  ? __this_cpu_preempt_check+0x13/0x20
[   34.885456][  T332]  ? xfd_validate_state+0x70/0x150
[   34.890632][  T332]  do_user_addr_fault+0x905/0x1050
[   34.895824][  T332]  exc_page_fault+0x51/0xb0
[   34.900442][  T332]  asm_exc_page_fault+0x27/0x30
[   34.905306][  T332] RIP: 0033:0x7f42ed5cde80
[   34.910071][  T332] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   34.929865][  T332] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   34.935950][  T332] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   34.944033][  T332] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   34.952010][  T332] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   34.960953][  T332] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   34.969032][  T332] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000006
[   34.977531][  T332]  </TASK>
[   34.980563][  T330] CPU: 0 PID: 330 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   34.991040][  T330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   35.001191][  T330] Call Trace:
[   35.004555][  T330]  <TASK>
[   35.007482][  T330]  __dump_stack+0x21/0x24
[   35.011829][  T330]  dump_stack_lvl+0xee/0x150
[   35.016422][  T330]  ? __cfi_dump_stack_lvl+0x8/0x8
[   35.021482][  T330]  ? __cfi_enqueue_task_fair+0x10/0x10
[   35.027067][  T330]  dump_stack+0x15/0x24
[   35.031253][  T330]  should_fail_ex+0x3d4/0x520
[   35.036049][  T330]  should_fail_alloc_page+0x61/0x90
[   35.041278][  T330]  prepare_alloc_pages+0x148/0x5f0
[   35.046502][  T330]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   35.051722][  T330]  __alloc_pages+0x115/0x3a0
[   35.056431][  T330]  ? __cfi___alloc_pages+0x10/0x10
[   35.061560][  T330]  ? __kasan_check_write+0x14/0x20
[   35.066888][  T330]  ? _raw_spin_lock+0x8e/0xe0
[   35.071608][  T330]  ? __cfi__raw_spin_lock+0x10/0x10
[   35.077000][  T330]  ? __this_cpu_preempt_check+0x13/0x20
[   35.082651][  T330]  __folio_alloc+0x12/0x40
[   35.087088][  T330]  wp_page_copy+0x280/0x15b0
[   35.091812][  T330]  ? __this_cpu_preempt_check+0x13/0x20
[   35.097367][  T330]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   35.103627][  T330]  ? fault_dirty_shared_page+0x310/0x310
[   35.109275][  T330]  ? _raw_spin_unlock+0x4c/0x70
[   35.114384][  T330]  ? finish_task_switch+0x16b/0x7b0
[   35.119598][  T330]  ? vm_normal_page+0x99/0x200
[   35.124449][  T330]  do_wp_page+0x9f2/0xfc0
[   35.128789][  T330]  handle_mm_fault+0x10e4/0x2640
[   35.133762][  T330]  ? __cfi_handle_mm_fault+0x10/0x10
[   35.139120][  T330]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   35.144370][  T330]  ? __this_cpu_preempt_check+0x13/0x20
[   35.150201][  T330]  ? xfd_validate_state+0x70/0x150
[   35.155430][  T330]  do_user_addr_fault+0x905/0x1050
[   35.160822][  T330]  exc_page_fault+0x51/0xb0
[   35.165343][  T330]  asm_exc_page_fault+0x27/0x30
[   35.170376][  T330] RIP: 0033:0x7f42ed5cde80
[   35.174876][  T330] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   35.195667][  T330] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   35.201756][  T330] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   35.209739][  T330] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   35.217971][  T330] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   35.225940][  T330] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   35.233913][  T330] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000006
[   35.241886][  T330]  </TASK>
[   35.245941][  T331] CPU: 0 PID: 331 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   35.256400][  T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   35.266525][  T331] Call Trace:
[   35.270423][  T331]  <TASK>
[   35.273368][  T331]  __dump_stack+0x21/0x24
[   35.277899][  T331]  dump_stack_lvl+0xee/0x150
[   35.282517][  T331]  ? __cfi_dump_stack_lvl+0x8/0x8
[   35.287604][  T331]  dump_stack+0x15/0x24
[   35.291939][  T331]  should_fail_ex+0x3d4/0x520
[   35.296765][  T331]  __should_failslab+0xac/0xf0
[   35.301734][  T331]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   35.307820][  T331]  should_failslab+0x9/0x20
[   35.312604][  T331]  __kmem_cache_alloc_node+0x3d/0x2c0
[   35.318185][  T331]  ? __cfi_mutex_lock+0x10/0x10
[   35.324626][  T331]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   35.330725][  T331]  __kmalloc+0xa1/0x1e0
[   35.335255][  T331]  ? __kasan_check_write+0x14/0x20
[   35.340389][  T331]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   35.347124][  T331]  tracepoint_probe_unregister+0x1e6/0x8b0
[   35.353053][  T331]  trace_event_reg+0x21c/0x260
[   35.357943][  T331]  perf_trace_event_unreg+0xcc/0x1c0
[   35.363436][  T331]  perf_trace_destroy+0xbe/0x180
[   35.368753][  T331]  tp_perf_event_destroy+0x15/0x20
[   35.374441][  T331]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   35.381527][  T331]  _free_event+0x9cd/0xce0
[   35.386091][  T331]  perf_event_release_kernel+0x819/0x8a0
[   35.392312][  T331]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   35.398497][  T331]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   35.404843][  T331]  perf_release+0x3b/0x40
[   35.409189][  T331]  ? __cfi_perf_release+0x10/0x10
[   35.414221][  T331]  __fput+0x1fc/0x8f0
[   35.418208][  T331]  ____fput+0x15/0x20
[   35.422188][  T331]  task_work_run+0x1db/0x240
[   35.426955][  T331]  ? __cfi_task_work_run+0x10/0x10
[   35.432072][  T331]  ? task_work_add+0x2b1/0x330
[   35.436886][  T331]  ptrace_notify+0x221/0x250
[   35.441493][  T331]  ? __cfi_ptrace_notify+0x10/0x10
[   35.446621][  T331]  ? fput+0x15b/0x1a0
[   35.450610][  T331]  ? filp_close+0x111/0x160
[   35.455776][  T331]  ? close_fd+0x28b/0x300
[   35.460749][  T331]  syscall_exit_work+0x84/0x140
[   35.465892][  T331]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   35.472181][  T331]  syscall_exit_to_user_mode+0xd/0x30
[   35.477930][  T331]  do_syscall_64+0x58/0xa0
[   35.482724][  T331]  ? clear_bhb_loop+0x15/0x70
[   35.487517][  T331]  ? clear_bhb_loop+0x15/0x70
[   35.492216][  T331]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   35.498220][  T331] RIP: 0033:0x7f42ed5ffa89
[   35.502645][  T331] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   35.522528][  T331] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   35.531149][  T331] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   35.539444][  T331] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   35.547614][  T331] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   35.557722][  T331] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[pid   332] exit_group(0)               = ?
[pid   332] +++ exited with 0 +++
[pid   328] +++ exited with 0 +++
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=10} ---
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   293] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   291] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   293] <... restart_syscall resumed>) = 0
[pid   291] <... restart_syscall resumed>) = 0
[pid   293] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   291] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   293] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   291] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   293] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   291] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   293] <... openat resumed>)       = 3
[pid   291] <... openat resumed>)       = 3
[pid   293] newfstatat(3, "",  <unfinished ...>
[pid   291] newfstatat(3, "",  <unfinished ...>
[pid   293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3,  <unfinished ...>
[pid   291] getdents64(3,  <unfinished ...>
[pid   293] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   291] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   293] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   291] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./6/binderfs",  <unfinished ...>
[pid   291] newfstatat(AT_FDCWD, "./5/binderfs",  <unfinished ...>
[pid   293] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./6/binderfs" <unfinished ...>
[pid   291] unlink("./5/binderfs" <unfinished ...>
[pid   293] <... unlink resumed>)       = 0
[pid   291] <... unlink resumed>)       = 0
[pid   293] getdents64(3,  <unfinished ...>
[pid   291] getdents64(3,  <unfinished ...>
[pid   293] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3 <unfinished ...>
[pid   291] close(3 <unfinished ...>
[pid   293] <... close resumed>)        = 0
[pid   291] <... close resumed>)        = 0
[pid   293] rmdir("./6" <unfinished ...>
[pid   291] rmdir("./5" <unfinished ...>
[pid   293] <... rmdir resumed>)        = 0
[pid   291] <... rmdir resumed>)        = 0
[pid   293] mkdir("./7", 0777 <unfinished ...>
[pid   291] mkdir("./6", 0777 <unfinished ...>
[pid   293] <... mkdir resumed>)        = 0
[pid   291] <... mkdir resumed>)        = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   293] <... clone resumed>, child_tidptr=0x55557760b750) = 335
[pid   291] <... clone resumed>, child_tidptr=0x55557760b750) = 334
./strace-static-x86_64: Process 335 attached
[pid   335] set_robust_list(0x55557760b760, 24) = 0
[pid   335] chdir("./7")                = 0
[pid   335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   335] setpgid(0, 0)               = 0
[pid   335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
./strace-static-x86_64: Process 334 attached
[pid   334] set_robust_list(0x55557760b760, 24) = 0
[pid   334] chdir("./6" <unfinished ...>
[pid   335] write(3, "1000", 4)         = 4
[pid   335] close(3)                    = 0
[pid   334] <... chdir resumed>)        = 0
[pid   335] symlink("/dev/binderfs", "./binderfs") = 0
[pid   334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   334] setpgid(0, 0)               = 0
[pid   334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   335] write(1, "executing program\n", 18executing program
 <unfinished ...>
[pid   334] write(3, "1000", 4 <unfinished ...>
[pid   330] exit_group(0 <unfinished ...>
[pid   334] <... write resumed>)        = 4
[pid   334] close(3)                    = 0
[pid   334] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   330] <... exit_group resumed>)   = ?
[pid   335] <... write resumed>)        = 18
[pid   335] perf_event_open( <unfinished ...>
[pid   334] <... symlink resumed>)      = 0
executing program
[pid   334] write(1, "executing program\n", 18) = 18
[pid   334] perf_event_open( <unfinished ...>
[pid   331] <... close resumed>)        = 0
[pid   331] exit_group(0)               = ?
[pid   333] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   331] +++ exited with 0 +++
[pid   333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=34} ---
[pid   292] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   335] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   333] <... bpf resumed>)          = 4
[pid   334] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   333] <... bpf resumed>)          = 5
[pid   333] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   333] write(6, "1", 1 <unfinished ...>
[pid   334] <... bpf resumed>)          = 4
[pid   333] <... write resumed>)        = 1
[pid   333] close(3)                    = 0
[pid   335] <... bpf resumed>)          = 4
[pid   335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   330] +++ exited with 0 +++
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=13} ---
[pid   290] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   335] <... bpf resumed>)          = 5
[pid   335] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   334] <... bpf resumed>)          = 5
[pid   335] <... openat resumed>)       = 6
[pid   334] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   334] write(6, "1", 1 <unfinished ...>
[pid   292] <... restart_syscall resumed>) = 0
[pid   290] <... restart_syscall resumed>) = 0
[pid   292] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   290] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   290] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   290] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   292] <... openat resumed>)       = 3
[pid   290] <... openat resumed>)       = 3
[pid   292] newfstatat(3, "",  <unfinished ...>
[pid   290] newfstatat(3, "",  <unfinished ...>
[pid   292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   292] getdents64(3,  <unfinished ...>
[pid   290] getdents64(3,  <unfinished ...>
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   290] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   290] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] newfstatat(AT_FDCWD, "./6/binderfs",  <unfinished ...>
[pid   290] newfstatat(AT_FDCWD, "./6/binderfs",  <unfinished ...>
[pid   292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] unlink("./6/binderfs" <unfinished ...>
[pid   290] unlink("./6/binderfs" <unfinished ...>
[pid   292] <... unlink resumed>)       = 0
[pid   290] <... unlink resumed>)       = 0
[pid   292] getdents64(3,  <unfinished ...>
[pid   290] getdents64(3,  <unfinished ...>
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] close(3 <unfinished ...>
[pid   290] close(3 <unfinished ...>
[pid   292] <... close resumed>)        = 0
[pid   290] <... close resumed>)        = 0
[pid   292] rmdir("./6" <unfinished ...>
[pid   290] rmdir("./6" <unfinished ...>
[pid   292] <... rmdir resumed>)        = 0
[pid   290] <... rmdir resumed>)        = 0
[pid   292] mkdir("./7", 0777 <unfinished ...>
[pid   290] mkdir("./7", 0777 <unfinished ...>
[pid   292] <... mkdir resumed>)        = 0
[pid   290] <... mkdir resumed>)        = 0
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   292] <... clone resumed>, child_tidptr=0x55557760b750) = 336
[pid   290] <... clone resumed>, child_tidptr=0x55557760b750) = 337
[pid   335] write(6, "1", 1 <unfinished ...>
[pid   334] <... write resumed>)        = 1
[pid   334] close(3 <unfinished ...>
[pid   335] <... write resumed>)        = 1
[pid   334] <... close resumed>)        = 0
[pid   335] close(3./strace-static-x86_64: Process 337 attached
[   35.566423][  T331] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000006
[   35.576591][  T331]  </TASK>
[   35.580526][  T332] pagefault_out_of_memory: 1 callbacks suppressed
[   35.580542][  T332] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   35.582601][  T330] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   35.610865][  T333] FAULT_INJECTION: forcing a failure.
[   35.610865][  T333] name fail_page_alloc, interval 1, probability 0, space 0, times 0
 <unfinished ...>
[pid   337] set_robust_list(0x55557760b760, 24) = 0
[pid   337] chdir("./7")                = 0
[pid   337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   337] setpgid(0, 0)               = 0
[pid   337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   337] write(3, "1000", 4)         = 4
[pid   337] close(3)                    = 0
[pid   337] symlink("/dev/binderfs", "./binderfs") = 0
[pid   337] write(1, "executing program\n", 18executing program
) = 18
[   35.619509][  T335] FAULT_INJECTION: forcing a failure.
[   35.619509][  T335] name failslab, interval 1, probability 0, space 0, times 0
[   35.641098][  T333] CPU: 1 PID: 333 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   35.641191][  T334] FAULT_INJECTION: forcing a failure.
[   35.641191][  T334] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   35.651995][  T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   35.652015][  T333] Call Trace:
[   35.652023][  T333]  <TASK>
[   35.652032][  T333]  __dump_stack+0x21/0x24
[   35.652071][  T333]  dump_stack_lvl+0xee/0x150
[   35.652095][  T333]  ? __cfi_dump_stack_lvl+0x8/0x8
[   35.652120][  T333]  ? resched_curr+0x1b0/0x380
[   35.652141][  T333]  ? __cfi_resched_curr+0x10/0x10
[   35.711408][  T333]  dump_stack+0x15/0x24
[   35.715681][  T333]  should_fail_ex+0x3d4/0x520
[   35.720876][  T333]  should_fail_alloc_page+0x61/0x90
[   35.726661][  T333]  prepare_alloc_pages+0x148/0x5f0
[   35.732247][  T333]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   35.737999][  T333]  __alloc_pages+0x115/0x3a0
[   35.742709][  T333]  ? __cfi___alloc_pages+0x10/0x10
[   35.747955][  T333]  ? __kasan_check_write+0x14/0x20
[   35.753101][  T333]  ? _raw_spin_lock+0x8e/0xe0
[   35.757883][  T333]  ? __cfi__raw_spin_lock+0x10/0x10
[   35.763727][  T333]  ? __this_cpu_preempt_check+0x13/0x20
[   35.769481][  T333]  __folio_alloc+0x12/0x40
[   35.774073][  T333]  wp_page_copy+0x280/0x15b0
[   35.778987][  T333]  ? __this_cpu_preempt_check+0x13/0x20
[   35.784863][  T333]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   35.791413][  T333]  ? fault_dirty_shared_page+0x310/0x310
[   35.802204][  T333]  ? _raw_spin_unlock+0x4c/0x70
[   35.807602][  T333]  ? finish_task_switch+0x16b/0x7b0
[   35.815291][  T333]  ? vm_normal_page+0x99/0x200
[   35.821492][  T333]  do_wp_page+0x9f2/0xfc0
[   35.826249][  T333]  handle_mm_fault+0x10e4/0x2640
[   35.831585][  T333]  ? __cfi_handle_mm_fault+0x10/0x10
[   35.837403][  T333]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   35.842991][  T333]  ? __this_cpu_preempt_check+0x13/0x20
[   35.849542][  T333]  ? xfd_validate_state+0x70/0x150
[   35.855143][  T333]  do_user_addr_fault+0x905/0x1050
[   35.860519][  T333]  exc_page_fault+0x51/0xb0
[   35.866608][  T333]  asm_exc_page_fault+0x27/0x30
[   35.872025][  T333] RIP: 0033:0x7f42ed5cde80
[   35.877135][  T333] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   35.897932][  T333] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   35.904116][  T333] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   35.912209][  T333] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[pid   337] perf_event_open(executing program
./strace-static-x86_64: Process 336 attached
 <unfinished ...>
[pid   336] set_robust_list(0x55557760b760, 24) = 0
[pid   336] chdir("./7")                = 0
[pid   336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   336] setpgid(0, 0)               = 0
[pid   336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   336] write(3, "1000", 4)         = 4
[pid   336] close(3)                    = 0
[pid   336] symlink("/dev/binderfs", "./binderfs") = 0
[pid   336] write(1, "executing program\n", 18) = 18
[   35.920372][  T333] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   35.929408][  T333] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   35.938914][  T333] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000008
[   35.947519][  T333]  </TASK>
[   35.951159][  T335] CPU: 0 PID: 335 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   35.951592][  T333] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   35.961515][  T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   35.961535][  T335] Call Trace:
[   35.961542][  T335]  <TASK>
[   35.961550][  T335]  __dump_stack+0x21/0x24
[   35.961582][  T335]  dump_stack_lvl+0xee/0x150
[   35.961605][  T335]  ? __cfi_dump_stack_lvl+0x8/0x8
[   35.961631][  T335]  dump_stack+0x15/0x24
[   35.961654][  T335]  should_fail_ex+0x3d4/0x520
[   35.961678][  T335]  __should_failslab+0xac/0xf0
[   36.015361][  T335]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   36.021537][  T335]  should_failslab+0x9/0x20
[   36.026095][  T335]  __kmem_cache_alloc_node+0x3d/0x2c0
[   36.033513][  T335]  ? __cfi_mutex_lock+0x10/0x10
[   36.038834][  T335]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   36.045008][  T335]  __kmalloc+0xa1/0x1e0
[   36.049187][  T335]  ? __kasan_check_write+0x14/0x20
[   36.054317][  T335]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   36.061369][  T335]  tracepoint_probe_unregister+0x1e6/0x8b0
[   36.067723][  T335]  trace_event_reg+0x21c/0x260
[   36.072956][  T335]  perf_trace_event_unreg+0xcc/0x1c0
[pid   336] perf_event_open( <unfinished ...>
[pid   333] exit_group(0)               = ?
