./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor384275681 <...> 77, st_size=13, ...}) = 0 [pid 5305] <... openat resumed>) = 6 [pid 5087] unlink("./8/binderfs" [pid 5305] write(6, "0x000000000000040e", 18 [pid 5087] <... unlink resumed>) = 0 [pid 5087] umount2("./8/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./8/cgroup") = 0 [pid 5087] umount2("./8/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./8/cgroup.net") = 0 [pid 5087] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] lstat("./6/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./6/cgroup") = 0 [pid 5085] umount2("./6/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./6/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./6/cgroup.net") = 0 [pid 5085] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... umount2 resumed>) = 0 [pid 5087] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... umount2 resumed>) = 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] lstat("./8/file0", [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] lstat("./6/file0", [pid 5087] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... openat resumed>) = 4 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] fstat(4, [pid 5085] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5087] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] <... openat resumed>) = 4 [pid 5087] getdents64(4, [pid 5085] fstat(4, [pid 5087] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, [pid 5085] getdents64(4, [pid 5087] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] close(4 [pid 5085] getdents64(4, [pid 5087] <... close resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] rmdir("./8/file0" [pid 5085] close(4 [pid 5087] <... rmdir resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5087] umount2("./8/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] rmdir("./6/file0" [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... rmdir resumed>) = 0 [pid 5087] lstat("./8/cgroup.cpu", [pid 5085] umount2("./6/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] unlink("./8/cgroup.cpu" [pid 5085] lstat("./6/cgroup.cpu", [pid 5087] <... unlink resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] getdents64(3, [ 123.350937][ T5295] pglazyfreed 0 [ 123.350937][ T5295] zswpin 0 [ 123.350937][ T5295] zswpout 0 [ 123.350937][ T5295] thp_fault_alloc 0 [ 123.350937][ T5295] thp_collapse_alloc 0 [pid 5085] unlink("./6/cgroup.cpu" [pid 5087] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5087] close(3 [pid 5085] getdents64(3, [pid 5087] <... close resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] rmdir("./8" [pid 5085] close(3 [pid 5087] <... rmdir resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5087] mkdir("./9", 0777 [pid 5085] rmdir("./6" [pid 5087] <... mkdir resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] mkdir("./7", 0777./strace-static-x86_64: Process 5315 attached ) = 0 [pid 5315] chdir("./9" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 11 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5315] <... chdir resumed>) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 9 ./strace-static-x86_64: Process 5316 attached [pid 5315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5316] chdir("./7" [pid 5315] setpgid(0, 0 [pid 5316] <... chdir resumed>) = 0 [pid 5315] <... setpgid resumed>) = 0 [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL [ 123.581348][ T5295] Tasks state (memory values in pages): [ 123.598944][ T5295] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 123.610739][ T5295] Out of memory and no killable processes... [pid 5315] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5316] <... prctl resumed>) = 0 [pid 5315] <... symlink resumed>) = 0 [pid 5316] setpgid(0, 0 [pid 5315] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5295] <... write resumed>) = 18 [pid 5316] <... setpgid resumed>) = 0 [pid 5315] <... symlink resumed>) = 0 [ 123.628281][ T5311] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 123.644388][ T5311] CPU: 0 PID: 5311 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 123.654368][ T5311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 123.664476][ T5311] Call Trace: [ 123.667794][ T5311] [ 123.670769][ T5311] dump_stack_lvl+0x136/0x150 [ 123.675528][ T5311] dump_header+0x10a/0xd70 [ 123.680016][ T5311] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 123.686164][ T5311] out_of_memory+0xd64/0x1660 [ 123.690892][ T5311] ? oom_killer_disable+0x2b0/0x2b0 [ 123.696144][ T5311] mem_cgroup_out_of_memory+0x206/0x270 [ 123.701728][ T5311] ? mem_cgroup_margin+0x130/0x130 [ 123.706897][ T5311] memory_max_write+0x2f9/0x3c0 [ 123.711872][ T5311] ? mem_cgroup_force_empty_write+0x160/0x160 [ 123.717987][ T5311] ? lock_sync+0x190/0x190 [ 123.722444][ T5311] cgroup_file_write+0x1e2/0x7b0 [ 123.727428][ T5311] ? mem_cgroup_force_empty_write+0x160/0x160 [ 123.733537][ T5311] ? kill_css+0x3b0/0x3b0 [ 123.737919][ T5311] ? lock_acquire+0x32/0xc0 [ 123.742469][ T5311] ? kill_css+0x3b0/0x3b0 [ 123.746844][ T5311] kernfs_fop_write_iter+0x3f1/0x600 [ 123.752174][ T5311] vfs_write+0x9ed/0xe10 [ 123.756463][ T5311] ? kernel_write+0x670/0x670 [ 123.761185][ T5311] ? find_held_lock+0x2d/0x110 [ 123.765996][ T5311] ? __fget_light+0x20a/0x270 [ 123.770737][ T5311] ksys_write+0x12b/0x250 [ 123.775111][ T5311] ? __ia32_sys_read+0xb0/0xb0 [ 123.779924][ T5311] ? lockdep_hardirqs_on+0x7d/0x100 [ 123.785155][ T5311] ? _raw_spin_unlock_irq+0x2e/0x50 [ 123.790392][ T5311] ? ptrace_notify+0xfe/0x140 [ 123.795113][ T5311] do_syscall_64+0x39/0xb0 [ 123.799582][ T5311] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 123.805515][ T5311] RIP: 0033:0x7faecf034129 [ 123.809963][ T5311] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5295] close(3 [pid 5316] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5315] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5295] <... close resumed>) = 0 [pid 5316] <... symlink resumed>) = 0 [pid 5316] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5315] <... symlink resumed>) = 0 [pid 5295] close(4 [pid 5316] <... symlink resumed>) = 0 [pid 5315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5295] <... close resumed>) = 0 [pid 5316] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5315] <... openat resumed>) = 3 [pid 5295] close(5 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5315] write(3, "1000", 4 [pid 5295] <... close resumed>) = 0 [pid 5316] <... openat resumed>) = 3 [pid 5315] <... write resumed>) = 4 [pid 5295] close(6 [pid 5316] write(3, "1000", 4 [pid 5315] close(3 [pid 5295] <... close resumed>) = 0 [pid 5316] <... write resumed>) = 4 [pid 5315] <... close resumed>) = 0 [pid 5295] close(7 [pid 5316] close(3 [pid 5315] symlink("/dev/binderfs", "./binderfs" [pid 5295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] <... close resumed>) = 0 [pid 5315] <... symlink resumed>) = 0 [pid 5295] close(8 [pid 5316] symlink("/dev/binderfs", "./binderfs" [pid 5315] mkdir("./file0", 000 [pid 5295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] <... symlink resumed>) = 0 [pid 5295] close(9 [pid 5316] mkdir("./file0", 000 [pid 5315] <... mkdir resumed>) = 0 [pid 5295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] <... mkdir resumed>) = 0 [pid 5295] close(10 [pid 5316] open("./file0", O_RDONLY [pid 5315] open("./file0", O_RDONLY [pid 5295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] <... open resumed>) = 3 [pid 5316] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5315] <... open resumed>) = 3 [ 123.829602][ T5311] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 123.838046][ T5311] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 123.846045][ T5311] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 123.854048][ T5311] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 123.862131][ T5311] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 123.870126][ T5311] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000007 [ 123.878145][ T5311] [pid 5295] close(11 [pid 5316] <... mount resumed>) = 0 [pid 5315] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5315] <... mount resumed>) = 0 [pid 5295] close(12 [pid 5316] <... openat resumed>) = 4 [pid 5315] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] openat(4, "syz1", O_RDWR|O_PATH [pid 5315] <... openat resumed>) = 4 [pid 5295] close(13 [pid 5316] <... openat resumed>) = 5 [pid 5315] openat(4, "syz1", O_RDWR|O_PATH [pid 5295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] openat(5, "memory.max", O_RDWR [pid 5315] <... openat resumed>) = 5 [pid 5295] close(14 [pid 5316] <... openat resumed>) = 6 [pid 5315] openat(5, "memory.max", O_RDWR [pid 5295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] write(6, "0x000000000000040e", 18 [pid 5315] <... openat resumed>) = 6 [pid 5295] close(15 [pid 5315] write(6, "0x000000000000040e", 18 [pid 5295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5295] close(16) = -1 EBADF (Bad file descriptor) [pid 5295] close(17) = -1 EBADF (Bad file descriptor) [pid 5295] close(18) = -1 EBADF (Bad file descriptor) [pid 5295] close(19) = -1 EBADF (Bad file descriptor) [pid 5295] close(20) = -1 EBADF (Bad file descriptor) [pid 5295] close(21) = -1 EBADF (Bad file descriptor) [pid 5295] close(22) = -1 EBADF (Bad file descriptor) [pid 5295] close(23) = -1 EBADF (Bad file descriptor) [pid 5295] close(24) = -1 EBADF (Bad file descriptor) [pid 5295] close(25) = -1 EBADF (Bad file descriptor) [pid 5295] close(26) = -1 EBADF (Bad file descriptor) [pid 5295] close(27) = -1 EBADF (Bad file descriptor) [pid 5295] close(28) = -1 EBADF (Bad file descriptor) [pid 5295] close(29) = -1 EBADF (Bad file descriptor) [pid 5295] exit_group(0) = ? [pid 5295] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 123.929503][ T5311] memory: usage 8kB, limit 0kB, failcnt 36 [ 123.938805][ T5311] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 123.975488][ T5311] Memory cgroup stats for /syz1: [ 123.975769][ T5311] anon 0 [ 123.975769][ T5311] file 0 [ 123.975769][ T5311] kernel 8192 [ 123.975769][ T5311] kernel_stack 0 [ 123.975769][ T5311] pagetables 0 [ 123.975769][ T5311] sec_pagetables 0 [ 123.975769][ T5311] percpu 0 [ 123.975769][ T5311] sock 0 [ 123.975769][ T5311] vmalloc 0 [ 123.975769][ T5311] shmem 0 [ 123.975769][ T5311] zswap 0 [ 123.975769][ T5311] zswapped 0 [ 123.975769][ T5311] file_mapped 0 [ 123.975769][ T5311] file_dirty 0 [ 123.975769][ T5311] file_writeback 0 [ 123.975769][ T5311] swapcached 0 [ 123.975769][ T5311] anon_thp 0 [ 123.975769][ T5311] file_thp 0 [ 123.975769][ T5311] shmem_thp 0 [ 123.975769][ T5311] inactive_anon 0 [ 123.975769][ T5311] active_anon 0 [ 123.975769][ T5311] inactive_file 0 [ 123.975769][ T5311] active_file 0 [ 123.975769][ T5311] unevictable 0 [ 123.975769][ T5311] slab_reclaimable 6752 [ 123.975769][ T5311] slab_unreclaimable 0 [ 123.975769][ T5311] slab 6752 [ 123.975769][ T5311] workingset_refault_anon 0 [ 123.975769][ T5311] workingset_refault_file 0 [ 123.975769][ T5311] workingset_activate_anon 0 [ 123.975769][ T5311] workingset_activate_file 0 [ 123.975769][ T5311] workingset_restore_anon 0 [ 123.975769][ T5311] workingset_restore_file 0 [ 123.975769][ T5311] workingset_nodereclaim 0 [ 123.975769][ T5311] pgscan 831 [ 123.975769][ T5311] pgsteal 2 [ 123.975769][ T5311] pgscan_kswapd 0 [ 123.975769][ T5311] pgscan_direct 831 [ 123.975769][ T5311] pgscan_khugepaged 0 [ 123.975769][ T5311] pgsteal_kswapd 0 [ 123.975769][ T5311] pgsteal_direct 2 [ 123.975769][ T5311] pgsteal_khugepaged 0 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./10/binderfs") = 0 [pid 5090] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./10/cgroup") = 0 [pid 5090] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./10/cgroup.net") = 0 [ 123.975769][ T5311] pgfault 21 [ 123.975769][ T5311] pgmajfault 0 [ 123.975769][ T5311] pgrefill 830 [ 123.975769][ T5311] pgactivate 829 [ 123.975769][ T5311] pgdeactivate 830 [ 123.975769][ T5311] pglazyfree 0 [ 123.975769][ T5311] pglazyfreed 0 [ 123.975769][ T5311] zswpin 0 [ 123.975769][ T5311] zswpout 0 [ 123.975769][ T5311] thp_fault_alloc 0 [ 123.975769][ T5311] thp_collapse_alloc 0 [pid 5090] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 124.199831][ T5311] Tasks state (memory values in pages): [ 124.206017][ T5311] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 124.216364][ T5311] Out of memory and no killable processes... [ 124.224915][ T5305] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 124.236602][ T5305] CPU: 0 PID: 5305 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 124.246577][ T5305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 124.256703][ T5305] Call Trace: [ 124.260034][ T5305] [ 124.263019][ T5305] dump_stack_lvl+0x136/0x150 [ 124.267772][ T5305] dump_header+0x10a/0xd70 [ 124.272261][ T5305] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 124.278412][ T5305] ? mark_held_locks+0x9f/0xe0 [ 124.283250][ T5305] out_of_memory+0xd64/0x1660 [ 124.288010][ T5305] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 124.294255][ T5305] ? oom_killer_disable+0x2b0/0x2b0 [pid 5090] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5311] <... write resumed>) = 18 [ 124.299525][ T5305] ? mem_cgroup_margin+0x1b/0x130 [ 124.304624][ T5305] ? mem_cgroup_margin+0x44/0x130 [ 124.309726][ T5305] mem_cgroup_out_of_memory+0x206/0x270 [ 124.315356][ T5305] ? mem_cgroup_margin+0x130/0x130 [ 124.320577][ T5305] memory_max_write+0x2f9/0x3c0 [ 124.325516][ T5305] ? mem_cgroup_force_empty_write+0x160/0x160 [ 124.331677][ T5305] ? lock_sync+0x190/0x190 [ 124.336165][ T5305] cgroup_file_write+0x1e2/0x7b0 [ 124.341187][ T5305] ? mem_cgroup_force_empty_write+0x160/0x160 [ 124.347344][ T5305] ? kill_css+0x3b0/0x3b0 [ 124.351758][ T5305] ? lock_acquire+0x32/0xc0 [ 124.356342][ T5305] ? kill_css+0x3b0/0x3b0 [ 124.360745][ T5305] kernfs_fop_write_iter+0x3f1/0x600 [ 124.366117][ T5305] vfs_write+0x9ed/0xe10 [ 124.370452][ T5305] ? kernel_write+0x670/0x670 [ 124.375217][ T5305] ? find_held_lock+0x2d/0x110 [ 124.380059][ T5305] ? __fget_light+0x20a/0x270 [ 124.384821][ T5305] ksys_write+0x12b/0x250 [ 124.389232][ T5305] ? __ia32_sys_read+0xb0/0xb0 [ 124.394072][ T5305] ? lockdep_hardirqs_on+0x7d/0x100 [ 124.399337][ T5305] ? _raw_spin_unlock_irq+0x2e/0x50 [ 124.404615][ T5305] ? ptrace_notify+0xfe/0x140 [ 124.409370][ T5305] do_syscall_64+0x39/0xb0 [ 124.413887][ T5305] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.419856][ T5305] RIP: 0033:0x7faecf034129 [ 124.424326][ T5305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 124.444011][ T5305] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 124.452494][ T5305] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 124.460524][ T5305] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 124.468557][ T5305] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 124.476591][ T5305] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 124.484621][ T5305] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000a [ 124.492687][ T5305] [pid 5311] close(3 [pid 5090] lstat("./10/file0", [pid 5311] <... close resumed>) = 0 [pid 5090] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5311] close(4 [ 124.505136][ T5305] memory: usage 8kB, limit 0kB, failcnt 36 [ 124.511929][ T5305] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 124.519566][ T5305] Memory cgroup stats for /syz1: [ 124.519843][ T5305] anon 0 [ 124.519843][ T5305] file 0 [ 124.519843][ T5305] kernel 8192 [ 124.519843][ T5305] kernel_stack 0 [ 124.519843][ T5305] pagetables 0 [ 124.519843][ T5305] sec_pagetables 0 [ 124.519843][ T5305] percpu 0 [ 124.519843][ T5305] sock 0 [ 124.519843][ T5305] vmalloc 0 [ 124.519843][ T5305] shmem 0 [ 124.519843][ T5305] zswap 0 [ 124.519843][ T5305] zswapped 0 [ 124.519843][ T5305] file_mapped 0 [ 124.519843][ T5305] file_dirty 0 [ 124.519843][ T5305] file_writeback 0 [ 124.519843][ T5305] swapcached 0 [ 124.519843][ T5305] anon_thp 0 [ 124.519843][ T5305] file_thp 0 [ 124.519843][ T5305] shmem_thp 0 [ 124.519843][ T5305] inactive_anon 0 [ 124.519843][ T5305] active_anon 0 [ 124.519843][ T5305] inactive_file 0 [ 124.519843][ T5305] active_file 0 [ 124.519843][ T5305] unevictable 0 [ 124.519843][ T5305] slab_reclaimable 6752 [ 124.519843][ T5305] slab_unreclaimable 0 [ 124.519843][ T5305] slab 6752 [ 124.519843][ T5305] workingset_refault_anon 0 [ 124.519843][ T5305] workingset_refault_file 0 [ 124.519843][ T5305] workingset_activate_anon 0 [ 124.519843][ T5305] workingset_activate_file 0 [ 124.519843][ T5305] workingset_restore_anon 0 [ 124.519843][ T5305] workingset_restore_file 0 [ 124.519843][ T5305] workingset_nodereclaim 0 [ 124.519843][ T5305] pgscan 831 [ 124.519843][ T5305] pgsteal 2 [ 124.519843][ T5305] pgscan_kswapd 0 [ 124.519843][ T5305] pgscan_direct 831 [pid 5090] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./10/file0" [pid 5311] <... close resumed>) = 0 [pid 5311] close(5 [pid 5090] <... rmdir resumed>) = 0 [pid 5090] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5311] <... close resumed>) = 0 [pid 5090] lstat("./10/cgroup.cpu", [pid 5311] close(6 [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./10/cgroup.cpu" [pid 5311] <... close resumed>) = 0 [pid 5311] close(7 [pid 5090] <... unlink resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5090] getdents64(3, [pid 5311] close(8 [pid 5090] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5090] close(3 [pid 5311] close(9 [pid 5090] <... close resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 124.519843][ T5305] pgscan_khugepaged 0 [ 124.519843][ T5305] pgsteal_kswapd 0 [ 124.519843][ T5305] pgsteal_direct 2 [ 124.519843][ T5305] pgsteal_khugepaged 0 [ 124.519843][ T5305] pgfault 21 [ 124.519843][ T5305] pgmajfault 0 [ 124.519843][ T5305] pgrefill 830 [ 124.519843][ T5305] pgactivate 829 [ 124.519843][ T5305] pgdeactivate 830 [ 124.519843][ T5305] pglazyfree 0 [ 124.519843][ T5305] pglazyfreed 0 [ 124.519843][ T5305] zswpin 0 [ 124.519843][ T5305] zswpout 0 [ 124.519843][ T5305] thp_fault_alloc 0 [ 124.519843][ T5305] thp_collapse_alloc 0 [pid 5090] rmdir("./10" [pid 5311] close(10 [pid 5090] <... rmdir resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5090] mkdir("./11", 0777 [pid 5311] close(11 [pid 5090] <... mkdir resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5320 attached [pid 5311] close(12 [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 13 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] chdir("./11") = 0 [pid 5311] close(13 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] <... prctl resumed>) = 0 [pid 5311] close(14 [pid 5320] setpgid(0, 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] <... setpgid resumed>) = 0 [pid 5311] close(15 [pid 5320] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5311] close(16 [pid 5320] <... symlink resumed>) = 0 [pid 5320] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5311] close(17 [pid 5320] <... symlink resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5311] close(18) = -1 EBADF (Bad file descriptor) [pid 5320] <... symlink resumed>) = 0 [pid 5311] close(19 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 124.749388][ T5305] Tasks state (memory values in pages): [ 124.756011][ T5305] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 124.785336][ T5305] Out of memory and no killable processes... [pid 5320] <... openat resumed>) = 3 [pid 5311] close(20) = -1 EBADF (Bad file descriptor) [pid 5320] write(3, "1000", 4) = 4 [ 124.791477][ T5316] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 124.812941][ T5316] CPU: 0 PID: 5316 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 124.822932][ T5316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 124.833054][ T5316] Call Trace: [ 124.836378][ T5316] [ 124.839351][ T5316] dump_stack_lvl+0x136/0x150 [ 124.844116][ T5316] dump_header+0x10a/0xd70 [ 124.848592][ T5316] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 124.854744][ T5316] out_of_memory+0xd64/0x1660 [ 124.859498][ T5316] ? oom_killer_disable+0x2b0/0x2b0 [ 124.864749][ T5316] ? find_held_lock+0x2d/0x110 [ 124.869558][ T5316] mem_cgroup_out_of_memory+0x206/0x270 [ 124.875150][ T5316] ? mem_cgroup_margin+0x130/0x130 [ 124.880334][ T5316] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 124.886203][ T5316] memory_max_write+0x2f9/0x3c0 [ 124.891126][ T5316] ? mem_cgroup_force_empty_write+0x160/0x160 [ 124.897259][ T5316] ? lock_sync+0x190/0x190 [ 124.901730][ T5316] cgroup_file_write+0x1e2/0x7b0 [ 124.906726][ T5316] ? mem_cgroup_force_empty_write+0x160/0x160 [ 124.912843][ T5316] ? kill_css+0x3b0/0x3b0 [ 124.917219][ T5316] ? lock_acquire+0x32/0xc0 [ 124.921770][ T5316] ? kill_css+0x3b0/0x3b0 [ 124.926146][ T5316] kernfs_fop_write_iter+0x3f1/0x600 [ 124.931476][ T5316] vfs_write+0x9ed/0xe10 [ 124.935771][ T5316] ? kernel_write+0x670/0x670 [ 124.940500][ T5316] ? find_held_lock+0x2d/0x110 [ 124.945314][ T5316] ? __fget_light+0x20a/0x270 [ 124.950042][ T5316] ksys_write+0x12b/0x250 [ 124.954416][ T5316] ? __ia32_sys_read+0xb0/0xb0 [ 124.959224][ T5316] ? lockdep_hardirqs_on+0x7d/0x100 [ 124.964455][ T5316] ? _raw_spin_unlock_irq+0x2e/0x50 [ 124.969693][ T5316] ? ptrace_notify+0xfe/0x140 [ 124.974404][ T5316] do_syscall_64+0x39/0xb0 [ 124.978868][ T5316] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.984798][ T5316] RIP: 0033:0x7faecf034129 [ 124.989236][ T5316] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 125.009046][ T5316] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 125.017495][ T5316] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 125.025507][ T5316] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 125.033514][ T5316] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 125.041513][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5320] close(3 [pid 5311] close(21 [pid 5305] <... write resumed>) = 18 [pid 5320] <... close resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] close(3 [pid 5311] close(22 [pid 5305] <... close resumed>) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs" [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] <... symlink resumed>) = 0 [pid 5311] close(23 [pid 5305] close(4 [pid 5320] mkdir("./file0", 000 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] <... close resumed>) = 0 [pid 5311] close(24 [pid 5305] close(5) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] close(6 [pid 5311] close(25 [pid 5305] <... close resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] close(7 [pid 5311] close(26 [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5311] close(27) = -1 EBADF (Bad file descriptor) [pid 5311] close(28) = -1 EBADF (Bad file descriptor) [pid 5311] close(29) = -1 EBADF (Bad file descriptor) [pid 5305] close(8 [pid 5311] exit_group(0) = ? [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] close(9) = -1 EBADF (Bad file descriptor) [pid 5305] close(10) = -1 EBADF (Bad file descriptor) [pid 5305] close(11 [pid 5311] +++ exited with 0 +++ [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] close(12) = -1 EBADF (Bad file descriptor) [pid 5305] close(13 [pid 5320] <... mkdir resumed>) = 0 [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5320] open("./file0", O_RDONLY [pid 5305] close(14) = -1 EBADF (Bad file descriptor) [pid 5320] <... open resumed>) = 3 [pid 5305] close(15 [pid 5320] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] close(16 [pid 5320] <... mount resumed>) = 0 [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] close(17 [pid 5320] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] close(18 [pid 5086] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] <... openat resumed>) = 4 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5305] close(19 [pid 5320] openat(4, "syz1", O_RDWR|O_PATH [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5320] <... openat resumed>) = 5 [pid 5305] close(20) = -1 EBADF (Bad file descriptor) [pid 5320] openat(5, "memory.max", O_RDWR [pid 5086] <... openat resumed>) = 3 [pid 5305] close(21 [pid 5086] fstat(3, [pid 5320] <... openat resumed>) = 6 [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5320] write(6, "0x000000000000040e", 18 [pid 5305] close(22 [ 125.049511][ T5316] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000007 [ 125.057543][ T5316] [pid 5086] getdents64(3, [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5305] close(23 [pid 5086] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5305] close(24 [pid 5086] lstat("./7/binderfs", [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] close(25 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] unlink("./7/binderfs" [pid 5305] close(26) = -1 EBADF (Bad file descriptor) [pid 5086] <... unlink resumed>) = 0 [pid 5305] close(27 [pid 5086] umount2("./7/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5305] close(28 [pid 5086] lstat("./7/cgroup", [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5305] close(29 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5305] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] unlink("./7/cgroup" [pid 5305] exit_group(0) = ? [pid 5086] <... unlink resumed>) = 0 [pid 5305] +++ exited with 0 +++ [pid 5086] umount2("./7/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] lstat("./7/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] unlink("./7/cgroup.net" [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... unlink resumed>) = 0 [pid 5089] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... openat resumed>) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./10/binderfs") = 0 [pid 5089] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.137062][ T5316] memory: usage 8kB, limit 0kB, failcnt 36 [ 125.149685][ T5316] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 125.168180][ T5316] Memory cgroup stats for /syz1: [ 125.168466][ T5316] anon 0 [ 125.168466][ T5316] file 0 [ 125.168466][ T5316] kernel 8192 [ 125.168466][ T5316] kernel_stack 0 [ 125.168466][ T5316] pagetables 0 [ 125.168466][ T5316] sec_pagetables 0 [ 125.168466][ T5316] percpu 0 [ 125.168466][ T5316] sock 0 [ 125.168466][ T5316] vmalloc 0 [ 125.168466][ T5316] shmem 0 [ 125.168466][ T5316] zswap 0 [ 125.168466][ T5316] zswapped 0 [ 125.168466][ T5316] file_mapped 0 [ 125.168466][ T5316] file_dirty 0 [ 125.168466][ T5316] file_writeback 0 [ 125.168466][ T5316] swapcached 0 [ 125.168466][ T5316] anon_thp 0 [ 125.168466][ T5316] file_thp 0 [ 125.168466][ T5316] shmem_thp 0 [ 125.168466][ T5316] inactive_anon 0 [ 125.168466][ T5316] active_anon 0 [ 125.168466][ T5316] inactive_file 0 [ 125.168466][ T5316] active_file 0 [ 125.168466][ T5316] unevictable 0 [ 125.168466][ T5316] slab_reclaimable 6752 [ 125.168466][ T5316] slab_unreclaimable 0 [ 125.168466][ T5316] slab 6752 [ 125.168466][ T5316] workingset_refault_anon 0 [ 125.168466][ T5316] workingset_refault_file 0 [ 125.168466][ T5316] workingset_activate_anon 0 [ 125.168466][ T5316] workingset_activate_file 0 [ 125.168466][ T5316] workingset_restore_anon 0 [ 125.168466][ T5316] workingset_restore_file 0 [pid 5089] lstat("./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./10/cgroup") = 0 [ 125.168466][ T5316] workingset_nodereclaim 0 [ 125.168466][ T5316] pgscan 831 [ 125.168466][ T5316] pgsteal 2 [ 125.168466][ T5316] pgscan_kswapd 0 [ 125.168466][ T5316] pgscan_direct 831 [ 125.168466][ T5316] pgscan_khugepaged 0 [ 125.168466][ T5316] pgsteal_kswapd 0 [ 125.168466][ T5316] pgsteal_direct 2 [ 125.168466][ T5316] pgsteal_khugepaged 0 [ 125.168466][ T5316] pgfault 21 [ 125.168466][ T5316] pgmajfault 0 [ 125.168466][ T5316] pgrefill 830 [ 125.168466][ T5316] pgactivate 829 [ 125.168466][ T5316] pgdeactivate 830 [ 125.168466][ T5316] pglazyfree 0 [pid 5089] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./10/cgroup.net") = 0 [pid 5089] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = 0 [pid 5089] <... umount2 resumed>) = 0 [pid 5086] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./7/file0", [pid 5089] lstat("./10/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] <... openat resumed>) = 4 [pid 5086] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] <... openat resumed>) = 4 [pid 5089] getdents64(4, [pid 5086] fstat(4, [pid 5089] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] getdents64(4, [pid 5089] close(4) = 0 [pid 5086] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] rmdir("./10/file0" [pid 5086] getdents64(4, [pid 5089] <... rmdir resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] close(4 [pid 5089] lstat("./10/cgroup.cpu", [pid 5086] <... close resumed>) = 0 [pid 5089] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] rmdir("./7/file0" [pid 5089] unlink("./10/cgroup.cpu") = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5089] getdents64(3, [pid 5086] umount2("./7/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 125.168466][ T5316] pglazyfreed 0 [ 125.168466][ T5316] zswpin 0 [ 125.168466][ T5316] zswpout 0 [ 125.168466][ T5316] thp_fault_alloc 0 [ 125.168466][ T5316] thp_collapse_alloc 0 [pid 5089] close(3 [pid 5086] lstat("./7/cgroup.cpu", [pid 5089] <... close resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] rmdir("./10" [pid 5086] unlink("./7/cgroup.cpu" [pid 5089] <... rmdir resumed>) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5089] mkdir("./11", 0777 [pid 5086] getdents64(3, [pid 5089] <... mkdir resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] close(3./strace-static-x86_64: Process 5325 attached ) = 0 [pid 5325] chdir("./11" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 13 [pid 5086] rmdir("./7" [pid 5325] <... chdir resumed>) = 0 [pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5325] setpgid(0, 0 [pid 5086] mkdir("./8", 0777 [pid 5325] <... setpgid resumed>) = 0 [pid 5325] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5086] <... mkdir resumed>) = 0 [pid 5325] <... symlink resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5325] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu"./strace-static-x86_64: Process 5326 attached ) = 0 [pid 5326] chdir("./8" [pid 5325] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 10 [pid 5326] <... chdir resumed>) = 0 [pid 5325] <... symlink resumed>) = 0 [pid 5326] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5326] <... prctl resumed>) = 0 [pid 5325] <... openat resumed>) = 3 [pid 5326] setpgid(0, 0 [pid 5325] write(3, "1000", 4 [pid 5326] <... setpgid resumed>) = 0 [pid 5325] <... write resumed>) = 4 [pid 5326] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5325] close(3 [pid 5326] <... symlink resumed>) = 0 [pid 5325] <... close resumed>) = 0 [pid 5326] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5325] symlink("/dev/binderfs", "./binderfs" [pid 5326] <... symlink resumed>) = 0 [pid 5325] <... symlink resumed>) = 0 [pid 5326] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5325] mkdir("./file0", 000 [pid 5326] <... symlink resumed>) = 0 [pid 5325] <... mkdir resumed>) = 0 [pid 5326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5325] open("./file0", O_RDONLY [pid 5326] <... openat resumed>) = 3 [pid 5325] <... open resumed>) = 3 [pid 5326] write(3, "1000", 4 [pid 5325] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5326] <... write resumed>) = 4 [pid 5325] <... mount resumed>) = 0 [pid 5326] close(3 [pid 5325] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5326] <... close resumed>) = 0 [pid 5325] <... openat resumed>) = 4 [pid 5326] symlink("/dev/binderfs", "./binderfs" [pid 5325] openat(4, "syz1", O_RDWR|O_PATH [pid 5326] <... symlink resumed>) = 0 [pid 5325] <... openat resumed>) = 5 [pid 5326] mkdir("./file0", 000 [pid 5325] openat(5, "memory.max", O_RDWR) = 6 [pid 5325] write(6, "0x000000000000040e", 18 [pid 5326] <... mkdir resumed>) = 0 [pid 5326] open("./file0", O_RDONLY) = 3 [pid 5326] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5326] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5326] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5326] openat(5, "memory.max", O_RDWR) = 6 [pid 5326] write(6, "0x000000000000040e", 18 [pid 5316] <... write resumed>) = 18 [pid 5316] close(3) = 0 [pid 5316] close(4) = 0 [pid 5316] close(5) = 0 [pid 5316] close(6) = 0 [pid 5316] close(7) = -1 EBADF (Bad file descriptor) [ 125.492283][ T5316] Tasks state (memory values in pages): [ 125.498232][ T5316] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 125.515139][ T5316] Out of memory and no killable processes... [ 125.525232][ T5315] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5316] close(8) = -1 EBADF (Bad file descriptor) [pid 5316] close(9) = -1 EBADF (Bad file descriptor) [pid 5316] close(10) = -1 EBADF (Bad file descriptor) [pid 5316] close(11) = -1 EBADF (Bad file descriptor) [pid 5316] close(12) = -1 EBADF (Bad file descriptor) [pid 5316] close(13) = -1 EBADF (Bad file descriptor) [pid 5316] close(14) = -1 EBADF (Bad file descriptor) [pid 5316] close(15) = -1 EBADF (Bad file descriptor) [pid 5316] close(16) = -1 EBADF (Bad file descriptor) [pid 5316] close(17) = -1 EBADF (Bad file descriptor) [pid 5316] close(18) = -1 EBADF (Bad file descriptor) [pid 5316] close(19) = -1 EBADF (Bad file descriptor) [pid 5316] close(20) = -1 EBADF (Bad file descriptor) [pid 5316] close(21) = -1 EBADF (Bad file descriptor) [pid 5316] close(22) = -1 EBADF (Bad file descriptor) [pid 5316] close(23) = -1 EBADF (Bad file descriptor) [pid 5316] close(24) = -1 EBADF (Bad file descriptor) [pid 5316] close(25) = -1 EBADF (Bad file descriptor) [pid 5316] close(26) = -1 EBADF (Bad file descriptor) [pid 5316] close(27) = -1 EBADF (Bad file descriptor) [pid 5316] close(28) = -1 EBADF (Bad file descriptor) [pid 5316] close(29) = -1 EBADF (Bad file descriptor) [pid 5316] exit_group(0) = ? [pid 5316] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5085] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.545270][ T5315] CPU: 1 PID: 5315 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 125.555263][ T5315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 125.565374][ T5315] Call Trace: [ 125.568704][ T5315] [ 125.571688][ T5315] dump_stack_lvl+0x136/0x150 [ 125.576444][ T5315] dump_header+0x10a/0xd70 [ 125.580938][ T5315] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 125.587109][ T5315] out_of_memory+0xd64/0x1660 [pid 5085] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./7/binderfs") = 0 [pid 5085] umount2("./7/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./7/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./7/cgroup") = 0 [pid 5085] umount2("./7/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./7/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./7/cgroup.net") = 0 [ 125.591881][ T5315] ? oom_killer_disable+0x2b0/0x2b0 [ 125.597181][ T5315] mem_cgroup_out_of_memory+0x206/0x270 [ 125.602814][ T5315] ? mem_cgroup_margin+0x130/0x130 [ 125.608126][ T5315] memory_max_write+0x2f9/0x3c0 [ 125.613069][ T5315] ? mem_cgroup_force_empty_write+0x160/0x160 [ 125.619227][ T5315] ? lock_sync+0x190/0x190 [ 125.623719][ T5315] cgroup_file_write+0x1e2/0x7b0 [ 125.628750][ T5315] ? mem_cgroup_force_empty_write+0x160/0x160 [ 125.634916][ T5315] ? kill_css+0x3b0/0x3b0 [ 125.639322][ T5315] ? lock_acquire+0x32/0xc0 [ 125.643909][ T5315] ? kill_css+0x3b0/0x3b0 [ 125.648317][ T5315] kernfs_fop_write_iter+0x3f1/0x600 [ 125.653693][ T5315] vfs_write+0x9ed/0xe10 [ 125.658024][ T5315] ? kernel_write+0x670/0x670 [ 125.662786][ T5315] ? find_held_lock+0x2d/0x110 [ 125.667631][ T5315] ? __fget_light+0x20a/0x270 [ 125.672396][ T5315] ksys_write+0x12b/0x250 [ 125.676805][ T5315] ? __ia32_sys_read+0xb0/0xb0 [ 125.681668][ T5315] ? lockdep_hardirqs_on+0x7d/0x100 [ 125.686929][ T5315] ? _raw_spin_unlock_irq+0x2e/0x50 [ 125.692200][ T5315] ? ptrace_notify+0xfe/0x140 [ 125.696951][ T5315] do_syscall_64+0x39/0xb0 [ 125.701449][ T5315] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.707414][ T5315] RIP: 0033:0x7faecf034129 [ 125.711888][ T5315] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 125.731594][ T5315] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5085] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./7/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 125.740078][ T5315] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 125.748112][ T5315] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 125.756150][ T5315] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 125.764181][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 125.772221][ T5315] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000009 [ 125.780289][ T5315] [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./7/file0") = 0 [pid 5085] umount2("./7/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./7/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./7/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./7") = 0 [pid 5085] mkdir("./8", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 10 [ 125.801105][ T5315] memory: usage 8kB, limit 0kB, failcnt 36 [ 125.809005][ T5315] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 125.825326][ T5315] Memory cgroup stats for /syz1: [ 125.825606][ T5315] anon 0 [ 125.825606][ T5315] file 0 [ 125.825606][ T5315] kernel 8192 [ 125.825606][ T5315] kernel_stack 0 [ 125.825606][ T5315] pagetables 0 [ 125.825606][ T5315] sec_pagetables 0 [ 125.825606][ T5315] percpu 0 [ 125.825606][ T5315] sock 0 [ 125.825606][ T5315] vmalloc 0 [ 125.825606][ T5315] shmem 0 [ 125.825606][ T5315] zswap 0 [ 125.825606][ T5315] zswapped 0 [ 125.825606][ T5315] file_mapped 0 [ 125.825606][ T5315] file_dirty 0 [ 125.825606][ T5315] file_writeback 0 [ 125.825606][ T5315] swapcached 0 [ 125.825606][ T5315] anon_thp 0 [ 125.825606][ T5315] file_thp 0 [ 125.825606][ T5315] shmem_thp 0 [ 125.825606][ T5315] inactive_anon 0 [ 125.825606][ T5315] active_anon 0 [ 125.825606][ T5315] inactive_file 0 [ 125.825606][ T5315] active_file 0 [ 125.825606][ T5315] unevictable 0 [ 125.825606][ T5315] slab_reclaimable 6752 [ 125.825606][ T5315] slab_unreclaimable 0 [ 125.825606][ T5315] slab 6752 [ 125.825606][ T5315] workingset_refault_anon 0 [ 125.825606][ T5315] workingset_refault_file 0 [ 125.825606][ T5315] workingset_activate_anon 0 [ 125.825606][ T5315] workingset_activate_file 0 [ 125.825606][ T5315] workingset_restore_anon 0 [ 125.825606][ T5315] workingset_restore_file 0 [ 125.825606][ T5315] workingset_nodereclaim 0 [ 125.825606][ T5315] pgscan 831 [ 125.825606][ T5315] pgsteal 2 [ 125.825606][ T5315] pgscan_kswapd 0 [ 125.825606][ T5315] pgscan_direct 831 [ 125.825606][ T5315] pgscan_khugepaged 0 [ 125.825606][ T5315] pgsteal_kswapd 0 [ 125.825606][ T5315] pgsteal_direct 2 [ 125.825606][ T5315] pgsteal_khugepaged 0 [ 125.825606][ T5315] pgfault 21 [ 125.825606][ T5315] pgmajfault 0 [ 125.825606][ T5315] pgrefill 830 [ 125.825606][ T5315] pgactivate 829 [ 125.825606][ T5315] pgdeactivate 830 [ 125.825606][ T5315] pglazyfree 0 [ 125.825606][ T5315] pglazyfreed 0 [ 125.825606][ T5315] zswpin 0 ./strace-static-x86_64: Process 5329 attached [pid 5329] chdir("./8") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [ 125.825606][ T5315] zswpout 0 [ 125.825606][ T5315] thp_fault_alloc 0 [ 125.825606][ T5315] thp_collapse_alloc 0 [ 126.030614][ T5315] Tasks state (memory values in pages): [ 126.038378][ T5315] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5329] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5329] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5329] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5315] <... write resumed>) = 18 [pid 5329] <... openat resumed>) = 3 [pid 5329] write(3, "1000", 4 [pid 5315] close(3 [pid 5329] <... write resumed>) = 4 [pid 5315] <... close resumed>) = 0 [ 126.056425][ T5315] Out of memory and no killable processes... [ 126.069016][ T5320] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 126.089626][ T5320] CPU: 1 PID: 5320 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 126.099654][ T5320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 126.109770][ T5320] Call Trace: [ 126.113092][ T5320] [ 126.116080][ T5320] dump_stack_lvl+0x136/0x150 [ 126.120829][ T5320] dump_header+0x10a/0xd70 [ 126.125313][ T5320] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 126.131479][ T5320] out_of_memory+0xd64/0x1660 [ 126.136246][ T5320] ? oom_killer_disable+0x2b0/0x2b0 [ 126.141529][ T5320] ? find_held_lock+0x2d/0x110 [ 126.146371][ T5320] mem_cgroup_out_of_memory+0x206/0x270 [ 126.152001][ T5320] ? mem_cgroup_margin+0x130/0x130 [ 126.157198][ T5320] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 126.163090][ T5320] memory_max_write+0x2f9/0x3c0 [ 126.168025][ T5320] ? mem_cgroup_force_empty_write+0x160/0x160 [ 126.174195][ T5320] ? lock_sync+0x190/0x190 [ 126.178692][ T5320] cgroup_file_write+0x1e2/0x7b0 [ 126.183711][ T5320] ? mem_cgroup_force_empty_write+0x160/0x160 [ 126.189878][ T5320] ? kill_css+0x3b0/0x3b0 [ 126.194281][ T5320] ? lock_acquire+0x32/0xc0 [ 126.198858][ T5320] ? kill_css+0x3b0/0x3b0 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] mkdir("./file0", 000) = 0 [pid 5329] open("./file0", O_RDONLY) = 3 [pid 5329] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 126.203264][ T5320] kernfs_fop_write_iter+0x3f1/0x600 [ 126.208641][ T5320] vfs_write+0x9ed/0xe10 [ 126.212972][ T5320] ? kernel_write+0x670/0x670 [ 126.217735][ T5320] ? find_held_lock+0x2d/0x110 [ 126.222577][ T5320] ? __fget_light+0x20a/0x270 [ 126.227341][ T5320] ksys_write+0x12b/0x250 [ 126.231746][ T5320] ? __ia32_sys_read+0xb0/0xb0 [ 126.236580][ T5320] ? lockdep_hardirqs_on+0x7d/0x100 [ 126.241867][ T5320] ? _raw_spin_unlock_irq+0x2e/0x50 [ 126.247139][ T5320] ? ptrace_notify+0xfe/0x140 [ 126.251897][ T5320] do_syscall_64+0x39/0xb0 [pid 5329] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5329] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5329] openat(5, "memory.max", O_RDWR) = 6 [pid 5329] write(6, "0x000000000000040e", 18 [pid 5315] close(4) = 0 [pid 5315] close(5) = 0 [ 126.256407][ T5320] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.262377][ T5320] RIP: 0033:0x7faecf034129 [ 126.266851][ T5320] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 126.286527][ T5320] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 126.295022][ T5320] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5315] close(6) = 0 [pid 5315] close(7) = -1 EBADF (Bad file descriptor) [pid 5315] close(8) = -1 EBADF (Bad file descriptor) [pid 5315] close(9) = -1 EBADF (Bad file descriptor) [pid 5315] close(10) = -1 EBADF (Bad file descriptor) [pid 5315] close(11) = -1 EBADF (Bad file descriptor) [pid 5315] close(12) = -1 EBADF (Bad file descriptor) [pid 5315] close(13) = -1 EBADF (Bad file descriptor) [pid 5315] close(14) = -1 EBADF (Bad file descriptor) [pid 5315] close(15) = -1 EBADF (Bad file descriptor) [pid 5315] close(16) = -1 EBADF (Bad file descriptor) [pid 5315] close(17) = -1 EBADF (Bad file descriptor) [pid 5315] close(18) = -1 EBADF (Bad file descriptor) [pid 5315] close(19) = -1 EBADF (Bad file descriptor) [pid 5315] close(20) = -1 EBADF (Bad file descriptor) [pid 5315] close(21) = -1 EBADF (Bad file descriptor) [pid 5315] close(22) = -1 EBADF (Bad file descriptor) [pid 5315] close(23) = -1 EBADF (Bad file descriptor) [pid 5315] close(24) = -1 EBADF (Bad file descriptor) [pid 5315] close(25) = -1 EBADF (Bad file descriptor) [pid 5315] close(26) = -1 EBADF (Bad file descriptor) [pid 5315] close(27) = -1 EBADF (Bad file descriptor) [pid 5315] close(28) = -1 EBADF (Bad file descriptor) [pid 5315] close(29) = -1 EBADF (Bad file descriptor) [pid 5315] exit_group(0) = ? [pid 5315] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [ 126.303045][ T5320] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 126.311095][ T5320] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 126.319129][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 126.327171][ T5320] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000b [ 126.335239][ T5320] [pid 5087] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./9/binderfs") = 0 [pid 5087] umount2("./9/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./9/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./9/cgroup") = 0 [pid 5087] umount2("./9/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./9/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./9/cgroup.net") = 0 [pid 5087] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./9/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./9/file0") = 0 [pid 5087] umount2("./9/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./9/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./9/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./9") = 0 [pid 5087] mkdir("./10", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5336 attached [pid 5336] chdir("./10" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 12 [pid 5336] <... chdir resumed>) = 0 [pid 5336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5336] setpgid(0, 0) = 0 [pid 5336] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5336] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5336] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5336] write(3, "1000", 4) = 4 [pid 5336] close(3) = 0 [pid 5336] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5336] mkdir("./file0", 000) = 0 [pid 5336] open("./file0", O_RDONLY) = 3 [pid 5336] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5336] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5336] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5336] openat(5, "memory.max", O_RDWR) = 6 [ 126.550467][ T5320] memory: usage 8kB, limit 0kB, failcnt 36 [ 126.558143][ T5320] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 126.570691][ T5320] Memory cgroup stats for /syz1: [ 126.570970][ T5320] anon 0 [ 126.570970][ T5320] file 0 [ 126.570970][ T5320] kernel 8192 [ 126.570970][ T5320] kernel_stack 0 [ 126.570970][ T5320] pagetables 0 [ 126.570970][ T5320] sec_pagetables 0 [ 126.570970][ T5320] percpu 0 [ 126.570970][ T5320] sock 0 [ 126.570970][ T5320] vmalloc 0 [ 126.570970][ T5320] shmem 0 [ 126.570970][ T5320] zswap 0 [ 126.570970][ T5320] zswapped 0 [ 126.570970][ T5320] file_mapped 0 [ 126.570970][ T5320] file_dirty 0 [ 126.570970][ T5320] file_writeback 0 [ 126.570970][ T5320] swapcached 0 [ 126.570970][ T5320] anon_thp 0 [ 126.570970][ T5320] file_thp 0 [ 126.570970][ T5320] shmem_thp 0 [ 126.570970][ T5320] inactive_anon 0 [ 126.570970][ T5320] active_anon 0 [ 126.570970][ T5320] inactive_file 0 [ 126.570970][ T5320] active_file 0 [ 126.570970][ T5320] unevictable 0 [ 126.570970][ T5320] slab_reclaimable 6752 [ 126.570970][ T5320] slab_unreclaimable 0 [ 126.570970][ T5320] slab 6752 [ 126.570970][ T5320] workingset_refault_anon 0 [ 126.570970][ T5320] workingset_refault_file 0 [ 126.570970][ T5320] workingset_activate_anon 0 [ 126.570970][ T5320] workingset_activate_file 0 [ 126.570970][ T5320] workingset_restore_anon 0 [ 126.570970][ T5320] workingset_restore_file 0 [ 126.570970][ T5320] workingset_nodereclaim 0 [ 126.570970][ T5320] pgscan 831 [ 126.570970][ T5320] pgsteal 2 [ 126.570970][ T5320] pgscan_kswapd 0 [ 126.570970][ T5320] pgscan_direct 831 [ 126.570970][ T5320] pgscan_khugepaged 0 [ 126.570970][ T5320] pgsteal_kswapd 0 [ 126.570970][ T5320] pgsteal_direct 2 [ 126.570970][ T5320] pgsteal_khugepaged 0 [ 126.570970][ T5320] pgfault 21 [ 126.570970][ T5320] pgmajfault 0 [ 126.570970][ T5320] pgrefill 830 [ 126.570970][ T5320] pgactivate 829 [ 126.570970][ T5320] pgdeactivate 830 [ 126.570970][ T5320] pglazyfree 0 [ 126.570970][ T5320] pglazyfreed 0 [ 126.570970][ T5320] zswpin 0 [ 126.570970][ T5320] zswpout 0 [ 126.570970][ T5320] thp_fault_alloc 0 [ 126.570970][ T5320] thp_collapse_alloc 0 [ 126.761778][ T5320] Tasks state (memory values in pages): [ 126.775694][ T5320] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 126.789865][ T5320] Out of memory and no killable processes... [pid 5336] write(6, "0x000000000000040e", 18 [pid 5320] <... write resumed>) = 18 [pid 5320] close(3) = 0 [pid 5320] close(4) = 0 [pid 5320] close(5) = 0 [pid 5320] close(6) = 0 [pid 5320] close(7) = -1 EBADF (Bad file descriptor) [pid 5320] close(8) = -1 EBADF (Bad file descriptor) [pid 5320] close(9) = -1 EBADF (Bad file descriptor) [pid 5320] close(10) = -1 EBADF (Bad file descriptor) [pid 5320] close(11) = -1 EBADF (Bad file descriptor) [pid 5320] close(12) = -1 EBADF (Bad file descriptor) [pid 5320] close(13) = -1 EBADF (Bad file descriptor) [pid 5320] close(14) = -1 EBADF (Bad file descriptor) [pid 5320] close(15) = -1 EBADF (Bad file descriptor) [pid 5320] close(16) = -1 EBADF (Bad file descriptor) [pid 5320] close(17) = -1 EBADF (Bad file descriptor) [ 126.798824][ T5325] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 126.816899][ T5325] CPU: 1 PID: 5325 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 126.826911][ T5325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 126.837024][ T5325] Call Trace: [ 126.840365][ T5325] [ 126.843362][ T5325] dump_stack_lvl+0x136/0x150 [pid 5320] close(18) = -1 EBADF (Bad file descriptor) [pid 5320] close(19) = -1 EBADF (Bad file descriptor) [pid 5320] close(20) = -1 EBADF (Bad file descriptor) [pid 5320] close(21) = -1 EBADF (Bad file descriptor) [pid 5320] close(22) = -1 EBADF (Bad file descriptor) [pid 5320] close(23) = -1 EBADF (Bad file descriptor) [pid 5320] close(24) = -1 EBADF (Bad file descriptor) [pid 5320] close(25) = -1 EBADF (Bad file descriptor) [pid 5320] close(26) = -1 EBADF (Bad file descriptor) [pid 5320] close(27) = -1 EBADF (Bad file descriptor) [pid 5320] close(28) = -1 EBADF (Bad file descriptor) [pid 5320] close(29) = -1 EBADF (Bad file descriptor) [pid 5320] exit_group(0) = ? [pid 5320] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 