[   36.078589][  T335]  perf_trace_destroy+0xbe/0x180
[   36.085657][  T335]  tp_perf_event_destroy+0x15/0x20
[   36.091324][  T335]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   36.097423][  T335]  _free_event+0x9cd/0xce0
[   36.102075][  T335]  perf_event_release_kernel+0x819/0x8a0
[   36.108158][  T335]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   36.114282][  T335]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   36.121076][  T335]  perf_release+0x3b/0x40
[   36.126203][  T335]  ? __cfi_perf_release+0x10/0x10
[   36.131340][  T335]  __fput+0x1fc/0x8f0
[   36.135535][  T335]  ____fput+0x15/0x20
[   36.139807][  T335]  task_work_run+0x1db/0x240
[   36.144415][  T335]  ? __cfi_task_work_run+0x10/0x10
[   36.149539][  T335]  ? task_work_add+0x2b1/0x330
[   36.154309][  T335]  ptrace_notify+0x221/0x250
[   36.159137][  T335]  ? __cfi_ptrace_notify+0x10/0x10
[   36.164814][  T335]  ? fput+0x15b/0x1a0
[   36.169779][  T335]  ? filp_close+0x111/0x160
[   36.174997][  T335]  ? close_fd+0x28b/0x300
[   36.179469][  T335]  syscall_exit_work+0x84/0x140
[   36.184758][  T335]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   36.191244][  T335]  syscall_exit_to_user_mode+0xd/0x30
[   36.196759][  T335]  do_syscall_64+0x58/0xa0
[   36.201194][  T335]  ? clear_bhb_loop+0x15/0x70
[   36.205878][  T335]  ? clear_bhb_loop+0x15/0x70
[   36.210574][  T335]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   36.216551][  T335] RIP: 0033:0x7f42ed5ffa89
[   36.221005][  T335] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   36.240787][  T335] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   36.249307][  T335] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   36.257664][  T335] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   36.265796][  T335] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[pid   333] +++ exited with 0 +++
[   36.274056][  T335] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   36.282310][  T335] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000007
[   36.290928][  T335]  </TASK>
[   36.296446][  T334] CPU: 1 PID: 334 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   36.306844][  T334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   36.316900][  T334] Call Trace:
[   36.320185][  T334]  <TASK>
[   36.323127][  T334]  __dump_stack+0x21/0x24
[   36.327487][  T334]  dump_stack_lvl+0xee/0x150
[   36.332191][  T334]  ? __cfi_dump_stack_lvl+0x8/0x8
[   36.337339][  T334]  ? __cfi_enqueue_task_fair+0x10/0x10
[   36.343013][  T334]  dump_stack+0x15/0x24
[   36.347367][  T334]  should_fail_ex+0x3d4/0x520
[   36.352142][  T334]  should_fail_alloc_page+0x61/0x90
[   36.357363][  T334]  prepare_alloc_pages+0x148/0x5f0
[   36.362483][  T334]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   36.367698][  T334]  __alloc_pages+0x115/0x3a0
[   36.374513][  T334]  ? __cfi___alloc_pages+0x10/0x10
[   36.380288][  T334]  ? __kasan_check_write+0x14/0x20
[   36.386014][  T334]  ? _raw_spin_lock+0x8e/0xe0
[   36.391409][  T334]  ? __cfi__raw_spin_lock+0x10/0x10
[   36.396884][  T334]  ? sched_clock_cpu+0x6e/0x250
[   36.401869][  T334]  __folio_alloc+0x12/0x40
[   36.406661][  T334]  wp_page_copy+0x280/0x15b0
[   36.411470][  T334]  ? __this_cpu_preempt_check+0x13/0x20
[   36.417039][  T334]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   36.423475][  T334]  ? fault_dirty_shared_page+0x310/0x310
[   36.429144][  T334]  ? _raw_spin_unlock+0x4c/0x70
[   36.434632][  T334]  ? finish_task_switch+0x16b/0x7b0
[   36.441000][  T334]  ? vm_normal_page+0x99/0x200
[   36.445963][  T334]  do_wp_page+0x9f2/0xfc0
[   36.450493][  T334]  handle_mm_fault+0x10e4/0x2640
[   36.457302][  T334]  ? __cfi_handle_mm_fault+0x10/0x10
[   36.462719][  T334]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   36.468709][  T334]  ? __this_cpu_preempt_check+0x13/0x20
[   36.474540][  T334]  ? xfd_validate_state+0x70/0x150
[   36.479871][  T334]  do_user_addr_fault+0x905/0x1050
[   36.485211][  T334]  exc_page_fault+0x51/0xb0
[   36.489913][  T334]  asm_exc_page_fault+0x27/0x30
[   36.494872][  T334] RIP: 0033:0x7f42ed5cde80
[   36.499306][  T334] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   36.519179][  T334] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
[pid   337] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   336] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   335] <... close resumed>)        = 0
[pid   337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   335] exit_group(0 <unfinished ...>
[pid   294] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   337] <... bpf resumed>)          = 4
[pid   336] <... bpf resumed>)          = 4
[pid   335] <... exit_group resumed>)   = ?
[pid   294] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16) = 5
[pid   336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   337] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   336] <... bpf resumed>)          = 5
[pid   337] <... openat resumed>)       = 6
[pid   336] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   337] write(6, "1", 1 <unfinished ...>
[pid   336] <... openat resumed>)       = 6
[pid   337] <... write resumed>)        = 1
[pid   336] write(6, "1", 1 <unfinished ...>
[pid   337] close(3 <unfinished ...>
[pid   336] <... write resumed>)        = 1
[   36.525252][  T334] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   36.533393][  T334] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   36.543947][  T334] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   36.552007][  T334] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   36.560095][  T334] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000006
[   36.568363][  T334]  </TASK>
[pid   337] <... close resumed>)        = 0
[pid   336] close(3 <unfinished ...>
[pid   334] exit_group(0 <unfinished ...>
[   36.574664][  T334] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   36.580340][  T336] FAULT_INJECTION: forcing a failure.
[   36.580340][  T336] name failslab, interval 1, probability 0, space 0, times 0
[   36.586390][  T337] FAULT_INJECTION: forcing a failure.
[   36.586390][  T337] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   36.596694][  T336] CPU: 1 PID: 336 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   36.621223][  T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   36.632012][  T336] Call Trace:
[   36.635419][  T336]  <TASK>
[   36.639394][  T336]  __dump_stack+0x21/0x24
[   36.644013][  T336]  dump_stack_lvl+0xee/0x150
[   36.648961][  T336]  ? __cfi_dump_stack_lvl+0x8/0x8
[   36.654016][  T336]  dump_stack+0x15/0x24
[   36.658197][  T336]  should_fail_ex+0x3d4/0x520
[   36.662980][  T336]  __should_failslab+0xac/0xf0
[   36.667778][  T336]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   36.674390][  T336]  should_failslab+0x9/0x20
[   36.679610][  T336]  __kmem_cache_alloc_node+0x3d/0x2c0
[   36.685190][  T336]  ? __cfi_mutex_lock+0x10/0x10
[   36.690163][  T336]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   36.696543][  T336]  __kmalloc+0xa1/0x1e0
[   36.700903][  T336]  ? __kasan_check_write+0x14/0x20
[   36.706376][  T336]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   36.713011][  T336]  tracepoint_probe_unregister+0x1e6/0x8b0
[   36.718951][  T336]  trace_event_reg+0x21c/0x260
[   36.724037][  T336]  perf_trace_event_unreg+0xcc/0x1c0
[   36.729443][  T336]  perf_trace_destroy+0xbe/0x180
[   36.734931][  T336]  tp_perf_event_destroy+0x15/0x20
[   36.740427][  T336]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   36.746627][  T336]  _free_event+0x9cd/0xce0
[   36.751340][  T336]  perf_event_release_kernel+0x819/0x8a0
[   36.757081][  T336]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   36.763355][  T336]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   36.770003][  T336]  perf_release+0x3b/0x40
[   36.774455][  T336]  ? __cfi_perf_release+0x10/0x10
[   36.779579][  T336]  __fput+0x1fc/0x8f0
[   36.783590][  T336]  ____fput+0x15/0x20
[   36.787951][  T336]  task_work_run+0x1db/0x240
[   36.792826][  T336]  ? __cfi_task_work_run+0x10/0x10
[   36.798395][  T336]  ? task_work_add+0x2b1/0x330
[   36.804751][  T336]  ptrace_notify+0x221/0x250
[   36.809370][  T336]  ? __cfi_ptrace_notify+0x10/0x10
[   36.814577][  T336]  ? fput+0x15b/0x1a0
[   36.818574][  T336]  ? filp_close+0x111/0x160
[   36.823165][  T336]  ? close_fd+0x28b/0x300
[   36.828718][  T336]  syscall_exit_work+0x84/0x140
[   36.833836][  T336]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   36.840980][  T336]  syscall_exit_to_user_mode+0xd/0x30
[   36.846645][  T336]  do_syscall_64+0x58/0xa0
[   36.851185][  T336]  ? clear_bhb_loop+0x15/0x70
[   36.856041][  T336]  ? clear_bhb_loop+0x15/0x70
[   36.860719][  T336]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   36.866821][  T336] RIP: 0033:0x7f42ed5ffa89
[   36.872737][  T336] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   36.893405][  T336] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   36.902462][  T336] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   36.911315][  T336] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   36.919479][  T336] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[pid   294] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   334] <... exit_group resumed>)   = ?
[pid   294] <... openat resumed>)       = 3
[pid   334] +++ exited with 0 +++
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=34} ---
[pid   291] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./8/binderfs")      = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[pid   294] rmdir("./8")                = 0
[pid   294] mkdir("./9", 0777)          = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 338
./strace-static-x86_64: Process 338 attached
[pid   338] set_robust_list(0x55557760b760, 24) = 0
[pid   338] chdir("./9")                = 0
[pid   291] <... restart_syscall resumed>) = 0
[pid   291] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] unlink("./6/binderfs")      = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] close(3)                    = 0
[pid   291] rmdir("./6")                = 0
[pid   291] mkdir("./7", 0777)          = 0
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 339
[pid   338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   338] setpgid(0, 0)               = 0
[pid   338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   338] write(3, "1000", 4)         = 4
[pid   338] close(3)                    = 0
[pid   338] symlink("/dev/binderfs", "./binderfs") = 0
[pid   338] write(1, "executing program\n", 18executing program
) = 18
[pid   338] perf_event_open( <unfinished ...>
[pid   335] +++ exited with 0 +++
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=15} ---
[pid   293] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 339 attached
 <unfinished ...>
[pid   339] set_robust_list(0x55557760b760, 24) = 0
[pid   339] chdir("./7")                = 0
[pid   339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   339] setpgid(0, 0)               = 0
[pid   339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   339] write(3, "1000", 4)         = 4
[pid   339] close(3)                    = 0
[pid   339] symlink("/dev/binderfs", "./binderfs") = 0
[   36.927497][  T336] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   36.936161][  T336] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000007
[   36.945208][  T336]  </TASK>
[   36.948649][  T337] CPU: 0 PID: 337 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   36.960792][  T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   36.971496][  T337] Call Trace:
[   36.975408][  T337]  <TASK>
[   36.978365][  T337]  __dump_stack+0x21/0x24
[pid   339] write(1, "executing program\n", 18executing program
) = 18
[pid   293] <... restart_syscall resumed>) = 0
[pid   293] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./7/binderfs")      = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3)                    = 0
[pid   293] rmdir("./7")                = 0
[pid   293] mkdir("./8", 0777)          = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 340
[pid   339] perf_event_open(./strace-static-x86_64: Process 340 attached
 <unfinished ...>
[pid   340] set_robust_list(0x55557760b760, 24) = 0
[pid   340] chdir("./8")                = 0
[pid   340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   340] setpgid(0, 0)               = 0
[pid   340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   340] write(3, "1000", 4)         = 4
[pid   340] close(3)                    = 0
[pid   340] symlink("/dev/binderfs", "./binderfs") = 0
[pid   340] write(1, "executing program\n", 18executing program
) = 18
[   36.983185][  T337]  dump_stack_lvl+0xee/0x150
[   36.987922][  T337]  ? __cfi_dump_stack_lvl+0x8/0x8
[   36.993438][  T337]  ? __cfi_enqueue_task_fair+0x10/0x10
[   36.999094][  T337]  dump_stack+0x15/0x24
[   37.003544][  T337]  should_fail_ex+0x3d4/0x520
[   37.008643][  T337]  should_fail_alloc_page+0x61/0x90
[   37.014069][  T337]  prepare_alloc_pages+0x148/0x5f0
[   37.019472][  T337]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   37.024789][  T337]  __alloc_pages+0x115/0x3a0
[   37.029488][  T337]  ? __cfi___alloc_pages+0x10/0x10
[   37.035356][  T337]  ? __kasan_check_write+0x14/0x20
[   37.041467][  T337]  ? _raw_spin_lock+0x8e/0xe0
[   37.046243][  T337]  ? __cfi__raw_spin_lock+0x10/0x10
[   37.052154][  T337]  ? __this_cpu_preempt_check+0x13/0x20
[   37.057832][  T337]  __folio_alloc+0x12/0x40
[   37.062658][  T337]  wp_page_copy+0x280/0x15b0
[   37.067717][  T337]  ? common_interrupt+0x70/0xe0
[   37.073284][  T337]  ? asm_common_interrupt+0x27/0x40
[   37.080199][  T337]  ? fault_dirty_shared_page+0x310/0x310
[   37.086304][  T337]  ? finish_task_switch+0x173/0x7b0
[   37.091734][  T337]  ? vm_normal_page+0x99/0x200
[   37.096527][  T337]  do_wp_page+0x9f2/0xfc0
[   37.100864][  T337]  handle_mm_fault+0x10e4/0x2640
[   37.106072][  T337]  ? __cfi_handle_mm_fault+0x10/0x10
[   37.111356][  T337]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   37.116580][  T337]  ? __this_cpu_preempt_check+0x13/0x20
[   37.122155][  T337]  ? xfd_validate_state+0x70/0x150
[   37.127444][  T337]  do_user_addr_fault+0x905/0x1050
[   37.133444][  T337]  exc_page_fault+0x51/0xb0
[   37.138785][  T337]  asm_exc_page_fault+0x27/0x30
[   37.144067][  T337] RIP: 0033:0x7f42ed5cde80
[   37.149936][  T337] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   37.173756][  T337] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[pid   340] perf_event_open( <unfinished ...>
[pid   337] exit_group(0 <unfinished ...>
[pid   336] <... close resumed>)        = 0
[pid   338] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   337] <... exit_group resumed>)   = ?
[pid   340] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   339] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   338] <... bpf resumed>)          = 4
[pid   336] exit_group(0 <unfinished ...>
[pid   340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[   37.180611][  T337] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   37.189595][  T337] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   37.197709][  T337] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   37.206035][  T337] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   37.214101][  T337] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000007
[   37.222352][  T337]  </TASK>
[   37.226092][  T337] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[pid   338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   337] +++ exited with 0 +++
[pid   336] <... exit_group resumed>)   = ?
[pid   338] <... bpf resumed>)          = 5
[pid   338] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   338] write(6, "1", 1)            = 1
[pid   338] close(3)                    = 0
[pid   340] <... bpf resumed>)          = 4
[pid   339] <... bpf resumed>)          = 4
[pid   336] +++ exited with 0 +++
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
[pid   340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   290] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   340] <... bpf resumed>)          = 5
[pid   339] <... bpf resumed>)          = 5
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   290] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   340] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   339] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   292] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   290] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   340] <... openat resumed>)       = 6
[pid   339] <... openat resumed>)       = 6
[pid   290] <... openat resumed>)       = 3
[pid   340] write(6, "1", 1 <unfinished ...>
[pid   339] write(6, "1", 1 <unfinished ...>
[pid   290] newfstatat(3, "",  <unfinished ...>
[pid   340] <... write resumed>)        = 1
[pid   339] <... write resumed>)        = 1
[pid   290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   340] close(3 <unfinished ...>
[pid   339] close(3 <unfinished ...>
[   37.237711][  T338] FAULT_INJECTION: forcing a failure.
[   37.237711][  T338] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   37.250139][  T339] FAULT_INJECTION: forcing a failure.
[   37.250139][  T339] name failslab, interval 1, probability 0, space 0, times 0
[   37.251392][  T338] CPU: 0 PID: 338 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   37.268465][  T340] FAULT_INJECTION: forcing a failure.
[pid   290] getdents64(3,  <unfinished ...>
[pid   340] <... close resumed>)        = 0
[pid   292] <... restart_syscall resumed>) = 0
[pid   290] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   292] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   290] newfstatat(AT_FDCWD, "./7/binderfs",  <unfinished ...>
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   290] unlink("./7/binderfs" <unfinished ...>
[pid   292] <... openat resumed>)       = 3
[pid   290] <... unlink resumed>)       = 0
[pid   292] newfstatat(3, "",  <unfinished ...>
[pid   290] getdents64(3,  <unfinished ...>
[pid   292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] getdents64(3,  <unfinished ...>
[pid   290] close(3 <unfinished ...>
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] <... close resumed>)        = 0
[pid   292] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   290] rmdir("./7" <unfinished ...>
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   290] <... rmdir resumed>)        = 0
[pid   292] newfstatat(AT_FDCWD, "./7/binderfs",  <unfinished ...>
[pid   290] mkdir("./8", 0777 <unfinished ...>
[pid   292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] <... mkdir resumed>)        = 0
[pid   292] unlink("./7/binderfs" <unfinished ...>
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   292] <... unlink resumed>)       = 0
[pid   292] getdents64(3,  <unfinished ...>
[pid   290] <... clone resumed>, child_tidptr=0x55557760b750) = 341
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] close(3)                    = 0
[pid   292] rmdir("./7")                = 0
[pid   292] mkdir("./8", 0777)          = 0
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 342
[   37.268465][  T340] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   37.279196][  T338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   37.279216][  T338] Call Trace:
[   37.279222][  T338]  <TASK>
[   37.279232][  T338]  __dump_stack+0x21/0x24
[   37.279263][  T338]  dump_stack_lvl+0xee/0x150
[   37.318886][  T338]  ? __cfi_dump_stack_lvl+0x8/0x8
[   37.323939][  T338]  dump_stack+0x15/0x24
[   37.328511][  T338]  should_fail_ex+0x3d4/0x520
[   37.334129][  T338]  should_fail_alloc_page+0x61/0x90
[   37.340226][  T338]  prepare_alloc_pages+0x148/0x5f0
[   37.345559][  T338]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   37.353253][  T338]  ? __kasan_record_aux_stack+0xb6/0xc0
[   37.359193][  T338]  ? call_rcu+0xd4/0xf90
[   37.364275][  T338]  ? ____fput+0x15/0x20
[   37.373308][  T338]  __alloc_pages+0x115/0x3a0
[   37.379920][  T338]  ? __cfi___alloc_pages+0x10/0x10
[   37.385973][  T338]  ? __kasan_check_write+0x14/0x20
[   37.391997][  T338]  ? _raw_spin_lock+0x8e/0xe0
[   37.402672][  T338]  ? __cfi__raw_spin_lock+0x10/0x10
[   37.408634][  T338]  ? __this_cpu_preempt_check+0x13/0x20
[   37.414605][  T338]  __folio_alloc+0x12/0x40
[   37.419329][  T338]  wp_page_copy+0x280/0x15b0
[   37.424838][  T338]  ? __this_cpu_preempt_check+0x13/0x20
[   37.431129][  T338]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   37.438837][  T338]  ? fault_dirty_shared_page+0x310/0x310
[   37.444942][  T338]  ? _raw_spin_unlock+0x4c/0x70
[   37.450682][  T338]  ? finish_task_switch+0x16b/0x7b0
[   37.456425][  T338]  ? vm_normal_page+0x99/0x200
[   37.461403][  T338]  do_wp_page+0x9f2/0xfc0
[   37.466307][  T338]  handle_mm_fault+0x10e4/0x2640
[   37.471895][  T338]  ? __cfi_handle_mm_fault+0x10/0x10
[   37.477766][  T338]  ? lock_vma_under_rcu+0x3eb/0x4d0
./strace-static-x86_64: Process 341 attached
[pid   341] set_robust_list(0x55557760b760, 24) = 0
[pid   341] chdir("./8")                = 0
[pid   341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   341] setpgid(0, 0)               = 0
[pid   341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   341] write(3, "1000", 4)         = 4
[pid   341] close(3)                    = 0
[pid   341] symlink("/dev/binderfs", "./binderfs") = 0
[pid   341] write(1, "executing program\n", 18executing program
) = 18
[   37.483638][  T338]  ? __this_cpu_preempt_check+0x13/0x20
[   37.490164][  T338]  ? xfd_validate_state+0x70/0x150
[   37.495462][  T338]  do_user_addr_fault+0x905/0x1050
[   37.500720][  T338]  exc_page_fault+0x51/0xb0
[   37.505591][  T338]  asm_exc_page_fault+0x27/0x30
[   37.510817][  T338] RIP: 0033:0x7f42ed5cde80
[   37.518199][  T338] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   37.540014][  T338] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   37.546552][  T338] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   37.554602][  T338] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   37.564254][  T338] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   37.574078][  T338] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   37.584483][  T338] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000009
[   37.592928][  T338]  </TASK>
[   37.596535][  T340] CPU: 1 PID: 340 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   37.598863][  T338] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   37.607389][  T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   37.607411][  T340] Call Trace:
[   37.607418][  T340]  <TASK>
[   37.607426][  T340]  __dump_stack+0x21/0x24
[pid   341] perf_event_open(executing program
./strace-static-x86_64: Process 342 attached
 <unfinished ...>
[pid   342] set_robust_list(0x55557760b760, 24) = 0
[pid   342] chdir("./8")                = 0
[pid   342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   342] setpgid(0, 0)               = 0
[pid   342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   342] write(3, "1000", 4)         = 4
[pid   342] close(3)                    = 0
[pid   342] symlink("/dev/binderfs", "./binderfs") = 0
[pid   342] write(1, "executing program\n", 18) = 18
[pid   342] perf_event_open( <unfinished ...>
[pid   338] exit_group(0)               = ?