126.848116][ T5325] dump_header+0x10a/0xd70 [ 126.852642][ T5325] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 126.858818][ T5325] out_of_memory+0xd64/0x1660 [ 126.863595][ T5325] ? oom_killer_disable+0x2b0/0x2b0 [ 126.868939][ T5325] mem_cgroup_out_of_memory+0x206/0x270 [ 126.874570][ T5325] ? mem_cgroup_margin+0x130/0x130 [ 126.879799][ T5325] memory_max_write+0x2f9/0x3c0 [ 126.884789][ T5325] ? mem_cgroup_force_empty_write+0x160/0x160 [ 126.890958][ T5325] ? lock_sync+0x190/0x190 [ 126.895465][ T5325] cgroup_file_write+0x1e2/0x7b0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./11/binderfs") = 0 [pid 5090] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./11/cgroup") = 0 [pid 5090] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./11/cgroup.net") = 0 [ 126.900503][ T5325] ? mem_cgroup_force_empty_write+0x160/0x160 [ 126.906677][ T5325] ? kill_css+0x3b0/0x3b0 [ 126.911094][ T5325] ? lock_acquire+0x32/0xc0 [ 126.915686][ T5325] ? kill_css+0x3b0/0x3b0 [ 126.920105][ T5325] kernfs_fop_write_iter+0x3f1/0x600 [ 126.925493][ T5325] vfs_write+0x9ed/0xe10 [ 126.929831][ T5325] ? kernel_write+0x670/0x670 [ 126.934563][ T5325] ? find_held_lock+0x2d/0x110 [ 126.939399][ T5325] ? __fget_light+0x20a/0x270 [ 126.944131][ T5325] ksys_write+0x12b/0x250 [ 126.948510][ T5325] ? __ia32_sys_read+0xb0/0xb0 [ 126.953320][ T5325] ? lockdep_hardirqs_on+0x7d/0x100 [ 126.958565][ T5325] ? _raw_spin_unlock_irq+0x2e/0x50 [ 126.963805][ T5325] ? ptrace_notify+0xfe/0x140 [ 126.968527][ T5325] do_syscall_64+0x39/0xb0 [ 126.972989][ T5325] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.978921][ T5325] RIP: 0033:0x7faecf034129 [ 126.983378][ T5325] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 127.003017][ T5325] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 127.011460][ T5325] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 127.019454][ T5325] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 127.027449][ T5325] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 127.035447][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 127.043448][ T5325] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000b [pid 5090] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./11/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./11/file0") = 0 [pid 5090] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./11/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./11/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 127.051469][ T5325] [ 127.056036][ T5325] memory: usage 8kB, limit 0kB, failcnt 36 [ 127.084030][ T5325] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 127.094512][ T5325] Memory cgroup stats for /syz1: [ 127.094904][ T5325] anon 0 [pid 5090] close(3) = 0 [ 127.094904][ T5325] file 0 [ 127.094904][ T5325] kernel 8192 [ 127.094904][ T5325] kernel_stack 0 [ 127.094904][ T5325] pagetables 0 [ 127.094904][ T5325] sec_pagetables 0 [ 127.094904][ T5325] percpu 0 [ 127.094904][ T5325] sock 0 [ 127.094904][ T5325] vmalloc 0 [ 127.094904][ T5325] shmem 0 [ 127.094904][ T5325] zswap 0 [ 127.094904][ T5325] zswapped 0 [ 127.094904][ T5325] file_mapped 0 [ 127.094904][ T5325] file_dirty 0 [ 127.094904][ T5325] file_writeback 0 [ 127.094904][ T5325] swapcached 0 [ 127.094904][ T5325] anon_thp 0 [pid 5090] rmdir("./11") = 0 [pid 5090] mkdir("./12", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5338 attached [pid 5338] chdir("./12" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 14 [pid 5338] <... chdir resumed>) = 0 [pid 5338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5338] setpgid(0, 0) = 0 [pid 5338] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5338] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5338] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5338] write(3, "1000", 4) = 4 [pid 5338] close(3) = 0 [pid 5338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5338] mkdir("./file0", 000) = 0 [pid 5338] open("./file0", O_RDONLY) = 3 [pid 5338] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5338] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5338] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 127.094904][ T5325] file_thp 0 [ 127.094904][ T5325] shmem_thp 0 [ 127.094904][ T5325] inactive_anon 0 [ 127.094904][ T5325] active_anon 0 [ 127.094904][ T5325] inactive_file 0 [ 127.094904][ T5325] active_file 0 [ 127.094904][ T5325] unevictable 0 [ 127.094904][ T5325] slab_reclaimable 6752 [ 127.094904][ T5325] slab_unreclaimable 0 [ 127.094904][ T5325] slab 6752 [ 127.094904][ T5325] workingset_refault_anon 0 [ 127.094904][ T5325] workingset_refault_file 0 [ 127.094904][ T5325] workingset_activate_anon 0 [ 127.094904][ T5325] workingset_activate_file 0 [pid 5338] openat(5, "memory.max", O_RDWR) = 6 [ 127.094904][ T5325] workingset_restore_anon 0 [ 127.094904][ T5325] workingset_restore_file 0 [ 127.094904][ T5325] workingset_nodereclaim 0 [ 127.094904][ T5325] pgscan 831 [ 127.094904][ T5325] pgsteal 2 [ 127.094904][ T5325] pgscan_kswapd 0 [ 127.094904][ T5325] pgscan_direct 831 [ 127.094904][ T5325] pgscan_khugepaged 0 [ 127.094904][ T5325] pgsteal_kswapd 0 [ 127.094904][ T5325] pgsteal_direct 2 [ 127.094904][ T5325] pgsteal_khugepaged 0 [ 127.094904][ T5325] pgfault 21 [ 127.094904][ T5325] pgmajfault 0 [ 127.094904][ T5325] pgrefill 830 [ 127.094904][ T5325] pgactivate 829 [ 127.094904][ T5325] pgdeactivate 830 [ 127.094904][ T5325] pglazyfree 0 [ 127.094904][ T5325] pglazyfreed 0 [ 127.094904][ T5325] zswpin 0 [ 127.094904][ T5325] zswpout 0 [ 127.094904][ T5325] thp_fault_alloc 0 [ 127.094904][ T5325] thp_collapse_alloc 0 [ 127.285923][ T5325] Tasks state (memory values in pages): [pid 5338] write(6, "0x000000000000040e", 18 [pid 5325] <... write resumed>) = 18 [ 127.299005][ T5325] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 127.308667][ T5325] Out of memory and no killable processes... [ 127.324254][ T5326] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 127.340679][ T5326] CPU: 1 PID: 5326 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 127.350655][ T5326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 127.360767][ T5326] Call Trace: [ 127.364086][ T5326] [ 127.367068][ T5326] dump_stack_lvl+0x136/0x150 [ 127.371821][ T5326] dump_header+0x10a/0xd70 [ 127.376301][ T5326] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 127.382478][ T5326] out_of_memory+0xd64/0x1660 [ 127.387258][ T5326] ? oom_killer_disable+0x2b0/0x2b0 [ 127.392550][ T5326] mem_cgroup_out_of_memory+0x206/0x270 [ 127.398172][ T5326] ? mem_cgroup_margin+0x130/0x130 [ 127.403385][ T5326] memory_max_write+0x2f9/0x3c0 [ 127.408321][ T5326] ? mem_cgroup_force_empty_write+0x160/0x160 [ 127.414498][ T5326] ? lock_sync+0x190/0x190 [ 127.419009][ T5326] cgroup_file_write+0x1e2/0x7b0 [ 127.424041][ T5326] ? mem_cgroup_force_empty_write+0x160/0x160 [ 127.430199][ T5326] ? kill_css+0x3b0/0x3b0 [ 127.434611][ T5326] ? lock_acquire+0x32/0xc0 [ 127.439208][ T5326] ? kill_css+0x3b0/0x3b0 [ 127.443614][ T5326] kernfs_fop_write_iter+0x3f1/0x600 [ 127.448973][ T5326] vfs_write+0x9ed/0xe10 [ 127.453296][ T5326] ? kernel_write+0x670/0x670 [ 127.458057][ T5326] ? find_held_lock+0x2d/0x110 [ 127.462894][ T5326] ? __fget_light+0x20a/0x270 [ 127.467656][ T5326] ksys_write+0x12b/0x250 [ 127.472070][ T5326] ? __ia32_sys_read+0xb0/0xb0 [ 127.476931][ T5326] ? lockdep_hardirqs_on+0x7d/0x100 [ 127.482207][ T5326] ? _raw_spin_unlock_irq+0x2e/0x50 [ 127.487491][ T5326] ? ptrace_notify+0xfe/0x140 [ 127.492243][ T5326] do_syscall_64+0x39/0xb0 [ 127.496754][ T5326] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.502724][ T5326] RIP: 0033:0x7faecf034129 [ 127.507201][ T5326] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 127.526877][ T5326] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 127.535365][ T5326] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 127.543406][ T5326] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5325] close(3) = 0 [ 127.551405][ T5326] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 127.559404][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 127.567404][ T5326] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000008 [ 127.575425][ T5326] [ 127.586230][ T5326] memory: usage 8kB, limit 0kB, failcnt 36 [ 127.592411][ T5326] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 127.599566][ T5326] Memory cgroup stats for /syz1: [ 127.599852][ T5326] anon 0 [ 127.599852][ T5326] file 0 [ 127.599852][ T5326] kernel 8192 [ 127.599852][ T5326] kernel_stack 0 [ 127.599852][ T5326] pagetables 0 [ 127.599852][ T5326] sec_pagetables 0 [ 127.599852][ T5326] percpu 0 [ 127.599852][ T5326] sock 0 [ 127.599852][ T5326] vmalloc 0 [ 127.599852][ T5326] shmem 0 [ 127.599852][ T5326] zswap 0 [ 127.599852][ T5326] zswapped 0 [ 127.599852][ T5326] file_mapped 0 [ 127.599852][ T5326] file_dirty 0 [ 127.599852][ T5326] file_writeback 0 [ 127.599852][ T5326] swapcached 0 [ 127.599852][ T5326] anon_thp 0 [ 127.599852][ T5326] file_thp 0 [ 127.599852][ T5326] shmem_thp 0 [ 127.599852][ T5326] inactive_anon 0 [ 127.599852][ T5326] active_anon 0 [ 127.599852][ T5326] inactive_file 0 [ 127.599852][ T5326] active_file 0 [ 127.599852][ T5326] unevictable 0 [ 127.599852][ T5326] slab_reclaimable 6752 [ 127.599852][ T5326] slab_unreclaimable 0 [ 127.599852][ T5326] slab 6752 [ 127.599852][ T5326] workingset_refault_anon 0 [ 127.599852][ T5326] workingset_refault_file 0 [ 127.599852][ T5326] workingset_activate_anon 0 [ 127.599852][ T5326] workingset_activate_file 0 [ 127.599852][ T5326] workingset_restore_anon 0 [ 127.599852][ T5326] workingset_restore_file 0 [ 127.599852][ T5326] workingset_nodereclaim 0 [ 127.599852][ T5326] pgscan 831 [ 127.599852][ T5326] pgsteal 2 [ 127.599852][ T5326] pgscan_kswapd 0 [ 127.599852][ T5326] pgscan_direct 831 [ 127.599852][ T5326] pgscan_khugepaged 0 [ 127.599852][ T5326] pgsteal_kswapd 0 [ 127.599852][ T5326] pgsteal_direct 2 [ 127.599852][ T5326] pgsteal_khugepaged 0 [ 127.599852][ T5326] pgfault 21 [ 127.599852][ T5326] pgmajfault 0 [pid 5325] close(4) = 0 [pid 5325] close(5) = 0 [pid 5325] close(6) = 0 [pid 5325] close(7) = -1 EBADF (Bad file descriptor) [pid 5325] close(8) = -1 EBADF (Bad file descriptor) [pid 5325] close(9) = -1 EBADF (Bad file descriptor) [pid 5325] close(10) = -1 EBADF (Bad file descriptor) [pid 5325] close(11) = -1 EBADF (Bad file descriptor) [pid 5325] close(12) = -1 EBADF (Bad file descriptor) [pid 5325] close(13) = -1 EBADF (Bad file descriptor) [pid 5325] close(14) = -1 EBADF (Bad file descriptor) [pid 5325] close(15) = -1 EBADF (Bad file descriptor) [pid 5325] close(16) = -1 EBADF (Bad file descriptor) [pid 5325] close(17) = -1 EBADF (Bad file descriptor) [pid 5325] close(18) = -1 EBADF (Bad file descriptor) [pid 5325] close(19) = -1 EBADF (Bad file descriptor) [pid 5325] close(20) = -1 EBADF (Bad file descriptor) [pid 5325] close(21) = -1 EBADF (Bad file descriptor) [pid 5325] close(22) = -1 EBADF (Bad file descriptor) [pid 5325] close(23) = -1 EBADF (Bad file descriptor) [pid 5325] close(24) = -1 EBADF (Bad file descriptor) [pid 5325] close(25) = -1 EBADF (Bad file descriptor) [pid 5325] close(26) = -1 EBADF (Bad file descriptor) [pid 5325] close(27) = -1 EBADF (Bad file descriptor) [pid 5325] close(28) = -1 EBADF (Bad file descriptor) [pid 5325] close(29) = -1 EBADF (Bad file descriptor) [pid 5325] exit_group(0) = ? [pid 5325] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5089] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 127.599852][ T5326] pgrefill 830 [ 127.599852][ T5326] pgactivate 829 [ 127.599852][ T5326] pgdeactivate 830 [ 127.599852][ T5326] pglazyfree 0 [ 127.599852][ T5326] pglazyfreed 0 [ 127.599852][ T5326] zswpin 0 [ 127.599852][ T5326] zswpout 0 [ 127.599852][ T5326] thp_fault_alloc 0 [ 127.599852][ T5326] thp_collapse_alloc 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./11/binderfs") = 0 [pid 5089] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./11/cgroup") = 0 [pid 5089] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./11/cgroup.net") = 0 [pid 5089] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./11/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./11/file0") = 0 [pid 5089] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./11/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./11/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./11") = 0 [pid 5089] mkdir("./12", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5344 attached , child_tidptr=0x555555c0c5d0) = 14 [pid 5344] chdir("./12") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5344] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5344] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] mkdir("./file0", 000) = 0 [pid 5344] open("./file0", O_RDONLY) = 3 [pid 5344] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5344] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 127.886486][ T5326] Tasks state (memory values in pages): [ 127.903535][ T5326] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5344] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5326] <... write resumed>) = 18 [ 127.940746][ T5326] Out of memory and no killable processes... [ 127.948119][ T5329] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 127.959209][ T5329] CPU: 0 PID: 5329 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 127.969182][ T5329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 127.979319][ T5329] Call Trace: [ 127.982642][ T5329] [ 127.985617][ T5329] dump_stack_lvl+0x136/0x150 [ 127.990362][ T5329] dump_header+0x10a/0xd70 [ 127.994845][ T5329] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 128.001004][ T5329] out_of_memory+0xd64/0x1660 [ 128.005758][ T5329] ? oom_killer_disable+0x2b0/0x2b0 [ 128.011048][ T5329] mem_cgroup_out_of_memory+0x206/0x270 [ 128.016671][ T5329] ? mem_cgroup_margin+0x130/0x130 [ 128.021891][ T5329] memory_max_write+0x2f9/0x3c0 [ 128.026817][ T5329] ? mem_cgroup_force_empty_write+0x160/0x160 [ 128.032968][ T5329] ? lock_sync+0x190/0x190 [ 128.037455][ T5329] cgroup_file_write+0x1e2/0x7b0 [ 128.042469][ T5329] ? mem_cgroup_force_empty_write+0x160/0x160 [ 128.048612][ T5329] ? kill_css+0x3b0/0x3b0 [ 128.053018][ T5329] ? lock_acquire+0x32/0xc0 [ 128.057594][ T5329] ? kill_css+0x3b0/0x3b0 [ 128.062013][ T5329] kernfs_fop_write_iter+0x3f1/0x600 [ 128.067410][ T5329] vfs_write+0x9ed/0xe10 [ 128.071731][ T5329] ? kernel_write+0x670/0x670 [ 128.076486][ T5329] ? find_held_lock+0x2d/0x110 [ 128.081333][ T5329] ? __fget_light+0x20a/0x270 [ 128.086117][ T5329] ksys_write+0x12b/0x250 [ 128.090559][ T5329] ? __ia32_sys_read+0xb0/0xb0 [ 128.095401][ T5329] ? lockdep_hardirqs_on+0x7d/0x100 [ 128.100671][ T5329] ? _raw_spin_unlock_irq+0x2e/0x50 [ 128.105952][ T5329] ? ptrace_notify+0xfe/0x140 [ 128.110698][ T5329] do_syscall_64+0x39/0xb0 [ 128.115194][ T5329] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.121154][ T5329] RIP: 0033:0x7faecf034129 [ 128.125620][ T5329] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 128.145292][ T5329] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 128.153778][ T5329] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 128.161803][ T5329] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 128.169844][ T5329] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 128.177867][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5344] openat(5, "memory.max", O_RDWR [pid 5326] close(3 [pid 5344] <... openat resumed>) = 6 [pid 5326] <... close resumed>) = 0 [pid 5344] write(6, "0x000000000000040e", 18 [pid 5326] close(4) = 0 [ 128.185892][ T5329] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000008 [ 128.193947][ T5329] [pid 5326] close(5) = 0 [pid 5326] close(6) = 0 [pid 5326] close(7) = -1 EBADF (Bad file descriptor) [pid 5326] close(8) = -1 EBADF (Bad file descriptor) [pid 5326] close(9) = -1 EBADF (Bad file descriptor) [pid 5326] close(10) = -1 EBADF (Bad file descriptor) [pid 5326] close(11) = -1 EBADF (Bad file descriptor) [ 128.211242][ T5329] memory: usage 8kB, limit 0kB, failcnt 36 [ 128.226705][ T5329] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 128.234546][ T5329] Memory cgroup stats for /syz1: [ 128.234796][ T5329] anon 0 [ 128.234796][ T5329] file 0 [ 128.234796][ T5329] kernel 8192 [ 128.234796][ T5329] kernel_stack 0 [ 128.234796][ T5329] pagetables 0 [ 128.234796][ T5329] sec_pagetables 0 [ 128.234796][ T5329] percpu 0 [ 128.234796][ T5329] sock 0 [ 128.234796][ T5329] vmalloc 0 [ 128.234796][ T5329] shmem 0 [pid 5326] close(12) = -1 EBADF (Bad file descriptor) [pid 5326] close(13) = -1 EBADF (Bad file descriptor) [pid 5326] close(14) = -1 EBADF (Bad file descriptor) [pid 5326] close(15) = -1 EBADF (Bad file descriptor) [pid 5326] close(16) = -1 EBADF (Bad file descriptor) [pid 5326] close(17) = -1 EBADF (Bad file descriptor) [pid 5326] close(18) = -1 EBADF (Bad file descriptor) [pid 5326] close(19) = -1 EBADF (Bad file descriptor) [pid 5326] close(20) = -1 EBADF (Bad file descriptor) [ 128.234796][ T5329] zswap 0 [ 128.234796][ T5329] zswapped 0 [ 128.234796][ T5329] file_mapped 0 [ 128.234796][ T5329] file_dirty 0 [ 128.234796][ T5329] file_writeback 0 [ 128.234796][ T5329] swapcached 0 [ 128.234796][ T5329] anon_thp 0 [ 128.234796][ T5329] file_thp 0 [ 128.234796][ T5329] shmem_thp 0 [ 128.234796][ T5329] inactive_anon 0 [ 128.234796][ T5329] active_anon 0 [ 128.234796][ T5329] inactive_file 0 [ 128.234796][ T5329] active_file 0 [ 128.234796][ T5329] unevictable 0 [ 128.234796][ T5329] slab_reclaimable 6752 [ 128.234796][ T5329] slab_unreclaimable 0 [ 128.234796][ T5329] slab 6752 [ 128.234796][ T5329] workingset_refault_anon 0 [ 128.234796][ T5329] workingset_refault_file 0 [ 128.234796][ T5329] workingset_activate_anon 0 [ 128.234796][ T5329] workingset_activate_file 0 [ 128.234796][ T5329] workingset_restore_anon 0 [ 128.234796][ T5329] workingset_restore_file 0 [ 128.234796][ T5329] workingset_nodereclaim 0 [ 128.234796][ T5329] pgscan 831 [ 128.234796][ T5329] pgsteal 2 [ 128.234796][ T5329] pgscan_kswapd 0 [ 128.234796][ T5329] pgscan_direct 831 [pid 5326] close(21) = -1 EBADF (Bad file descriptor) [pid 5326] close(22) = -1 EBADF (Bad file descriptor) [pid 5326] close(23) = -1 EBADF (Bad file descriptor) [pid 5326] close(24) = -1 EBADF (Bad file descriptor) [pid 5326] close(25) = -1 EBADF (Bad file descriptor) [pid 5326] close(26) = -1 EBADF (Bad file descriptor) [pid 5326] close(27) = -1 EBADF (Bad file descriptor) [pid 5326] close(28) = -1 EBADF (Bad file descriptor) [pid 5326] close(29) = -1 EBADF (Bad file descriptor) [pid 5326] exit_group(0) = ? [pid 5326] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./8/binderfs") = 0 [pid 5086] umount2("./8/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./8/cgroup") = 0 [pid 5086] umount2("./8/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./8/cgroup.net") = 0 [pid 5086] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./8/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./8/file0") = 0 [pid 5086] umount2("./8/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 128.234796][ T5329] pgscan_khugepaged 0 [ 128.234796][ T5329] pgsteal_kswapd 0 [ 128.234796][ T5329] pgsteal_direct 2 [ 128.234796][ T5329] pgsteal_khugepaged 0 [ 128.234796][ T5329] pgfault 21 [ 128.234796][ T5329] pgmajfault 0 [ 128.234796][ T5329] pgrefill 830 [ 128.234796][ T5329] pgactivate 829 [ 128.234796][ T5329] pgdeactivate 830 [ 128.234796][ T5329] pglazyfree 0 [ 128.234796][ T5329] pglazyfreed 0 [ 128.234796][ T5329] zswpin 0 [ 128.234796][ T5329] zswpout 0 [ 128.234796][ T5329] thp_fault_alloc 0 [ 128.234796][ T5329] thp_collapse_alloc 0 [pid 5086] lstat("./8/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./8/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./8") = 0 [pid 5086] mkdir("./9", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5349 attached [pid 5349] chdir("./9" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 11 [pid 5349] <... chdir resumed>) = 0 [pid 5349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5349] setpgid(0, 0) = 0 [pid 5349] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5349] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5349] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5349] write(3, "1000", 4) = 4 [pid 5349] close(3) = 0 [pid 5349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5349] mkdir("./file0", 000) = 0 [pid 5349] open("./file0", O_RDONLY) = 3 [pid 5349] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5349] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5349] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5349] openat(5, "memory.max", O_RDWR) = 6 [pid 5349] write(6, "0x000000000000040e", 18 [pid 5329] <... write resumed>) = 18 [pid 5329] close(3) = 0 [ 128.569596][ T5329] Tasks state (memory values in pages): [ 128.575651][ T5329] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 128.606540][ T5329] Out of memory and no killable processes... [pid 5329] close(4) = 0 [pid 5329] close(5) = 0 [pid 5329] close(6) = 0 [pid 5329] close(7) = -1 EBADF (Bad file descriptor) [pid 5329] close(8) = -1 EBADF (Bad file descriptor) [pid 5329] close(9) = -1 EBADF (Bad file descriptor) [pid 5329] close(10) = -1 EBADF (Bad file descriptor) [pid 5329] close(11) = -1 EBADF (Bad file descriptor) [pid 5329] close(12) = -1 EBADF (Bad file descriptor) [pid 5329] close(13) = -1 EBADF (Bad file descriptor) [pid 5329] close(14) = -1 EBADF (Bad file descriptor) [pid 5329] close(15) = -1 EBADF (Bad file descriptor) [pid 5329] close(16) = -1 EBADF (Bad file descriptor) [pid 5329] close(17) = -1 EBADF (Bad file descriptor) [pid 5329] close(18) = -1 EBADF (Bad file descriptor) [pid 5329] close(19) = -1 EBADF (Bad file descriptor) [pid 5329] close(20) = -1 EBADF (Bad file descriptor) [pid 5329] close(21) = -1 EBADF (Bad file descriptor) [pid 5329] close(22) = -1 EBADF (Bad file descriptor) [pid 5329] close(23) = -1 EBADF (Bad file descriptor) [ 128.628042][ T5336] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 128.652811][ T5336] CPU: 0 PID: 5336 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 128.662805][ T5336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 128.672922][ T5336] Call Trace: [pid 5329] close(24) = -1 EBADF (Bad file descriptor) [pid 5329] close(25) = -1 EBADF (Bad file descriptor) [pid 5329] close(26) = -1 EBADF (Bad file descriptor) [pid 5329] close(27) = -1 EBADF (Bad file descriptor) [pid 5329] close(28) = -1 EBADF (Bad file descriptor) [pid 5329] close(29) = -1 EBADF (Bad file descriptor) [pid 5329] exit_group(0) = ? [pid 5329] +++ exited with 0 +++ [ 128.676252][ T5336] [ 128.679235][ T5336] dump_stack_lvl+0x136/0x150 [ 128.683988][ T5336] dump_header+0x10a/0xd70 [ 128.688467][ T5336] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 128.694623][ T5336] out_of_memory+0xd64/0x1660 [ 128.699383][ T5336] ? oom_killer_disable+0x2b0/0x2b0 [ 128.704662][ T5336] ? find_held_lock+0x2d/0x110 [ 128.709515][ T5336] mem_cgroup_out_of_memory+0x206/0x270 [ 128.715139][ T5336] ? mem_cgroup_margin+0x130/0x130 [ 128.720338][ T5336] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 128.726228][ T5336] memory_max_write+0x2f9/0x3c0 [ 128.731166][ T5336] ? mem_cgroup_force_empty_write+0x160/0x160 [ 128.737326][ T5336] ? lock_sync+0x190/0x190 [ 128.741814][ T5336] cgroup_file_write+0x1e2/0x7b0 [ 128.746832][ T5336] ? mem_cgroup_force_empty_write+0x160/0x160 [ 128.752978][ T5336] ? kill_css+0x3b0/0x3b0 [ 128.757388][ T5336] ? lock_acquire+0x32/0xc0 [ 128.761974][ T5336] ? kill_css+0x3b0/0x3b0 [ 128.766378][ T5336] kernfs_fop_write_iter+0x3f1/0x600 [ 128.771740][ T5336] vfs_write+0x9ed/0xe10 [ 128.776069][ T5336] ? kernel_write+0x670/0x670 [ 128.780825][ T5336] ? find_held_lock+0x2d/0x110 [ 128.785665][ T5336] ? __fget_light+0x20a/0x270 [ 128.790435][ T5336] ksys_write+0x12b/0x250 [ 128.794853][ T5336] ? __ia32_sys_read+0xb0/0xb0 [ 128.799696][ T5336] ? lockdep_hardirqs_on+0x7d/0x100 [ 128.804963][ T5336] ? _raw_spin_unlock_irq+0x2e/0x50 [ 128.810236][ T5336] ? ptrace_notify+0xfe/0x140 [ 128.814988][ T5336] do_syscall_64+0x39/0xb0 [ 128.819480][ T5336] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.825449][ T5336] RIP: 0033:0x7faecf034129 [ 128.829916][ T5336] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 128.849702][ T5336] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 128.858198][ T5336] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 128.866243][ T5336] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5085] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./8/binderfs") = 0 [pid 5085] umount2("./8/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./8/cgroup") = 0 [pid 5085] umount2("./8/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./8/cgroup.net") = 0 [pid 5085] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./8/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./8/file0") = 0 [pid 5085] umount2("./8/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./8/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 128.874271][ T5336] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 128.882299][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 128.890320][ T5336] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000a [ 128.898376][ T5336] [pid 5085] unlink("./8/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./8") = 0 [pid 5085] mkdir("./9", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 11 ./strace-static-x86_64: Process 5354 attached [ 128.937719][ T5336] memory: usage 8kB, limit 0kB, failcnt 36 [ 128.945951][ T5336] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 128.961262][ T5336] Memory cgroup stats for /syz1: [ 128.961553][ T5336] anon 0 [ 128.961553][ T5336] file 0 [ 128.961553][ T5336] kernel 8192 [ 128.961553][ T5336] kernel_stack 0 [ 128.961553][ T5336] pagetables 0 [ 128.961553][ T5336] sec_pagetables 0 [ 128.961553][ T5336] percpu 0 [ 128.961553][ T5336] sock 0 [ 128.961553][ T5336] vmalloc 0 [ 128.961553][ T5336] shmem 0 [ 128.961553][ T5336] zswap 0 [ 128.961553][ T5336] zswapped 0 [ 128.961553][ T5336] file_mapped 0 [ 128.961553][ T5336] file_dirty 0 [ 128.961553][ T5336] file_writeback 0 [ 128.961553][ T5336] swapcached 0 [ 128.961553][ T5336] anon_thp 0 [ 128.961553][ T5336] file_thp 0 [ 128.961553][ T5336] shmem_thp 0 [ 128.961553][ T5336] inactive_anon 0 [ 128.961553][ T5336] active_anon 0 [ 128.961553][ T5336] inactive_file 0 [ 128.961553][ T5336] active_file 0 [ 128.961553][ T5336] unevictable 0 [ 128.961553][ T5336] slab_reclaimable 6752 [ 128.961553][ T5336] slab_unreclaimable 0 [ 128.961553][ T5336] slab 6752 [ 128.961553][ T5336] workingset_refault_anon 0 [ 128.961553][ T5336] workingset_refault_file 0 [ 128.961553][ T5336] workingset_activate_anon 0 [ 128.961553][ T5336] workingset_activate_file 0 [ 128.961553][ T5336] workingset_restore_anon 0 [ 128.961553][ T5336] workingset_restore_file 0 [ 128.961553][ T5336] workingset_nodereclaim 0 [ 128.961553][ T5336] pgscan 831 [ 128.961553][ T5336] pgsteal 2 [ 128.961553][ T5336] pgscan_kswapd 0 [ 128.961553][ T5336] pgscan_direct 831 [ 128.961553][ T5336] pgscan_khugepaged 0 [ 128.961553][ T5336] pgsteal_kswapd 0 [ 128.961553][ T5336] pgsteal_direct 2 [ 128.961553][ T5336] pgsteal_khugepaged 0 [ 128.961553][ T5336] pgfault 21 [ 128.961553][ T5336] pgmajfault 0 [ 128.961553][ T5336] pgrefill 830 [ 128.961553][ T5336] pgactivate 829 [ 128.961553][ T5336] pgdeactivate 830 [ 128.961553][ T5336] pglazyfree 0 [ 128.961553][ T5336] pglazyfreed 0 [ 128.961553][ T5336] zswpin 0 [pid 5354] chdir("./9") = 0 [pid 5354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5354] setpgid(0, 0) = 0 [pid 5354] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 128.961553][ T5336] zswpout 0 [ 128.961553][ T5336] thp_fault_alloc 0 [ 128.961553][ T5336] thp_collapse_alloc 0 [ 129.159955][ T5336] Tasks state (memory values in pages): [ 129.165846][ T5336] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5354] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5354] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5354] write(3, "1000", 4 [pid 5336] <... write resumed>) = 18 [ 129.186520][ T5336] Out of memory and no killable processes... [ 129.199058][ T5338] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 129.221081][ T5338] CPU: 0 PID: 5338 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 129.231071][ T5338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 129.241189][ T5338] Call Trace: [ 129.244519][ T5338] [ 129.247493][ T5338] dump_stack_lvl+0x136/0x150 [ 129.252244][ T5338] dump_header+0x10a/0xd70 [ 129.256725][ T5338] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 129.262888][ T5338] out_of_memory+0xd64/0x1660 [ 129.267653][ T5338] ? oom_killer_disable+0x2b0/0x2b0 [ 129.272938][ T5338] mem_cgroup_out_of_memory+0x206/0x270 [ 129.278562][ T5338] ? mem_cgroup_margin+0x130/0x130 [ 129.283774][ T5338] memory_max_write+0x2f9/0x3c0 [ 129.288708][ T5338] ? mem_cgroup_force_empty_write+0x160/0x160 [ 129.294865][ T5338] ? lock_sync+0x190/0x190 [ 129.299360][ T5338] cgroup_file_write+0x1e2/0x7b0 [ 129.304387][ T5338] ? mem_cgroup_force_empty_write+0x160/0x160 [ 129.310537][ T5338] ? kill_css+0x3b0/0x3b0 [ 129.314942][ T5338] ? lock_acquire+0x32/0xc0 [ 129.319523][ T5338] ? kill_css+0x3b0/0x3b0 [ 129.323933][ T5338] kernfs_fop_write_iter+0x3f1/0x600 [ 129.329318][ T5338] vfs_write+0x9ed/0xe10 [ 129.333652][ T5338] ? kernel_write+0x670/0x670 [ 129.338415][ T5338] ? find_held_lock+0x2d/0x110 [ 129.343262][ T5338] ? __fget_light+0x20a/0x270 [ 129.348028][ T5338] ksys_write+0x12b/0x250 [ 129.352442][ T5338] ? __ia32_sys_read+0xb0/0xb0 [ 129.357289][ T5338] ? lockdep_hardirqs_on+0x7d/0x100 [ 129.362559][ T5338] ? _raw_spin_unlock_irq+0x2e/0x50 [ 129.367833][ T5338] ? ptrace_notify+0xfe/0x140 [ 129.372585][ T5338] do_syscall_64+0x39/0xb0 [ 129.377087][ T5338] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.383070][ T5338] RIP: 0033:0x7faecf034129 [ 129.387543][ T5338] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 129.407220][ T5338] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 129.415716][ T5338] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 129.423744][ T5338] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 129.431774][ T5338] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5354] <... write resumed>) = 4 [ 129.439799][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 129.447826][ T5338] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000c [ 129.455878][ T5338] [ 129.462890][ T5338] memory: usage 8kB, limit 0kB, failcnt 36 [ 129.468771][ T5338] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 129.476012][ T5338] Memory cgroup stats for /syz1: [ 129.476311][ T5338] anon 0 [ 129.476311][ T5338] file 0 [ 129.476311][ T5338] kernel 8192 [pid 5336] close(3 [pid 5354] close(3) = 0 [pid 5354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5354] mkdir("./file0", 000) = 0 [pid 5354] open("./file0", O_RDONLY) = 3 [pid 5354] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5354] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 129.476311][ T5338] kernel_stack 0 [ 129.476311][ T5338] pagetables 0 [ 129.476311][ T5338] sec_pagetables 0 [ 129.476311][ T5338] percpu 0 [ 129.476311][ T5338] sock 0 [ 129.476311][ T5338] vmalloc 0 [ 129.476311][ T5338] shmem 0 [ 129.476311][ T5338] zswap 0 [ 129.476311][ T5338] zswapped 0 [ 129.476311][ T5338] file_mapped 0 [ 129.476311][ T5338] file_dirty 0 [ 129.476311][ T5338] file_writeback 0 [ 129.476311][ T5338] swapcached 0 [ 129.476311][ T5338] anon_thp 0 [ 129.476311][ T5338] file_thp 0 [ 129.476311][ T5338] shmem_thp 0 [pid 5354] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5354] openat(5, "memory.max", O_RDWR) = 6 [pid 5354] write(6, "0x000000000000040e", 18 [pid 5336] <... close resumed>) = 0 [ 129.476311][ T5338] inactive_anon 0 [ 129.476311][ T5338] active_anon 0 [ 129.476311][ T5338] inactive_file 0 [ 129.476311][ T5338] active_file 0 [ 129.476311][ T5338] unevictable 0 [ 129.476311][ T5338] slab_reclaimable 6752 [ 129.476311][ T5338] slab_unreclaimable 0 [ 129.476311][ T5338] slab 6752 [ 129.476311][ T5338] workingset_refault_anon 0 [ 129.476311][ T5338] workingset_refault_file 0 [ 129.476311][ T5338] workingset_activate_anon 0 [ 129.476311][ T5338] workingset_activate_file 0 [ 129.476311][ T5338] workingset_restore_anon 0 [ 129.476311][ T5338] workingset_restore_file 0 [ 129.476311][ T5338] workingset_nodereclaim 0 [ 129.476311][ T5338] pgscan 831 [ 129.476311][ T5338] pgsteal 2 [ 129.476311][ T5338] pgscan_kswapd 0 [ 129.476311][ T5338] pgscan_direct 831 [ 129.476311][ T5338] pgscan_khugepaged 0 [ 129.476311][ T5338] pgsteal_kswapd 0 [ 129.476311][ T5338] pgsteal_direct 2 [ 129.476311][ T5338] pgsteal_khugepaged 0 [ 129.476311][ T5338] pgfault 21 [ 129.476311][ T5338] pgmajfault 0 [ 129.476311][ T5338] pgrefill 830 [ 129.476311][ T5338] pgactivate 829 [pid 5336] close(4) = 0 [pid 5336] close(5) = 0 [pid 5336] close(6) = 0 [pid 5336] close(7) = -1 EBADF (Bad file descriptor) [pid 5336] close(8) = -1 EBADF (Bad file descriptor) [pid 5336] close(9) = -1 EBADF (Bad file descriptor) [pid 5336] close(10) = -1 EBADF (Bad file descriptor) [pid 5336] close(11) = -1 EBADF (Bad file descriptor) [pid 5336] close(12) = -1 EBADF (Bad file descriptor) [pid 5336] close(13) = -1 EBADF (Bad file descriptor) [pid 5336] close(14) = -1 EBADF (Bad file descriptor) [pid 5336] close(15) = -1 EBADF (Bad file descriptor) [pid 5336] close(16) = -1 EBADF (Bad file descriptor) [pid 5336] close(17) = -1 EBADF (Bad file descriptor) [pid 5336] close(18) = -1 EBADF (Bad file descriptor) [pid 5336] close(19) = -1 EBADF (Bad file descriptor) [pid 5336] close(20) = -1 EBADF (Bad file descriptor) [pid 5336] close(21) = -1 EBADF (Bad file descriptor) [pid 5336] close(22) = -1 EBADF (Bad file descriptor) [ 129.476311][ T5338] pgdeactivate 830 [ 129.476311][ T5338] pglazyfree 0 [ 129.476311][ T5338] pglazyfreed 0 [ 129.476311][ T5338] zswpin 0 [ 129.476311][ T5338] zswpout 0 [ 129.476311][ T5338] thp_fault_alloc 0 [ 129.476311][ T5338] thp_collapse_alloc 0 [pid 5336] close(23) = -1 EBADF (Bad file descriptor) [pid 5336] close(24) = -1 EBADF (Bad file descriptor) [pid 5336] close(25) = -1 EBADF (Bad file descriptor) [pid 5336] close(26) = -1 EBADF (Bad file descriptor) [pid 5336] close(27) = -1 EBADF (Bad file descriptor) [pid 5336] close(28) = -1 EBADF (Bad file descriptor) [pid 5336] close(29) = -1 EBADF (Bad file descriptor) [pid 5336] exit_group(0) = ? [pid 5336] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5338] <... write resumed>) = 18 [ 129.699430][ T5338] Tasks state (memory values in pages): [ 129.706014][ T5338] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 129.724750][ T5338] Out of memory and no killable processes... [ 129.732000][ T5344] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 129.751731][ T5344] CPU: 0 PID: 5344 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 129.761728][ T5344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 129.771831][ T5344] Call Trace: [ 129.775154][ T5344] [ 129.778130][ T5344] dump_stack_lvl+0x136/0x150 [ 129.782895][ T5344] dump_header+0x10a/0xd70 [ 129.787375][ T5344] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 129.793521][ T5344] out_of_memory+0xd64/0x1660 [ 129.798251][ T5344] ? oom_killer_disable+0x2b0/0x2b0 [ 129.803495][ T5344] ? find_held_lock+0x2d/0x110 [ 129.808290][ T5344] mem_cgroup_out_of_memory+0x206/0x270 [ 129.813875][ T5344] ? mem_cgroup_margin+0x130/0x130 [ 129.819034][ T5344] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 129.824914][ T5344] memory_max_write+0x2f9/0x3c0 [ 129.829825][ T5344] ? mem_cgroup_force_empty_write+0x160/0x160 [ 129.835952][ T5344] ? lock_sync+0x190/0x190 [ 129.840426][ T5344] cgroup_file_write+0x1e2/0x7b0 [ 129.845436][ T5344] ? mem_cgroup_force_empty_write+0x160/0x160 [ 129.851552][ T5344] ? kill_css+0x3b0/0x3b0 [ 129.855934][ T5344] ? lock_acquire+0x32/0xc0 [ 129.860482][ T5344] ? kill_css+0x3b0/0x3b0 [ 129.864866][ T5344] kernfs_fop_write_iter+0x3f1/0x600 [ 129.870329][ T5344] vfs_write+0x9ed/0xe10 [ 129.874651][ T5344] ? kernel_write+0x670/0x670 [ 129.879390][ T5344] ? find_held_lock+0x2d/0x110 [ 129.884208][ T5344] ? __fget_light+0x20a/0x270 [ 129.888953][ T5344] ksys_write+0x12b/0x250 [ 129.893344][ T5344] ? __ia32_sys_read+0xb0/0xb0 [ 129.898158][ T5344] ? lockdep_hardirqs_on+0x7d/0x100 [ 129.903405][ T5344] ? _raw_spin_unlock_irq+0x2e/0x50 [ 129.908660][ T5344] ? ptrace_notify+0xfe/0x140 [ 129.913400][ T5344] do_syscall_64+0x39/0xb0 [ 129.917896][ T5344] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.923841][ T5344] RIP: 0033:0x7faecf034129 [ 129.928296][ T5344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5338] close(3) = 0 [ 129.947953][ T5344] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 129.956400][ T5344] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 129.964397][ T5344] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 129.972405][ T5344] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 129.980403][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 129.988401][ T5344] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000c [ 129.996429][ T5344] [pid 5338] close(4) = 0 [pid 5338] close(5) = 0 [pid 5338] close(6) = 0 [pid 5338] close(7) = -1 EBADF (Bad file descriptor) [pid 5338] close(8) = -1 EBADF (Bad file descriptor) [pid 5338] close(9) = -1 EBADF (Bad file descriptor) [pid 5338] close(10) = -1 EBADF (Bad file descriptor) [pid 5338] close(11) = -1 EBADF (Bad file descriptor) [pid 5338] close(12) = -1 EBADF (Bad file descriptor) [pid 5338] close(13) = -1 EBADF (Bad file descriptor) [pid 5338] close(14) = -1 EBADF (Bad file descriptor) [pid 5338] close(15) = -1 EBADF (Bad file descriptor) [pid 5338] close(16) = -1 EBADF (Bad file descriptor) [pid 5338] close(17) = -1 EBADF (Bad file descriptor) [pid 5338] close(18) = -1 EBADF (Bad file descriptor) [pid 5338] close(19) = -1 EBADF (Bad file descriptor) [pid 5338] close(20) = -1 EBADF (Bad file descriptor) [pid 5338] close(21) = -1 EBADF (Bad file descriptor) [pid 5338] close(22) = -1 EBADF (Bad file descriptor) [pid 5338] close(23) = -1 EBADF (Bad file descriptor) [pid 5338] close(24) = -1 EBADF (Bad file descriptor) [pid 5338] close(25) = -1 EBADF (Bad file descriptor) [pid 5338] close(26) = -1 EBADF (Bad file descriptor) [pid 5338] close(27) = -1 EBADF (Bad file descriptor) [pid 5338] close(28 [pid 5087] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5338] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5338] close(29) = -1 EBADF (Bad file descriptor) [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5338] exit_group(0 [pid 5087] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5338] <... exit_group resumed>) = ? [pid 5338] +++ exited with 0 +++ [pid 5087] <... openat resumed>) = 3 [pid 5087] fstat(3, [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5090] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5087] getdents64(3, [pid 5090] <... openat resumed>) = 3 [pid 5090] fstat(3, [pid 5087] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] getdents64(3, [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] lstat("./10/binderfs", [pid 5090] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] unlink("./10/binderfs" [pid 5090] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] <... unlink resumed>) = 0 [pid 5090] unlink("./12/binderfs" [pid 5087] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] <... unlink resumed>) = 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] lstat("./10/cgroup", [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] lstat("./12/cgroup", [pid 5087] unlink("./10/cgroup" [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./12/cgroup" [pid 5087] <... unlink resumed>) = 0 [pid 5090] <... unlink resumed>) = 0 [pid 5087] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./10/cgroup.net", [pid 5090] lstat("./12/cgroup.net", [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./10/cgroup.net" [pid 5090] unlink("./12/cgroup.net") = 0 [pid 5087] <... unlink resumed>) = 0 [pid 5090] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] <... umount2 resumed>) = 0 [pid 5090] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... umount2 resumed>) = 0 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] lstat("./12/file0", [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 130.009264][ T5344] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5087] lstat("./10/file0", [pid 5090] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./12/file0") = 0 [pid 5090] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./12/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] unlink("./12/cgroup.cpu" [pid 5087] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5090] <... unlink resumed>) = 0 [pid 5090] getdents64(3, [pid 5087] <... openat resumed>) = 4 [pid 5090] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] fstat(4, [pid 5090] close(3 [pid 5087] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] <... close resumed>) = 0 [pid 5087] getdents64(4, [pid 5090] rmdir("./12") = 0 [pid 5087] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] mkdir("./13", 0777 [pid 5087] getdents64(4, [pid 5090] <... mkdir resumed>) = 0 [pid 5087] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5087] close(4./strace-static-x86_64: Process 5361 attached ) = 0 [pid 5361] chdir("./13" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 15 [pid 5087] rmdir("./10/file0" [pid 5361] <... chdir resumed>) = 0 [pid 5361] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5087] <... rmdir resumed>) = 0 [pid 5361] <... prctl resumed>) = 0 [pid 5087] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5361] setpgid(0, 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5361] <... setpgid resumed>) = 0 [pid 5087] lstat("./10/cgroup.cpu", [pid 5361] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5361] <... symlink resumed>) = 0 [pid 5087] unlink("./10/cgroup.cpu" [pid 5361] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5087] <... unlink resumed>) = 0 [pid 5361] <... symlink resumed>) = 0 [ 130.049762][ T5344] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5087] getdents64(3, [pid 5361] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5361] write(3, "1000", 4) = 4 [pid 5361] close(3) = 0 [pid 5361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5361] mkdir("./file0", 000) = 0 [pid 5361] open("./file0", O_RDONLY) = 3 [pid 5361] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5361] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5361] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5361] openat(5, "memory.max", O_RDWR) = 6 [ 130.091570][ T5344] Memory cgroup stats for /syz1: [ 130.092021][ T5344] anon 0 [ 130.092021][ T5344] file 0 [ 130.092021][ T5344] kernel 8192 [ 130.092021][ T5344] kernel_stack 0 [ 130.092021][ T5344] pagetables 0 [ 130.092021][ T5344] sec_pagetables 0 [ 130.092021][ T5344] percpu 0 [ 130.092021][ T5344] sock 0 [ 130.092021][ T5344] vmalloc 0 [ 130.092021][ T5344] shmem 0 [ 130.092021][ T5344] zswap 0 [ 130.092021][ T5344] zswapped 0 [ 130.092021][ T5344] file_mapped 0 [ 130.092021][ T5344] file_dirty 0 [ 130.092021][ T5344] file_writeback 0 [ 130.092021][ T5344] swapcached 0 [ 130.092021][ T5344] anon_thp 0 [ 130.092021][ T5344] file_thp 0 [ 130.092021][ T5344] shmem_thp 0 [ 130.092021][ T5344] inactive_anon 0 [ 130.092021][ T5344] active_anon 0 [ 130.092021][ T5344] inactive_file 0 [ 130.092021][ T5344] active_file 0 [ 130.092021][ T5344] unevictable 0 [ 130.092021][ T5344] slab_reclaimable 6752 [ 130.092021][ T5344] slab_unreclaimable 0 [ 130.092021][ T5344] slab 6752 [ 130.092021][ T5344] workingset_refault_anon 0 [ 130.092021][ T5344] workingset_refault_file 0 [ 130.092021][ T5344] workingset_activate_anon 0 [ 130.092021][ T5344] workingset_activate_file 0 [ 130.092021][ T5344] workingset_restore_anon 0 [ 130.092021][ T5344] workingset_restore_file 0 [ 130.092021][ T5344] workingset_nodereclaim 0 [ 130.092021][ T5344] pgscan 831 [ 130.092021][ T5344] pgsteal 2 [ 130.092021][ T5344] pgscan_kswapd 0 [ 130.092021][ T5344] pgscan_direct 831 [ 130.092021][ T5344] pgscan_khugepaged 0 [ 130.092021][ T5344] pgsteal_kswapd 0 [ 130.092021][ T5344] pgsteal_direct 2 [ 130.092021][ T5344] pgsteal_khugepaged 0 [pid 5361] write(6, "0x000000000000040e", 18 [pid 5087] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./10") = 0 [pid 5087] mkdir("./11", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5362 attached [ 130.092021][ T5344] pgfault 21 [ 130.092021][ T5344] pgmajfault 0 [ 130.092021][ T5344] pgrefill 830 [ 130.092021][ T5344] pgactivate 829 [ 130.092021][ T5344] pgdeactivate 830 [ 130.092021][ T5344] pglazyfree 0 [ 130.092021][ T5344] pglazyfreed 0 [ 130.092021][ T5344] zswpin 0 [ 130.092021][ T5344] zswpout 0 [ 130.092021][ T5344] thp_fault_alloc 0 [ 130.092021][ T5344] thp_collapse_alloc 0 , child_tidptr=0x555555c0c5d0) = 13 [pid 5362] chdir("./11") = 0 [pid 5362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 130.305721][ T5344] Tasks state (memory values in pages): [ 130.311360][ T5344] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 130.332510][ T5344] Out of memory and no killable processes... [ 130.338761][ T5349] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5362] setpgid(0, 0 [pid 5344] <... write resumed>) = 18 [ 130.358357][ T5349] CPU: 1 PID: 5349 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 130.368336][ T5349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 130.378452][ T5349] Call Trace: [ 130.381778][ T5349] [ 130.384752][ T5349] dump_stack_lvl+0x136/0x150 [ 130.389498][ T5349] dump_header+0x10a/0xd70 [ 130.393984][ T5349] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 130.400142][ T5349] out_of_memory+0xd64/0x1660 [pid 5362] <... setpgid resumed>) = 0 [pid 5362] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5362] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5362] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5362] write(3, "1000", 4) = 4 [pid 5362] close(3) = 0 [pid 5362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5362] mkdir("./file0", 000) = 0 [pid 5362] open("./file0", O_RDONLY) = 3 [pid 5362] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5362] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5362] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5362] openat(5, "memory.max", O_RDWR) = 6 [ 130.404950][ T5349] ? oom_killer_disable+0x2b0/0x2b0 [ 130.410226][ T5349] ? find_held_lock+0x2d/0x110 [ 130.415064][ T5349] mem_cgroup_out_of_memory+0x206/0x270 [ 130.420697][ T5349] ? mem_cgroup_margin+0x130/0x130 [ 130.425895][ T5349] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 130.431818][ T5349] memory_max_write+0x2f9/0x3c0 [ 130.436754][ T5349] ? mem_cgroup_force_empty_write+0x160/0x160 [ 130.442915][ T5349] ? lock_sync+0x190/0x190 [ 130.447416][ T5349] cgroup_file_write+0x1e2/0x7b0 [ 130.452445][ T5349] ? mem_cgroup_force_empty_write+0x160/0x160 [ 130.458605][ T5349] ? kill_css+0x3b0/0x3b0 [ 130.463021][ T5349] ? lock_acquire+0x32/0xc0 [ 130.467611][ T5349] ? kill_css+0x3b0/0x3b0 [ 130.472011][ T5349] kernfs_fop_write_iter+0x3f1/0x600 [ 130.477384][ T5349] vfs_write+0x9ed/0xe10 [ 130.481717][ T5349] ? kernel_write+0x670/0x670 [ 130.486470][ T5349] ? find_held_lock+0x2d/0x110 [ 130.491322][ T5349] ? __fget_light+0x20a/0x270 [ 130.496084][ T5349] ksys_write+0x12b/0x250 [ 130.500489][ T5349] ? __ia32_sys_read+0xb0/0xb0 [pid 5362] write(6, "0x000000000000040e", 18 [pid 5344] close(3) = 0 [pid 5344] close(4) = 0 [pid 5344] close(5) = 0 [pid 5344] close(6) = 0 [pid 5344] close(7) = -1 EBADF (Bad file descriptor) [pid 5344] close(8) = -1 EBADF (Bad file descriptor) [pid 5344] close(9) = -1 EBADF (Bad file descriptor) [pid 5344] close(10) = -1 EBADF (Bad file descriptor) [pid 5344] close(11) = -1 EBADF (Bad file descriptor) [pid 5344] close(12) = -1 EBADF (Bad file descriptor) [pid 5344] close(13) = -1 EBADF (Bad file descriptor) [pid 5344] close(14) = -1 EBADF (Bad file descriptor) [pid 5344] close(15) = -1 EBADF (Bad file descriptor) [pid 5344] close(16) = -1 EBADF (Bad file descriptor) [pid 5344] close(17) = -1 EBADF (Bad file descriptor) [pid 5344] close(18) = -1 EBADF (Bad file descriptor) [ 130.505330][ T5349] ? lockdep_hardirqs_on+0x7d/0x100 [ 130.510595][ T5349] ? _raw_spin_unlock_irq+0x2e/0x50 [ 130.515878][ T5349] ? ptrace_notify+0xfe/0x140 [ 130.520632][ T5349] do_syscall_64+0x39/0xb0 [ 130.525137][ T5349] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.531108][ T5349] RIP: 0033:0x7faecf034129 [ 130.535578][ T5349] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5344] close(19) = -1 EBADF (Bad file descriptor) [pid 5344] close(20) = -1 EBADF (Bad file descriptor) [pid 5344] close(21) = -1 EBADF (Bad file descriptor) [pid 5344] close(22) = -1 EBADF (Bad file descriptor) [pid 5344] close(23) = -1 EBADF (Bad file descriptor) [pid 5344] close(24) = -1 EBADF (Bad file descriptor) [pid 5344] close(25) = -1 EBADF (Bad file descriptor) [pid 5344] close(26) = -1 EBADF (Bad file descriptor) [pid 5344] close(27) = -1 EBADF (Bad file descriptor) [pid 5344] close(28) = -1 EBADF (Bad file descriptor) [pid 5344] close(29) = -1 EBADF (Bad file descriptor) [pid 5344] exit_group(0) = ? [pid 5344] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./12/binderfs") = 0 [pid 5089] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./12/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 130.555261][ T5349] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 130.563748][ T5349] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 130.571782][ T5349] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 130.579821][ T5349] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 