[   37.607470][  T340]  dump_stack_lvl+0xee/0x150
[   37.607494][  T340]  ? __cfi_dump_stack_lvl+0x8/0x8
[   37.607522][  T340]  dump_stack+0x15/0x24
[   37.607546][  T340]  should_fail_ex+0x3d4/0x520
[   37.656530][  T340]  should_fail_alloc_page+0x61/0x90
[   37.662888][  T340]  prepare_alloc_pages+0x148/0x5f0
[   37.669531][  T340]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   37.675579][  T340]  ? __kasan_record_aux_stack+0xb6/0xc0
[   37.681466][  T340]  ? call_rcu+0xd4/0xf90
[   37.685843][  T340]  ? ____fput+0x15/0x20
[   37.690156][  T340]  __alloc_pages+0x115/0x3a0
[   37.694850][  T340]  ? __cfi___alloc_pages+0x10/0x10
[   37.701658][  T340]  ? __kasan_check_write+0x14/0x20
[   37.707744][  T340]  ? _raw_spin_lock+0x8e/0xe0
[   37.712649][  T340]  ? __cfi__raw_spin_lock+0x10/0x10
[   37.717955][  T340]  ? __this_cpu_preempt_check+0x13/0x20
[   37.723691][  T340]  __folio_alloc+0x12/0x40
[   37.728517][  T340]  wp_page_copy+0x280/0x15b0
[   37.733870][  T340]  ? __this_cpu_preempt_check+0x13/0x20
[   37.740495][  T340]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   37.747074][  T340]  ? fault_dirty_shared_page+0x310/0x310
[   37.753761][  T340]  ? _raw_spin_unlock+0x4c/0x70
[   37.758634][  T340]  ? finish_task_switch+0x16b/0x7b0
[   37.764989][  T340]  ? vm_normal_page+0x99/0x200
[   37.771253][  T340]  do_wp_page+0x9f2/0xfc0
[   37.776229][  T340]  handle_mm_fault+0x10e4/0x2640
[   37.782432][  T340]  ? __cfi_handle_mm_fault+0x10/0x10
[   37.788726][  T340]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   37.794478][  T340]  ? __this_cpu_preempt_check+0x13/0x20
[   37.800142][  T340]  ? xfd_validate_state+0x70/0x150
[   37.805711][  T340]  do_user_addr_fault+0x905/0x1050
[   37.810916][  T340]  exc_page_fault+0x51/0xb0
[   37.815535][  T340]  asm_exc_page_fault+0x27/0x30
[   37.820404][  T340] RIP: 0033:0x7f42ed5cde80
[   37.825096][  T340] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   37.845693][  T340] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   37.851963][  T340] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   37.860294][  T340] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   37.869247][  T340] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   37.878112][  T340] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   37.886724][  T340] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000008
[   37.894900][  T340]  </TASK>
[   37.898059][  T339] CPU: 0 PID: 339 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   37.898728][  T340] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   37.908579][  T339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   37.908599][  T339] Call Trace:
[   37.908607][  T339]  <TASK>
[   37.908616][  T339]  __dump_stack+0x21/0x24
[   37.908647][  T339]  dump_stack_lvl+0xee/0x150
[   37.945055][  T339]  ? __cfi_dump_stack_lvl+0x8/0x8
[   37.950326][  T339]  dump_stack+0x15/0x24
[   37.954962][  T339]  should_fail_ex+0x3d4/0x520
[   37.961505][  T339]  __should_failslab+0xac/0xf0
[   37.966853][  T339]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   37.973726][  T339]  should_failslab+0x9/0x20
[   37.979118][  T339]  __kmem_cache_alloc_node+0x3d/0x2c0
[   37.985151][  T339]  ? __cfi_mutex_lock+0x10/0x10
[   37.990302][  T339]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   37.996464][  T339]  __kmalloc+0xa1/0x1e0
[   38.000867][  T339]  ? __kasan_check_write+0x14/0x20
[   38.006071][  T339]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   38.013001][  T339]  tracepoint_probe_unregister+0x1e6/0x8b0
[   38.019346][  T339]  trace_event_reg+0x21c/0x260
[   38.024313][  T339]  perf_trace_event_unreg+0xcc/0x1c0
[   38.030231][  T339]  perf_trace_destroy+0xbe/0x180
[   38.037664][  T339]  tp_perf_event_destroy+0x15/0x20
[   38.043231][  T339]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   38.052085][  T339]  _free_event+0x9cd/0xce0
[   38.057769][  T339]  perf_event_release_kernel+0x819/0x8a0
[   38.064810][  T339]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   38.071659][  T339]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   38.078009][  T339]  perf_release+0x3b/0x40
[   38.082493][  T339]  ? __cfi_perf_release+0x10/0x10
[   38.088594][  T339]  __fput+0x1fc/0x8f0
[   38.092610][  T339]  ____fput+0x15/0x20
[   38.097537][  T339]  task_work_run+0x1db/0x240
[   38.102778][  T339]  ? __cfi_task_work_run+0x10/0x10
[   38.108783][  T339]  ? task_work_add+0x2b1/0x330
[   38.113682][  T339]  ptrace_notify+0x221/0x250
[   38.118416][  T339]  ? __cfi_ptrace_notify+0x10/0x10
[   38.123943][  T339]  ? fput+0x15b/0x1a0
[   38.128471][  T339]  ? filp_close+0x111/0x160
[   38.133182][  T339]  ? close_fd+0x28b/0x300
[   38.137829][  T339]  syscall_exit_work+0x84/0x140
[   38.142863][  T339]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   38.149219][  T339]  syscall_exit_to_user_mode+0xd/0x30
[   38.154643][  T339]  do_syscall_64+0x58/0xa0
[   38.159649][  T339]  ? clear_bhb_loop+0x15/0x70
[   38.164616][  T339]  ? clear_bhb_loop+0x15/0x70
[   38.170698][  T339]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   38.177910][  T339] RIP: 0033:0x7f42ed5ffa89
[   38.182441][  T339] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   38.202875][  T339] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   38.211922][  T339] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   38.220173][  T339] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   38.228412][  T339] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[pid   340] exit_group(0 <unfinished ...>
[pid   338] +++ exited with 0 +++
[pid   340] <... exit_group resumed>)   = ?
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   339] <... close resumed>)        = 0
[pid   339] exit_group(0)               = ?
[pid   294] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./9/binderfs")      = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[pid   294] rmdir("./9")                = 0
[pid   294] mkdir("./10", 0777)         = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 343
./strace-static-x86_64: Process 343 attached
[pid   343] set_robust_list(0x55557760b760, 24) = 0
[pid   343] chdir("./10")               = 0
[pid   343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   343] setpgid(0, 0)               = 0
[pid   343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   343] write(3, "1000", 4)         = 4
[pid   343] close(3)                    = 0
[pid   343] symlink("/dev/binderfs", "./binderfs") = 0
[pid   343] write(1, "executing program\n", 18executing program
) = 18
[pid   343] perf_event_open( <unfinished ...>
[pid   341] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   340] +++ exited with 0 +++
[pid   343] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   342] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=15} ---
[pid   341] <... bpf resumed>)          = 4
[pid   293] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   343] <... bpf resumed>)          = 4
[pid   343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   342] <... bpf resumed>)          = 4
[pid   342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   293] <... restart_syscall resumed>) = 0
[pid   293] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./8/binderfs")      = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3)                    = 0
[pid   293] rmdir("./8")                = 0
[pid   293] mkdir("./9", 0777)          = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 344
./strace-static-x86_64: Process 344 attached
[pid   344] set_robust_list(0x55557760b760, 24) = 0
[pid   344] chdir("./9")                = 0
[pid   344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   344] setpgid(0, 0)               = 0
[pid   344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   344] write(3, "1000", 4)         = 4
[pid   344] close(3)                    = 0
[pid   344] symlink("/dev/binderfs", "./binderfs") = 0
[   38.238389][  T339] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   38.246979][  T339] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000007
[   38.255059][  T339]  </TASK>
[pid   344] write(1, "executing program\n", 18executing program
) = 18
[pid   344] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   343] <... bpf resumed>)          = 5
[pid   342] <... bpf resumed>)          = 5
[pid   341] <... bpf resumed>)          = 5
[pid   339] +++ exited with 0 +++
[pid   342] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   341] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=27} ---
[pid   343] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   342] <... openat resumed>)       = 6
[pid   341] <... openat resumed>)       = 6
[pid   291] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   343] <... openat resumed>)       = 6
[pid   342] write(6, "1", 1 <unfinished ...>
[pid   341] write(6, "1", 1 <unfinished ...>
[pid   343] write(6, "1", 1 <unfinished ...>
[pid   342] <... write resumed>)        = 1
[pid   341] <... write resumed>)        = 1
[pid   343] <... write resumed>)        = 1
[pid   342] close(3 <unfinished ...>
[pid   341] close(3 <unfinished ...>
[pid   343] close(3 <unfinished ...>
[pid   342] <... close resumed>)        = 0
[pid   343] <... close resumed>)        = 0
[pid   341] <... close resumed>)        = 0
[pid   344] <... bpf resumed>)          = 4
[pid   291] <... restart_syscall resumed>) = 0
[pid   344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16) = 5
[pid   344] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   344] write(6, "1", 1)            = 1
[   38.308814][  T342] FAULT_INJECTION: forcing a failure.
[   38.308814][  T342] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   38.309533][  T343] FAULT_INJECTION: forcing a failure.
[   38.309533][  T343] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   38.322545][  T342] CPU: 1 PID: 342 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   38.339896][  T344] FAULT_INJECTION: forcing a failure.
[   38.339896][  T344] name failslab, interval 1, probability 0, space 0, times 0
[   38.348891][  T342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   38.348911][  T342] Call Trace:
[   38.348918][  T342]  <TASK>
[   38.348927][  T342]  __dump_stack+0x21/0x24
[   38.348959][  T342]  dump_stack_lvl+0xee/0x150
[   38.348983][  T342]  ? __cfi_dump_stack_lvl+0x8/0x8
[   38.349008][  T342]  ? __cfi_enqueue_task_fair+0x10/0x10
[   38.349039][  T342]  dump_stack+0x15/0x24
[   38.349063][  T342]  should_fail_ex+0x3d4/0x520
[   38.409486][  T342]  should_fail_alloc_page+0x61/0x90
[   38.414890][  T342]  prepare_alloc_pages+0x148/0x5f0
[   38.420037][  T342]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   38.425364][  T342]  __alloc_pages+0x115/0x3a0
[   38.431540][  T342]  ? __cfi___alloc_pages+0x10/0x10
[   38.436946][  T342]  ? __kasan_check_write+0x14/0x20
[   38.442081][  T342]  ? _raw_spin_lock+0x8e/0xe0
[   38.447581][  T342]  ? __cfi__raw_spin_lock+0x10/0x10
[   38.452878][  T342]  ? __this_cpu_preempt_check+0x13/0x20
[   38.458445][  T342]  __folio_alloc+0x12/0x40
[   38.463072][  T342]  wp_page_copy+0x280/0x15b0
[   38.470305][  T342]  ? __this_cpu_preempt_check+0x13/0x20
[   38.476161][  T342]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   38.483566][  T342]  ? fault_dirty_shared_page+0x310/0x310
[   38.489621][  T342]  ? _raw_spin_unlock+0x4c/0x70
[   38.494590][  T342]  ? finish_task_switch+0x16b/0x7b0
[   38.499835][  T342]  ? vm_normal_page+0x99/0x200
[   38.504701][  T342]  do_wp_page+0x9f2/0xfc0
[   38.509185][  T342]  handle_mm_fault+0x10e4/0x2640
[   38.514256][  T342]  ? __cfi_handle_mm_fault+0x10/0x10
[   38.519550][  T342]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   38.525484][  T342]  ? __this_cpu_preempt_check+0x13/0x20
[   38.531056][  T342]  ? xfd_validate_state+0x70/0x150
[   38.536987][  T342]  do_user_addr_fault+0x905/0x1050
[   38.542461][  T342]  exc_page_fault+0x51/0xb0
[   38.546977][  T342]  asm_exc_page_fault+0x27/0x30
[   38.551877][  T342] RIP: 0033:0x7f42ed5cde80
[   38.556420][  T342] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   38.576806][  T342] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   38.583079][  T342] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   38.591243][  T342] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   38.599222][  T342] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   38.607280][  T342] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   38.615474][  T342] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000008
[   38.623907][  T342]  </TASK>
[   38.627050][  T343] CPU: 0 PID: 343 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   38.627226][  T341] FAULT_INJECTION: forcing a failure.
[   38.627226][  T341] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   38.638861][  T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   38.638881][  T343] Call Trace:
[   38.638888][  T343]  <TASK>
[   38.638899][  T343]  __dump_stack+0x21/0x24
[   38.638931][  T343]  dump_stack_lvl+0xee/0x150
[   38.638956][  T343]  ? __cfi_dump_stack_lvl+0x8/0x8
[   38.638983][  T343]  dump_stack+0x15/0x24
[   38.639008][  T343]  should_fail_ex+0x3d4/0x520
[   38.639032][  T343]  should_fail_alloc_page+0x61/0x90
[   38.639057][  T343]  prepare_alloc_pages+0x148/0x5f0
[   38.639082][  T343]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   38.639104][  T343]  ? __kasan_record_aux_stack+0xb6/0xc0
[   38.639135][  T343]  ? call_rcu+0xd4/0xf90
[   38.639158][  T343]  ? ____fput+0x15/0x20
[   38.639180][  T343]  __alloc_pages+0x115/0x3a0
[   38.639205][  T343]  ? __cfi___alloc_pages+0x10/0x10
[   38.639229][  T343]  ? __kasan_check_write+0x14/0x20
[   38.639256][  T343]  ? _raw_spin_lock+0x8e/0xe0
[   38.639280][  T343]  ? __cfi__raw_spin_lock+0x10/0x10
[   38.639303][  T343]  ? __this_cpu_preempt_check+0x13/0x20
[   38.639326][  T343]  __folio_alloc+0x12/0x40
[   38.639349][  T343]  wp_page_copy+0x280/0x15b0
[   38.773221][  T343]  ? __this_cpu_preempt_check+0x13/0x20
[   38.779320][  T343]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   38.786471][  T343]  ? fault_dirty_shared_page+0x310/0x310
[   38.792811][  T343]  ? _raw_spin_unlock+0x4c/0x70
[   38.799068][  T343]  ? finish_task_switch+0x16b/0x7b0
[   38.805962][  T343]  ? vm_normal_page+0x99/0x200
[   38.811010][  T343]  do_wp_page+0x9f2/0xfc0
[   38.816012][  T343]  handle_mm_fault+0x10e4/0x2640
[   38.821715][  T343]  ? __cfi_handle_mm_fault+0x10/0x10
[   38.829428][  T343]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   38.834763][  T343]  ? __this_cpu_preempt_check+0x13/0x20
[   38.840339][  T343]  ? xfd_validate_state+0x70/0x150
[   38.845475][  T343]  do_user_addr_fault+0x905/0x1050
[   38.850598][  T343]  exc_page_fault+0x51/0xb0
[   38.855105][  T343]  asm_exc_page_fault+0x27/0x30
[   38.860222][  T343] RIP: 0033:0x7f42ed5cde80
[   38.864923][  T343] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   38.885222][  T343] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   38.891491][  T343] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   38.899466][  T343] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   38.907606][  T343] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   38.915601][  T343] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   38.923677][  T343] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000a
[   38.931755][  T343]  </TASK>
[   38.934855][  T341] CPU: 1 PID: 341 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   38.945291][  T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   38.955363][  T341] Call Trace:
[   38.958870][  T341]  <TASK>
[pid   344] close(3 <unfinished ...>
[pid   291] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] unlink("./7/binderfs")      = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] close(3)                    = 0
[pid   291] rmdir("./7")                = 0
[pid   291] mkdir("./8", 0777)          = 0
[   38.961908][  T341]  __dump_stack+0x21/0x24
[   38.966345][  T341]  dump_stack_lvl+0xee/0x150
[   38.971124][  T341]  ? __cfi_dump_stack_lvl+0x8/0x8
[   38.976433][  T341]  dump_stack+0x15/0x24
[   38.981535][  T341]  should_fail_ex+0x3d4/0x520
[   38.986768][  T341]  should_fail_alloc_page+0x61/0x90
[   38.992603][  T341]  prepare_alloc_pages+0x148/0x5f0
[   38.997833][  T341]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   39.003048][  T341]  ? __kasan_record_aux_stack+0xb6/0xc0
[   39.008610][  T341]  __alloc_pages+0x115/0x3a0
[   39.013216][  T341]  ? __cfi___alloc_pages+0x10/0x10
[   39.018681][  T341]  ? __kasan_check_write+0x14/0x20
[   39.023807][  T341]  ? _raw_spin_lock+0x8e/0xe0
[   39.028503][  T341]  ? __cfi__raw_spin_lock+0x10/0x10
[   39.034315][  T341]  ? sched_clock_cpu+0x6e/0x250
[   39.039353][  T341]  __folio_alloc+0x12/0x40
[   39.043799][  T341]  wp_page_copy+0x280/0x15b0
[   39.048456][  T341]  ? __this_cpu_preempt_check+0x13/0x20
[   39.054459][  T341]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 345
[   39.060811][  T341]  ? fault_dirty_shared_page+0x310/0x310
[   39.066794][  T341]  ? __kasan_check_write+0x14/0x20
[   39.072958][  T341]  ? finish_task_switch+0x209/0x7b0
[   39.078443][  T341]  ? vm_normal_page+0x99/0x200
[   39.083462][  T341]  do_wp_page+0x9f2/0xfc0
[   39.087917][  T341]  handle_mm_fault+0x10e4/0x2640
[   39.093155][  T341]  ? __cfi_handle_mm_fault+0x10/0x10
[   39.098481][  T341]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   39.103879][  T341]  ? __this_cpu_preempt_check+0x13/0x20
[   39.109639][  T341]  ? xfd_validate_state+0x70/0x150
[   39.114765][  T341]  do_user_addr_fault+0x905/0x1050
[   39.120595][  T341]  exc_page_fault+0x51/0xb0
[   39.125116][  T341]  asm_exc_page_fault+0x27/0x30
[   39.130163][  T341] RIP: 0033:0x7f42ed5cde80
[   39.134763][  T341] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   39.154430][  T341] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   39.160875][  T341] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   39.170105][  T341] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   39.178760][  T341] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   39.188673][  T341] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   39.195944][  T342] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
executing program
./strace-static-x86_64: Process 345 attached
[pid   345] set_robust_list(0x55557760b760, 24) = 0
[pid   345] chdir("./8")                = 0
[pid   345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   345] setpgid(0, 0)               = 0
[pid   345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   345] write(3, "1000", 4)         = 4
[pid   345] close(3)                    = 0
[pid   345] symlink("/dev/binderfs", "./binderfs") = 0
[pid   345] write(1, "executing program\n", 18) = 18
[   39.197274][  T341] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000008
[   39.197302][  T341]  </TASK>
[   39.213481][  T341] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   39.218929][  T344] CPU: 0 PID: 344 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   39.240026][  T344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   39.248224][  T343] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[pid   345] perf_event_open( <unfinished ...>
[pid   341] exit_group(0)               = ?
[pid   342] exit_group(0)               = ?
[pid   343] exit_group(0)               = ?
[   39.250867][  T344] Call Trace:
[   39.250878][  T344]  <TASK>
[   39.268457][  T344]  __dump_stack+0x21/0x24
[   39.274595][  T344]  dump_stack_lvl+0xee/0x150
[   39.281472][  T344]  ? __cfi_dump_stack_lvl+0x8/0x8
[   39.288602][  T344]  dump_stack+0x15/0x24
[   39.293394][  T344]  should_fail_ex+0x3d4/0x520
[   39.298783][  T344]  __should_failslab+0xac/0xf0
[   39.304432][  T344]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   39.310744][  T344]  should_failslab+0x9/0x20
[   39.315703][  T344]  __kmem_cache_alloc_node+0x3d/0x2c0
[   39.321313][  T344]  ? __cfi_mutex_lock+0x10/0x10
[   39.326235][  T344]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   39.332668][  T344]  __kmalloc+0xa1/0x1e0
[   39.336943][  T344]  ? __kasan_check_write+0x14/0x20
[   39.342057][  T344]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   39.348831][  T344]  tracepoint_probe_unregister+0x1e6/0x8b0
[   39.355168][  T344]  trace_event_reg+0x21c/0x260
[   39.360724][  T344]  perf_trace_event_unreg+0xcc/0x1c0
[   39.366281][  T344]  perf_trace_destroy+0xbe/0x180
[   39.372017][  T344]  tp_perf_event_destroy+0x15/0x20
[   39.377630][  T344]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   39.383763][  T344]  _free_event+0x9cd/0xce0
[   39.389182][  T344]  perf_event_release_kernel+0x819/0x8a0
[   39.395624][  T344]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   39.401803][  T344]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   39.407965][  T344]  perf_release+0x3b/0x40
[   39.412612][  T344]  ? __cfi_perf_release+0x10/0x10
[   39.419111][  T344]  __fput+0x1fc/0x8f0
[   39.424500][  T344]  ____fput+0x15/0x20
[   39.428986][  T344]  task_work_run+0x1db/0x240
[   39.435071][  T344]  ? __cfi_task_work_run+0x10/0x10
[   39.440879][  T344]  ? task_work_add+0x2b1/0x330
[   39.445870][  T344]  ptrace_notify+0x221/0x250
[   39.450497][  T344]  ? __cfi_ptrace_notify+0x10/0x10
[   39.456196][  T344]  ? fput+0x15b/0x1a0
[   39.460306][  T344]  ? filp_close+0x111/0x160
[   39.465120][  T344]  ? close_fd+0x28b/0x300
[   39.469990][  T344]  syscall_exit_work+0x84/0x140
[   39.475122][  T344]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   39.482026][  T344]  syscall_exit_to_user_mode+0xd/0x30
[   39.488113][  T344]  do_syscall_64+0x58/0xa0
[   39.492639][  T344]  ? clear_bhb_loop+0x15/0x70
[   39.499504][  T344]  ? clear_bhb_loop+0x15/0x70
[   39.504410][  T344]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   39.510501][  T344] RIP: 0033:0x7f42ed5ffa89
[   39.515144][  T344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   39.536674][  T344] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   39.545935][  T344] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   39.554597][  T344] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[pid   342] +++ exited with 0 +++
[pid   341] +++ exited with 0 +++
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid   292] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=19} ---
[pid   290] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   292] <... restart_syscall resumed>) = 0
[pid   290] <... restart_syscall resumed>) = 0
[pid   292] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   292] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   292] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   292] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] unlink("./8/binderfs" <unfinished ...>
[pid   290] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] unlink("./8/binderfs" <unfinished ...>
[pid   344] <... close resumed>)        = 0
[pid   343] +++ exited with 0 +++
[pid   344] exit_group(0)               = ?
[pid   345] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=17} ---
[pid   345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   294] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   294] <... restart_syscall resumed>) = 0
[pid   294] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3,  <unfinished ...>
[pid   292] <... unlink resumed>)       = 0
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] getdents64(3,  <unfinished ...>
[pid   290] <... unlink resumed>)       = 0
[pid   294] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] close(3 <unfinished ...>
[pid   290] getdents64(3,  <unfinished ...>
[pid   294] newfstatat(AT_FDCWD, "./10/binderfs",  <unfinished ...>
[pid   292] <... close resumed>)        = 0
[pid   294] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] rmdir("./8" <unfinished ...>
[pid   290] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] unlink("./10/binderfs" <unfinished ...>
[pid   292] <... rmdir resumed>)        = 0
[pid   294] <... unlink resumed>)       = 0
[pid   292] mkdir("./9", 0777 <unfinished ...>
[pid   290] close(3 <unfinished ...>
[pid   294] getdents64(3,  <unfinished ...>
[pid   292] <... mkdir resumed>)        = 0
[pid   294] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   294] close(3 <unfinished ...>
[pid   290] <... close resumed>)        = 0
[pid   294] <... close resumed>)        = 0
[pid   292] <... clone resumed>, child_tidptr=0x55557760b750) = 346
[pid   294] rmdir("./10"./strace-static-x86_64: Process 346 attached
)               = 0
[pid   290] rmdir("./8" <unfinished ...>
[pid   294] mkdir("./11", 0777)         = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   346] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   290] <... rmdir resumed>)        = 0
[pid   294] <... clone resumed>, child_tidptr=0x55557760b750) = 347
./strace-static-x86_64: Process 347 attached
[pid   347] set_robust_list(0x55557760b760, 24) = 0
[pid   347] chdir("./11")               = 0
[pid   347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   347] setpgid(0, 0)               = 0
[pid   347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   347] write(3, "1000", 4 <unfinished ...>
[pid   290] mkdir("./9", 0777 <unfinished ...>
[pid   347] <... write resumed>)        = 4
[pid   347] close(3)                    = 0
[pid   347] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   347] write(1, "executing program\n", 18) = 18
[pid   347] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   290] <... mkdir resumed>)        = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   346] <... set_robust_list resumed>) = 0
[pid   347] <... bpf resumed>)          = 4
[pid   290] <... clone resumed>, child_tidptr=0x55557760b750) = 348
[pid   347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16./strace-static-x86_64: Process 348 attached
 <unfinished ...>
[pid   348] set_robust_list(0x55557760b760, 24) = 0
[pid   346] chdir("./9" <unfinished ...>
[pid   348] chdir("./9")                = 0
[pid   348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   348] setpgid(0, 0)               = 0
[pid   348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   348] write(3, "1000", 4)         = 4
[pid   348] close(3)                    = 0
[pid   348] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   348] write(1, "executing program\n", 18) = 18
[pid   348] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   346] <... chdir resumed>)        = 0
[pid   346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   346] setpgid(0, 0)               = 0
[pid   346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   348] <... bpf resumed>)          = 4
[pid   348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   346] <... openat resumed>)       = 3
[pid   346] write(3, "1000", 4)         = 4
[pid   346] close(3)                    = 0
[pid   346] symlink("/dev/binderfs", "./binderfs") = 0
[pid   344] +++ exited with 0 +++
[pid   347] <... bpf resumed>)          = 5
[pid   345] <... bpf resumed>)          = 5
[pid   345] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=36} ---
[pid   347] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   345] <... openat resumed>)       = 6
[pid   293] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   347] write(6, "1", 1 <unfinished ...>
[   39.564024][  T344] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   39.573142][  T344] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   39.582168][  T344] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000009
[   39.591315][  T344]  </TASK>
[pid   345] write(6, "1", 1)            = 1
[pid   347] <... write resumed>)        = 1
[pid   345] close(3 <unfinished ...>
[pid   347] close(3 <unfinished ...>
[pid   345] <... close resumed>)        = 0
[pid   347] <... close resumed>)        = 0
[   39.627076][  T345] FAULT_INJECTION: forcing a failure.
[   39.627076][  T345] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   39.627298][  T347] FAULT_INJECTION: forcing a failure.
[   39.627298][  T347] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   39.644198][  T345] CPU: 0 PID: 345 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[pid   348] <... bpf resumed>)          = 5
[pid   346] write(1, "executing program\n", 18 <unfinished ...>
[pid   293] <... restart_syscall resumed>) = 0
[pid   293] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./9/binderfs")      = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3)                    = 0
[pid   293] rmdir("./9")                = 0
[pid   293] mkdir("./10", 0777)         = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 349
[   39.669722][  T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   39.682557][  T345] Call Trace:
[   39.686153][  T345]  <TASK>
[   39.689185][  T345]  __dump_stack+0x21/0x24
[   39.693619][  T345]  dump_stack_lvl+0xee/0x150
[   39.698244][  T345]  ? __cfi_dump_stack_lvl+0x8/0x8
[   39.703687][  T345]  dump_stack+0x15/0x24
[   39.707964][  T345]  should_fail_ex+0x3d4/0x520
[   39.713079][  T345]  should_fail_alloc_page+0x61/0x90
[   39.718333][  T345]  prepare_alloc_pages+0x148/0x5f0
[   39.723829][  T345]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   39.729050][  T345]  __alloc_pages+0x115/0x3a0
[   39.733776][  T345]  ? __cfi___alloc_pages+0x10/0x10
[   39.739442][  T345]  ? __kasan_check_write+0x14/0x20
[   39.744793][  T345]  ? _raw_spin_lock+0x8e/0xe0
[   39.749690][  T345]  ? __cfi__raw_spin_lock+0x10/0x10
[   39.755000][  T345]  ? __this_cpu_preempt_check+0x13/0x20
[   39.760966][  T345]  __folio_alloc+0x12/0x40
[   39.765727][  T345]  wp_page_copy+0x280/0x15b0
[   39.770726][  T345]  ? __kasan_check_read+0x11/0x20
[   39.777442][  T345]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[   39.784313][  T345]  ? fault_dirty_shared_page+0x310/0x310
[   39.790342][  T345]  ? finish_task_switch+0x173/0x7b0
[   39.796351][  T345]  ? vm_normal_page+0x99/0x200
[   39.802596][  T345]  do_wp_page+0x9f2/0xfc0
[   39.807141][  T345]  handle_mm_fault+0x10e4/0x2640
[   39.812134][  T345]  ? __cfi_handle_mm_fault+0x10/0x10
[   39.818178][  T345]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   39.823758][  T345]  ? __this_cpu_preempt_check+0x13/0x20
[   39.829325][  T345]  ? xfd_validate_state+0x70/0x150
[   39.834798][  T345]  do_user_addr_fault+0x905/0x1050
[   39.840707][  T345]  exc_page_fault+0x51/0xb0
[   39.845218][  T345]  asm_exc_page_fault+0x27/0x30
[   39.850076][  T345] RIP: 0033:0x7f42ed5cde80
[   39.854491][  T345] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   39.876358][  T345] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   39.882796][  T345] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   39.890958][  T345] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   39.899806][  T345] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   39.907982][  T345] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   39.916584][  T345] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000008
executing program
[pid   348] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   346] <... write resumed>)        = 18
[pid   348] <... openat resumed>)       = 6
[pid   346] perf_event_open( <unfinished ...>
[pid   348] write(6, "1", 1 <unfinished ...>
[pid   346] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   348] <... write resumed>)        = 1
[   39.926535][  T345]  </TASK>
[   39.932936][  T347] CPU: 0 PID: 347 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   39.943843][  T347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   39.955729][  T347] Call Trace:
[   39.959459][  T347]  <TASK>
[   39.962664][  T347]  __dump_stack+0x21/0x24
[   39.967527][  T347]  dump_stack_lvl+0xee/0x150
[   39.972213][  T347]  ? __cfi_dump_stack_lvl+0x8/0x8
[pid   348] close(3./strace-static-x86_64: Process 349 attached
)                    = 0
[pid   345] exit_group(0 <unfinished ...>
[pid   349] set_robust_list(0x55557760b760, 24) = 0
[pid   349] chdir("./10")               = 0
[pid   349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   349] setpgid(0, 0)               = 0
[pid   349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   349] write(3, "1000", 4)         = 4
[pid   349] close(3)                    = 0
executing program
[pid   349] symlink("/dev/binderfs", "./binderfs") = 0
[pid   349] write(1, "executing program\n", 18) = 18
[pid   349] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   345] <... exit_group resumed>)   = ?
[pid   345] +++ exited with 0 +++
[   39.977464][  T347]  ? __cfi_enqueue_task_fair+0x10/0x10
[   39.983916][  T347]  dump_stack+0x15/0x24
[   39.986599][  T348] FAULT_INJECTION: forcing a failure.
[   39.986599][  T348] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   39.988451][  T347]  should_fail_ex+0x3d4/0x520
[   39.988482][  T347]  should_fail_alloc_page+0x61/0x90
[   39.988505][  T347]  prepare_alloc_pages+0x148/0x5f0
[   39.988529][  T347]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   39.988555][  T347]  __alloc_pages+0x115/0x3a0
[   40.029001][  T347]  ? __cfi___alloc_pages+0x10/0x10
[   40.034239][  T347]  ? __kasan_check_write+0x14/0x20
[   40.039738][  T347]  ? _raw_spin_lock+0x8e/0xe0
[   40.045852][  T347]  ? __cfi__raw_spin_lock+0x10/0x10
[   40.051732][  T347]  ? __this_cpu_preempt_check+0x13/0x20
[   40.057599][  T347]  __folio_alloc+0x12/0x40
[   40.062429][  T347]  wp_page_copy+0x280/0x15b0
[   40.067608][  T347]  ? __this_cpu_preempt_check+0x13/0x20
[   40.074241][  T347]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   40.080799][  T347]  ? fault_dirty_shared_page+0x310/0x310
[   40.086754][  T347]  ? _raw_spin_unlock+0x4c/0x70
[   40.091978][  T347]  ? finish_task_switch+0x16b/0x7b0
[   40.097848][  T347]  ? vm_normal_page+0x99/0x200
[   40.103662][  T347]  do_wp_page+0x9f2/0xfc0
[   40.108633][  T347]  handle_mm_fault+0x10e4/0x2640
[   40.113912][  T347]  ? __cfi_handle_mm_fault+0x10/0x10
[   40.119322][  T347]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   40.125537][  T347]  ? __this_cpu_preempt_check+0x13/0x20
[   40.132354][  T347]  ? xfd_validate_state+0x70/0x150
[   40.137850][  T347]  do_user_addr_fault+0x905/0x1050
[   40.143182][  T347]  exc_page_fault+0x51/0xb0
[   40.148142][  T347]  asm_exc_page_fault+0x27/0x30
[   40.153214][  T347] RIP: 0033:0x7f42ed5cde80
[   40.157944][  T347] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   40.183014][  T347] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   40.190314][  T347] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   40.198655][  T347] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   40.207566][  T347] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   40.216419][  T347] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   40.224943][  T347] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000b
[   40.234244][  T347]  </TASK>
[   40.237573][  T348] CPU: 1 PID: 348 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   40.251749][  T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   40.269460][  T348] Call Trace:
[   40.273379][  T348]  <TASK>
[   40.279180][  T348]  __dump_stack+0x21/0x24
[   40.285244][  T348]  dump_stack_lvl+0xee/0x150
[   40.291169][  T348]  ? __cfi_dump_stack_lvl+0x8/0x8
[   40.296675][  T348]  ? resched_curr+0x1b0/0x380
[   40.301831][  T348]  ? __cfi_resched_curr+0x10/0x10
[   40.306923][  T348]  dump_stack+0x15/0x24
[   40.311335][  T348]  should_fail_ex+0x3d4/0x520
[   40.316185][  T348]  should_fail_alloc_page+0x61/0x90
[   40.321572][  T348]  prepare_alloc_pages+0x148/0x5f0
[   40.326873][  T348]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   40.332207][  T348]  __alloc_pages+0x115/0x3a0
[   40.337401][  T348]  ? __cfi___alloc_pages+0x10/0x10
[   40.342605][  T348]  ? newidle_balance+0x81f/0xda0
[   40.347565][  T348]  ? __kasan_check_write+0x14/0x20
[   40.352779][  T348]  ? _raw_spin_lock+0x8e/0xe0
[   40.357553][  T348]  ? __cfi__raw_spin_lock+0x10/0x10
[   40.363261][  T348]  ? __this_cpu_preempt_check+0x13/0x20
[   40.368928][  T348]  __folio_alloc+0x12/0x40
[   40.373562][  T348]  wp_page_copy+0x280/0x15b0
[   40.378355][  T348]  ? __this_cpu_preempt_check+0x13/0x20
[   40.384135][  T348]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   40.390625][  T348]  ? fault_dirty_shared_page+0x310/0x310
[   40.396928][  T348]  ? _raw_spin_unlock+0x4c/0x70
[   40.402234][  T348]  ? finish_task_switch+0x16b/0x7b0
[   40.407656][  T348]  ? vm_normal_page+0x99/0x200
[   40.412556][  T348]  do_wp_page+0x9f2/0xfc0
[   40.417886][  T348]  handle_mm_fault+0x10e4/0x2640
[   40.423267][  T348]  ? __cfi_handle_mm_fault+0x10/0x10
[   40.429343][  T348]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   40.434654][  T348]  ? __this_cpu_preempt_check+0x13/0x20
[   40.440553][  T348]  ? xfd_validate_state+0x70/0x150
[   40.445995][  T348]  do_user_addr_fault+0x905/0x1050
[   40.451384][  T348]  exc_page_fault+0x51/0xb0
[   40.457042][  T348]  asm_exc_page_fault+0x27/0x30
[   40.464166][  T348] RIP: 0033:0x7f42ed5cde80
[   40.469122][  T348] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   40.493307][  T348] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   40.499701][  T348] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   40.507779][  T348] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   40.516113][  T348] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
executing program
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   291] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] unlink("./8/binderfs")      = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] close(3)                    = 0
[pid   291] rmdir("./8")                = 0
[pid   291] mkdir("./9", 0777)          = 0
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 350
./strace-static-x86_64: Process 350 attached
[pid   350] set_robust_list(0x55557760b760, 24) = 0
[pid   350] chdir("./9")                = 0
[pid   350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   350] setpgid(0, 0)               = 0
[pid   350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   350] write(3, "1000", 4)         = 4
[pid   350] close(3)                    = 0
[pid   350] symlink("/dev/binderfs", "./binderfs") = 0
[pid   350] write(1, "executing program\n", 18) = 18
[pid   350] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   347] exit_group(0)               = ?
[pid   347] +++ exited with 0 +++
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=11} ---
[pid   294] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   294] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./11/binderfs")     = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[pid   294] rmdir("./11")               = 0
[pid   294] mkdir("./12", 0777)         = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 351 attached
 <unfinished ...>
[pid   348] exit_group(0 <unfinished ...>
[pid   349] <... bpf resumed>)          = 4
[pid   348] <... exit_group resumed>)   = ?