130.587857][ T5349] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 130.595893][ T5349] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000009 [ 130.603959][ T5349] [pid 5089] unlink("./12/cgroup") = 0 [pid 5089] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./12/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./12/cgroup.net") = 0 [pid 5089] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./12/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./12/file0") = 0 [pid 5089] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./12/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./12/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 130.679063][ T5349] memory: usage 8kB, limit 0kB, failcnt 36 [ 130.685216][ T5349] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 130.692437][ T5349] Memory cgroup stats for /syz1: [ 130.692727][ T5349] anon 0 [ 130.692727][ T5349] file 0 [ 130.692727][ T5349] kernel 8192 [ 130.692727][ T5349] kernel_stack 0 [ 130.692727][ T5349] pagetables 0 [ 130.692727][ T5349] sec_pagetables 0 [ 130.692727][ T5349] percpu 0 [ 130.692727][ T5349] sock 0 [ 130.692727][ T5349] vmalloc 0 [ 130.692727][ T5349] shmem 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./12") = 0 [pid 5089] mkdir("./13", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5367 attached [pid 5367] chdir("./13" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 15 [pid 5367] <... chdir resumed>) = 0 [pid 5367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5367] setpgid(0, 0) = 0 [pid 5367] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5367] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 130.692727][ T5349] zswap 0 [ 130.692727][ T5349] zswapped 0 [ 130.692727][ T5349] file_mapped 0 [ 130.692727][ T5349] file_dirty 0 [ 130.692727][ T5349] file_writeback 0 [ 130.692727][ T5349] swapcached 0 [ 130.692727][ T5349] anon_thp 0 [ 130.692727][ T5349] file_thp 0 [ 130.692727][ T5349] shmem_thp 0 [ 130.692727][ T5349] inactive_anon 0 [ 130.692727][ T5349] active_anon 0 [ 130.692727][ T5349] inactive_file 0 [ 130.692727][ T5349] active_file 0 [ 130.692727][ T5349] unevictable 0 [ 130.692727][ T5349] slab_reclaimable 6752 [pid 5367] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5367] write(3, "1000", 4) = 4 [pid 5367] close(3) = 0 [pid 5367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5367] mkdir("./file0", 000) = 0 [pid 5367] open("./file0", O_RDONLY) = 3 [pid 5367] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5367] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5367] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5367] openat(5, "memory.max", O_RDWR) = 6 [ 130.692727][ T5349] slab_unreclaimable 0 [ 130.692727][ T5349] slab 6752 [ 130.692727][ T5349] workingset_refault_anon 0 [ 130.692727][ T5349] workingset_refault_file 0 [ 130.692727][ T5349] workingset_activate_anon 0 [ 130.692727][ T5349] workingset_activate_file 0 [ 130.692727][ T5349] workingset_restore_anon 0 [ 130.692727][ T5349] workingset_restore_file 0 [ 130.692727][ T5349] workingset_nodereclaim 0 [ 130.692727][ T5349] pgscan 831 [ 130.692727][ T5349] pgsteal 2 [ 130.692727][ T5349] pgscan_kswapd 0 [ 130.692727][ T5349] pgscan_direct 831 [ 130.692727][ T5349] pgscan_khugepaged 0 [ 130.692727][ T5349] pgsteal_kswapd 0 [ 130.692727][ T5349] pgsteal_direct 2 [ 130.692727][ T5349] pgsteal_khugepaged 0 [ 130.692727][ T5349] pgfault 21 [ 130.692727][ T5349] pgmajfault 0 [ 130.692727][ T5349] pgrefill 830 [ 130.692727][ T5349] pgactivate 829 [ 130.692727][ T5349] pgdeactivate 830 [ 130.692727][ T5349] pglazyfree 0 [ 130.692727][ T5349] pglazyfreed 0 [ 130.692727][ T5349] zswpin 0 [ 130.692727][ T5349] zswpout 0 [ 130.692727][ T5349] thp_fault_alloc 0 [ 130.692727][ T5349] thp_collapse_alloc 0 [pid 5367] write(6, "0x000000000000040e", 18 [pid 5349] <... write resumed>) = 18 [pid 5349] close(3) = 0 [pid 5349] close(4) = 0 [pid 5349] close(5) = 0 [pid 5349] close(6) = 0 [pid 5349] close(7) = -1 EBADF (Bad file descriptor) [pid 5349] close(8) = -1 EBADF (Bad file descriptor) [pid 5349] close(9) = -1 EBADF (Bad file descriptor) [pid 5349] close(10) = -1 EBADF (Bad file descriptor) [pid 5349] close(11) = -1 EBADF (Bad file descriptor) [pid 5349] close(12) = -1 EBADF (Bad file descriptor) [pid 5349] close(13) = -1 EBADF (Bad file descriptor) [pid 5349] close(14) = -1 EBADF (Bad file descriptor) [pid 5349] close(15) = -1 EBADF (Bad file descriptor) [ 130.934297][ T5349] Tasks state (memory values in pages): [ 130.940308][ T5349] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 130.952452][ T5349] Out of memory and no killable processes... [ 130.961051][ T5354] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5349] close(16) = -1 EBADF (Bad file descriptor) [pid 5349] close(17) = -1 EBADF (Bad file descriptor) [pid 5349] close(18) = -1 EBADF (Bad file descriptor) [pid 5349] close(19) = -1 EBADF (Bad file descriptor) [pid 5349] close(20) = -1 EBADF (Bad file descriptor) [pid 5349] close(21) = -1 EBADF (Bad file descriptor) [pid 5349] close(22) = -1 EBADF (Bad file descriptor) [pid 5349] close(23) = -1 EBADF (Bad file descriptor) [pid 5349] close(24) = -1 EBADF (Bad file descriptor) [pid 5349] close(25) = -1 EBADF (Bad file descriptor) [pid 5349] close(26) = -1 EBADF (Bad file descriptor) [pid 5349] close(27) = -1 EBADF (Bad file descriptor) [pid 5349] close(28) = -1 EBADF (Bad file descriptor) [pid 5349] close(29) = -1 EBADF (Bad file descriptor) [pid 5349] exit_group(0) = ? [pid 5349] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 131.001887][ T5354] CPU: 1 PID: 5354 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 131.011881][ T5354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 131.021992][ T5354] Call Trace: [ 131.025316][ T5354] [ 131.028301][ T5354] dump_stack_lvl+0x136/0x150 [ 131.033053][ T5354] dump_header+0x10a/0xd70 [ 131.037546][ T5354] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 131.043706][ T5354] out_of_memory+0xd64/0x1660 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./9/binderfs") = 0 [pid 5086] umount2("./9/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./9/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./9/cgroup") = 0 [pid 5086] umount2("./9/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./9/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./9/cgroup.net") = 0 [ 131.048467][ T5354] ? oom_killer_disable+0x2b0/0x2b0 [ 131.053761][ T5354] mem_cgroup_out_of_memory+0x206/0x270 [ 131.059387][ T5354] ? mem_cgroup_margin+0x130/0x130 [ 131.064608][ T5354] memory_max_write+0x2f9/0x3c0 [ 131.069560][ T5354] ? mem_cgroup_force_empty_write+0x160/0x160 [ 131.075713][ T5354] ? lock_sync+0x190/0x190 [ 131.080208][ T5354] cgroup_file_write+0x1e2/0x7b0 [ 131.085234][ T5354] ? mem_cgroup_force_empty_write+0x160/0x160 [ 131.091398][ T5354] ? kill_css+0x3b0/0x3b0 [ 131.095807][ T5354] ? lock_acquire+0x32/0xc0 [ 131.100394][ T5354] ? kill_css+0x3b0/0x3b0 [ 131.104794][ T5354] kernfs_fop_write_iter+0x3f1/0x600 [ 131.110154][ T5354] vfs_write+0x9ed/0xe10 [ 131.114477][ T5354] ? kernel_write+0x670/0x670 [ 131.119241][ T5354] ? find_held_lock+0x2d/0x110 [ 131.124085][ T5354] ? __fget_light+0x20a/0x270 [ 131.128848][ T5354] ksys_write+0x12b/0x250 [ 131.133259][ T5354] ? __ia32_sys_read+0xb0/0xb0 [ 131.138110][ T5354] ? lockdep_hardirqs_on+0x7d/0x100 [ 131.143379][ T5354] ? _raw_spin_unlock_irq+0x2e/0x50 [ 131.148648][ T5354] ? ptrace_notify+0xfe/0x140 [ 131.153402][ T5354] do_syscall_64+0x39/0xb0 [ 131.157905][ T5354] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 131.163886][ T5354] RIP: 0033:0x7faecf034129 [ 131.168356][ T5354] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 131.188028][ T5354] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 131.196512][ T5354] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 131.204545][ T5354] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 131.212571][ T5354] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 131.220599][ T5354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 131.228633][ T5354] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000009 [ 131.236690][ T5354] [pid 5086] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./9/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [ 131.250010][ T5354] memory: usage 8kB, limit 0kB, failcnt 36 [ 131.256084][ T5354] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 131.263673][ T5354] Memory cgroup stats for /syz1: [ 131.263955][ T5354] anon 0 [ 131.263955][ T5354] file 0 [ 131.263955][ T5354] kernel 8192 [ 131.263955][ T5354] kernel_stack 0 [ 131.263955][ T5354] pagetables 0 [ 131.263955][ T5354] sec_pagetables 0 [ 131.263955][ T5354] percpu 0 [ 131.263955][ T5354] sock 0 [ 131.263955][ T5354] vmalloc 0 [ 131.263955][ T5354] shmem 0 [ 131.263955][ T5354] zswap 0 [ 131.263955][ T5354] zswapped 0 [ 131.263955][ T5354] file_mapped 0 [ 131.263955][ T5354] file_dirty 0 [ 131.263955][ T5354] file_writeback 0 [ 131.263955][ T5354] swapcached 0 [ 131.263955][ T5354] anon_thp 0 [ 131.263955][ T5354] file_thp 0 [ 131.263955][ T5354] shmem_thp 0 [ 131.263955][ T5354] inactive_anon 0 [ 131.263955][ T5354] active_anon 0 [ 131.263955][ T5354] inactive_file 0 [ 131.263955][ T5354] active_file 0 [ 131.263955][ T5354] unevictable 0 [ 131.263955][ T5354] slab_reclaimable 6752 [ 131.263955][ T5354] slab_unreclaimable 0 [ 131.263955][ T5354] slab 6752 [ 131.263955][ T5354] workingset_refault_anon 0 [ 131.263955][ T5354] workingset_refault_file 0 [ 131.263955][ T5354] workingset_activate_anon 0 [ 131.263955][ T5354] workingset_activate_file 0 [ 131.263955][ T5354] workingset_restore_anon 0 [ 131.263955][ T5354] workingset_restore_file 0 [ 131.263955][ T5354] workingset_nodereclaim 0 [ 131.263955][ T5354] pgscan 831 [ 131.263955][ T5354] pgsteal 2 [ 131.263955][ T5354] pgscan_kswapd 0 [ 131.263955][ T5354] pgscan_direct 831 [ 131.263955][ T5354] pgscan_khugepaged 0 [pid 5086] rmdir("./9/file0") = 0 [ 131.263955][ T5354] pgsteal_kswapd 0 [ 131.263955][ T5354] pgsteal_direct 2 [ 131.263955][ T5354] pgsteal_khugepaged 0 [ 131.263955][ T5354] pgfault 21 [ 131.263955][ T5354] pgmajfault 0 [ 131.263955][ T5354] pgrefill 830 [ 131.263955][ T5354] pgactivate 829 [ 131.263955][ T5354] pgdeactivate 830 [ 131.263955][ T5354] pglazyfree 0 [ 131.263955][ T5354] pglazyfreed 0 [ 131.263955][ T5354] zswpin 0 [ 131.263955][ T5354] zswpout 0 [ 131.263955][ T5354] thp_fault_alloc 0 [ 131.263955][ T5354] thp_collapse_alloc 0 [pid 5086] umount2("./9/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./9/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./9/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5354] <... write resumed>) = 18 [pid 5354] close(3) = 0 [pid 5354] close(4) = 0 [pid 5354] close(5) = 0 [pid 5354] close(6) = 0 [pid 5354] close(7) = -1 EBADF (Bad file descriptor) [pid 5354] close(8) = -1 EBADF (Bad file descriptor) [pid 5354] close(9) = -1 EBADF (Bad file descriptor) [pid 5354] close(10) = -1 EBADF (Bad file descriptor) [pid 5354] close(11) = -1 EBADF (Bad file descriptor) [pid 5354] close(12) = -1 EBADF (Bad file descriptor) [pid 5354] close(13) = -1 EBADF (Bad file descriptor) [pid 5354] close(14) = -1 EBADF (Bad file descriptor) [pid 5354] close(15) = -1 EBADF (Bad file descriptor) [pid 5354] close(16) = -1 EBADF (Bad file descriptor) [pid 5354] close(17) = -1 EBADF (Bad file descriptor) [pid 5354] close(18) = -1 EBADF (Bad file descriptor) [pid 5354] close(19) = -1 EBADF (Bad file descriptor) [pid 5354] close(20) = -1 EBADF (Bad file descriptor) [pid 5354] close(21) = -1 EBADF (Bad file descriptor) [pid 5354] close(22) = -1 EBADF (Bad file descriptor) [pid 5354] close(23) = -1 EBADF (Bad file descriptor) [pid 5354] close(24) = -1 EBADF (Bad file descriptor) [pid 5354] close(25) = -1 EBADF (Bad file descriptor) [pid 5354] close(26) = -1 EBADF (Bad file descriptor) [pid 5354] close(27) = -1 EBADF (Bad file descriptor) [pid 5354] close(28) = -1 EBADF (Bad file descriptor) [pid 5354] close(29) = -1 EBADF (Bad file descriptor) [pid 5354] exit_group(0) = ? [pid 5354] +++ exited with 0 +++ [pid 5086] rmdir("./9") = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] mkdir("./10", 0777 [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5086] <... mkdir resumed>) = 0 [pid 5085] <... restart_syscall resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./9/binderfs") = 0 [ 131.463731][ T5354] Tasks state (memory values in pages): [ 131.469356][ T5354] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 131.479437][ T5354] Out of memory and no killable processes... [ 131.485963][ T5361] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 131.526136][ T5361] CPU: 0 PID: 5361 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 131.536130][ T5361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 131.546239][ T5361] Call Trace: [ 131.549563][ T5361] [ 131.552538][ T5361] dump_stack_lvl+0x136/0x150 [ 131.557296][ T5361] dump_header+0x10a/0xd70 [ 131.561774][ T5361] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 131.567942][ T5361] out_of_memory+0xd64/0x1660 [pid 5085] umount2("./9/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5371 attached [pid 5371] chdir("./10") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5371] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5371] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] mkdir("./file0", 000) = 0 [pid 5371] open("./file0", O_RDONLY) = 3 [pid 5371] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5371] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5371] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5371] openat(5, "memory.max", O_RDWR) = 6 [pid 5371] write(6, "0x000000000000040e", 18 [pid 5085] lstat("./9/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./9/cgroup") = 0 [pid 5085] umount2("./9/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./9/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./9/cgroup.net") = 0 [pid 5085] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 12 [ 131.572709][ T5361] ? oom_killer_disable+0x2b0/0x2b0 [ 131.577985][ T5361] ? find_held_lock+0x2d/0x110 [ 131.582818][ T5361] mem_cgroup_out_of_memory+0x206/0x270 [ 131.588444][ T5361] ? mem_cgroup_margin+0x130/0x130 [ 131.593649][ T5361] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 131.599550][ T5361] memory_max_write+0x2f9/0x3c0 [ 131.604486][ T5361] ? mem_cgroup_force_empty_write+0x160/0x160 [ 131.610644][ T5361] ? lock_sync+0x190/0x190 [ 131.615140][ T5361] cgroup_file_write+0x1e2/0x7b0 [ 131.620170][ T5361] ? mem_cgroup_force_empty_write+0x160/0x160 [ 131.626320][ T5361] ? kill_css+0x3b0/0x3b0 [ 131.630746][ T5361] ? lock_acquire+0x32/0xc0 [ 131.635330][ T5361] ? kill_css+0x3b0/0x3b0 [ 131.639733][ T5361] kernfs_fop_write_iter+0x3f1/0x600 [ 131.645151][ T5361] vfs_write+0x9ed/0xe10 [ 131.649482][ T5361] ? kernel_write+0x670/0x670 [ 131.654245][ T5361] ? find_held_lock+0x2d/0x110 [ 131.659120][ T5361] ? __fget_light+0x20a/0x270 [ 131.663875][ T5361] ksys_write+0x12b/0x250 [ 131.668289][ T5361] ? __ia32_sys_read+0xb0/0xb0 [ 131.673147][ T5361] ? lockdep_hardirqs_on+0x7d/0x100 [ 131.678501][ T5361] ? _raw_spin_unlock_irq+0x2e/0x50 [ 131.683770][ T5361] ? ptrace_notify+0xfe/0x140 [ 131.688517][ T5361] do_syscall_64+0x39/0xb0 [ 131.693022][ T5361] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 131.698990][ T5361] RIP: 0033:0x7faecf034129 [ 131.703457][ T5361] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./9/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 131.723125][ T5361] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 131.731607][ T5361] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 131.739633][ T5361] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 131.747751][ T5361] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 131.755776][ T5361] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 131.763800][ T5361] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000d [ 131.771859][ T5361] [pid 5085] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./9/file0") = 0 [pid 5085] umount2("./9/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./9/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./9/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./9") = 0 [pid 5085] mkdir("./10", 0777) = 0 [ 131.789024][ T5361] memory: usage 8kB, limit 0kB, failcnt 36 [ 131.797799][ T5361] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 131.813010][ T5361] Memory cgroup stats for /syz1: [ 131.813306][ T5361] anon 0 [ 131.813306][ T5361] file 0 [ 131.813306][ T5361] kernel 8192 [ 131.813306][ T5361] kernel_stack 0 [ 131.813306][ T5361] pagetables 0 [ 131.813306][ T5361] sec_pagetables 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 12 [ 131.813306][ T5361] percpu 0 [ 131.813306][ T5361] sock 0 [ 131.813306][ T5361] vmalloc 0 [ 131.813306][ T5361] shmem 0 [ 131.813306][ T5361] zswap 0 [ 131.813306][ T5361] zswapped 0 [ 131.813306][ T5361] file_mapped 0 [ 131.813306][ T5361] file_dirty 0 [ 131.813306][ T5361] file_writeback 0 [ 131.813306][ T5361] swapcached 0 [ 131.813306][ T5361] anon_thp 0 [ 131.813306][ T5361] file_thp 0 [ 131.813306][ T5361] shmem_thp 0 [ 131.813306][ T5361] inactive_anon 0 [ 131.813306][ T5361] active_anon 0 [ 131.813306][ T5361] inactive_file 0 ./strace-static-x86_64: Process 5375 attached [pid 5375] chdir("./10") = 0 [pid 5375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5375] setpgid(0, 0) = 0 [ 131.813306][ T5361] active_file 0 [ 131.813306][ T5361] unevictable 0 [ 131.813306][ T5361] slab_reclaimable 6752 [ 131.813306][ T5361] slab_unreclaimable 0 [ 131.813306][ T5361] slab 6752 [ 131.813306][ T5361] workingset_refault_anon 0 [ 131.813306][ T5361] workingset_refault_file 0 [ 131.813306][ T5361] workingset_activate_anon 0 [ 131.813306][ T5361] workingset_activate_file 0 [ 131.813306][ T5361] workingset_restore_anon 0 [ 131.813306][ T5361] workingset_restore_file 0 [ 131.813306][ T5361] workingset_nodereclaim 0 [ 131.813306][ T5361] pgscan 831 [ 131.813306][ T5361] pgsteal 2 [ 131.813306][ T5361] pgscan_kswapd 0 [ 131.813306][ T5361] pgscan_direct 831 [ 131.813306][ T5361] pgscan_khugepaged 0 [ 131.813306][ T5361] pgsteal_kswapd 0 [ 131.813306][ T5361] pgsteal_direct 2 [ 131.813306][ T5361] pgsteal_khugepaged 0 [ 131.813306][ T5361] pgfault 21 [ 131.813306][ T5361] pgmajfault 0 [ 131.813306][ T5361] pgrefill 830 [ 131.813306][ T5361] pgactivate 829 [ 131.813306][ T5361] pgdeactivate 830 [ 131.813306][ T5361] pglazyfree 0 [ 131.813306][ T5361] pglazyfreed 0 [ 131.813306][ T5361] zswpin 0 [pid 5375] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5375] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5375] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5375] write(3, "1000", 4) = 4 [pid 5375] close(3) = 0 [pid 5375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5375] mkdir("./file0", 000) = 0 [pid 5375] open("./file0", O_RDONLY) = 3 [pid 5375] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5375] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5375] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5375] openat(5, "memory.max", O_RDWR) = 6 [ 131.813306][ T5361] zswpout 0 [ 131.813306][ T5361] thp_fault_alloc 0 [ 131.813306][ T5361] thp_collapse_alloc 0 [ 132.066155][ T5361] Tasks state (memory values in pages): [ 132.079292][ T5361] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 132.099848][ T5361] Out of memory and no killable processes... [ 132.109708][ T5362] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 132.129233][ T5362] CPU: 1 PID: 5362 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 132.139234][ T5362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 132.149317][ T5362] Call Trace: [ 132.152618][ T5362] [ 132.155568][ T5362] dump_stack_lvl+0x136/0x150 [ 132.160281][ T5362] dump_header+0x10a/0xd70 [ 132.164729][ T5362] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 132.170858][ T5362] out_of_memory+0xd64/0x1660 [ 132.175580][ T5362] ? oom_killer_disable+0x2b0/0x2b0 [ 132.180828][ T5362] mem_cgroup_out_of_memory+0x206/0x270 [ 132.186416][ T5362] ? mem_cgroup_margin+0x130/0x130 [ 132.191591][ T5362] memory_max_write+0x2f9/0x3c0 [ 132.196499][ T5362] ? mem_cgroup_force_empty_write+0x160/0x160 [ 132.202623][ T5362] ? lock_sync+0x190/0x190 [ 132.207084][ T5362] cgroup_file_write+0x1e2/0x7b0 [ 132.212070][ T5362] ? mem_cgroup_force_empty_write+0x160/0x160 [ 132.218190][ T5362] ? kill_css+0x3b0/0x3b0 [ 132.222564][ T5362] ? lock_acquire+0x32/0xc0 [ 132.227118][ T5362] ? kill_css+0x3b0/0x3b0 [ 132.231494][ T5362] kernfs_fop_write_iter+0x3f1/0x600 [ 132.236832][ T5362] vfs_write+0x9ed/0xe10 [ 132.241131][ T5362] ? kernel_write+0x670/0x670 [ 132.245858][ T5362] ? find_held_lock+0x2d/0x110 [ 132.250663][ T5362] ? __fget_light+0x20a/0x270 [ 132.255390][ T5362] ksys_write+0x12b/0x250 [ 132.259772][ T5362] ? __ia32_sys_read+0xb0/0xb0 [ 132.264583][ T5362] ? lockdep_hardirqs_on+0x7d/0x100 [ 132.269817][ T5362] ? _raw_spin_unlock_irq+0x2e/0x50 [ 132.275059][ T5362] ? ptrace_notify+0xfe/0x140 [ 132.279789][ T5362] do_syscall_64+0x39/0xb0 [ 132.284255][ T5362] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 132.290187][ T5362] RIP: 0033:0x7faecf034129 [ 132.294634][ T5362] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5375] write(6, "0x000000000000040e", 18 [pid 5361] <... write resumed>) = 18 [pid 5361] close(3) = 0 [pid 5361] close(4) = 0 [pid 5361] close(5) = 0 [pid 5361] close(6) = 0 [pid 5361] close(7) = -1 EBADF (Bad file descriptor) [pid 5361] close(8) = -1 EBADF (Bad file descriptor) [pid 5361] close(9) = -1 EBADF (Bad file descriptor) [pid 5361] close(10) = -1 EBADF (Bad file descriptor) [pid 5361] close(11) = -1 EBADF (Bad file descriptor) [pid 5361] close(12) = -1 EBADF (Bad file descriptor) [pid 5361] close(13) = -1 EBADF (Bad file descriptor) [pid 5361] close(14) = -1 EBADF (Bad file descriptor) [pid 5361] close(15) = -1 EBADF (Bad file descriptor) [pid 5361] close(16) = -1 EBADF (Bad file descriptor) [pid 5361] close(17) = -1 EBADF (Bad file descriptor) [pid 5361] close(18) = -1 EBADF (Bad file descriptor) [pid 5361] close(19) = -1 EBADF (Bad file descriptor) [pid 5361] close(20) = -1 EBADF (Bad file descriptor) [pid 5361] close(21) = -1 EBADF (Bad file descriptor) [pid 5361] close(22) = -1 EBADF (Bad file descriptor) [pid 5361] close(23) = -1 EBADF (Bad file descriptor) [pid 5361] close(24) = -1 EBADF (Bad file descriptor) [pid 5361] close(25) = -1 EBADF (Bad file descriptor) [pid 5361] close(26) = -1 EBADF (Bad file descriptor) [pid 5361] close(27) = -1 EBADF (Bad file descriptor) [pid 5361] close(28) = -1 EBADF (Bad file descriptor) [pid 5361] close(29) = -1 EBADF (Bad file descriptor) [pid 5361] exit_group(0) = ? [pid 5361] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5090] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./13/binderfs") = 0 [pid 5090] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./13/cgroup") = 0 [pid 5090] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 132.314270][ T5362] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 132.322714][ T5362] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 132.330715][ T5362] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 132.338714][ T5362] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 132.346705][ T5362] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 132.354971][ T5362] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000b [ 132.362992][ T5362] [pid 5090] unlink("./13/cgroup.net") = 0 [pid 5090] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./13/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./13/file0") = 0 [pid 5090] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./13/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./13") = 0 [pid 5090] mkdir("./14", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5381 attached [pid 5381] chdir("./14" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 16 [pid 5381] <... chdir resumed>) = 0 [pid 5381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5381] setpgid(0, 0) = 0 [pid 5381] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5381] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5381] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5381] write(3, "1000", 4) = 4 [pid 5381] close(3) = 0 [pid 5381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5381] mkdir("./file0", 000) = 0 [pid 5381] open("./file0", O_RDONLY) = 3 [pid 5381] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5381] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5381] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5381] openat(5, "memory.max", O_RDWR) = 6 [ 132.509056][ T5362] memory: usage 8kB, limit 0kB, failcnt 36 [ 132.518956][ T5362] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 132.539141][ T5362] Memory cgroup stats for /syz1: [ 132.539428][ T5362] anon 0 [ 132.539428][ T5362] file 