[pid   346] <... bpf resumed>)          = 4
[pid   350] <... bpf resumed>)          = 4
[pid   294] <... clone resumed>, child_tidptr=0x55557760b750) = 351
[pid   350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   351] set_robust_list(0x55557760b760, 24 <unfinished ...>
[pid   350] <... bpf resumed>)          = 5
[pid   349] <... bpf resumed>)          = 5
[pid   351] <... set_robust_list resumed>) = 0
[pid   350] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   349] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   346] <... bpf resumed>)          = 5
[pid   351] chdir("./12" <unfinished ...>
[pid   350] <... openat resumed>)       = 6
[pid   349] <... openat resumed>)       = 6
[pid   348] +++ exited with 0 +++
[pid   346] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   351] <... chdir resumed>)        = 0
[pid   349] write(6, "1", 1 <unfinished ...>
[pid   346] <... openat resumed>)       = 6
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=15} ---
[pid   350] write(6, "1", 1 <unfinished ...>
[pid   349] <... write resumed>)        = 1
[pid   346] write(6, "1", 1 <unfinished ...>
[pid   290] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   350] <... write resumed>)        = 1
[pid   349] close(3 <unfinished ...>
[pid   346] <... write resumed>)        = 1
[pid   350] close(3 <unfinished ...>
[pid   349] <... close resumed>)        = 0
[pid   346] close(3 <unfinished ...>
[pid   351] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   350] <... close resumed>)        = 0
[pid   351] <... prctl resumed>)        = 0
[pid   351] setpgid(0, 0)               = 0
[pid   351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   351] write(3, "1000", 4)         = 4
[pid   351] close(3)                    = 0
[pid   351] symlink("/dev/binderfs", "./binderfs") = 0
[pid   351] write(1, "executing program\n", 18executing program
) = 18
[pid   351] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16) = 5
[pid   351] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   351] write(6, "1", 1)            = 1
[pid   351] close(3)                    = 0
[pid   290] <... restart_syscall resumed>) = 0
[pid   290] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   40.524108][  T348] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   40.532663][  T348] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000009
[   40.541121][  T348]  </TASK>
[   40.551008][  T349] FAULT_INJECTION: forcing a failure.
[   40.551008][  T349] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   40.561788][  T351] FAULT_INJECTION: forcing a failure.
[   40.561788][  T351] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   40.568323][  T346] FAULT_INJECTION: forcing a failure.
[   40.568323][  T346] name failslab, interval 1, probability 0, space 0, times 0
[   40.581660][  T351] CPU: 1 PID: 351 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   40.594705][  T350] FAULT_INJECTION: forcing a failure.
[   40.594705][  T350] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   40.604795][  T351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   40.604811][  T351] Call Trace:
[   40.604816][  T351]  <TASK>
[   40.604823][  T351]  __dump_stack+0x21/0x24
[   40.641946][  T351]  dump_stack_lvl+0xee/0x150
[   40.646618][  T351]  ? __cfi_dump_stack_lvl+0x8/0x8
[   40.652673][  T351]  ? resched_curr+0x10e/0x380
[   40.659838][  T351]  ? __cfi_resched_curr+0x10/0x10
[   40.667062][  T351]  dump_stack+0x15/0x24
[   40.672337][  T351]  should_fail_ex+0x3d4/0x520
[   40.678413][  T351]  should_fail_alloc_page+0x61/0x90
[   40.684778][  T351]  prepare_alloc_pages+0x148/0x5f0
[   40.690329][  T351]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   40.695551][  T351]  __alloc_pages+0x115/0x3a0
[   40.700948][  T351]  ? __cfi___alloc_pages+0x10/0x10
[   40.706076][  T351]  ? __kasan_check_write+0x14/0x20
[   40.711215][  T351]  ? _raw_spin_lock+0x8e/0xe0
[   40.717440][  T351]  ? __cfi__raw_spin_lock+0x10/0x10
[   40.724510][  T351]  ? sched_clock_cpu+0x6e/0x250
[   40.730189][  T351]  __folio_alloc+0x12/0x40
[   40.736901][  T351]  wp_page_copy+0x280/0x15b0
[   40.743895][  T351]  ? __this_cpu_preempt_check+0x13/0x20
[   40.750595][  T351]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   40.757902][  T351]  ? fault_dirty_shared_page+0x310/0x310
[   40.764882][  T351]  ? _raw_spin_unlock+0x4c/0x70
[   40.770125][  T351]  ? finish_task_switch+0x16b/0x7b0
[   40.775625][  T351]  ? vm_normal_page+0x99/0x200
[   40.780700][  T351]  do_wp_page+0x9f2/0xfc0
[   40.785707][  T351]  handle_mm_fault+0x10e4/0x2640
[   40.790955][  T351]  ? __cfi_handle_mm_fault+0x10/0x10
[   40.796441][  T351]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   40.801756][  T351]  ? __this_cpu_preempt_check+0x13/0x20
[   40.807497][  T351]  ? xfd_validate_state+0x70/0x150
[   40.812816][  T351]  do_user_addr_fault+0x905/0x1050
[   40.818332][  T351]  exc_page_fault+0x51/0xb0
[   40.823119][  T351]  asm_exc_page_fault+0x27/0x30
[   40.828003][  T351] RIP: 0033:0x7f42ed5cde80
[   40.832425][  T351] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   40.853778][  T351] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   40.860044][  T351] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   40.868202][  T351] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[pid   290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] unlink("./9/binderfs")      = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] close(3)                    = 0
[pid   290] rmdir("./9")                = 0
[pid   290] mkdir("./10", 0777)         = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 352
./strace-static-x86_64: Process 352 attached
[pid   352] set_robust_list(0x55557760b760, 24) = 0
[pid   352] chdir("./10")               = 0
[pid   352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   352] setpgid(0, 0)               = 0
[pid   352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   352] write(3, "1000", 4)         = 4
[pid   352] close(3)                    = 0
[pid   352] symlink("/dev/binderfs", "./binderfs") = 0
[pid   352] write(1, "executing program\n", 18executing program
) = 18
[pid   352] perf_event_open( <unfinished ...>
[pid   351] exit_group(0)               = ?
[   40.877144][  T351] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   40.886017][  T351] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   40.894183][  T351] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000c
[   40.902367][  T351]  </TASK>
[   40.905659][  T350] CPU: 0 PID: 350 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   40.912482][  T351] pagefault_out_of_memory: 3 callbacks suppressed
[   40.912506][  T351] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   40.916268][  T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   40.916282][  T350] Call Trace:
[   40.916288][  T350]  <TASK>
[   40.916296][  T350]  __dump_stack+0x21/0x24
[   40.916327][  T350]  dump_stack_lvl+0xee/0x150
[   40.916353][  T350]  ? __cfi_dump_stack_lvl+0x8/0x8
[   40.964514][  T350]  dump_stack+0x15/0x24
[   40.968844][  T350]  should_fail_ex+0x3d4/0x520
[   40.973808][  T350]  should_fail_alloc_page+0x61/0x90
[   40.979422][  T350]  prepare_alloc_pages+0x148/0x5f0
[   40.985016][  T350]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   40.990500][  T350]  ? __kasan_record_aux_stack+0xb6/0xc0
[   40.996260][  T350]  ? call_rcu+0xd4/0xf90
[   41.001322][  T350]  ? ____fput+0x15/0x20
[   41.006029][  T350]  __alloc_pages+0x115/0x3a0
[   41.010908][  T350]  ? __cfi___alloc_pages+0x10/0x10
[   41.018049][  T350]  ? __kasan_check_write+0x14/0x20
[   41.024267][  T350]  ? _raw_spin_lock+0x8e/0xe0
[   41.029064][  T350]  ? __cfi__raw_spin_lock+0x10/0x10
[   41.035760][  T350]  ? sched_clock_cpu+0x6e/0x250
[   41.041085][  T350]  __folio_alloc+0x12/0x40
[   41.045896][  T350]  wp_page_copy+0x280/0x15b0
[   41.051318][  T350]  ? __this_cpu_preempt_check+0x13/0x20
[   41.057545][  T350]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   41.064512][  T350]  ? fault_dirty_shared_page+0x310/0x310
[   41.070633][  T350]  ? _raw_spin_unlock+0x4c/0x70
[   41.075671][  T350]  ? finish_task_switch+0x16b/0x7b0
[   41.080997][  T350]  ? vm_normal_page+0x99/0x200
[   41.086404][  T350]  do_wp_page+0x9f2/0xfc0
[   41.090759][  T350]  handle_mm_fault+0x10e4/0x2640
[   41.097126][  T350]  ? __cfi_handle_mm_fault+0x10/0x10
[   41.102540][  T350]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   41.108303][  T350]  ? __this_cpu_preempt_check+0x13/0x20
[   41.114448][  T350]  ? xfd_validate_state+0x70/0x150
[   41.119960][  T350]  do_user_addr_fault+0x905/0x1050
[   41.125287][  T350]  exc_page_fault+0x51/0xb0
[   41.129996][  T350]  asm_exc_page_fault+0x27/0x30
[   41.134869][  T350] RIP: 0033:0x7f42ed5cde80
[   41.139473][  T350] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   41.159202][  T350] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   41.165476][  T350] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   41.173839][  T350] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[pid   350] exit_group(0)               = ?
[   41.182013][  T350] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   41.190621][  T350] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   41.198697][  T350] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000009
[   41.206767][  T350]  </TASK>
[   41.209801][  T346] CPU: 1 PID: 346 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   41.211899][  T350] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   41.219970][  T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   41.219985][  T346] Call Trace:
[   41.219991][  T346]  <TASK>
[   41.219997][  T346]  __dump_stack+0x21/0x24
[   41.220029][  T346]  dump_stack_lvl+0xee/0x150
[   41.220055][  T346]  ? __cfi_dump_stack_lvl+0x8/0x8
[   41.220083][  T346]  dump_stack+0x15/0x24
[   41.220107][  T346]  should_fail_ex+0x3d4/0x520
[   41.220132][  T346]  __should_failslab+0xac/0xf0
[   41.220152][  T346]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   41.220175][  T346]  should_failslab+0x9/0x20
[   41.220202][  T346]  __kmem_cache_alloc_node+0x3d/0x2c0
[   41.220231][  T346]  ? __cfi_mutex_lock+0x10/0x10
[   41.292902][  T346]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   41.299056][  T346]  __kmalloc+0xa1/0x1e0
[   41.303218][  T346]  ? __kasan_check_write+0x14/0x20
[   41.308507][  T346]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   41.315215][  T346]  tracepoint_probe_unregister+0x1e6/0x8b0
[   41.321055][  T346]  trace_event_reg+0x21c/0x260
[   41.325827][  T346]  perf_trace_event_unreg+0xcc/0x1c0
[   41.331211][  T346]  perf_trace_destroy+0xbe/0x180
[   41.336149][  T346]  tp_perf_event_destroy+0x15/0x20
[   41.341263][  T346]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   41.347186][  T346]  _free_event+0x9cd/0xce0
[   41.351616][  T346]  perf_event_release_kernel+0x819/0x8a0
[   41.358505][  T346]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   41.365732][  T346]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   41.371987][  T346]  perf_release+0x3b/0x40
[   41.376850][  T346]  ? __cfi_perf_release+0x10/0x10
[   41.383719][  T346]  __fput+0x1fc/0x8f0
[   41.388022][  T346]  ____fput+0x15/0x20
[   41.392109][  T346]  task_work_run+0x1db/0x240
[   41.397369][  T346]  ? __cfi_task_work_run+0x10/0x10
[   41.402581][  T346]  ? task_work_add+0x2b1/0x330
[   41.409275][  T346]  ptrace_notify+0x221/0x250
[   41.413891][  T346]  ? __cfi_ptrace_notify+0x10/0x10
[   41.420592][  T346]  ? fput+0x15b/0x1a0
[   41.425384][  T346]  ? filp_close+0x111/0x160
[   41.430063][  T346]  ? close_fd+0x28b/0x300
[   41.434593][  T346]  syscall_exit_work+0x84/0x140
[   41.439479][  T346]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   41.446040][  T346]  syscall_exit_to_user_mode+0xd/0x30
[   41.451706][  T346]  do_syscall_64+0x58/0xa0
[   41.456987][  T346]  ? clear_bhb_loop+0x15/0x70
[   41.462406][  T346]  ? clear_bhb_loop+0x15/0x70
[   41.468514][  T346]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   41.475863][  T346] RIP: 0033:0x7f42ed5ffa89
[   41.480669][  T346] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   41.501073][  T346] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   41.511677][  T346] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   41.520288][  T346] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   41.528665][  T346] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   41.536926][  T346] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   41.545109][  T346] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 0000000000000009
[   41.553270][  T346]  </TASK>
[   41.556859][  T349] CPU: 0 PID: 349 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   41.567817][  T349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   41.578845][  T349] Call Trace:
[   41.582523][  T349]  <TASK>
[   41.586102][  T349]  __dump_stack+0x21/0x24
[   41.590797][  T349]  dump_stack_lvl+0xee/0x150
[   41.596667][  T349]  ? __cfi_dump_stack_lvl+0x8/0x8
[   41.601798][  T349]  dump_stack+0x15/0x24
[   41.606150][  T349]  should_fail_ex+0x3d4/0x520
[   41.611182][  T349]  should_fail_alloc_page+0x61/0x90
[   41.616489][  T349]  prepare_alloc_pages+0x148/0x5f0
[   41.621882][  T349]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   41.627110][  T349]  ? __kasan_record_aux_stack+0xb6/0xc0
[   41.632961][  T349]  ? call_rcu+0xd4/0xf90
[   41.637398][  T349]  ? ____fput+0x15/0x20
[   41.641662][  T349]  __alloc_pages+0x115/0x3a0
[   41.646357][  T349]  ? __cfi___alloc_pages+0x10/0x10
[   41.651507][  T349]  ? __kasan_check_write+0x14/0x20
[   41.656821][  T349]  ? _raw_spin_lock+0x8e/0xe0
[   41.661622][  T349]  ? __cfi__raw_spin_lock+0x10/0x10
[   41.667105][  T349]  ? __this_cpu_preempt_check+0x13/0x20
[   41.672752][  T349]  __folio_alloc+0x12/0x40
[   41.677365][  T349]  wp_page_copy+0x280/0x15b0
[   41.682103][  T349]  ? __this_cpu_preempt_check+0x13/0x20
[   41.687956][  T349]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   41.694382][  T349]  ? fault_dirty_shared_page+0x310/0x310
[   41.701622][  T349]  ? _raw_spin_unlock+0x4c/0x70
[   41.707006][  T349]  ? finish_task_switch+0x16b/0x7b0
[   41.712341][  T349]  ? vm_normal_page+0x99/0x200
[   41.717441][  T349]  do_wp_page+0x9f2/0xfc0
[   41.721861][  T349]  handle_mm_fault+0x10e4/0x2640
[   41.727057][  T349]  ? __cfi_handle_mm_fault+0x10/0x10
[   41.732539][  T349]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   41.738045][  T349]  ? __this_cpu_preempt_check+0x13/0x20
[   41.743602][  T349]  ? xfd_validate_state+0x70/0x150
[   41.748825][  T349]  do_user_addr_fault+0x905/0x1050
[   41.753959][  T349]  exc_page_fault+0x51/0xb0
[   41.759213][  T349]  asm_exc_page_fault+0x27/0x30
[   41.765339][  T349] RIP: 0033:0x7f42ed5cde80
[   41.769790][  T349] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   41.792201][  T349] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   41.798308][  T349] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   41.808228][  T349] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   41.816330][  T349] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   41.824479][  T349] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[pid   351] +++ exited with 0 +++
[pid   350] +++ exited with 0 +++
[pid   349] exit_group(0)               = ?
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=19} ---
[pid   294] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   291] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   291] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] unlink("./9/binderfs")      = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] close(3)                    = 0
[pid   291] rmdir("./9")                = 0
[pid   291] mkdir("./10", 0777)         = 0
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 353 attached
, child_tidptr=0x55557760b750) = 353
[pid   353] set_robust_list(0x55557760b760, 24) = 0
[pid   353] chdir("./10")               = 0
[pid   353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   353] setpgid(0, 0)               = 0
[pid   353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   353] write(3, "1000", 4)         = 4
[pid   353] close(3)                    = 0
[pid   353] symlink("/dev/binderfs", "./binderfs") = 0
[pid   353] write(1, "executing program\n", 18executing program
) = 18
[pid   353] perf_event_open( <unfinished ...>
[pid   294] <... restart_syscall resumed>) = 0
[pid   294] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./12/binderfs")     = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[pid   294] rmdir("./12")               = 0
[pid   294] mkdir("./13", 0777)         = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 354
./strace-static-x86_64: Process 354 attached
[pid   354] set_robust_list(0x55557760b760, 24) = 0
[pid   354] chdir("./13" <unfinished ...>
[pid   349] +++ exited with 0 +++
[pid   346] <... close resumed>)        = 0
[pid   353] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   352] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=10} ---
[pid   353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   346] exit_group(0 <unfinished ...>
[pid   293] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   354] <... chdir resumed>)        = 0
[pid   346] <... exit_group resumed>)   = ?
[pid   353] <... bpf resumed>)          = 4
[pid   352] <... bpf resumed>)          = 4
[pid   352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16) = 5
[pid   352] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   346] +++ exited with 0 +++
[pid   353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   352] write(6, "1", 1 <unfinished ...>
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=26} ---
[pid   352] <... write resumed>)        = 1
[pid   292] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   352] close(3)                    = 0
[   41.832483][  T349] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000a
[   41.840472][  T349]  </TASK>
[   41.844108][  T349] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   41.870164][  T352] FAULT_INJECTION: forcing a failure.
[   41.870164][  T352] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[pid   354] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   353] <... bpf resumed>)          = 5
[pid   353] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   353] write(6, "1", 1)            = 1
[pid   353] close(3 <unfinished ...>
[pid   293] <... restart_syscall resumed>) = 0
[pid   292] <... restart_syscall resumed>) = 0
[pid   293] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   293] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   293] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   292] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   293] <... openat resumed>)       = 3
[pid   292] <... openat resumed>)       = 3
[   41.871107][  T353] FAULT_INJECTION: forcing a failure.
[   41.871107][  T353] name failslab, interval 1, probability 0, space 0, times 0
[   41.886233][  T352] CPU: 1 PID: 352 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   41.908951][  T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   41.919286][  T352] Call Trace:
[   41.923682][  T352]  <TASK>
[   41.928311][  T352]  __dump_stack+0x21/0x24
[   41.933640][  T352]  dump_stack_lvl+0xee/0x150
[pid   354] <... prctl resumed>)        = 0
[pid   293] newfstatat(3, "",  <unfinished ...>
[pid   292] newfstatat(3, "",  <unfinished ...>
[pid   354] setpgid(0, 0)               = 0
[pid   354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   354] write(3, "1000", 4)         = 4
[pid   354] close(3)                    = 0
[pid   354] symlink("/dev/binderfs", "./binderfs") = 0
[pid   354] write(1, "executing program\n", 18executing program
) = 18
[   41.938365][  T352]  ? __cfi_dump_stack_lvl+0x8/0x8
[   41.943522][  T352]  dump_stack+0x15/0x24
[   41.947712][  T352]  should_fail_ex+0x3d4/0x520
[   41.952404][  T352]  should_fail_alloc_page+0x61/0x90
[   41.957698][  T352]  prepare_alloc_pages+0x148/0x5f0
[   41.964051][  T352]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   41.969627][  T352]  ? __kasan_record_aux_stack+0xb6/0xc0
[   41.976905][  T352]  ? call_rcu+0xd4/0xf90
[   41.982029][  T352]  ? ____fput+0x15/0x20
[   41.986207][  T352]  __alloc_pages+0x115/0x3a0
[   41.990998][  T352]  ? __cfi___alloc_pages+0x10/0x10
[   41.996222][  T352]  ? __kasan_check_write+0x14/0x20
[   42.001455][  T352]  ? _raw_spin_lock+0x8e/0xe0
[   42.006177][  T352]  ? __cfi__raw_spin_lock+0x10/0x10
[   42.011387][  T352]  ? __this_cpu_preempt_check+0x13/0x20
[   42.017074][  T352]  __folio_alloc+0x12/0x40
[   42.021502][  T352]  wp_page_copy+0x280/0x15b0
[   42.026221][  T352]  ? __this_cpu_preempt_check+0x13/0x20
[   42.031804][  T352]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   42.038240][  T352]  ? fault_dirty_shared_page+0x310/0x310
[   42.043981][  T352]  ? _raw_spin_unlock+0x4c/0x70
[   42.048867][  T352]  ? finish_task_switch+0x16b/0x7b0
[   42.054143][  T352]  ? vm_normal_page+0x99/0x200
[   42.059212][  T352]  do_wp_page+0x9f2/0xfc0
[   42.063850][  T352]  handle_mm_fault+0x10e4/0x2640
[   42.069537][  T352]  ? __cfi_handle_mm_fault+0x10/0x10
[   42.075111][  T352]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   42.081142][  T352]  ? __this_cpu_preempt_check+0x13/0x20
[   42.086891][  T352]  ? xfd_validate_state+0x70/0x150
[   42.092545][  T352]  do_user_addr_fault+0x905/0x1050
[   42.098124][  T352]  exc_page_fault+0x51/0xb0
[   42.103448][  T352]  asm_exc_page_fault+0x27/0x30
[   42.108610][  T352] RIP: 0033:0x7f42ed5cde80
[   42.113190][  T352] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   42.133908][  T352] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[pid   354] perf_event_open(executing program
 <unfinished ...>
[pid   293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3,  <unfinished ...>
[pid   292] getdents64(3,  <unfinished ...>
[pid   293] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   293] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./10/binderfs",  <unfinished ...>
[pid   292] newfstatat(AT_FDCWD, "./9/binderfs",  <unfinished ...>
[pid   293] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./10/binderfs" <unfinished ...>
[pid   292] unlink("./9/binderfs" <unfinished ...>
[pid   293] <... unlink resumed>)       = 0
[pid   292] <... unlink resumed>)       = 0
[pid   293] getdents64(3,  <unfinished ...>
[pid   292] getdents64(3,  <unfinished ...>
[pid   293] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3 <unfinished ...>
[pid   292] close(3 <unfinished ...>
[pid   293] <... close resumed>)        = 0
[pid   292] <... close resumed>)        = 0
[pid   293] rmdir("./10" <unfinished ...>
[pid   292] rmdir("./9" <unfinished ...>
[pid   293] <... rmdir resumed>)        = 0
[pid   292] <... rmdir resumed>)        = 0
[pid   293] mkdir("./11", 0777 <unfinished ...>
[pid   292] mkdir("./10", 0777 <unfinished ...>
[pid   293] <... mkdir resumed>)        = 0
[pid   292] <... mkdir resumed>)        = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   293] <... clone resumed>, child_tidptr=0x55557760b750) = 356
[pid   292] <... clone resumed>, child_tidptr=0x55557760b750) = 355
./strace-static-x86_64: Process 355 attached
[pid   355] set_robust_list(0x55557760b760, 24) = 0
[pid   355] chdir("./10")               = 0
[pid   355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   355] setpgid(0, 0)               = 0
[pid   355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   355] write(3, "1000", 4)         = 4
[pid   355] close(3)                    = 0
[pid   355] symlink("/dev/binderfs", "./binderfs") = 0
[pid   355] write(1, "executing program\n", 18) = 18
[   42.139994][  T352] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   42.148094][  T352] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   42.156124][  T352] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   42.164408][  T352] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   42.173008][  T352] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000a
[   42.181662][  T352]  </TASK>
[pid   355] perf_event_open(executing program
./strace-static-x86_64: Process 356 attached
 <unfinished ...>
[pid   356] set_robust_list(0x55557760b760, 24) = 0
[pid   356] chdir("./11")               = 0
[pid   356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   356] setpgid(0, 0)               = 0
[pid   356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   356] write(3, "1000", 4)         = 4
[pid   356] close(3)                    = 0
[pid   356] symlink("/dev/binderfs", "./binderfs") = 0
[pid   356] write(1, "executing program\n", 18) = 18
[pid   356] perf_event_open( <unfinished ...>
[pid   352] exit_group(0)               = ?
[   42.184969][  T353] CPU: 0 PID: 353 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   42.195316][  T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   42.195902][  T352] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   42.205564][  T353] Call Trace:
[   42.205577][  T353]  <TASK>
[   42.205585][  T353]  __dump_stack+0x21/0x24
[   42.224270][  T353]  dump_stack_lvl+0xee/0x150
[   42.228869][  T353]  ? __cfi_dump_stack_lvl+0x8/0x8
[   42.233983][  T353]  dump_stack+0x15/0x24
[   42.238257][  T353]  should_fail_ex+0x3d4/0x520
[   42.242943][  T353]  __should_failslab+0xac/0xf0
[   42.247806][  T353]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   42.253973][  T353]  should_failslab+0x9/0x20
[   42.258952][  T353]  __kmem_cache_alloc_node+0x3d/0x2c0
[   42.266292][  T353]  ? __cfi_mutex_lock+0x10/0x10
[   42.271462][  T353]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   42.278038][  T353]  __kmalloc+0xa1/0x1e0
[   42.282487][  T353]  ? __kasan_check_write+0x14/0x20
[   42.287682][  T353]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   42.295060][  T353]  tracepoint_probe_unregister+0x1e6/0x8b0
[   42.301251][  T353]  trace_event_reg+0x21c/0x260
[   42.306119][  T353]  perf_trace_event_unreg+0xcc/0x1c0
[   42.311421][  T353]  perf_trace_destroy+0xbe/0x180
[   42.317223][  T353]  tp_perf_event_destroy+0x15/0x20
[   42.322888][  T353]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   42.328949][  T353]  _free_event+0x9cd/0xce0
[   42.333851][  T353]  perf_event_release_kernel+0x819/0x8a0
[   42.339771][  T353]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   42.345982][  T353]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   42.352338][  T353]  perf_release+0x3b/0x40
[   42.356768][  T353]  ? __cfi_perf_release+0x10/0x10
[   42.362172][  T353]  __fput+0x1fc/0x8f0
[   42.366261][  T353]  ____fput+0x15/0x20
[   42.370282][  T353]  task_work_run+0x1db/0x240
[   42.375510][  T353]  ? __cfi_task_work_run+0x10/0x10
[   42.381098][  T353]  ? task_work_add+0x2b1/0x330
[   42.385976][  T353]  ptrace_notify+0x221/0x250
[   42.391462][  T353]  ? __cfi_ptrace_notify+0x10/0x10
[   42.396671][  T353]  ? fput+0x15b/0x1a0
[   42.400654][  T353]  ? filp_close+0x111/0x160
[   42.405358][  T353]  ? close_fd+0x28b/0x300
[   42.409987][  T353]  syscall_exit_work+0x84/0x140
[   42.414938][  T353]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   42.421916][  T353]  syscall_exit_to_user_mode+0xd/0x30
[   42.428466][  T353]  do_syscall_64+0x58/0xa0
[   42.433194][  T353]  ? clear_bhb_loop+0x15/0x70
[   42.439117][  T353]  ? clear_bhb_loop+0x15/0x70
[   42.444282][  T353]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   42.450299][  T353] RIP: 0033:0x7f42ed5ffa89
[   42.454813][  T353] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   42.475862][  T353] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[pid   352] +++ exited with 0 +++
[pid   356] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   355] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   354] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   353] <... close resumed>)        = 0
[pid   356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid   355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   353] exit_group(0 <unfinished ...>
[pid   290] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   356] <... bpf resumed>)          = 4
[pid   355] <... bpf resumed>)          = 4
[pid   355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   355] <... bpf resumed>)          = 5
[pid   354] <... bpf resumed>)          = 4
[pid   353] <... exit_group resumed>)   = ?
[pid   356] <... bpf resumed>)          = 5
[pid   355] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   356] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   354] <... bpf resumed>)          = 5
[pid   356] <... openat resumed>)       = 6
[pid   355] <... openat resumed>)       = 6
[pid   354] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   356] write(6, "1", 1 <unfinished ...>
[pid   355] write(6, "1", 1 <unfinished ...>
[pid   354] <... openat resumed>)       = 6
[pid   356] <... write resumed>)        = 1
[pid   354] write(6, "1", 1 <unfinished ...>
[pid   356] close(3 <unfinished ...>
[pid   354] <... write resumed>)        = 1
[pid   356] <... close resumed>)        = 0
[pid   354] close(3 <unfinished ...>
[pid   355] <... write resumed>)        = 1
[pid   354] <... close resumed>)        = 0
[pid   353] +++ exited with 0 +++
[   42.484553][  T353] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   42.492901][  T353] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   42.501415][  T353] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   42.509570][  T353] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   42.518060][  T353] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000a
[   42.526042][  T353]  </TASK>
[pid   355] close(3 <unfinished ...>
[pid   290] <... restart_syscall resumed>) = 0
[   42.537211][  T356] FAULT_INJECTION: forcing a failure.
[   42.537211][  T356] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   42.538439][  T355] FAULT_INJECTION: forcing a failure.
[   42.538439][  T355] name failslab, interval 1, probability 0, space 0, times 0
[   42.551800][  T354] FAULT_INJECTION: forcing a failure.
[   42.551800][  T354] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[pid   290] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] unlink("./10/binderfs")     = 0
[pid   290] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] close(3)                    = 0
[pid   290] rmdir("./10")               = 0
[pid   290] mkdir("./11", 0777)         = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 357
./strace-static-x86_64: Process 357 attached
[pid   357] set_robust_list(0x55557760b760, 24) = 0
[pid   357] chdir("./11")               = 0
[pid   357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   357] setpgid(0, 0)               = 0
[pid   357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   357] write(3, "1000", 4)         = 4
[   42.566220][  T356] CPU: 1 PID: 356 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   42.593833][  T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   42.605295][  T356] Call Trace:
[   42.608840][  T356]  <TASK>
[   42.612194][  T356]  __dump_stack+0x21/0x24
[   42.616909][  T356]  dump_stack_lvl+0xee/0x150
[   42.622671][  T356]  ? __cfi_dump_stack_lvl+0x8/0x8
[   42.628316][  T356]  dump_stack+0x15/0x24
[   42.632602][  T356]  should_fail_ex+0x3d4/0x520
[   42.637332][  T356]  should_fail_alloc_page+0x61/0x90
[pid   357] close(3)                    = 0
[pid   357] symlink("/dev/binderfs", "./binderfs") = 0
[pid   357] write(1, "executing program\n", 18executing program
) = 18
[   42.643302][  T356]  prepare_alloc_pages+0x148/0x5f0
[   42.648634][  T356]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   42.653946][  T356]  ? __kasan_record_aux_stack+0xb6/0xc0
[   42.660144][  T356]  __alloc_pages+0x115/0x3a0
[   42.665229][  T356]  ? __cfi___alloc_pages+0x10/0x10
[   42.670594][  T356]  ? __kasan_check_write+0x14/0x20
[   42.676191][  T356]  ? _raw_spin_lock+0x8e/0xe0
[   42.681067][  T356]  ? __cfi__raw_spin_lock+0x10/0x10
[   42.686471][  T356]  ? sched_clock_cpu+0x6e/0x250
[   42.691920][  T356]  __folio_alloc+0x12/0x40
[   42.697970][  T356]  wp_page_copy+0x280/0x15b0
[   42.703089][  T356]  ? __this_cpu_preempt_check+0x13/0x20
[   42.708969][  T356]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   42.715320][  T356]  ? fault_dirty_shared_page+0x310/0x310
[   42.721728][  T356]  ? _raw_spin_unlock+0x4c/0x70
[   42.728608][  T356]  ? finish_task_switch+0x16b/0x7b0
[   42.735092][  T356]  ? vm_normal_page+0x99/0x200
[   42.741040][  T356]  do_wp_page+0x9f2/0xfc0
[   42.745687][  T356]  handle_mm_fault+0x10e4/0x2640
[   42.751570][  T356]  ? __cfi_handle_mm_fault+0x10/0x10
[   42.757693][  T356]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   42.764132][  T356]  ? __this_cpu_preempt_check+0x13/0x20
[   42.771998][  T356]  ? xfd_validate_state+0x70/0x150
[   42.777658][  T356]  do_user_addr_fault+0x905/0x1050
[   42.783496][  T356]  exc_page_fault+0x51/0xb0
[   42.788933][  T356]  asm_exc_page_fault+0x27/0x30
[   42.795301][  T356] RIP: 0033:0x7f42ed5cde80
[   42.800502][  T356] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   42.825523][  T356] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   42.831712][  T356] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   42.840050][  T356] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   42.848324][  T356] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   42.856846][  T356] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   42.867198][  T356] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000b
[   42.875605][  T356]  </TASK>
[   42.878872][  T355] CPU: 0 PID: 355 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[pid   357] perf_event_open( <unfinished ...>
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=28} ---
[pid   291] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   291] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] unlink("./10/binderfs")     = 0
[pid   291] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] close(3)                    = 0
[pid   291] rmdir("./10")               = 0
[pid   291] mkdir("./11", 0777)         = 0
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 358
[pid   356] exit_group(0)               = ?
[   42.884488][  T356] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   42.890008][  T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   42.890026][  T355] Call Trace:
[   42.890033][  T355]  <TASK>
[   42.890041][  T355]  __dump_stack+0x21/0x24
[   42.921268][  T355]  dump_stack_lvl+0xee/0x150
[   42.926949][  T355]  ? __cfi_dump_stack_lvl+0x8/0x8
[   42.932295][  T355]  dump_stack+0x15/0x24
[   42.937371][  T355]  should_fail_ex+0x3d4/0x520
[   42.942527][  T355]  __should_failslab+0xac/0xf0
[   42.947313][  T355]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   42.953317][  T355]  should_failslab+0x9/0x20
[   42.958193][  T355]  __kmem_cache_alloc_node+0x3d/0x2c0
[   42.963850][  T355]  ? __cfi_mutex_lock+0x10/0x10
[   42.969101][  T355]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   42.977208][  T355]  __kmalloc+0xa1/0x1e0
[   42.983871][  T355]  ? __kasan_check_write+0x14/0x20
[   42.989813][  T355]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   42.996734][  T355]  tracepoint_probe_unregister+0x1e6/0x8b0
[   43.002572][  T355]  trace_event_reg+0x21c/0x260
[   43.007355][  T355]  perf_trace_event_unreg+0xcc/0x1c0
[   43.012734][  T355]  perf_trace_destroy+0xbe/0x180
[   43.018996][  T355]  tp_perf_event_destroy+0x15/0x20
[   43.024154][  T355]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   43.030329][  T355]  _free_event+0x9cd/0xce0
[   43.034889][  T355]  perf_event_release_kernel+0x819/0x8a0
./strace-static-x86_64: Process 358 attached
[pid   358] set_robust_list(0x55557760b760, 24) = 0
[pid   358] chdir("./11")               = 0
[pid   358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   358] setpgid(0, 0)               = 0
[pid   358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   358] write(3, "1000", 4)         = 4
[pid   358] close(3)                    = 0
[pid   358] symlink("/dev/binderfs", "./binderfs") = 0
[pid   358] write(1, "executing program\n", 18executing program
) = 18
[   43.040528][  T355]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   43.046702][  T355]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   43.052906][  T355]  perf_release+0x3b/0x40
[   43.057241][  T355]  ? __cfi_perf_release+0x10/0x10
[   43.063684][  T355]  __fput+0x1fc/0x8f0
[   43.068171][  T355]  ____fput+0x15/0x20
[   43.072610][  T355]  task_work_run+0x1db/0x240
[   43.077571][  T355]  ? __cfi_task_work_run+0x10/0x10
[   43.083143][  T355]  ? task_work_add+0x2b1/0x330
[   43.087960][  T355]  ptrace_notify+0x221/0x250
[   43.093472][  T355]  ? __cfi_ptrace_notify+0x10/0x10
[   43.098793][  T355]  ? fput+0x15b/0x1a0
[   43.102882][  T355]  ? filp_close+0x111/0x160
[   43.107567][  T355]  ? close_fd+0x28b/0x300
[   43.112077][  T355]  syscall_exit_work+0x84/0x140
[   43.117648][  T355]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   43.124809][  T355]  syscall_exit_to_user_mode+0xd/0x30
[   43.130824][  T355]  do_syscall_64+0x58/0xa0
[   43.135690][  T355]  ? clear_bhb_loop+0x15/0x70
[   43.140499][  T355]  ? clear_bhb_loop+0x15/0x70
[   43.145288][  T355]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   43.151208][  T355] RIP: 0033:0x7f42ed5ffa89
[   43.155736][  T355] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   43.178350][  T355] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   43.188623][  T355] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   43.197074][  T355] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   43.205146][  T355] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   43.213387][  T355] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   43.221820][  T355] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000a
[   43.230079][  T355]  </TASK>
[   43.233382][  T354] CPU: 1 PID: 354 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   43.243962][  T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   43.254205][  T354] Call Trace:
[   43.257500][  T354]  <TASK>
[   43.260536][  T354]  __dump_stack+0x21/0x24
[   43.265115][  T354]  dump_stack_lvl+0xee/0x150
[   43.270075][  T354]  ? __cfi_dump_stack_lvl+0x8/0x8
[   43.276516][  T354]  ? __cfi_enqueue_task_fair+0x10/0x10
[   43.282518][  T354]  dump_stack+0x15/0x24
[   43.287848][  T354]  should_fail_ex+0x3d4/0x520
[   43.292783][  T354]  should_fail_alloc_page+0x61/0x90
[   43.298180][  T354]  prepare_alloc_pages+0x148/0x5f0
[   43.303673][  T354]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   43.309069][  T354]  __alloc_pages+0x115/0x3a0
[   43.313772][  T354]  ? __cfi___alloc_pages+0x10/0x10
[   43.318994][  T354]  ? __kasan_check_write+0x14/0x20
[   43.324479][  T354]  ? _raw_spin_lock+0x8e/0xe0
[   43.329489][  T354]  ? __cfi__raw_spin_lock+0x10/0x10
[   43.335402][  T354]  ? sched_clock_cpu+0x6e/0x250
[   43.340719][  T354]  __folio_alloc+0x12/0x40
[   43.345253][  T354]  wp_page_copy+0x280/0x15b0
[   43.349887][  T354]  ? __this_cpu_preempt_check+0x13/0x20
[   43.355716][  T354]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   43.362262][  T354]  ? fault_dirty_shared_page+0x310/0x310
[   43.368286][  T354]  ? __kasan_check_write+0x14/0x20
[   43.373603][  T354]  ? finish_task_switch+0x209/0x7b0
[   43.379610][  T354]  ? vm_normal_page+0x99/0x200
[   43.385316][  T354]  do_wp_page+0x9f2/0xfc0
[   43.390365][  T354]  handle_mm_fault+0x10e4/0x2640
[   43.395781][  T354]  ? __cfi_handle_mm_fault+0x10/0x10
[   43.401086][  T354]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   43.406762][  T354]  ? __this_cpu_preempt_check+0x13/0x20
[   43.412846][  T354]  ? xfd_validate_state+0x70/0x150
[   43.419481][  T354]  do_user_addr_fault+0x905/0x1050
[   43.425431][  T354]  exc_page_fault+0x51/0xb0
[   43.430326][  T354]  asm_exc_page_fault+0x27/0x30
[   43.435636][  T354] RIP: 0033:0x7f42ed5cde80
[   43.440060][  T354] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   43.461066][  T354] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   43.467845][  T354] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   43.476319][  T354] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   43.485265][  T354] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[pid   358] perf_event_open( <unfinished ...>
[pid   354] exit_group(0)               = ?
[pid   356] +++ exited with 0 +++
[pid   354] +++ exited with 0 +++
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
[pid   293] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   358] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   357] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   355] <... close resumed>)        = 0
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=54} ---
[pid   358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   294] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   355] exit_group(0 <unfinished ...>
[pid   358] <... bpf resumed>)          = 4
[pid   355] <... exit_group resumed>)   = ?
[pid   358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   357] <... bpf resumed>)          = 4
[pid   358] <... bpf resumed>)          = 5
[pid   358] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   358] <... openat resumed>)       = 6
[pid   358] write(6, "1", 1)            = 1
[pid   358] close(3)                    = 0
[pid   357] <... bpf resumed>)          = 5
[pid   355] +++ exited with 0 +++
[pid   357] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid   357] write(6, "1", 1)            = 1
[   43.493781][  T354] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   43.502210][  T354] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000d
[   43.510654][  T354]  </TASK>
[   43.513998][  T354] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   43.529549][  T358] FAULT_INJECTION: forcing a failure.
[   43.529549][  T358] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[pid   357] close(3 <unfinished ...>
[pid   294] <... restart_syscall resumed>) = 0
[pid   293] <... restart_syscall resumed>) = 0
[pid   294] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./13/binderfs")     = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[pid   294] rmdir("./13")               = 0
[pid   294] mkdir("./14", 0777)         = 0
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 359
[   43.532687][  T357] FAULT_INJECTION: forcing a failure.