0 [ 132.539428][ T5362] kernel 8192 [ 132.539428][ T5362] kernel_stack 0 [ 132.539428][ T5362] pagetables 0 [ 132.539428][ T5362] sec_pagetables 0 [ 132.539428][ T5362] percpu 0 [ 132.539428][ T5362] sock 0 [ 132.539428][ T5362] vmalloc 0 [ 132.539428][ T5362] shmem 0 [ 132.539428][ T5362] zswap 0 [ 132.539428][ T5362] zswapped 0 [ 132.539428][ T5362] file_mapped 0 [ 132.539428][ T5362] file_dirty 0 [ 132.539428][ T5362] file_writeback 0 [ 132.539428][ T5362] swapcached 0 [ 132.539428][ T5362] anon_thp 0 [ 132.539428][ T5362] file_thp 0 [ 132.539428][ T5362] shmem_thp 0 [ 132.539428][ T5362] inactive_anon 0 [ 132.539428][ T5362] active_anon 0 [ 132.539428][ T5362] inactive_file 0 [ 132.539428][ T5362] active_file 0 [ 132.539428][ T5362] unevictable 0 [ 132.539428][ T5362] slab_reclaimable 6752 [ 132.539428][ T5362] slab_unreclaimable 0 [ 132.539428][ T5362] slab 6752 [ 132.539428][ T5362] workingset_refault_anon 0 [ 132.539428][ T5362] workingset_refault_file 0 [ 132.539428][ T5362] workingset_activate_anon 0 [ 132.539428][ T5362] workingset_activate_file 0 [ 132.539428][ T5362] workingset_restore_anon 0 [ 132.539428][ T5362] workingset_restore_file 0 [ 132.539428][ T5362] workingset_nodereclaim 0 [ 132.539428][ T5362] pgscan 831 [ 132.539428][ T5362] pgsteal 2 [ 132.539428][ T5362] pgscan_kswapd 0 [ 132.539428][ T5362] pgscan_direct 831 [ 132.539428][ T5362] pgscan_khugepaged 0 [ 132.539428][ T5362] pgsteal_kswapd 0 [ 132.539428][ T5362] pgsteal_direct 2 [ 132.539428][ T5362] pgsteal_khugepaged 0 [ 132.539428][ T5362] pgfault 21 [ 132.539428][ T5362] pgmajfault 0 [ 132.539428][ T5362] pgrefill 830 [ 132.539428][ T5362] pgactivate 829 [ 132.539428][ T5362] pgdeactivate 830 [ 132.539428][ T5362] pglazyfree 0 [ 132.539428][ T5362] pglazyfreed 0 [ 132.539428][ T5362] zswpin 0 [ 132.539428][ T5362] zswpout 0 [ 132.539428][ T5362] thp_fault_alloc 0 [ 132.539428][ T5362] thp_collapse_alloc 0 [ 132.759304][ T5362] Tasks state (memory values in pages): [ 132.766647][ T5362] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 132.797448][ T5362] Out of memory and no killable processes... [pid 5381] write(6, "0x000000000000040e", 18 [pid 5362] <... write resumed>) = 18 [pid 5362] close(3) = 0 [pid 5362] close(4) = 0 [pid 5362] close(5) = 0 [pid 5362] close(6) = 0 [pid 5362] close(7) = -1 EBADF (Bad file descriptor) [pid 5362] close(8) = -1 EBADF (Bad file descriptor) [pid 5362] close(9) = -1 EBADF (Bad file descriptor) [ 132.806746][ T5367] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 132.831971][ T5367] CPU: 0 PID: 5367 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 132.841967][ T5367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 132.852081][ T5367] Call Trace: [ 132.855418][ T5367] [ 132.858399][ T5367] dump_stack_lvl+0x136/0x150 [ 132.863151][ T5367] dump_header+0x10a/0xd70 [ 132.867634][ T5367] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 132.873797][ T5367] out_of_memory+0xd64/0x1660 [ 132.878560][ T5367] ? oom_killer_disable+0x2b0/0x2b0 [ 132.883856][ T5367] mem_cgroup_out_of_memory+0x206/0x270 [ 132.889481][ T5367] ? mem_cgroup_margin+0x130/0x130 [ 132.894689][ T5367] memory_max_write+0x2f9/0x3c0 [ 132.899620][ T5367] ? mem_cgroup_force_empty_write+0x160/0x160 [ 132.905783][ T5367] ? lock_sync+0x190/0x190 [ 132.910281][ T5367] cgroup_file_write+0x1e2/0x7b0 [ 132.915321][ T5367] ? mem_cgroup_force_empty_write+0x160/0x160 [ 132.921479][ T5367] ? kill_css+0x3b0/0x3b0 [ 132.925885][ T5367] ? lock_acquire+0x32/0xc0 [ 132.930475][ T5367] ? kill_css+0x3b0/0x3b0 [ 132.934915][ T5367] kernfs_fop_write_iter+0x3f1/0x600 [ 132.940285][ T5367] vfs_write+0x9ed/0xe10 [ 132.944623][ T5367] ? kernel_write+0x670/0x670 [ 132.949393][ T5367] ? find_held_lock+0x2d/0x110 [ 132.954247][ T5367] ? __fget_light+0x20a/0x270 [pid 5362] close(10) = -1 EBADF (Bad file descriptor) [pid 5362] close(11) = -1 EBADF (Bad file descriptor) [pid 5362] close(12) = -1 EBADF (Bad file descriptor) [pid 5362] close(13) = -1 EBADF (Bad file descriptor) [pid 5362] close(14) = -1 EBADF (Bad file descriptor) [ 132.959009][ T5367] ksys_write+0x12b/0x250 [ 132.963519][ T5367] ? __ia32_sys_read+0xb0/0xb0 [ 132.968376][ T5367] ? lockdep_hardirqs_on+0x7d/0x100 [ 132.973676][ T5367] ? _raw_spin_unlock_irq+0x2e/0x50 [ 132.978971][ T5367] ? ptrace_notify+0xfe/0x140 [ 132.983730][ T5367] do_syscall_64+0x39/0xb0 [ 132.988229][ T5367] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 132.994196][ T5367] RIP: 0033:0x7faecf034129 [pid 5362] close(15) = -1 EBADF (Bad file descriptor) [pid 5362] close(16) = -1 EBADF (Bad file descriptor) [pid 5362] close(17) = -1 EBADF (Bad file descriptor) [pid 5362] close(18) = -1 EBADF (Bad file descriptor) [pid 5362] close(19) = -1 EBADF (Bad file descriptor) [pid 5362] close(20) = -1 EBADF (Bad file descriptor) [pid 5362] close(21) = -1 EBADF (Bad file descriptor) [pid 5362] close(22) = -1 EBADF (Bad file descriptor) [pid 5362] close(23) = -1 EBADF (Bad file descriptor) [ 132.998666][ T5367] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 133.018348][ T5367] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 133.026849][ T5367] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 133.034880][ T5367] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 133.042910][ T5367] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 133.051025][ T5367] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5362] close(24) = -1 EBADF (Bad file descriptor) [pid 5362] close(25) = -1 EBADF (Bad file descriptor) [pid 5362] close(26) = -1 EBADF (Bad file descriptor) [pid 5362] close(27) = -1 EBADF (Bad file descriptor) [pid 5362] close(28) = -1 EBADF (Bad file descriptor) [pid 5362] close(29) = -1 EBADF (Bad file descriptor) [pid 5362] exit_group(0) = ? [pid 5362] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./11/binderfs") = 0 [pid 5087] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./11/cgroup") = 0 [pid 5087] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./11/cgroup.net") = 0 [pid 5087] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./11/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./11/file0") = 0 [pid 5087] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./11/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./11/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./11") = 0 [pid 5087] mkdir("./12", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5389 attached [ 133.059051][ T5367] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000d [ 133.067106][ T5367] [ 133.084704][ T5367] memory: usage 8kB, limit 0kB, failcnt 36 [ 133.096684][ T5367] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5389] chdir("./12" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 14 [pid 5389] <... chdir resumed>) = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5389] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5389] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] mkdir("./file0", 000) = 0 [pid 5389] open("./file0", O_RDONLY) = 3 [ 133.127201][ T5367] Memory cgroup stats for /syz1: [ 133.127498][ T5367] anon 0 [ 133.127498][ T5367] file 0 [ 133.127498][ T5367] kernel 8192 [ 133.127498][ T5367] kernel_stack 0 [ 133.127498][ T5367] pagetables 0 [ 133.127498][ T5367] sec_pagetables 0 [ 133.127498][ T5367] percpu 0 [ 133.127498][ T5367] sock 0 [ 133.127498][ T5367] vmalloc 0 [ 133.127498][ T5367] shmem 0 [ 133.127498][ T5367] zswap 0 [ 133.127498][ T5367] zswapped 0 [ 133.127498][ T5367] file_mapped 0 [ 133.127498][ T5367] file_dirty 0 [pid 5389] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5389] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5389] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5389] openat(5, "memory.max", O_RDWR) = 6 [ 133.127498][ T5367] file_writeback 0 [ 133.127498][ T5367] swapcached 0 [ 133.127498][ T5367] anon_thp 0 [ 133.127498][ T5367] file_thp 0 [ 133.127498][ T5367] shmem_thp 0 [ 133.127498][ T5367] inactive_anon 0 [ 133.127498][ T5367] active_anon 0 [ 133.127498][ T5367] inactive_file 0 [ 133.127498][ T5367] active_file 0 [ 133.127498][ T5367] unevictable 0 [ 133.127498][ T5367] slab_reclaimable 6752 [ 133.127498][ T5367] slab_unreclaimable 0 [ 133.127498][ T5367] slab 6752 [ 133.127498][ T5367] workingset_refault_anon 0 [ 133.127498][ T5367] workingset_refault_file 0 [ 133.127498][ T5367] workingset_activate_anon 0 [ 133.127498][ T5367] workingset_activate_file 0 [ 133.127498][ T5367] workingset_restore_anon 0 [ 133.127498][ T5367] workingset_restore_file 0 [ 133.127498][ T5367] workingset_nodereclaim 0 [ 133.127498][ T5367] pgscan 831 [ 133.127498][ T5367] pgsteal 2 [ 133.127498][ T5367] pgscan_kswapd 0 [ 133.127498][ T5367] pgscan_direct 831 [ 133.127498][ T5367] pgscan_khugepaged 0 [ 133.127498][ T5367] pgsteal_kswapd 0 [ 133.127498][ T5367] pgsteal_direct 2 [ 133.127498][ T5367] pgsteal_khugepaged 0 [ 133.127498][ T5367] pgfault 21 [ 133.127498][ T5367] pgmajfault 0 [ 133.127498][ T5367] pgrefill 830 [ 133.127498][ T5367] pgactivate 829 [ 133.127498][ T5367] pgdeactivate 830 [ 133.127498][ T5367] pglazyfree 0 [ 133.127498][ T5367] pglazyfreed 0 [ 133.127498][ T5367] zswpin 0 [ 133.127498][ T5367] zswpout 0 [ 133.127498][ T5367] thp_fault_alloc 0 [ 133.127498][ T5367] thp_collapse_alloc 0 [pid 5389] write(6, "0x000000000000040e", 18 [pid 5367] <... write resumed>) = 18 [pid 5367] close(3) = 0 [pid 5367] close(4) = 0 [pid 5367] close(5) = 0 [pid 5367] close(6) = 0 [pid 5367] close(7) = -1 EBADF (Bad file descriptor) [pid 5367] close(8) = -1 EBADF (Bad file descriptor) [pid 5367] close(9) = -1 EBADF (Bad file descriptor) [pid 5367] close(10) = -1 EBADF (Bad file descriptor) [pid 5367] close(11) = -1 EBADF (Bad file descriptor) [pid 5367] close(12) = -1 EBADF (Bad file descriptor) [pid 5367] close(13) = -1 EBADF (Bad file descriptor) [pid 5367] close(14) = -1 EBADF (Bad file descriptor) [pid 5367] close(15) = -1 EBADF (Bad file descriptor) [pid 5367] close(16) = -1 EBADF (Bad file descriptor) [pid 5367] close(17) = -1 EBADF (Bad file descriptor) [pid 5367] close(18) = -1 EBADF (Bad file descriptor) [pid 5367] close(19) = -1 EBADF (Bad file descriptor) [pid 5367] close(20) = -1 EBADF (Bad file descriptor) [pid 5367] close(21) = -1 EBADF (Bad file descriptor) [pid 5367] close(22) = -1 EBADF (Bad file descriptor) [pid 5367] close(23) = -1 EBADF (Bad file descriptor) [pid 5367] close(24) = -1 EBADF (Bad file descriptor) [pid 5367] close(25) = -1 EBADF (Bad file descriptor) [pid 5367] close(26) = -1 EBADF (Bad file descriptor) [pid 5367] close(27) = -1 EBADF (Bad file descriptor) [pid 5367] close(28) = -1 EBADF (Bad file descriptor) [pid 5367] close(29) = -1 EBADF (Bad file descriptor) [pid 5367] exit_group(0) = ? [ 133.328472][ T5367] Tasks state (memory values in pages): [ 133.336003][ T5367] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 133.352417][ T5367] Out of memory and no killable processes... [ 133.358535][ T5371] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 133.370898][ T5371] CPU: 1 PID: 5371 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 133.380866][ T5371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 133.390974][ T5371] Call Trace: [ 133.394292][ T5371] [ 133.397265][ T5371] dump_stack_lvl+0x136/0x150 [ 133.402019][ T5371] dump_header+0x10a/0xd70 [ 133.406515][ T5371] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 133.412667][ T5371] out_of_memory+0xd64/0x1660 [ 133.417430][ T5371] ? oom_killer_disable+0x2b0/0x2b0 [ 133.422724][ T5371] mem_cgroup_out_of_memory+0x206/0x270 [pid 5367] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./13/binderfs") = 0 [pid 5089] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./13/cgroup") = 0 [pid 5089] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./13/cgroup.net") = 0 [ 133.428336][ T5371] ? mem_cgroup_margin+0x130/0x130 [ 133.433537][ T5371] memory_max_write+0x2f9/0x3c0 [ 133.438481][ T5371] ? mem_cgroup_force_empty_write+0x160/0x160 [ 133.444664][ T5371] ? lock_sync+0x190/0x190 [ 133.449167][ T5371] cgroup_file_write+0x1e2/0x7b0 [ 133.454190][ T5371] ? mem_cgroup_force_empty_write+0x160/0x160 [ 133.460341][ T5371] ? kill_css+0x3b0/0x3b0 [ 133.464773][ T5371] ? lock_acquire+0x32/0xc0 [ 133.469367][ T5371] ? kill_css+0x3b0/0x3b0 [ 133.473785][ T5371] kernfs_fop_write_iter+0x3f1/0x600 [ 133.479146][ T5371] vfs_write+0x9ed/0xe10 [ 133.483479][ T5371] ? kernel_write+0x670/0x670 [ 133.488254][ T5371] ? find_held_lock+0x2d/0x110 [ 133.493099][ T5371] ? __fget_light+0x20a/0x270 [ 133.497869][ T5371] ksys_write+0x12b/0x250 [ 133.502283][ T5371] ? __ia32_sys_read+0xb0/0xb0 [ 133.507125][ T5371] ? lockdep_hardirqs_on+0x7d/0x100 [ 133.512395][ T5371] ? _raw_spin_unlock_irq+0x2e/0x50 [ 133.517674][ T5371] ? ptrace_notify+0xfe/0x140 [ 133.522426][ T5371] do_syscall_64+0x39/0xb0 [ 133.526928][ T5371] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 133.532888][ T5371] RIP: 0033:0x7faecf034129 [ 133.537353][ T5371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 133.557057][ T5371] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 133.565543][ T5371] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5089] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./13/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./13/file0") = 0 [pid 5089] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./13/cgroup.cpu") = 0 [ 133.573575][ T5371] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 133.581595][ T5371] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 133.589619][ T5371] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 133.597654][ T5371] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000a [ 133.605733][ T5371] [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./13") = 0 [pid 5089] mkdir("./14", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5394 attached [pid 5394] chdir("./14") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 16 [pid 5394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5394] setpgid(0, 0) = 0 [pid 5394] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5394] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5394] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5394] write(3, "1000", 4) = 4 [pid 5394] close(3) = 0 [pid 5394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5394] mkdir("./file0", 000) = 0 [pid 5394] open("./file0", O_RDONLY) = 3 [pid 5394] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5394] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5394] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 133.630709][ T5371] memory: usage 8kB, limit 0kB, failcnt 36 [ 133.643068][ T5371] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 133.652256][ T5371] Memory cgroup stats for /syz1: [ 133.652556][ T5371] anon 0 [ 133.652556][ T5371] file 0 [ 133.652556][ T5371] kernel 8192 [ 133.652556][ T5371] kernel_stack 0 [ 133.652556][ T5371] pagetables 0 [ 133.652556][ T5371] sec_pagetables 0 [ 133.652556][ T5371] percpu 0 [pid 5394] openat(5, "memory.max", O_RDWR) = 6 [ 133.652556][ T5371] sock 0 [ 133.652556][ T5371] vmalloc 0 [ 133.652556][ T5371] shmem 0 [ 133.652556][ T5371] zswap 0 [ 133.652556][ T5371] zswapped 0 [ 133.652556][ T5371] file_mapped 0 [ 133.652556][ T5371] file_dirty 0 [ 133.652556][ T5371] file_writeback 0 [ 133.652556][ T5371] swapcached 0 [ 133.652556][ T5371] anon_thp 0 [ 133.652556][ T5371] file_thp 0 [ 133.652556][ T5371] shmem_thp 0 [ 133.652556][ T5371] inactive_anon 0 [ 133.652556][ T5371] active_anon 0 [ 133.652556][ T5371] inactive_file 0 [ 133.652556][ T5371] active_file 0 [ 133.652556][ T5371] unevictable 0 [ 133.652556][ T5371] slab_reclaimable 6752 [ 133.652556][ T5371] slab_unreclaimable 0 [ 133.652556][ T5371] slab 6752 [ 133.652556][ T5371] workingset_refault_anon 0 [ 133.652556][ T5371] workingset_refault_file 0 [ 133.652556][ T5371] workingset_activate_anon 0 [ 133.652556][ T5371] workingset_activate_file 0 [ 133.652556][ T5371] workingset_restore_anon 0 [ 133.652556][ T5371] workingset_restore_file 0 [ 133.652556][ T5371] workingset_nodereclaim 0 [ 133.652556][ T5371] pgscan 831 [ 133.652556][ T5371] pgsteal 2 [ 133.652556][ T5371] pgscan_kswapd 0 [ 133.652556][ T5371] pgscan_direct 831 [ 133.652556][ T5371] pgscan_khugepaged 0 [ 133.652556][ T5371] pgsteal_kswapd 0 [ 133.652556][ T5371] pgsteal_direct 2 [ 133.652556][ T5371] pgsteal_khugepaged 0 [ 133.652556][ T5371] pgfault 21 [ 133.652556][ T5371] pgmajfault 0 [ 133.652556][ T5371] pgrefill 830 [ 133.652556][ T5371] pgactivate 829 [ 133.652556][ T5371] pgdeactivate 830 [ 133.652556][ T5371] pglazyfree 0 [ 133.652556][ T5371] pglazyfreed 0 [ 133.652556][ T5371] zswpin 0 [ 133.652556][ T5371] zswpout 0 [ 133.652556][ T5371] thp_fault_alloc 0 [ 133.652556][ T5371] thp_collapse_alloc 0 [ 133.852356][ T5371] Tasks state (memory values in pages): [ 133.858144][ T5371] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 133.868324][ T5371] Out of memory and no killable processes... [pid 5394] write(6, "0x000000000000040e", 18 [pid 5371] <... write resumed>) = 18 [pid 5371] close(3) = 0 [pid 5371] close(4) = 0 [pid 5371] close(5) = 0 [pid 5371] close(6) = 0 [pid 5371] close(7) = -1 EBADF (Bad file descriptor) [pid 5371] close(8) = -1 EBADF (Bad file descriptor) [pid 5371] close(9) = -1 EBADF (Bad file descriptor) [pid 5371] close(10) = -1 EBADF (Bad file descriptor) [pid 5371] close(11) = -1 EBADF (Bad file descriptor) [pid 5371] close(12) = -1 EBADF (Bad file descriptor) [pid 5371] close(13) = -1 EBADF (Bad file descriptor) [pid 5371] close(14) = -1 EBADF (Bad file descriptor) [pid 5371] close(15) = -1 EBADF (Bad file descriptor) [pid 5371] close(16) = -1 EBADF (Bad file descriptor) [ 133.877397][ T5375] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 133.889141][ T5375] CPU: 1 PID: 5375 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 133.899126][ T5375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 133.909248][ T5375] Call Trace: [ 133.912587][ T5375] [ 133.915575][ T5375] dump_stack_lvl+0x136/0x150 [ 133.920330][ T5375] dump_header+0x10a/0xd70 [ 133.924822][ T5375] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5371] close(17) = -1 EBADF (Bad file descriptor) [pid 5371] close(18) = -1 EBADF (Bad file descriptor) [pid 5371] close(19) = -1 EBADF (Bad file descriptor) [pid 5371] close(20) = -1 EBADF (Bad file descriptor) [pid 5371] close(21) = -1 EBADF (Bad file descriptor) [ 133.931000][ T5375] out_of_memory+0xd64/0x1660 [ 133.935773][ T5375] ? oom_killer_disable+0x2b0/0x2b0 [ 133.941070][ T5375] mem_cgroup_out_of_memory+0x206/0x270 [ 133.946722][ T5375] ? mem_cgroup_margin+0x130/0x130 [ 133.951916][ T5375] memory_max_write+0x2f9/0x3c0 [ 133.956823][ T5375] ? mem_cgroup_force_empty_write+0x160/0x160 [ 133.962951][ T5375] ? lock_sync+0x190/0x190 [ 133.967496][ T5375] cgroup_file_write+0x1e2/0x7b0 [ 133.972485][ T5375] ? mem_cgroup_force_empty_write+0x160/0x160 [ 133.978607][ T5375] ? kill_css+0x3b0/0x3b0 [ 133.982982][ T5375] ? lock_acquire+0x32/0xc0 [ 133.987532][ T5375] ? kill_css+0x3b0/0x3b0 [ 133.991918][ T5375] kernfs_fop_write_iter+0x3f1/0x600 [ 133.997256][ T5375] vfs_write+0x9ed/0xe10 [ 134.001550][ T5375] ? kernel_write+0x670/0x670 [ 134.006291][ T5375] ? find_held_lock+0x2d/0x110 [ 134.011104][ T5375] ? __fget_light+0x20a/0x270 [ 134.015842][ T5375] ksys_write+0x12b/0x250 [ 134.020230][ T5375] ? __ia32_sys_read+0xb0/0xb0 [ 134.025044][ T5375] ? lockdep_hardirqs_on+0x7d/0x100 [ 134.030300][ T5375] ? _raw_spin_unlock_irq+0x2e/0x50 [ 134.035554][ T5375] ? ptrace_notify+0xfe/0x140 [ 134.040288][ T5375] do_syscall_64+0x39/0xb0 [ 134.044769][ T5375] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 134.050708][ T5375] RIP: 0033:0x7faecf034129 [ 134.055148][ T5375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5371] close(22) = -1 EBADF (Bad file descriptor) [ 134.074784][ T5375] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 134.083231][ T5375] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 134.091225][ T5375] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 134.099266][ T5375] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 134.107270][ T5375] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 134.115272][ T5375] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000a [ 134.123296][ T5375] [pid 5371] close(23) = -1 EBADF (Bad file descriptor) [pid 5371] close(24) = -1 EBADF (Bad file descriptor) [pid 5371] close(25) = -1 EBADF (Bad file descriptor) [pid 5371] close(26) = -1 EBADF (Bad file descriptor) [pid 5371] close(27) = -1 EBADF (Bad file descriptor) [pid 5371] close(28) = -1 EBADF (Bad file descriptor) [pid 5371] close(29) = -1 EBADF (Bad file descriptor) [pid 5371] exit_group(0) = ? [ 134.152563][ T5375] memory: usage 8kB, limit 0kB, failcnt 36 [ 134.159170][ T5375] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 134.175001][ T5375] Memory cgroup stats for /syz1: [ 134.175291][ T5375] anon 0 [ 134.175291][ T5375] file 0 [ 134.175291][ T5375] kernel 8192 [ 134.175291][ T5375] kernel_stack 0 [ 134.175291][ T5375] pagetables 0 [ 134.175291][ T5375] sec_pagetables 0 [ 134.175291][ T5375] percpu 0 [ 134.175291][ T5375] sock 0 [ 134.175291][ T5375] vmalloc 0 [ 134.175291][ T5375] shmem 0 [ 134.175291][ T5375] zswap 0 [ 134.175291][ T5375] zswapped 0 [ 134.175291][ T5375] file_mapped 0 [ 134.175291][ T5375] file_dirty 0 [ 134.175291][ T5375] file_writeback 0 [ 134.175291][ T5375] swapcached 0 [ 134.175291][ T5375] anon_thp 0 [ 134.175291][ T5375] file_thp 0 [ 134.175291][ T5375] shmem_thp 0 [ 134.175291][ T5375] inactive_anon 0 [ 134.175291][ T5375] active_anon 0 [ 134.175291][ T5375] inactive_file 0 [ 134.175291][ T5375] active_file 0 [ 134.175291][ T5375] unevictable 0 [ 134.175291][ T5375] slab_reclaimable 6752 [ 134.175291][ T5375] slab_unreclaimable 0 [ 134.175291][ T5375] slab 6752 [ 134.175291][ T5375] workingset_refault_anon 0 [ 134.175291][ T5375] workingset_refault_file 0 [ 134.175291][ T5375] workingset_activate_anon 0 [ 134.175291][ T5375] workingset_activate_file 0 [ 134.175291][ T5375] workingset_restore_anon 0 [ 134.175291][ T5375] workingset_restore_file 0 [ 134.175291][ T5375] workingset_nodereclaim 0 [ 134.175291][ T5375] pgscan 831 [ 134.175291][ T5375] pgsteal 2 [ 134.175291][ T5375] pgscan_kswapd 0 [ 134.175291][ T5375] pgscan_direct 831 [ 134.175291][ T5375] pgscan_khugepaged 0 [ 134.175291][ T5375] pgsteal_kswapd 0 [ 134.175291][ T5375] pgsteal_direct 2 [ 134.175291][ T5375] pgsteal_khugepaged 0 [ 134.175291][ T5375] pgfault 21 [ 134.175291][ T5375] pgmajfault 0 [ 134.175291][ T5375] pgrefill 830 [ 134.175291][ T5375] pgactivate 829 [ 134.175291][ T5375] pgdeactivate 830 [ 134.175291][ T5375] pglazyfree 0 [ 134.175291][ T5375] pglazyfreed 0 [ 134.175291][ T5375] zswpin 0 [ 134.175291][ T5375] zswpout 0 [pid 5371] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./10/binderfs") = 0 [pid 5086] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./10/cgroup") = 0 [pid 5086] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./10/cgroup.net") = 0 [pid 5086] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./10/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./10/file0") = 0 [ 134.175291][ T5375] thp_fault_alloc 0 [ 134.175291][ T5375] thp_collapse_alloc 0 [pid 5086] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./10/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./10/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./10") = 0 [pid 5086] mkdir("./11", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5401 attached [pid 5401] chdir("./11") = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 13 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [pid 5401] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5401] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5401] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 [ 134.434061][ T5375] Tasks state (memory values in pages): [ 134.439850][ T5375] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 134.453542][ T5375] Out of memory and no killable processes... [pid 5401] mkdir("./file0", 000) = 0 [pid 5401] open("./file0", O_RDONLY) = 3 [pid 5401] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5375] <... write resumed>) = 18 [pid 5375] close(3) = 0 [pid 5401] <... mount resumed>) = 0 [pid 5375] close(4 [pid 5401] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5375] <... close resumed>) = 0 [pid 5401] <... openat resumed>) = 4 [pid 5375] close(5 [pid 5401] openat(4, "syz1", O_RDWR|O_PATH [pid 5375] <... close resumed>) = 0 [pid 5401] <... openat resumed>) = 5 [pid 5375] close(6 [pid 5401] openat(5, "memory.max", O_RDWR [pid 5375] <... close resumed>) = 0 [pid 5401] <... openat resumed>) = 6 [pid 5375] close(7 [pid 5401] write(6, "0x000000000000040e", 18 [pid 5375] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5375] close(8) = -1 EBADF (Bad file descriptor) [ 134.478040][ T5381] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 