[   43.532687][  T357] name failslab, interval 1, probability 0, space 0, times 0
[   43.543496][  T358] CPU: 0 PID: 358 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   43.567359][  T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   43.577934][  T358] Call Trace:
[   43.581815][  T358]  <TASK>
[   43.585202][  T358]  __dump_stack+0x21/0x24
[   43.589563][  T358]  dump_stack_lvl+0xee/0x150
[pid   293] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   293] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   293] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] unlink("./11/binderfs")     = 0
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] close(3)                    = 0
[pid   293] rmdir("./11")               = 0
[pid   293] mkdir("./12", 0777)         = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 360
./strace-static-x86_64: Process 360 attached
[pid   360] set_robust_list(0x55557760b760, 24) = 0
[pid   360] chdir("./12")               = 0
[pid   360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   360] setpgid(0, 0)               = 0
[pid   360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   360] write(3, "1000", 4)         = 4
[pid   360] close(3)                    = 0
[pid   360] symlink("/dev/binderfs", "./binderfs") = 0
[pid   360] write(1, "executing program\n", 18executing program
) = 18
[   43.594167][  T358]  ? __cfi_dump_stack_lvl+0x8/0x8
[   43.599209][  T358]  ? __cfi_enqueue_task_fair+0x10/0x10
[   43.604680][  T358]  dump_stack+0x15/0x24
[   43.608904][  T358]  should_fail_ex+0x3d4/0x520
[   43.614220][  T358]  should_fail_alloc_page+0x61/0x90
[   43.619644][  T358]  prepare_alloc_pages+0x148/0x5f0
[   43.625053][  T358]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   43.630376][  T358]  __alloc_pages+0x115/0x3a0
[   43.634992][  T358]  ? __cfi___alloc_pages+0x10/0x10
[   43.640114][  T358]  ? __kasan_check_write+0x14/0x20
[   43.645256][  T358]  ? _raw_spin_lock+0x8e/0xe0
[   43.650042][  T358]  ? __cfi__raw_spin_lock+0x10/0x10
[   43.655615][  T358]  ? __this_cpu_preempt_check+0x13/0x20
[   43.662710][  T358]  __folio_alloc+0x12/0x40
[   43.667422][  T358]  wp_page_copy+0x280/0x15b0
[   43.672272][  T358]  ? __this_cpu_preempt_check+0x13/0x20
[   43.678994][  T358]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   43.685626][  T358]  ? fault_dirty_shared_page+0x310/0x310
[   43.691815][  T358]  ? _raw_spin_unlock+0x4c/0x70
[pid   360] perf_event_open(./strace-static-x86_64: Process 359 attached
 <unfinished ...>
[pid   359] set_robust_list(0x55557760b760, 24) = 0
[pid   359] chdir("./14")               = 0
[pid   359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   359] setpgid(0, 0)               = 0
[pid   359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "1000", 4)         = 4
[pid   359] close(3)                    = 0
[pid   359] symlink("/dev/binderfs", "./binderfs") = 0
[pid   359] write(1, "executing program\n", 18executing program
) = 18
[   43.696807][  T358]  ? finish_task_switch+0x16b/0x7b0
[   43.702400][  T358]  ? vm_normal_page+0x99/0x200
[   43.707478][  T358]  do_wp_page+0x9f2/0xfc0
[   43.712539][  T358]  handle_mm_fault+0x10e4/0x2640
[   43.717952][  T358]  ? __cfi_handle_mm_fault+0x10/0x10
[   43.723386][  T358]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   43.729355][  T358]  ? __this_cpu_preempt_check+0x13/0x20
[   43.735193][  T358]  ? xfd_validate_state+0x70/0x150
[   43.740444][  T358]  do_user_addr_fault+0x905/0x1050
[   43.745586][  T358]  exc_page_fault+0x51/0xb0
[   43.750141][  T358]  asm_exc_page_fault+0x27/0x30
[   43.755072][  T358] RIP: 0033:0x7f42ed5cde80
[   43.760054][  T358] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   43.780363][  T358] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   43.787788][  T358] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid   359] perf_event_open( <unfinished ...>
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=10} ---
[pid   292] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   292] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   292] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   292] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] unlink("./10/binderfs")     = 0
[pid   292] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] close(3)                    = 0
[pid   292] rmdir("./10")               = 0
[pid   292] mkdir("./11", 0777)         = 0
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 361
./strace-static-x86_64: Process 361 attached
[pid   361] set_robust_list(0x55557760b760, 24) = 0
[pid   361] chdir("./11")               = 0
[pid   361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   361] setpgid(0, 0)               = 0
[pid   361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   361] write(3, "1000", 4)         = 4
[pid   361] close(3)                    = 0
[pid   361] symlink("/dev/binderfs", "./binderfs") = 0
[pid   361] write(1, "executing program\n", 18executing program
) = 18
[   43.795870][  T358] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   43.804218][  T358] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   43.812476][  T358] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   43.821102][  T358] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000b
[   43.829388][  T358]  </TASK>
[   43.832471][  T357] CPU: 1 PID: 357 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[pid   361] perf_event_open( <unfinished ...>
[pid   358] exit_group(0)               = ?
[   43.834765][  T358] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   43.844052][  T357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   43.844073][  T357] Call Trace:
[   43.844080][  T357]  <TASK>
[   43.844089][  T357]  __dump_stack+0x21/0x24
[   43.844122][  T357]  dump_stack_lvl+0xee/0x150
[   43.880126][  T357]  ? __cfi_dump_stack_lvl+0x8/0x8
[   43.885263][  T357]  dump_stack+0x15/0x24
[   43.889566][  T357]  should_fail_ex+0x3d4/0x520
[   43.894610][  T357]  __should_failslab+0xac/0xf0
[   43.899412][  T357]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   43.905566][  T357]  should_failslab+0x9/0x20
[   43.910248][  T357]  __kmem_cache_alloc_node+0x3d/0x2c0
[   43.915641][  T357]  ? __cfi_mutex_lock+0x10/0x10
[   43.920510][  T357]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   43.926765][  T357]  __kmalloc+0xa1/0x1e0
[   43.930950][  T357]  ? __kasan_check_write+0x14/0x20
[   43.936083][  T357]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   43.942850][  T357]  tracepoint_probe_unregister+0x1e6/0x8b0
[   43.948780][  T357]  trace_event_reg+0x21c/0x260
[   43.953565][  T357]  perf_trace_event_unreg+0xcc/0x1c0
[   43.959205][  T357]  perf_trace_destroy+0xbe/0x180
[   43.965477][  T357]  tp_perf_event_destroy+0x15/0x20
[   43.970691][  T357]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   43.977814][  T357]  _free_event+0x9cd/0xce0
[   43.982706][  T357]  perf_event_release_kernel+0x819/0x8a0
[   43.988440][  T357]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   43.994716][  T357]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   44.000980][  T357]  perf_release+0x3b/0x40
[   44.005450][  T357]  ? __cfi_perf_release+0x10/0x10
[   44.010683][  T357]  __fput+0x1fc/0x8f0
[   44.015470][  T357]  ____fput+0x15/0x20
[   44.019575][  T357]  task_work_run+0x1db/0x240
[   44.024274][  T357]  ? __cfi_task_work_run+0x10/0x10
[   44.029568][  T357]  ? task_work_add+0x2b1/0x330
[   44.034344][  T357]  ptrace_notify+0x221/0x250
[   44.039049][  T357]  ? __cfi_ptrace_notify+0x10/0x10
[   44.044627][  T357]  ? fput+0x15b/0x1a0
[   44.048757][  T357]  ? filp_close+0x111/0x160
[   44.053278][  T357]  ? close_fd+0x28b/0x300
[   44.058413][  T357]  syscall_exit_work+0x84/0x140
[   44.063515][  T357]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   44.070134][  T357]  syscall_exit_to_user_mode+0xd/0x30
[   44.076333][  T357]  do_syscall_64+0x58/0xa0
[   44.081894][  T357]  ? clear_bhb_loop+0x15/0x70
[   44.087553][  T357]  ? clear_bhb_loop+0x15/0x70
[   44.093287][  T357]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   44.099491][  T357] RIP: 0033:0x7f42ed5ffa89
[   44.103915][  T357] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   44.125327][  T357] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   44.134272][  T357] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[pid   358] +++ exited with 0 +++
[pid   360] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   361] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   359] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
[pid   361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   357] <... close resumed>)        = 0
[pid   291] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   361] <... bpf resumed>)          = 4
[pid   360] <... bpf resumed>)          = 4
[pid   359] <... bpf resumed>)          = 4
[pid   357] exit_group(0 <unfinished ...>
[pid   361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   357] <... exit_group resumed>)   = ?
[pid   361] <... bpf resumed>)          = 5
[pid   360] <... bpf resumed>)          = 5
[pid   359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   361] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   360] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   359] <... bpf resumed>)          = 5
[pid   359] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   361] <... openat resumed>)       = 6
[pid   360] <... openat resumed>)       = 6
[pid   359] <... openat resumed>)       = 6
[pid   291] <... restart_syscall resumed>) = 0
[pid   361] write(6, "1", 1 <unfinished ...>
[pid   360] write(6, "1", 1 <unfinished ...>
[pid   359] write(6, "1", 1 <unfinished ...>
[pid   361] <... write resumed>)        = 1
[pid   360] <... write resumed>)        = 1
[pid   359] <... write resumed>)        = 1
[pid   357] +++ exited with 0 +++
[   44.142345][  T357] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   44.150389][  T357] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   44.158753][  T357] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   44.167913][  T357] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000b
[   44.176263][  T357]  </TASK>
[pid   361] close(3 <unfinished ...>
[pid   360] close(3 <unfinished ...>
[pid   359] close(3 <unfinished ...>
[pid   291] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   361] <... close resumed>)        = 0
[pid   359] <... close resumed>)        = 0
[pid   291] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=24} ---
[pid   291] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   290] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   291] <... openat resumed>)       = 3
[pid   290] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   291] newfstatat(3, "",  <unfinished ...>
[pid   290] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   290] <... openat resumed>)       = 3
[pid   291] getdents64(3,  <unfinished ...>
[pid   290] newfstatat(3, "",  <unfinished ...>
[pid   291] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   291] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   290] getdents64(3,  <unfinished ...>
[pid   291] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   290] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   291] newfstatat(AT_FDCWD, "./11/binderfs",  <unfinished ...>
[pid   290] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   291] unlink("./11/binderfs" <unfinished ...>
[pid   290] newfstatat(AT_FDCWD, "./11/binderfs",  <unfinished ...>
[pid   291] <... unlink resumed>)       = 0
[pid   290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   291] getdents64(3,  <unfinished ...>
[pid   290] unlink("./11/binderfs" <unfinished ...>
[pid   291] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   290] <... unlink resumed>)       = 0
[pid   291] close(3 <unfinished ...>
[pid   290] getdents64(3,  <unfinished ...>
[pid   291] <... close resumed>)        = 0
[pid   290] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   291] rmdir("./11" <unfinished ...>
[pid   290] close(3 <unfinished ...>
[pid   291] <... rmdir resumed>)        = 0
executing program
[pid   290] <... close resumed>)        = 0
[pid   291] mkdir("./12", 0777 <unfinished ...>
[pid   290] rmdir("./11" <unfinished ...>
[pid   291] <... mkdir resumed>)        = 0
[pid   290] <... rmdir resumed>)        = 0
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   290] mkdir("./12", 0777)         = 0
[pid   291] <... clone resumed>, child_tidptr=0x55557760b750) = 362
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 363
./strace-static-x86_64: Process 363 attached
[pid   363] set_robust_list(0x55557760b760, 24) = 0
[pid   363] chdir("./12")               = 0
[pid   363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   363] setpgid(0, 0)               = 0
[pid   363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   363] write(3, "1000", 4)         = 4
[pid   363] close(3)                    = 0
[pid   363] symlink("/dev/binderfs", "./binderfs") = 0
[pid   363] write(1, "executing program\n", 18) = 18
[   44.202160][  T360] FAULT_INJECTION: forcing a failure.
[   44.202160][  T360] name failslab, interval 1, probability 0, space 0, times 0
[   44.202384][  T359] FAULT_INJECTION: forcing a failure.
[   44.202384][  T359] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   44.215105][  T361] FAULT_INJECTION: forcing a failure.
[   44.215105][  T361] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   44.241747][  T359] CPU: 0 PID: 359 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   44.241777][  T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   44.241789][  T359] Call Trace:
[   44.241795][  T359]  <TASK>
[   44.241803][  T359]  __dump_stack+0x21/0x24
[   44.241835][  T359]  dump_stack_lvl+0xee/0x150
[   44.241859][  T359]  ? __cfi_dump_stack_lvl+0x8/0x8
[   44.241887][  T359]  dump_stack+0x15/0x24
[   44.241911][  T359]  should_fail_ex+0x3d4/0x520
[   44.241945][  T359]  should_fail_alloc_page+0x61/0x90
[   44.241969][  T359]  prepare_alloc_pages+0x148/0x5f0
[   44.241994][  T359]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   44.242017][  T359]  ? __kasan_record_aux_stack+0xb6/0xc0
[   44.242044][  T359]  ? call_rcu+0xd4/0xf90
[   44.242065][  T359]  ? ____fput+0x15/0x20
[   44.242087][  T359]  __alloc_pages+0x115/0x3a0
[   44.242111][  T359]  ? __cfi___alloc_pages+0x10/0x10
[   44.242135][  T359]  ? __kasan_check_write+0x14/0x20
[   44.242164][  T359]  ? _raw_spin_lock+0x8e/0xe0
[   44.242188][  T359]  ? __cfi__raw_spin_lock+0x10/0x10
[   44.242212][  T359]  ? __this_cpu_preempt_check+0x13/0x20
[   44.242237][  T359]  __folio_alloc+0x12/0x40
[   44.242259][  T359]  wp_page_copy+0x280/0x15b0
[   44.242289][  T359]  ? __this_cpu_preempt_check+0x13/0x20
[   44.242313][  T359]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   44.242333][  T359]  ? fault_dirty_shared_page+0x310/0x310
[   44.242363][  T359]  ? _raw_spin_unlock+0x4c/0x70
[   44.242389][  T359]  ? finish_task_switch+0x16b/0x7b0
[   44.242414][  T359]  ? vm_normal_page+0x99/0x200
[   44.242437][  T359]  do_wp_page+0x9f2/0xfc0
[   44.242466][  T359]  handle_mm_fault+0x10e4/0x2640
[   44.242496][  T359]  ? __cfi_handle_mm_fault+0x10/0x10
[   44.421549][  T359]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   44.427223][  T359]  ? __this_cpu_preempt_check+0x13/0x20
[   44.432889][  T359]  ? xfd_validate_state+0x70/0x150
[   44.438121][  T359]  do_user_addr_fault+0x905/0x1050
[   44.443268][  T359]  exc_page_fault+0x51/0xb0
[   44.447996][  T359]  asm_exc_page_fault+0x27/0x30
[   44.452969][  T359] RIP: 0033:0x7f42ed5cde80
[   44.457785][  T359] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   44.481064][  T359] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   44.487422][  T359] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[pid   363] perf_event_open(executing program
./strace-static-x86_64: Process 362 attached
 <unfinished ...>
[pid   362] set_robust_list(0x55557760b760, 24) = 0
[pid   362] chdir("./12")               = 0
[pid   362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   362] setpgid(0, 0)               = 0
[pid   362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   362] write(3, "1000", 4)         = 4
[pid   362] close(3)                    = 0
[pid   362] symlink("/dev/binderfs", "./binderfs") = 0
[pid   362] write(1, "executing program\n", 18) = 18
[   44.495605][  T359] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   44.503998][  T359] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   44.513636][  T359] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   44.523273][  T359] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000e
[   44.531712][  T359]  </TASK>
[   44.534773][  T360] CPU: 1 PID: 360 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   44.535520][  T359] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   44.545318][  T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   44.545335][  T360] Call Trace:
[   44.545341][  T360]  <TASK>
[   44.545349][  T360]  __dump_stack+0x21/0x24
[   44.576898][  T360]  dump_stack_lvl+0xee/0x150
[   44.581910][  T360]  ? __cfi_dump_stack_lvl+0x8/0x8
[   44.587272][  T360]  dump_stack+0x15/0x24
[   44.591637][  T360]  should_fail_ex+0x3d4/0x520
[   44.597295][  T360]  __should_failslab+0xac/0xf0
[   44.604092][  T360]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   44.612200][  T360]  should_failslab+0x9/0x20
[   44.617416][  T360]  __kmem_cache_alloc_node+0x3d/0x2c0
[   44.623460][  T360]  ? __cfi_mutex_lock+0x10/0x10
[   44.628559][  T360]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   44.635095][  T360]  __kmalloc+0xa1/0x1e0
[   44.639446][  T360]  ? __kasan_check_write+0x14/0x20
[   44.645133][  T360]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   44.652198][  T360]  tracepoint_probe_unregister+0x1e6/0x8b0
[   44.659094][  T360]  trace_event_reg+0x21c/0x260
[   44.665569][  T360]  perf_trace_event_unreg+0xcc/0x1c0
[   44.672117][  T360]  perf_trace_destroy+0xbe/0x180
[   44.677439][  T360]  tp_perf_event_destroy+0x15/0x20
[   44.682876][  T360]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   44.689080][  T360]  _free_event+0x9cd/0xce0
[   44.693797][  T360]  perf_event_release_kernel+0x819/0x8a0
[pid   362] perf_event_open( <unfinished ...>
[pid   359] exit_group(0)               = ?
[   44.699802][  T360]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   44.706295][  T360]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   44.712584][  T360]  perf_release+0x3b/0x40
[   44.717685][  T360]  ? __cfi_perf_release+0x10/0x10
[   44.723200][  T360]  __fput+0x1fc/0x8f0
[   44.727575][  T360]  ____fput+0x15/0x20
[   44.732100][  T360]  task_work_run+0x1db/0x240
[   44.736901][  T360]  ? __cfi_task_work_run+0x10/0x10
[   44.742166][  T360]  ? task_work_add+0x2b1/0x330
[   44.747923][  T360]  ptrace_notify+0x221/0x250
[   44.752544][  T360]  ? __cfi_ptrace_notify+0x10/0x10
[   44.758641][  T360]  ? fput+0x15b/0x1a0
[   44.763312][  T360]  ? filp_close+0x111/0x160
[   44.767985][  T360]  ? close_fd+0x28b/0x300
[   44.772556][  T360]  syscall_exit_work+0x84/0x140
[   44.777622][  T360]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   44.783887][  T360]  syscall_exit_to_user_mode+0xd/0x30
[   44.789447][  T360]  do_syscall_64+0x58/0xa0
[   44.793893][  T360]  ? clear_bhb_loop+0x15/0x70
[   44.798659][  T360]  ? clear_bhb_loop+0x15/0x70
[   44.803526][  T360]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   44.809623][  T360] RIP: 0033:0x7f42ed5ffa89
[   44.814136][  T360] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   44.834195][  T360] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   44.842708][  T360] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   44.851217][  T360] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   44.859641][  T360] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   44.868336][  T360] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   44.876711][  T360] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000c
[   44.884707][  T360]  </TASK>
[   44.888208][  T361] CPU: 0 PID: 361 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   44.898656][  T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   44.909453][  T361] Call Trace:
[   44.912741][  T361]  <TASK>
[   44.915771][  T361]  __dump_stack+0x21/0x24
[   44.920155][  T361]  dump_stack_lvl+0xee/0x150
[   44.925385][  T361]  ? __cfi_dump_stack_lvl+0x8/0x8
[   44.930435][  T361]  dump_stack+0x15/0x24
[   44.934740][  T361]  should_fail_ex+0x3d4/0x520
[   44.939525][  T361]  should_fail_alloc_page+0x61/0x90
[   44.944816][  T361]  prepare_alloc_pages+0x148/0x5f0
[   44.949944][  T361]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   44.955245][  T361]  ? __kasan_record_aux_stack+0xb6/0xc0
[   44.961067][  T361]  ? call_rcu+0xd4/0xf90
[   44.965314][  T361]  ? ____fput+0x15/0x20
[   44.969729][  T361]  __alloc_pages+0x115/0x3a0
[   44.974753][  T361]  ? __cfi___alloc_pages+0x10/0x10
[   44.979895][  T361]  ? __kasan_check_write+0x14/0x20
[   44.985031][  T361]  ? _raw_spin_lock+0x8e/0xe0
[   44.989740][  T361]  ? __cfi__raw_spin_lock+0x10/0x10
[   44.994943][  T361]  ? __this_cpu_preempt_check+0x13/0x20
[   45.000731][  T361]  __folio_alloc+0x12/0x40
[   45.005527][  T361]  wp_page_copy+0x280/0x15b0
[   45.010149][  T361]  ? __this_cpu_preempt_check+0x13/0x20
[   45.015990][  T361]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   45.022753][  T361]  ? fault_dirty_shared_page+0x310/0x310
[   45.028496][  T361]  ? _raw_spin_unlock+0x4c/0x70
[   45.033535][  T361]  ? finish_task_switch+0x16b/0x7b0
[   45.039129][  T361]  ? vm_normal_page+0x99/0x200
[   45.044085][  T361]  do_wp_page+0x9f2/0xfc0
[   45.048431][  T361]  handle_mm_fault+0x10e4/0x2640
[   45.053376][  T361]  ? __cfi_handle_mm_fault+0x10/0x10
[   45.058665][  T361]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   45.064160][  T361]  ? __this_cpu_preempt_check+0x13/0x20
[   45.069923][  T361]  ? xfd_validate_state+0x70/0x150
[   45.075238][  T361]  do_user_addr_fault+0x905/0x1050
[   45.080535][  T361]  exc_page_fault+0x51/0xb0
[   45.085739][  T361]  asm_exc_page_fault+0x27/0x30
[   45.090684][  T361] RIP: 0033:0x7f42ed5cde80
[   45.095189][  T361] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   45.114991][  T361] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[   45.121339][  T361] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   45.129686][  T361] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   45.138040][  T361] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   45.146108][  T361] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[pid   359] +++ exited with 0 +++
[pid   294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
[pid   294] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   361] exit_group(0 <unfinished ...>
[pid   294] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   294] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   294] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   294] unlink("./14/binderfs")     = 0
[pid   294] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   294] close(3)                    = 0
[pid   294] rmdir("./14")               = 0
[pid   294] mkdir("./15", 0777 <unfinished ...>
[pid   361] <... exit_group resumed>)   = ?
[pid   360] <... close resumed>)        = 0
[pid   360] exit_group(0)               = ?
[pid   363] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   362] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3
[pid   363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   363] <... bpf resumed>)          = 4
[pid   363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   362] <... bpf resumed>)          = 4
[pid   362] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 <unfinished ...>
[pid   361] +++ exited with 0 +++
[pid   292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=49} ---
[pid   292] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   292] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   292] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   292] getdents64(3,  <unfinished ...>
[pid   363] <... bpf resumed>)          = 5
[pid   362] <... bpf resumed>)          = 5
[pid   360] +++ exited with 0 +++
[pid   363] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   362] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=15} ---
[pid   363] <... openat resumed>)       = 6
[pid   362] <... openat resumed>)       = 6
[pid   293] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   363] write(6, "1", 1 <unfinished ...>
[pid   362] write(6, "1", 1 <unfinished ...>
[pid   363] <... write resumed>)        = 1
[pid   362] <... write resumed>)        = 1
[pid   363] close(3 <unfinished ...>
[pid   362] close(3 <unfinished ...>
[pid   363] <... close resumed>)        = 0
[   45.154441][  T361] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000b
[   45.164261][  T361]  </TASK>
[   45.171822][  T361] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[pid   293] <... restart_syscall resumed>) = 0
[pid   294] <... mkdir resumed>)        = 0
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   293] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   293] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] newfstatat(AT_FDCWD, "./11/binderfs",  <unfinished ...>
[pid   293] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   293] <... openat resumed>)       = 3
[pid   292] unlink("./11/binderfs" <unfinished ...>
[pid   294] <... clone resumed>, child_tidptr=0x55557760b750) = 364
[pid   293] newfstatat(3, "",  <unfinished ...>
[pid   292] <... unlink resumed>)       = 0
[pid   293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   292] getdents64(3,  <unfinished ...>
[pid   293] getdents64(3,  <unfinished ...>
[pid   292] <... getdents64 resumed>0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   293] <... getdents64 resumed>0x55557760c7f0 /* 3 entries */, 32768) = 80
[pid   292] close(3 <unfinished ...>
[pid   293] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   292] <... close resumed>)        = 0
[pid   293] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   292] rmdir("./11" <unfinished ...>
[pid   293] newfstatat(AT_FDCWD, "./12/binderfs",  <unfinished ...>
[pid   292] <... rmdir resumed>)        = 0
[pid   293] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   292] mkdir("./12", 0777 <unfinished ...>
[pid   293] unlink("./12/binderfs" <unfinished ...>
[pid   292] <... mkdir resumed>)        = 0
[pid   293] <... unlink resumed>)       = 0
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   293] getdents64(3, 0x55557760c7f0 /* 0 entries */, 32768) = 0
[pid   292] <... clone resumed>, child_tidptr=0x55557760b750) = 365
[pid   293] close(3)                    = 0
[pid   293] rmdir("./12")               = 0
[pid   293] mkdir("./13", 0777)         = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557760b750) = 366
./strace-static-x86_64: Process 365 attached
[pid   365] set_robust_list(0x55557760b760, 24) = 0
[pid   365] chdir("./12")               = 0
[   45.207470][  T362] FAULT_INJECTION: forcing a failure.
[   45.207470][  T362] name failslab, interval 1, probability 0, space 0, times 0
[   45.208033][  T363] FAULT_INJECTION: forcing a failure.
[   45.208033][  T363] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   45.221545][  T362] CPU: 1 PID: 362 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   45.245704][  T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[pid   365] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program
) = 0
[pid   365] setpgid(0, 0)               = 0
[pid   365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   365] write(3, "1000", 4)         = 4
[pid   365] close(3)                    = 0
[pid   365] symlink("/dev/binderfs", "./binderfs") = 0
[pid   365] write(1, "executing program\n", 18) = 18
[   45.255878][  T362] Call Trace:
[   45.259169][  T362]  <TASK>
[   45.262276][  T362]  __dump_stack+0x21/0x24
[   45.266883][  T362]  dump_stack_lvl+0xee/0x150
[   45.271542][  T362]  ? __cfi_dump_stack_lvl+0x8/0x8
[   45.276671][  T362]  dump_stack+0x15/0x24
[   45.280937][  T362]  should_fail_ex+0x3d4/0x520
[   45.285630][  T362]  __should_failslab+0xac/0xf0
[   45.290402][  T362]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   45.296403][  T362]  should_failslab+0x9/0x20
[   45.300948][  T362]  __kmem_cache_alloc_node+0x3d/0x2c0
[   45.306432][  T362]  ? __cfi_mutex_lock+0x10/0x10
[   45.311823][  T362]  ? tracepoint_probe_unregister+0x1e6/0x8b0
[   45.317954][  T362]  __kmalloc+0xa1/0x1e0
[   45.322135][  T362]  ? __kasan_check_write+0x14/0x20
[   45.327305][  T362]  ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10
[   45.334185][  T362]  tracepoint_probe_unregister+0x1e6/0x8b0
[   45.340143][  T362]  trace_event_reg+0x21c/0x260
[   45.345032][  T362]  perf_trace_event_unreg+0xcc/0x1c0
[   45.350438][  T362]  perf_trace_destroy+0xbe/0x180
[   45.355615][  T362]  tp_perf_event_destroy+0x15/0x20
[   45.361185][  T362]  ? __cfi_tp_perf_event_destroy+0x10/0x10
[   45.368597][  T362]  _free_event+0x9cd/0xce0
[   45.374701][  T362]  perf_event_release_kernel+0x819/0x8a0
[   45.380711][  T362]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   45.386843][  T362]  ? __cfi_perf_event_release_kernel+0x10/0x10
[   45.393715][  T362]  perf_release+0x3b/0x40
[   45.398959][  T362]  ? __cfi_perf_release+0x10/0x10
[   45.405407][  T362]  __fput+0x1fc/0x8f0
[   45.409553][  T362]  ____fput+0x15/0x20
[   45.413641][  T362]  task_work_run+0x1db/0x240
[   45.418875][  T362]  ? __cfi_task_work_run+0x10/0x10
[   45.424128][  T362]  ? task_work_add+0x2b1/0x330
[   45.430226][  T362]  ptrace_notify+0x221/0x250
[   45.435628][  T362]  ? __cfi_ptrace_notify+0x10/0x10
[   45.441367][  T362]  ? fput+0x15b/0x1a0
[   45.445796][  T362]  ? filp_close+0x111/0x160
[   45.450947][  T362]  ? close_fd+0x28b/0x300
[   45.455699][  T362]  syscall_exit_work+0x84/0x140
[   45.461392][  T362]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   45.469170][  T362]  syscall_exit_to_user_mode+0xd/0x30
[   45.476221][  T362]  do_syscall_64+0x58/0xa0
[   45.480868][  T362]  ? clear_bhb_loop+0x15/0x70
[   45.486181][  T362]  ? clear_bhb_loop+0x15/0x70
[   45.491067][  T362]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   45.497073][  T362] RIP: 0033:0x7f42ed5ffa89
[   45.501792][  T362] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   45.522551][  T362] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   45.531266][  T362] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f42ed5ffa89
[   45.539689][  T362] RDX: 00007f42ed5feb50 RSI: 00007ffcb7e44c30 RDI: 0000000000000003
[   45.547852][  T362] RBP: 00007ffcb7e44c30 R08: 00007ffcb7e449c7 R09: 0000000000000031
[pid   365] perf_event_open(executing program
./strace-static-x86_64: Process 366 attached
 <unfinished ...>
[pid   366] set_robust_list(0x55557760b760, 24) = 0
[pid   366] chdir("./13")               = 0
[pid   366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   366] setpgid(0, 0)               = 0
[pid   366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "1000", 4)         = 4
[pid   366] close(3)                    = 0
[pid   366] symlink("/dev/binderfs", "./binderfs") = 0
[pid   366] write(1, "executing program\n", 18) = 18
executing program
[pid   366] perf_event_open(./strace-static-x86_64: Process 364 attached
 <unfinished ...>
[pid   364] set_robust_list(0x55557760b760, 24) = 0
[pid   364] chdir("./15")               = 0
[pid   364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   364] setpgid(0, 0)               = 0
[pid   364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   364] write(3, "1000", 4)         = 4
[pid   364] close(3)                    = 0
[pid   364] symlink("/dev/binderfs", "./binderfs") = 0
[pid   364] write(1, "executing program\n", 18) = 18
[   45.556029][  T362] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   45.564194][  T362] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000c
[   45.572453][  T362]  </TASK>
[   45.575482][  T363] CPU: 0 PID: 363 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   45.586346][  T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   45.596580][  T363] Call Trace:
[   45.599876][  T363]  <TASK>
[   45.602920][  T363]  __dump_stack+0x21/0x24
[   45.607420][  T363]  dump_stack_lvl+0xee/0x150
[   45.612113][  T363]  ? __cfi_dump_stack_lvl+0x8/0x8
[   45.617156][  T363]  ? __cfi_enqueue_task_fair+0x10/0x10
[   45.622640][  T363]  dump_stack+0x15/0x24
[   45.626947][  T363]  should_fail_ex+0x3d4/0x520
[   45.631933][  T363]  should_fail_alloc_page+0x61/0x90
[   45.637316][  T363]  prepare_alloc_pages+0x148/0x5f0
[   45.642517][  T363]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   45.647892][  T363]  __alloc_pages+0x115/0x3a0
[   45.652603][  T363]  ? __cfi___alloc_pages+0x10/0x10
[   45.657820][  T363]  ? __kasan_check_write+0x14/0x20
[   45.663395][  T363]  ? _raw_spin_lock+0x8e/0xe0
[   45.669145][  T363]  ? __cfi__raw_spin_lock+0x10/0x10
[   45.674636][  T363]  ? __this_cpu_preempt_check+0x13/0x20
[   45.680715][  T363]  __folio_alloc+0x12/0x40
[   45.685362][  T363]  wp_page_copy+0x280/0x15b0
[   45.690092][  T363]  ? __this_cpu_preempt_check+0x13/0x20
[   45.697429][  T363]  ? __cfi___perf_event_task_sched_in+0x10/0x10
[   45.703961][  T363]  ? fault_dirty_shared_page+0x310/0x310
[   45.710073][  T363]  ? _raw_spin_unlock+0x4c/0x70
[   45.715213][  T363]  ? finish_task_switch+0x16b/0x7b0
[   45.720410][  T363]  ? vm_normal_page+0x99/0x200
[   45.725182][  T363]  do_wp_page+0x9f2/0xfc0
[   45.729539][  T363]  handle_mm_fault+0x10e4/0x2640
[   45.734940][  T363]  ? __cfi_handle_mm_fault+0x10/0x10
[   45.740330][  T363]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   45.745630][  T363]  ? __this_cpu_preempt_check+0x13/0x20
[   45.751565][  T363]  ? xfd_validate_state+0x70/0x150
[   45.756872][  T363]  do_user_addr_fault+0x905/0x1050
[   45.762182][  T363]  exc_page_fault+0x51/0xb0
[   45.767158][  T363]  asm_exc_page_fault+0x27/0x30
[   45.772993][  T363] RIP: 0033:0x7f42ed5cde80
[   45.777775][  T363] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 11 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 20 3f 0a 00 0f 85 0f 02 00 00 4c 8d 25 13 3f 0a 00 4c
[   45.797477][  T363] RSP: 002b:00007ffcb7e44c00 EFLAGS: 00010246
[pid   364] perf_event_open( <unfinished ...>
[pid   363] exit_group(0 <unfinished ...>
[pid   362] <... close resumed>)        = 0
[pid   362] exit_group(0)               = ?
[pid   363] <... exit_group resumed>)   = ?
[   45.803829][  T363] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   45.811994][  T363] RDX: 0000000000000001 RSI: 00007f42ed66f110 RDI: 0000000000000000
[   45.820329][  T363] RBP: 00007f42ed66f110 R08: 00007ffcb7e449c7 R09: 0000000000000031
[   45.828412][  T363] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   45.837146][  T363] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000c
[   45.845197][  T363]  </TASK>
[   45.849005][  T363] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   45.857119][  T365] CFI failure at __traceiter_percpu_alloc_percpu+0xb3/0x110 (target: 0xffffc90000f279c8; expected type: 0x42e72b63)
[   45.871186][  T365] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   45.877831][  T365] CPU: 0 PID: 365 Comm: syz-executor223 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0
[   45.888419][  T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   45.898570][  T365] RIP: 0010:__traceiter_percpu_alloc_percpu+0xb3/0x110
[   45.905959][  T365] Code: d4 44 89 e9 4c 8b 45 c0 4c 8b 4d b8 8b 45 30 50 ff 75 28 ff 75 20 8b 45 18 50 ff 75 10 41 ba 9d d4 18 bd 45 03 54 24 fc 74 02 <0f> 0b 41 ff d4 48 83 c4 28 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80
[   45.926649][  T365] RSP: 0000:ffffc90000f279c8 EFLAGS: 00010a17
[   45.933882][  T365] RAX: 000000000000fe08 RBX: ffff88810947a010 RCX: 0000000000000000
[   45.942333][  T365] RDX: 0000000000000000 RSI: ffffffff81a47214 RDI: ffffffff87053360
[   45.951240][  T365] RBP: ffffc90000f27a38 R08: 0000000000000008 R09: 0000000000000008
[   45.959255][  T365] R10: 0000000062593ba9 R11: 1ffffffff0ee43fd R12: ffffffff81710320
[   45.968331][  T365] R13: 0000000000000000 R14: ffff88810947a010 R15: dffffc0000000000
[   45.977033][  T365] FS:  000055557760b480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   45.988095][  T365] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.994797][  T365] CR2: 00007f42ed6721d0 CR3: 00000001104c3000 CR4: 00000000003506b0
[   46.002885][  T365] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   46.011319][  T365] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   46.020712][  T365] Call Trace:
[   46.024359][  T365]  <TASK>
[   46.027768][  T365]  ? __alloc_percpu+0x24/0x30
[   46.033812][  T365]  ? __alloc_percpu+0x24/0x30
[   46.039197][  T365]  pcpu_alloc+0x1566/0x16b0
[   46.043898][  T365]  __alloc_percpu+0x24/0x30
[   46.049146][  T365]  perf_trace_event_init+0x227/0x960
[   46.055349][  T365]  perf_trace_init+0x240/0x2e0
[   46.061849][  T365]  perf_tp_event_init+0x8e/0x120
[   46.069724][  T365]  perf_try_init_event+0x15b/0x450
[   46.075166][  T365]  perf_event_alloc+0x10f7/0x1970
[   46.081371][  T365]  __se_sys_perf_event_open+0x6c5/0x1b80
[   46.087282][  T365]  ? ptrace_stop+0x6ce/0x8b0
[   46.092064][  T365]  ? __x64_sys_perf_event_open+0xd0/0xd0
[   46.097891][  T365]  ? do_user_addr_fault+0x9ac/0x1050
[   46.103188][  T365]  __x64_sys_perf_event_open+0xbf/0xd0
[   46.108934][  T365]  x64_sys_call+0x385/0x9a0
[   46.113445][  T365]  do_syscall_64+0x4c/0xa0
[   46.118126][  T365]  ? clear_bhb_loop+0x15/0x70
[   46.122812][  T365]  ? clear_bhb_loop+0x15/0x70
[   46.129345][  T365]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   46.135551][  T365] RIP: 0033:0x7f42ed5ffa89
[   46.140196][  T365] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   46.163493][  T365] RSP: 002b:00007ffcb7e44c28 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[   46.175685][  T365] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f42ed5ffa89
[   46.188051][  T365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[   46.197553][  T365] RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000
[   46.206485][  T365] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007ffcb7e44c7c
[   46.214871][  T365] R13: 00007ffcb7e44cb0 R14: 00007ffcb7e44c90 R15: 000000000000000c
[   46.223734][  T365]  </TASK>
[   46.227080][  T365] Modules linked in:
[   46.231261][  T365] ---[ end trace 0000000000000000 ]---
[   46.237541][  T365] RIP: 0010:__traceiter_percpu_alloc_percpu+0xb3/0x110
[   46.245487][  T365] Code: d4 44 89 e9 4c 8b 45 c0 4c 8b 4d b8 8b 45 30 50 ff 75 28 ff 75 20 8b 45 18 50 ff 75 10 41 ba 9d d4 18 bd 45 03 54 24 fc 74 02 <0f> 0b 41 ff d4 48 83 c4 28 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80
[   46.269603][  T365] RSP: 0000:ffffc90000f279c8 EFLAGS: 00010a17
[   46.276212][  T365] RAX: 000000000000fe08 RBX: ffff88810947a010 RCX: 0000000000000000
[   46.284549][  T365] RDX: 0000000000000000 RSI: ffffffff81a47214 RDI: ffffffff87053360
[   46.293532][  T365] RBP: ffffc90000f27a38 R08: 0000000000000008 R09: 0000000000000008
[   46.302084][  T365] R10: 0000000062593ba9 R11: 1ffffffff0ee43fd R12: ffffffff81710320
[   46.310104][  T365] R13: 0000000000000000 R14: ffff88810947a010 R15: dffffc0000000000
[   46.319355][  T365] FS:  000055557760b480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   46.329041][  T365] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   46.336248][  T365] CR2: 00007f42ed6721d0 CR3: 00000001104c3000 CR4: 00000000003506b0
[   46.344404][  T365] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   46.352442][  T365] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   46.361516][  T365] Kernel panic - not syncing: Fatal exception
[   46.369142][  T365] Kernel Offset: disabled
[   46.374270][  T365] Rebooting in 86400 seconds..