134.505443][ T5381] CPU: 1 PID: 5381 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 134.515431][ T5381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 134.525542][ T5381] Call Trace: [ 134.528872][ T5381] [ 134.531854][ T5381] dump_stack_lvl+0x136/0x150 [ 134.536603][ T5381] dump_header+0x10a/0xd70 [ 134.541105][ T5381] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 134.547265][ T5381] out_of_memory+0xd64/0x1660 [ 134.552030][ T5381] ? oom_killer_disable+0x2b0/0x2b0 [ 134.557311][ T5381] ? find_held_lock+0x2d/0x110 [ 134.562143][ T5381] mem_cgroup_out_of_memory+0x206/0x270 [ 134.567774][ T5381] ? mem_cgroup_margin+0x130/0x130 [ 134.572974][ T5381] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 134.578871][ T5381] memory_max_write+0x2f9/0x3c0 [ 134.583806][ T5381] ? mem_cgroup_force_empty_write+0x160/0x160 [ 134.589967][ T5381] ? lock_sync+0x190/0x190 [ 134.594466][ T5381] cgroup_file_write+0x1e2/0x7b0 [ 134.599487][ T5381] ? mem_cgroup_force_empty_write+0x160/0x160 [ 134.605632][ T5381] ? kill_css+0x3b0/0x3b0 [ 134.610035][ T5381] ? lock_acquire+0x32/0xc0 [ 134.614619][ T5381] ? kill_css+0x3b0/0x3b0 [ 134.619015][ T5381] kernfs_fop_write_iter+0x3f1/0x600 [ 134.624361][ T5381] vfs_write+0x9ed/0xe10 [ 134.628652][ T5381] ? kernel_write+0x670/0x670 [ 134.633386][ T5381] ? find_held_lock+0x2d/0x110 [ 134.638214][ T5381] ? __fget_light+0x20a/0x270 [ 134.642942][ T5381] ksys_write+0x12b/0x250 [ 134.647322][ T5381] ? __ia32_sys_read+0xb0/0xb0 [ 134.652129][ T5381] ? lockdep_hardirqs_on+0x7d/0x100 [ 134.657383][ T5381] ? _raw_spin_unlock_irq+0x2e/0x50 [ 134.662625][ T5381] ? ptrace_notify+0xfe/0x140 [ 134.667343][ T5381] do_syscall_64+0x39/0xb0 [ 134.671807][ T5381] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 134.677740][ T5381] RIP: 0033:0x7faecf034129 [ 134.682180][ T5381] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 134.701822][ T5381] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 134.710281][ T5381] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 134.718299][ T5381] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5375] close(9) = -1 EBADF (Bad file descriptor) [pid 5375] close(10) = -1 EBADF (Bad file descriptor) [pid 5375] close(11) = -1 EBADF (Bad file descriptor) [pid 5375] close(12) = -1 EBADF (Bad file descriptor) [pid 5375] close(13) = -1 EBADF (Bad file descriptor) [pid 5375] close(14) = -1 EBADF (Bad file descriptor) [pid 5375] close(15) = -1 EBADF (Bad file descriptor) [pid 5375] close(16) = -1 EBADF (Bad file descriptor) [pid 5375] close(17) = -1 EBADF (Bad file descriptor) [pid 5375] close(18) = -1 EBADF (Bad file descriptor) [pid 5375] close(19) = -1 EBADF (Bad file descriptor) [pid 5375] close(20) = -1 EBADF (Bad file descriptor) [pid 5375] close(21) = -1 EBADF (Bad file descriptor) [pid 5375] close(22) = -1 EBADF (Bad file descriptor) [ 134.726295][ T5381] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 134.734325][ T5381] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 134.742337][ T5381] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000e [ 134.750359][ T5381] [ 134.761844][ T5381] memory: usage 8kB, limit 0kB, failcnt 36 [ 134.768109][ T5381] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5375] close(23) = -1 EBADF (Bad file descriptor) [pid 5375] close(24) = -1 EBADF (Bad file descriptor) [pid 5375] close(25) = -1 EBADF (Bad file descriptor) [pid 5375] close(26) = -1 EBADF (Bad file descriptor) [pid 5375] close(27) = -1 EBADF (Bad file descriptor) [pid 5375] close(28) = -1 EBADF (Bad file descriptor) [pid 5375] close(29) = -1 EBADF (Bad file descriptor) [pid 5375] exit_group(0) = ? [pid 5375] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 134.792544][ T5381] Memory cgroup stats for /syz1: [ 134.792839][ T5381] anon 0 [ 134.792839][ T5381] file 0 [ 134.792839][ T5381] kernel 8192 [ 134.792839][ T5381] kernel_stack 0 [ 134.792839][ T5381] pagetables 0 [ 134.792839][ T5381] sec_pagetables 0 [ 134.792839][ T5381] percpu 0 [ 134.792839][ T5381] sock 0 [ 134.792839][ T5381] vmalloc 0 [ 134.792839][ T5381] shmem 0 [ 134.792839][ T5381] zswap 0 [ 134.792839][ T5381] zswapped 0 [ 134.792839][ T5381] file_mapped 0 [ 134.792839][ T5381] file_dirty 0 [pid 5085] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./10/binderfs") = 0 [pid 5085] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./10/cgroup") = 0 [ 134.792839][ T5381] file_writeback 0 [ 134.792839][ T5381] swapcached 0 [ 134.792839][ T5381] anon_thp 0 [ 134.792839][ T5381] file_thp 0 [ 134.792839][ T5381] shmem_thp 0 [ 134.792839][ T5381] inactive_anon 0 [ 134.792839][ T5381] active_anon 0 [ 134.792839][ T5381] inactive_file 0 [ 134.792839][ T5381] active_file 0 [ 134.792839][ T5381] unevictable 0 [ 134.792839][ T5381] slab_reclaimable 6752 [ 134.792839][ T5381] slab_unreclaimable 0 [ 134.792839][ T5381] slab 6752 [ 134.792839][ T5381] workingset_refault_anon 0 [ 134.792839][ T5381] workingset_refault_file 0 [ 134.792839][ T5381] workingset_activate_anon 0 [ 134.792839][ T5381] workingset_activate_file 0 [ 134.792839][ T5381] workingset_restore_anon 0 [ 134.792839][ T5381] workingset_restore_file 0 [ 134.792839][ T5381] workingset_nodereclaim 0 [ 134.792839][ T5381] pgscan 831 [ 134.792839][ T5381] pgsteal 2 [ 134.792839][ T5381] pgscan_kswapd 0 [ 134.792839][ T5381] pgscan_direct 831 [ 134.792839][ T5381] pgscan_khugepaged 0 [ 134.792839][ T5381] pgsteal_kswapd 0 [ 134.792839][ T5381] pgsteal_direct 2 [ 134.792839][ T5381] pgsteal_khugepaged 0 [pid 5085] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./10/cgroup.net") = 0 [pid 5085] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./10/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 134.792839][ T5381] pgfault 21 [ 134.792839][ T5381] pgmajfault 0 [ 134.792839][ T5381] pgrefill 830 [ 134.792839][ T5381] pgactivate 829 [ 134.792839][ T5381] pgdeactivate 830 [ 134.792839][ T5381] pglazyfree 0 [ 134.792839][ T5381] pglazyfreed 0 [ 134.792839][ T5381] zswpin 0 [ 134.792839][ T5381] zswpout 0 [ 134.792839][ T5381] thp_fault_alloc 0 [ 134.792839][ T5381] thp_collapse_alloc 0 [ 134.984415][ T5381] Tasks state (memory values in pages): [pid 5085] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./10/file0") = 0 [pid 5085] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./10/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./10/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./10") = 0 [pid 5085] mkdir("./11", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5407 attached [pid 5407] chdir("./11" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 13 [pid 5407] <... chdir resumed>) = 0 [pid 5407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5407] setpgid(0, 0) = 0 [pid 5407] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5407] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [ 135.000460][ T5381] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 135.011493][ T5381] Out of memory and no killable processes... [pid 5407] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5381] <... write resumed>) = 18 [pid 5407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5381] close(3 [pid 5407] <... openat resumed>) = 3 [pid 5381] <... close resumed>) = 0 [pid 5407] write(3, "1000", 4 [pid 5381] close(4 [pid 5407] <... write resumed>) = 4 [pid 5381] <... close resumed>) = 0 [pid 5407] close(3) = 0 [pid 5407] symlink("/dev/binderfs", "./binderfs") = 0 [ 135.052134][ T5389] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 135.078423][ T5389] CPU: 1 PID: 5389 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 135.088413][ T5389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 135.098522][ T5389] Call Trace: [ 135.101909][ T5389] [ 135.104879][ T5389] dump_stack_lvl+0x136/0x150 [ 135.109638][ T5389] dump_header+0x10a/0xd70 [ 135.114123][ T5389] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 135.120280][ T5389] out_of_memory+0xd64/0x1660 [ 135.125039][ T5389] ? oom_killer_disable+0x2b0/0x2b0 [ 135.130326][ T5389] mem_cgroup_out_of_memory+0x206/0x270 [ 135.135941][ T5389] ? mem_cgroup_margin+0x130/0x130 [ 135.141119][ T5389] memory_max_write+0x2f9/0x3c0 [ 135.146020][ T5389] ? mem_cgroup_force_empty_write+0x160/0x160 [ 135.152137][ T5389] ? lock_sync+0x190/0x190 [ 135.156587][ T5389] cgroup_file_write+0x1e2/0x7b0 [ 135.161561][ T5389] ? mem_cgroup_force_empty_write+0x160/0x160 [ 135.167676][ T5389] ? kill_css+0x3b0/0x3b0 [ 135.172050][ T5389] ? lock_acquire+0x32/0xc0 [ 135.176597][ T5389] ? kill_css+0x3b0/0x3b0 [ 135.180967][ T5389] kernfs_fop_write_iter+0x3f1/0x600 [ 135.186298][ T5389] vfs_write+0x9ed/0xe10 [ 135.190589][ T5389] ? kernel_write+0x670/0x670 [ 135.195313][ T5389] ? find_held_lock+0x2d/0x110 [ 135.200147][ T5389] ? __fget_light+0x20a/0x270 [ 135.204883][ T5389] ksys_write+0x12b/0x250 [ 135.209290][ T5389] ? __ia32_sys_read+0xb0/0xb0 [ 135.214096][ T5389] ? lockdep_hardirqs_on+0x7d/0x100 [ 135.219325][ T5389] ? _raw_spin_unlock_irq+0x2e/0x50 [ 135.224553][ T5389] ? ptrace_notify+0xfe/0x140 [ 135.229270][ T5389] do_syscall_64+0x39/0xb0 [ 135.233729][ T5389] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.239665][ T5389] RIP: 0033:0x7faecf034129 [ 135.244113][ T5389] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 135.263750][ T5389] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 135.272218][ T5389] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 135.280214][ T5389] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 135.288210][ T5389] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5407] mkdir("./file0", 000 [pid 5381] close(5) = 0 [pid 5381] close(6) = 0 [pid 5381] close(7) = -1 EBADF (Bad file descriptor) [pid 5381] close(8) = -1 EBADF (Bad file descriptor) [pid 5381] close(9) = -1 EBADF (Bad file descriptor) [pid 5381] close(10) = -1 EBADF (Bad file descriptor) [pid 5381] close(11) = -1 EBADF (Bad file descriptor) [pid 5381] close(12) = -1 EBADF (Bad file descriptor) [pid 5381] close(13) = -1 EBADF (Bad file descriptor) [pid 5381] close(14) = -1 EBADF (Bad file descriptor) [pid 5381] close(15) = -1 EBADF (Bad file descriptor) [pid 5381] close(16) = -1 EBADF (Bad file descriptor) [pid 5381] close(17) = -1 EBADF (Bad file descriptor) [pid 5381] close(18) = -1 EBADF (Bad file descriptor) [pid 5381] close(19) = -1 EBADF (Bad file descriptor) [pid 5381] close(20) = -1 EBADF (Bad file descriptor) [pid 5381] close(21) = -1 EBADF (Bad file descriptor) [pid 5381] close(22) = -1 EBADF (Bad file descriptor) [pid 5381] close(23) = -1 EBADF (Bad file descriptor) [pid 5381] close(24) = -1 EBADF (Bad file descriptor) [pid 5381] close(25) = -1 EBADF (Bad file descriptor) [pid 5381] close(26) = -1 EBADF (Bad file descriptor) [pid 5381] close(27) = -1 EBADF (Bad file descriptor) [pid 5381] close(28) = -1 EBADF (Bad file descriptor) [pid 5381] close(29) = -1 EBADF (Bad file descriptor) [pid 5381] exit_group(0) = ? [pid 5381] +++ exited with 0 +++ [pid 5407] <... mkdir resumed>) = 0 [pid 5407] open("./file0", O_RDONLY [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5090] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, [pid 5407] <... open resumed>) = 3 [pid 5407] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5090] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5407] <... mount resumed>) = 0 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5407] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5090] lstat("./14/binderfs", [pid 5407] <... openat resumed>) = 4 [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5407] openat(4, "syz1", O_RDWR|O_PATH [pid 5090] unlink("./14/binderfs" [pid 5407] <... openat resumed>) = 5 [pid 5090] <... unlink resumed>) = 0 [pid 5407] openat(5, "memory.max", O_RDWR [pid 5090] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5407] <... openat resumed>) = 6 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5407] write(6, "0x000000000000040e", 18 [pid 5090] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./14/cgroup") = 0 [pid 5090] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./14/cgroup.net") = 0 [pid 5090] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./14/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./14/file0") = 0 [pid 5090] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./14/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./14") = 0 [ 135.296205][ T5389] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 135.304199][ T5389] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000c [ 135.312219][ T5389] [ 135.332086][ T5389] memory: usage 8kB, limit 0kB, failcnt 36 [ 135.338003][ T5389] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5090] mkdir("./15", 0777) = 0 [ 135.391819][ T5389] Memory cgroup stats for /syz1: [ 135.392099][ T5389] anon 0 [ 135.392099][ T5389] file 0 [ 135.392099][ T5389] kernel 8192 [ 135.392099][ T5389] kernel_stack 0 [ 135.392099][ T5389] pagetables 0 [ 135.392099][ T5389] sec_pagetables 0 [ 135.392099][ T5389] percpu 0 [ 135.392099][ T5389] sock 0 [ 135.392099][ T5389] vmalloc 0 [ 135.392099][ T5389] shmem 0 [ 135.392099][ T5389] zswap 0 [ 135.392099][ T5389] zswapped 0 [ 135.392099][ T5389] file_mapped 0 [ 135.392099][ T5389] file_dirty 0 [ 135.392099][ T5389] file_writeback 0 [ 135.392099][ T5389] swapcached 0 [ 135.392099][ T5389] anon_thp 0 [ 135.392099][ T5389] file_thp 0 [ 135.392099][ T5389] shmem_thp 0 [ 135.392099][ T5389] inactive_anon 0 [ 135.392099][ T5389] active_anon 0 [ 135.392099][ T5389] inactive_file 0 [ 135.392099][ T5389] active_file 0 [ 135.392099][ T5389] unevictable 0 [ 135.392099][ T5389] slab_reclaimable 6752 [ 135.392099][ T5389] slab_unreclaimable 0 [ 135.392099][ T5389] slab 6752 [ 135.392099][ T5389] workingset_refault_anon 0 [ 135.392099][ T5389] workingset_refault_file 0 [ 135.392099][ T5389] workingset_activate_anon 0 [ 135.392099][ T5389] workingset_activate_file 0 [ 135.392099][ T5389] workingset_restore_anon 0 [ 135.392099][ T5389] workingset_restore_file 0 [ 135.392099][ T5389] workingset_nodereclaim 0 [ 135.392099][ T5389] pgscan 831 [ 135.392099][ T5389] pgsteal 2 [ 135.392099][ T5389] pgscan_kswapd 0 [ 135.392099][ T5389] pgscan_direct 831 [ 135.392099][ T5389] pgscan_khugepaged 0 [ 135.392099][ T5389] pgsteal_kswapd 0 [ 135.392099][ T5389] pgsteal_direct 2 [ 135.392099][ T5389] pgsteal_khugepaged 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5410 attached [pid 5410] chdir("./15" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 17 [pid 5410] <... chdir resumed>) = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5410] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5410] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] mkdir("./file0", 000) = 0 [pid 5410] open("./file0", O_RDONLY) = 3 [pid 5410] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5410] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5410] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5410] openat(5, "memory.max", O_RDWR) = 6 [ 135.392099][ T5389] pgfault 21 [ 135.392099][ T5389] pgmajfault 0 [ 135.392099][ T5389] pgrefill 830 [ 135.392099][ T5389] pgactivate 829 [ 135.392099][ T5389] pgdeactivate 830 [ 135.392099][ T5389] pglazyfree 0 [ 135.392099][ T5389] pglazyfreed 0 [ 135.392099][ T5389] zswpin 0 [ 135.392099][ T5389] zswpout 0 [ 135.392099][ T5389] thp_fault_alloc 0 [ 135.392099][ T5389] thp_collapse_alloc 0 [ 135.583196][ T5389] Tasks state (memory values in pages): [pid 5410] write(6, "0x000000000000040e", 18 [pid 5389] <... write resumed>) = 18 [pid 5389] close(3) = 0 [pid 5389] close(4) = 0 [pid 5389] close(5) = 0 [pid 5389] close(6) = 0 [pid 5389] close(7) = -1 EBADF (Bad file descriptor) [pid 5389] close(8) = -1 EBADF (Bad file descriptor) [ 135.588821][ T5389] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 135.598687][ T5389] Out of memory and no killable processes... [ 135.611768][ T5394] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 135.632751][ T5394] CPU: 0 PID: 5394 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 135.642737][ T5394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 135.652844][ T5394] Call Trace: [ 135.656162][ T5394] [ 135.659137][ T5394] dump_stack_lvl+0x136/0x150 [ 135.663885][ T5394] dump_header+0x10a/0xd70 [ 135.668359][ T5394] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 135.674524][ T5394] out_of_memory+0xd64/0x1660 [ 135.679285][ T5394] ? oom_killer_disable+0x2b0/0x2b0 [ 135.684572][ T5394] mem_cgroup_out_of_memory+0x206/0x270 [pid 5389] close(9) = -1 EBADF (Bad file descriptor) [pid 5389] close(10) = -1 EBADF (Bad file descriptor) [pid 5389] close(11) = -1 EBADF (Bad file descriptor) [pid 5389] close(12) = -1 EBADF (Bad file descriptor) [pid 5389] close(13) = -1 EBADF (Bad file descriptor) [pid 5389] close(14) = -1 EBADF (Bad file descriptor) [ 135.690197][ T5394] ? mem_cgroup_margin+0x130/0x130 [ 135.695417][ T5394] memory_max_write+0x2f9/0x3c0 [ 135.700347][ T5394] ? mem_cgroup_force_empty_write+0x160/0x160 [ 135.706500][ T5394] ? lock_sync+0x190/0x190 [ 135.711014][ T5394] cgroup_file_write+0x1e2/0x7b0 [ 135.716030][ T5394] ? mem_cgroup_force_empty_write+0x160/0x160 [ 135.722191][ T5394] ? kill_css+0x3b0/0x3b0 [ 135.726634][ T5394] ? lock_acquire+0x32/0xc0 [ 135.731224][ T5394] ? kill_css+0x3b0/0x3b0 [ 135.735644][ T5394] kernfs_fop_write_iter+0x3f1/0x600 [pid 5389] close(15) = -1 EBADF (Bad file descriptor) [pid 5389] close(16) = -1 EBADF (Bad file descriptor) [pid 5389] close(17) = -1 EBADF (Bad file descriptor) [pid 5389] close(18) = -1 EBADF (Bad file descriptor) [pid 5389] close(19) = -1 EBADF (Bad file descriptor) [pid 5389] close(20) = -1 EBADF (Bad file descriptor) [pid 5389] close(21) = -1 EBADF (Bad file descriptor) [pid 5389] close(22) = -1 EBADF (Bad file descriptor) [pid 5389] close(23) = -1 EBADF (Bad file descriptor) [ 135.741019][ T5394] vfs_write+0x9ed/0xe10 [ 135.745355][ T5394] ? kernel_write+0x670/0x670 [ 135.750120][ T5394] ? find_held_lock+0x2d/0x110 [ 135.754953][ T5394] ? __fget_light+0x20a/0x270 [ 135.759711][ T5394] ksys_write+0x12b/0x250 [ 135.764125][ T5394] ? __ia32_sys_read+0xb0/0xb0 [ 135.769002][ T5394] ? lockdep_hardirqs_on+0x7d/0x100 [ 135.774269][ T5394] ? _raw_spin_unlock_irq+0x2e/0x50 [ 135.779541][ T5394] ? ptrace_notify+0xfe/0x140 [ 135.784280][ T5394] do_syscall_64+0x39/0xb0 [ 135.788767][ T5394] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.794730][ T5394] RIP: 0033:0x7faecf034129 [ 135.799212][ T5394] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 135.818887][ T5394] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 135.827374][ T5394] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 135.835396][ T5394] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5389] close(24) = -1 EBADF (Bad file descriptor) [pid 5389] close(25) = -1 EBADF (Bad file descriptor) [pid 5389] close(26) = -1 EBADF (Bad file descriptor) [pid 5389] close(27) = -1 EBADF (Bad file descriptor) [pid 5389] close(28) = -1 EBADF (Bad file descriptor) [pid 5389] close(29) = -1 EBADF (Bad file descriptor) [pid 5389] exit_group(0) = ? [pid 5389] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./12/binderfs") = 0 [pid 5087] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./12/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./12/cgroup") = 0 [pid 5087] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./12/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./12/cgroup.net") = 0 [pid 5087] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./12/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./12/file0") = 0 [pid 5087] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./12/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./12/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 135.843411][ T5394] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 135.851520][ T5394] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 135.859544][ T5394] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000e [ 135.867597][ T5394] [pid 5087] close(3) = 0 [pid 5087] rmdir("./12") = 0 [pid 5087] mkdir("./13", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5412 attached [pid 5412] chdir("./13" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 15 [pid 5412] <... chdir resumed>) = 0 [pid 5412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5412] setpgid(0, 0) = 0 [ 135.921109][ T5394] memory: usage 8kB, limit 0kB, failcnt 36 [ 135.936029][ T5394] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 135.948995][ T5394] Memory cgroup stats for /syz1: [ 135.949298][ T5394] anon 0 [ 135.949298][ T5394] file 0 [ 135.949298][ T5394] kernel 8192 [ 135.949298][ T5394] kernel_stack 0 [ 135.949298][ T5394] pagetables 0 [ 135.949298][ T5394] sec_pagetables 0 [ 135.949298][ T5394] percpu 0 [ 135.949298][ T5394] sock 0 [ 135.949298][ T5394] vmalloc 0 [ 135.949298][ T5394] shmem 0 [ 135.949298][ T5394] zswap 0 [ 135.949298][ T5394] zswapped 0 [ 135.949298][ T5394] file_mapped 0 [ 135.949298][ T5394] file_dirty 0 [ 135.949298][ T5394] file_writeback 0 [ 135.949298][ T5394] swapcached 0 [ 135.949298][ T5394] anon_thp 0 [ 135.949298][ T5394] file_thp 0 [ 135.949298][ T5394] shmem_thp 0 [ 135.949298][ T5394] inactive_anon 0 [ 135.949298][ T5394] active_anon 0 [ 135.949298][ T5394] inactive_file 0 [ 135.949298][ T5394] active_file 0 [ 135.949298][ T5394] unevictable 0 [ 135.949298][ T5394] slab_reclaimable 6752 [ 135.949298][ T5394] slab_unreclaimable 0 [ 135.949298][ T5394] slab 6752 [ 135.949298][ T5394] workingset_refault_anon 0 [ 135.949298][ T5394] workingset_refault_file 0 [ 135.949298][ T5394] workingset_activate_anon 0 [ 135.949298][ T5394] workingset_activate_file 0 [ 135.949298][ T5394] workingset_restore_anon 0 [ 135.949298][ T5394] workingset_restore_file 0 [ 135.949298][ T5394] workingset_nodereclaim 0 [ 135.949298][ T5394] pgscan 831 [ 135.949298][ T5394] pgsteal 2 [ 135.949298][ T5394] pgscan_kswapd 0 [ 135.949298][ T5394] pgscan_direct 831 [ 135.949298][ T5394] pgscan_khugepaged 0 [ 135.949298][ T5394] pgsteal_kswapd 0 [ 135.949298][ T5394] pgsteal_direct 2 [ 135.949298][ T5394] pgsteal_khugepaged 0 [ 135.949298][ T5394] pgfault 21 [ 135.949298][ T5394] pgmajfault 0 [ 135.949298][ T5394] pgrefill 830 [ 135.949298][ T5394] pgactivate 829 [ 135.949298][ T5394] pgdeactivate 830 [ 135.949298][ T5394] pglazyfree 0 [ 135.949298][ T5394] pglazyfreed 0 [pid 5412] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5412] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5412] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5412] write(3, "1000", 4) = 4 [pid 5412] close(3) = 0 [pid 5412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5412] mkdir("./file0", 000) = 0 [pid 5412] open("./file0", O_RDONLY) = 3 [pid 5412] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5412] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5412] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5412] openat(5, "memory.max", O_RDWR) = 6 [ 135.949298][ T5394] zswpin 0 [ 135.949298][ T5394] zswpout 0 [ 135.949298][ T5394] thp_fault_alloc 0 [ 135.949298][ T5394] thp_collapse_alloc 0 [ 136.148550][ T5394] Tasks state (memory values in pages): [ 136.159092][ T5394] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5412] write(6, "0x000000000000040e", 18 [pid 5394] <... write resumed>) = 18 [ 136.174737][ T5394] Out of memory and no killable processes... [ 136.180852][ T5401] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 136.196684][ T5401] CPU: 0 PID: 5401 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 136.206663][ T5401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 136.216772][ T5401] Call Trace: [ 136.220095][ T5401] [ 136.223071][ T5401] dump_stack_lvl+0x136/0x150 [ 136.227821][ T5401] dump_header+0x10a/0xd70 [ 136.232302][ T5401] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 136.238459][ T5401] out_of_memory+0xd64/0x1660 [ 136.243224][ T5401] ? oom_killer_disable+0x2b0/0x2b0 [ 136.248502][ T5401] ? find_held_lock+0x2d/0x110 [ 136.253332][ T5401] mem_cgroup_out_of_memory+0x206/0x270 [ 136.258950][ T5401] ? mem_cgroup_margin+0x130/0x130 [ 136.264146][ T5401] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 136.270045][ T5401] memory_max_write+0x2f9/0x3c0 [pid 5394] close(3) = 0 [pid 5394] close(4) = 0 [pid 5394] close(5) = 0 [pid 5394] close(6) = 0 [pid 5394] close(7) = -1 EBADF (Bad file descriptor) [pid 5394] close(8) = -1 EBADF (Bad file descriptor) [pid 5394] close(9) = -1 EBADF (Bad file descriptor) [pid 5394] close(10) = -1 EBADF (Bad file descriptor) [pid 5394] close(11) = -1 EBADF (Bad file descriptor) [pid 5394] close(12) = -1 EBADF (Bad file descriptor) [ 136.274986][ T5401] ? mem_cgroup_force_empty_write+0x160/0x160 [ 136.281143][ T5401] ? lock_sync+0x190/0x190 [ 136.285648][ T5401] cgroup_file_write+0x1e2/0x7b0 [ 136.290665][ T5401] ? mem_cgroup_force_empty_write+0x160/0x160 [ 136.296814][ T5401] ? kill_css+0x3b0/0x3b0 [ 136.301230][ T5401] ? lock_acquire+0x32/0xc0 [ 136.305817][ T5401] ? kill_css+0x3b0/0x3b0 [ 136.310227][ T5401] kernfs_fop_write_iter+0x3f1/0x600 [ 136.315618][ T5401] vfs_write+0x9ed/0xe10 [ 136.319955][ T5401] ? kernel_write+0x670/0x670 [pid 5394] close(13) = -1 EBADF (Bad file descriptor) [ 136.324736][ T5401] ? find_held_lock+0x2d/0x110 [ 136.329583][ T5401] ? __fget_light+0x20a/0x270 [ 136.334351][ T5401] ksys_write+0x12b/0x250 [ 136.338807][ T5401] ? __ia32_sys_read+0xb0/0xb0 [ 136.343657][ T5401] ? lockdep_hardirqs_on+0x7d/0x100 [ 136.348921][ T5401] ? _raw_spin_unlock_irq+0x2e/0x50 [ 136.354196][ T5401] ? ptrace_notify+0xfe/0x140 [ 136.358936][ T5401] do_syscall_64+0x39/0xb0 [ 136.363429][ T5401] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 136.369391][ T5401] RIP: 0033:0x7faecf034129 [ 136.373859][ T5401] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 136.393534][ T5401] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 136.402015][ T5401] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 136.410046][ T5401] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 136.418078][ T5401] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5394] close(14) = -1 EBADF (Bad file descriptor) [pid 5394] close(15) = -1 EBADF (Bad file descriptor) [pid 5394] close(16) = -1 EBADF (Bad file descriptor) [pid 5394] close(17) = -1 EBADF (Bad file descriptor) [pid 5394] close(18) = -1 EBADF (Bad file descriptor) [pid 5394] close(19) = -1 EBADF (Bad file descriptor) [pid 5394] close(20) = -1 EBADF (Bad file descriptor) [pid 5394] close(21) = -1 EBADF (Bad file descriptor) [pid 5394] close(22) = -1 EBADF (Bad file descriptor) [pid 5394] close(23) = -1 EBADF (Bad file descriptor) [pid 5394] close(24) = -1 EBADF (Bad file descriptor) [pid 5394] close(25) = -1 EBADF (Bad file descriptor) [pid 5394] close(26) = -1 EBADF (Bad file descriptor) [pid 5394] close(27) = -1 EBADF (Bad file descriptor) [pid 5394] close(28) = -1 EBADF (Bad file descriptor) [pid 5394] close(29) = -1 EBADF (Bad file descriptor) [pid 5394] exit_group(0) = ? [pid 5394] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./14/binderfs") = 0 [pid 5089] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./14/cgroup") = 0 [pid 5089] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./14/cgroup.net") = 0 [pid 5089] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./14/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./14/file0") = 0 [pid 5089] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./14/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./14") = 0 [pid 5089] mkdir("./15", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5417 attached [pid 5417] chdir("./15" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 17 [pid 5417] <... chdir resumed>) = 0 [pid 5417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5417] setpgid(0, 0) = 0 [ 136.426106][ T5401] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 136.434135][ T5401] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000b [ 136.442204][ T5401] [pid 5417] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5417] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5417] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5417] write(3, "1000", 4) = 4 [pid 5417] close(3) = 0 [pid 5417] symlink("/dev/binderfs", "./binderfs") = 0 [ 136.493694][ T5401] memory: usage 8kB, limit 0kB, failcnt 36 [ 136.503106][ T5401] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 136.512990][ T5401] Memory cgroup stats for /syz1: [ 136.513267][ T5401] anon 0 [ 136.513267][ T5401] file 0 [ 136.513267][ T5401] kernel 8192 [ 136.513267][ T5401] kernel_stack 0 [ 136.513267][ T5401] pagetables 0 [ 136.513267][ T5401] sec_pagetables 0 [ 136.513267][ T5401] percpu 0 [ 136.513267][ T5401] sock 0 [ 136.513267][ T5401] vmalloc 0 [ 136.513267][ T5401] shmem 0 [ 136.513267][ T5401] zswap 0 [ 136.513267][ T5401] zswapped 0 [ 136.513267][ T5401] file_mapped 0 [ 136.513267][ T5401] file_dirty 0 [ 136.513267][ T5401] file_writeback 0 [ 136.513267][ T5401] swapcached 0 [ 136.513267][ T5401] anon_thp 0 [ 136.513267][ T5401] file_thp 0 [ 136.513267][ T5401] shmem_thp 0 [ 136.513267][ T5401] inactive_anon 0 [ 136.513267][ T5401] active_anon 0 [ 136.513267][ T5401] inactive_file 0 [ 136.513267][ T5401] active_file 0 [ 136.513267][ T5401] unevictable 0 [ 136.513267][ T5401] slab_reclaimable 6752 [ 136.513267][ T5401] slab_unreclaimable 0 [ 136.513267][ T5401] slab 6752 [ 136.513267][ T5401] workingset_refault_anon 0 [ 136.513267][ T5401] workingset_refault_file 0 [ 136.513267][ T5401] workingset_activate_anon 0 [ 136.513267][ T5401] workingset_activate_file 0 [ 136.513267][ T5401] workingset_restore_anon 0 [ 136.513267][ T5401] workingset_restore_file 0 [ 136.513267][ T5401] workingset_nodereclaim 0 [ 136.513267][ T5401] pgscan 831 [ 136.513267][ T5401] pgsteal 2 [ 136.513267][ T5401] pgscan_kswapd 0 [ 136.513267][ T5401] pgscan_direct 831 [ 136.513267][ T5401] pgscan_khugepaged 0 [ 136.513267][ T5401] pgsteal_kswapd 0 [ 136.513267][ T5401] pgsteal_direct 2 [ 136.513267][ T5401] pgsteal_khugepaged 0 [ 136.513267][ T5401] pgfault 21 [ 136.513267][ T5401] pgmajfault 0 [ 136.513267][ T5401] pgrefill 830 [ 136.513267][ T5401] pgactivate 829 [ 136.513267][ T5401] pgdeactivate 830 [ 136.513267][ T5401] pglazyfree 0 [ 136.513267][ T5401] pglazyfreed 0 [ 136.513267][ T5401] zswpin 0 [ 136.513267][ T5401] zswpout 0 [pid 5417] mkdir("./file0", 000) = 0 [pid 5417] open("./file0", O_RDONLY) = 3 [pid 5417] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5417] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5417] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5417] openat(5, "memory.max", O_RDWR) = 6 [ 136.513267][ T5401] thp_fault_alloc 0 [ 136.513267][ T5401] thp_collapse_alloc 0 [ 136.707068][ T5401] Tasks state (memory values in pages): [ 136.734256][ T5401] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 136.747521][ T5401] Out of memory and no killable processes... [ 136.754834][ T5407] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 136.767070][ T5407] CPU: 0 PID: 5407 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 136.777037][ T5407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 136.787149][ T5407] Call Trace: [ 136.790472][ T5407] [pid 5417] write(6, "0x000000000000040e", 18 [pid 5401] <... write resumed>) = 18 [ 136.793451][ T5407] dump_stack_lvl+0x136/0x150 [ 136.798214][ T5407] dump_header+0x10a/0xd70 [ 136.802700][ T5407] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 136.808854][ T5407] out_of_memory+0xd64/0x1660 [ 136.813612][ T5407] ? oom_killer_disable+0x2b0/0x2b0 [ 136.818961][ T5407] mem_cgroup_out_of_memory+0x206/0x270 [ 136.824597][ T5407] ? mem_cgroup_margin+0x130/0x130 [ 136.829805][ T5407] memory_max_write+0x2f9/0x3c0 [ 136.834739][ T5407] ? mem_cgroup_force_empty_write+0x160/0x160 [ 136.840895][ T5407] ? lock_sync+0x190/0x190 [ 136.845389][ T5407] cgroup_file_write+0x1e2/0x7b0 [ 136.850412][ T5407] ? mem_cgroup_force_empty_write+0x160/0x160 [ 136.856556][ T5407] ? kill_css+0x3b0/0x3b0 [ 136.860965][ T5407] ? lock_acquire+0x32/0xc0 [ 136.865552][ T5407] ? kill_css+0x3b0/0x3b0 [ 136.869954][ T5407] kernfs_fop_write_iter+0x3f1/0x600 [ 136.875323][ T5407] vfs_write+0x9ed/0xe10 [ 136.879652][ T5407] ? kernel_write+0x670/0x670 [ 136.884413][ T5407] ? find_held_lock+0x2d/0x110 [ 136.889252][ T5407] ? __fget_light+0x20a/0x270 [ 136.894014][ T5407] ksys_write+0x12b/0x250 [ 136.898429][ T5407] ? __ia32_sys_read+0xb0/0xb0 [ 136.903265][ T5407] ? lockdep_hardirqs_on+0x7d/0x100 [ 136.908542][ T5407] ? _raw_spin_unlock_irq+0x2e/0x50 [ 136.913841][ T5407] ? ptrace_notify+0xfe/0x140 [ 136.918738][ T5407] do_syscall_64+0x39/0xb0 [ 136.923238][ T5407] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 136.929201][ T5407] RIP: 0033:0x7faecf034129 [ 136.933679][ T5407] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 136.953347][ T5407] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 136.961840][ T5407] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 136.969870][ T5407] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 136.977896][ T5407] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 136.985926][ T5407] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5401] close(3) = 0 [pid 5401] close(4) = 0 [pid 5401] close(5) = 0 [ 136.993953][ T5407] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000b [ 137.002032][ T5407] [ 137.013028][ T5407] memory: usage 8kB, limit 0kB, failcnt 36 [ 137.019552][ T5407] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 137.030764][ T5407] Memory cgroup stats for /syz1: [ 137.031033][ T5407] anon 0 [ 137.031033][ T5407] file 0 [ 137.031033][ T5407] kernel 8192 [ 137.031033][ T5407] kernel_stack 0 [ 137.031033][ T5407] pagetables 0 [ 137.031033][ T5407] sec_pagetables 0 [ 137.031033][ T5407] percpu 0 [ 137.031033][ T5407] sock 0 [ 137.031033][ T5407] vmalloc 0 [ 137.031033][ T5407] shmem 0 [ 137.031033][ T5407] zswap 0 [ 137.031033][ T5407] zswapped 0 [ 137.031033][ T5407] file_mapped 0 [ 137.031033][ T5407] file_dirty 0 [ 137.031033][ T5407] file_writeback 0 [ 137.031033][ T5407] swapcached 0 [ 137.031033][ T5407] anon_thp 0 [ 137.031033][ T5407] file_thp 0 [ 137.031033][ T5407] shmem_thp 0 [ 137.031033][ T5407] inactive_anon 0 [ 137.031033][ T5407] active_anon 0 [ 137.031033][ T5407] inactive_file 0 [ 137.031033][ T5407] active_file 0 [ 137.031033][ T5407] unevictable 0 [ 137.031033][ T5407] slab_reclaimable 6752 [ 137.031033][ T5407] slab_unreclaimable 0 [ 137.031033][ T5407] slab 6752 [ 137.031033][ T5407] workingset_refault_anon 0 [ 137.031033][ T5407] workingset_refault_file 0 [ 137.031033][ T5407] workingset_activate_anon 0 [ 137.031033][ T5407] workingset_activate_file 0 [ 137.031033][ T5407] workingset_restore_anon 0 [ 137.031033][ T5407] workingset_restore_file 0 [ 137.031033][ T5407] workingset_nodereclaim 0 [ 137.031033][ T5407] pgscan 831 [ 137.031033][ T5407] pgsteal 2 [ 137.031033][ T5407] pgscan_kswapd 0 [ 137.031033][ T5407] pgscan_direct 831 [ 137.031033][ T5407] pgscan_khugepaged 0 [ 137.031033][ T5407] pgsteal_kswapd 0 [ 137.031033][ T5407] pgsteal_direct 2 [ 137.031033][ T5407] pgsteal_khugepaged 0 [ 137.031033][ T5407] pgfault 21 [ 137.031033][ T5407] pgmajfault 0 [ 137.031033][ T5407] pgrefill 830 [ 137.031033][ T5407] pgactivate 829 [ 137.031033][ T5407] pgdeactivate 830 [pid 5401] close(6) = 0 [pid 5401] close(7) = -1 EBADF (Bad file descriptor) [ 137.031033][ T5407] pglazyfree 0 [ 137.031033][ T5407] pglazyfreed 0 [ 137.031033][ T5407] zswpin 0 [ 137.031033][ T5407] zswpout 0 [ 137.031033][ T5407] thp_fault_alloc 0 [ 137.031033][ T5407] thp_collapse_alloc 0 [ 137.224607][ T5407] Tasks state (memory values in pages): [ 137.230233][ T5407] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 137.240606][ T5407] Out of memory and no killable processes... [pid 5407] <... write resumed>) = 18 [pid 5401] close(8 [pid 5407] close(3 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = 0 [pid 5401] close(9 [pid 5407] close(4 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = 0 [pid 5401] close(10 [pid 5407] close(5 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = 0 [pid 5401] close(11 [pid 5407] close(6 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = 0 [pid 5401] close(12 [pid 5407] close(7 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(13 [pid 5407] close(8 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 137.247438][ T5410] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 137.271558][ T5410] CPU: 1 PID: 5410 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 137.281587][ T5410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 137.291697][ T5410] Call Trace: [ 137.295018][ T5410] [pid 5401] close(14 [pid 5407] close(9 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(15 [pid 5407] close(10 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(16 [pid 5407] close(11 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(17 [pid 5407] close(12 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(18 [pid 5407] close(13 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(19 [pid 5407] close(14 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(20 [pid 5407] close(15 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(21 [pid 5407] close(16 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(22 [pid 5407] close(17 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(23 [pid 5407] close(18 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(24 [pid 5407] close(19 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(25 [pid 5407] close(20 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(26 [pid 5407] close(21 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(27 [pid 5407] close(22 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(28 [pid 5407] close(23 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] close(29 [pid 5407] close(24 [pid 5401] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] exit_group(0 [pid 5407] close(25 [pid 5401] <... exit_group resumed>) = ? [pid 5407] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] +++ exited with 0 +++ [pid 5407] close(26) = -1 EBADF (Bad file descriptor) [pid 5407] close(27) = -1 EBADF (Bad file descriptor) [pid 5407] close(28) = -1 EBADF (Bad file descriptor) [pid 5407] close(29) = -1 EBADF (Bad file descriptor) [pid 5407] exit_group(0) = ? [pid 5407] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...> [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] <... restart_syscall resumed>) = 0 [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... openat resumed>) = 3 [pid 5085] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] fstat(3, [pid 5085] <... openat resumed>) = 3 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] fstat(3, [pid 5086] getdents64(3, [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] getdents64(3, [pid 5086] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] lstat("./11/binderfs", [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] lstat("./11/binderfs", [pid 5086] unlink("./11/binderfs" [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5085] unlink("./11/binderfs" [pid 5086] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... unlink resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] lstat("./11/cgroup", [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] lstat("./11/cgroup", [pid 5086] unlink("./11/cgroup" [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5085] unlink("./11/cgroup" [pid 5086] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... unlink resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] lstat("./11/cgroup.net", [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] lstat("./11/cgroup.net", [pid 5086] unlink("./11/cgroup.net" [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5085] unlink("./11/cgroup.net" [pid 5086] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... unlink resumed>) = 0 [ 137.297990][ T5410] dump_stack_lvl+0x136/0x150 [ 137.302739][ T5410] dump_header+0x10a/0xd70 [ 137.307227][ T5410] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 137.313399][ T5410] out_of_memory+0xd64/0x1660 [ 137.318154][ T5410] ? oom_killer_disable+0x2b0/0x2b0 [ 137.323445][ T5410] mem_cgroup_out_of_memory+0x206/0x270 [ 137.329085][ T5410] ? mem_cgroup_margin+0x130/0x130 [ 137.334307][ T5410] memory_max_write+0x2f9/0x3c0 [ 137.339250][ T5410] ? mem_cgroup_force_empty_write+0x160/0x160 [ 137.345407][ T5410] ? lock_sync+0x190/0x190 [ 137.349928][ T5410] cgroup_file_write+0x1e2/0x7b0 [ 137.354952][ T5410] ? mem_cgroup_force_empty_write+0x160/0x160 [ 137.361096][ T5410] ? kill_css+0x3b0/0x3b0 [ 137.365519][ T5410] ? lock_acquire+0x32/0xc0 [ 137.370110][ T5410] ? kill_css+0x3b0/0x3b0 [ 137.374515][ T5410] kernfs_fop_write_iter+0x3f1/0x600 [ 137.379886][ T5410] vfs_write+0x9ed/0xe10 [ 137.384220][ T5410] ? kernel_write+0x670/0x670 [ 137.388982][ T5410] ? find_held_lock+0x2d/0x110 [ 137.393824][ T5410] ? __fget_light+0x20a/0x270 [ 137.398579][ T5410] ksys_write+0x12b/0x250 [ 137.402985][ T5410] ? __ia32_sys_read+0xb0/0xb0 [ 137.407834][ T5410] ? lockdep_hardirqs_on+0x7d/0x100 [ 137.413098][ T5410] ? _raw_spin_unlock_irq+0x2e/0x50 [ 137.418370][ T5410] ? ptrace_notify+0xfe/0x140 [ 137.423113][ T5410] do_syscall_64+0x39/0xb0 [ 137.427644][ T5410] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 137.433628][ T5410] RIP: 0033:0x7faecf034129 [ 137.438094][ T5410] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 137.457867][ T5410] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 137.466345][ T5410] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 137.474372][ T5410] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 137.482403][ T5410] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 137.490431][ T5410] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5085] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = 0 [pid 5086] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./11/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./11/file0") = 0 [pid 5086] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./11/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./11/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./11") = 0 [ 137.498455][ T5410] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000f [ 137.506520][ T5410] [ 137.522230][ T5410] memory: usage 8kB, limit 0kB, failcnt 36 [ 137.528311][ T5410] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 137.535906][ T5410] Memory cgroup stats for /syz1: [ 137.536210][ T5410] anon 0 [ 137.536210][ T5410] file 0 [ 137.536210][ T5410] kernel 8192 [pid 5086] mkdir("./12", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 14 [ 137.536210][ T5410] kernel_stack 0 [ 137.536210][ T5410] pagetables 0 [ 137.536210][ T5410] sec_pagetables 0 [ 137.536210][ T5410] percpu 0 [ 137.536210][ T5410] sock 0 [ 137.536210][ T5410] vmalloc 0 [ 137.536210][ T5410] shmem 0 [ 137.536210][ T5410] zswap 0 [ 137.536210][ T5410] zswapped 0 [ 137.536210][ T5410] file_mapped 0 [ 137.536210][ T5410] file_dirty 0 [ 137.536210][ T5410] file_writeback 0 [ 137.536210][ T5410] swapcached 0 [ 137.536210][ T5410] anon_thp 0 [ 137.536210][ T5410] file_thp 0 [ 137.536210][ T5410] shmem_thp 0 [ 137.536210][ T5410] inactive_anon 0 [ 137.536210][ T5410] active_anon 0 [ 137.536210][ T5410] inactive_file 0 [ 137.536210][ T5410] active_file 0 [ 137.536210][ T5410] unevictable 0 [ 137.536210][ T5410] slab_reclaimable 6752 [ 137.536210][ T5410] slab_unreclaimable 0 [ 137.536210][ T5410] slab 6752 [ 137.536210][ T5410] workingset_refault_anon 0 [ 137.536210][ T5410] workingset_refault_file 0 [ 137.536210][ T5410] workingset_activate_anon 0 [ 137.536210][ T5410] workingset_activate_file 0 [ 137.536210][ T5410] workingset_restore_anon 0 [ 137.536210][ T5410] workingset_restore_file 0 [ 137.536210][ T5410] workingset_nodereclaim 0 [ 137.536210][ T5410] pgscan 831 [ 137.536210][ T5410] pgsteal 2 [ 137.536210][ T5410] pgscan_kswapd 0 [ 137.536210][ T5410] pgscan_direct 831 [ 137.536210][ T5410] pgscan_khugepaged 0 [ 137.536210][ T5410] pgsteal_kswapd 0 [ 137.536210][ T5410] pgsteal_direct 2 [ 137.536210][ T5410] pgsteal_khugepaged 0 [ 137.536210][ T5410] pgfault 21 [ 137.536210][ T5410] pgmajfault 0 [ 137.536210][ T5410] pgrefill 830 [ 137.536210][ T5410] pgactivate 829 [ 137.536210][ T5410] pgdeactivate 830 ./strace-static-x86_64: Process 5423 attached [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./11/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, [pid 5423] chdir("./12" [pid 5085] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5423] <... chdir resumed>) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5423] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] close(4) = 0 [pid 5423] <... prctl resumed>) = 0 [pid 5085] rmdir("./11/file0" [pid 5423] setpgid(0, 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5423] <... setpgid resumed>) = 0 [pid 5085] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5423] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5423] <... symlink resumed>) = 0 [pid 5085] lstat("./11/cgroup.cpu", [pid 5423] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5423] <... symlink resumed>) = 0 [pid 5085] unlink("./11/cgroup.cpu" [pid 5423] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5085] <... unlink resumed>) = 0 [ 137.536210][ T5410] pglazyfree 0 [ 137.536210][ T5410] pglazyfreed 0 [ 137.536210][ T5410] zswpin 0 [ 137.536210][ T5410] zswpout 0 [ 137.536210][ T5410] thp_fault_alloc 0 [ 137.536210][ T5410] thp_collapse_alloc 0 [pid 5423] <... symlink resumed>) = 0 [pid 5085] getdents64(3, [pid 5423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5423] write(3, "1000", 4) = 4 [pid 5423] close(3) = 0 [pid 5423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5423] mkdir("./file0", 000) = 0 [pid 5410] <... write resumed>) = 18 [pid 5085] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5423] open("./file0", O_RDONLY) = 3 [pid 5423] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5423] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5410] close(3 [pid 5085] close(3 [pid 5423] <... openat resumed>) = 4 [pid 5423] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5423] openat(5, "memory.max", O_RDWR) = 6 [pid 5423] write(6, "0x000000000000040e", 18 [pid 5410] <... close resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5410] close(4 [pid 5085] rmdir("./11" [pid 5410] <... close resumed>) = 0 [ 137.753741][ T5410] Tasks state (memory values in pages): [ 137.759362][ T5410] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 137.769627][ T5410] Out of memory and no killable processes... [ 137.777178][ T5412] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 137.803140][ T5412] CPU: 1 PID: 5412 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 137.813135][ T5412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 137.823252][ T5412] Call Trace: [ 137.826590][ T5412] [ 137.829594][ T5412] dump_stack_lvl+0x136/0x150 [ 137.834339][ T5412] dump_header+0x10a/0xd70 [ 137.838821][ T5412] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 137.844995][ T5412] out_of_memory+0xd64/0x1660 [ 137.849755][ T5412] ? oom_killer_disable+0x2b0/0x2b0 [ 137.855037][ T5412] mem_cgroup_out_of_memory+0x206/0x270 [ 137.860660][ T5412] ? mem_cgroup_margin+0x130/0x130 [ 137.865872][ T5412] memory_max_write+0x2f9/0x3c0 [ 137.870798][ T5412] ? mem_cgroup_force_empty_write+0x160/0x160 [ 137.876941][ T5412] ? lock_sync+0x190/0x190 [ 137.881427][ T5412] cgroup_file_write+0x1e2/0x7b0 [ 137.886480][ T5412] ? mem_cgroup_force_empty_write+0x160/0x160 [ 137.892629][ T5412] ? kill_css+0x3b0/0x3b0 [ 137.897038][ T5412] ? lock_acquire+0x32/0xc0 [ 137.901613][ T5412] ? kill_css+0x3b0/0x3b0 [ 137.906012][ T5412] kernfs_fop_write_iter+0x3f1/0x600 [ 137.911379][ T5412] vfs_write+0x9ed/0xe10 [ 137.915702][ T5412] ? kernel_write+0x670/0x670 [ 137.920434][ T5412] ? find_held_lock+0x2d/0x110 [ 137.925240][ T5412] ? __fget_light+0x20a/0x270 [ 137.929966][ T5412] ksys_write+0x12b/0x250 [ 137.934343][ T5412] ? __ia32_sys_read+0xb0/0xb0 [ 137.939155][ T5412] ? lockdep_hardirqs_on+0x7d/0x100 [ 137.944388][ T5412] ? _raw_spin_unlock_irq+0x2e/0x50 [ 137.949647][ T5412] ? ptrace_notify+0xfe/0x140 [ 137.954390][ T5412] do_syscall_64+0x39/0xb0 [ 137.958851][ T5412] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 137.964786][ T5412] RIP: 0033:0x7faecf034129 [ 137.969225][ T5412] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 137.988862][ T5412] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5410] close(5 [pid 5085] <... rmdir resumed>) = 0 [pid 5410] <... close resumed>) = 0 [pid 5085] mkdir("./12", 0777 [pid 5410] close(6 [pid 5085] <... mkdir resumed>) = 0 [pid 5410] <... close resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5410] close(7) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 5429 attached [pid 5410] close(8 [pid 5429] chdir("./12" [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 14 [pid 5429] <... chdir resumed>) = 0 [pid 5410] close(9 [pid 5429] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] <... prctl resumed>) = 0 [pid 5410] close(10 [pid 5429] setpgid(0, 0 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] <... setpgid resumed>) = 0 [pid 5429] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5410] close(11 [pid 5429] <... symlink resumed>) = 0 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5410] close(12 [pid 5429] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] <... symlink resumed>) = 0 [pid 5410] close(13 [pid 5429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] <... openat resumed>) = 3 [pid 5410] close(14 [pid 5429] write(3, "1000", 4 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] <... write resumed>) = 4 [pid 5410] close(15 [pid 5429] close(3 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] <... close resumed>) = 0 [pid 5429] symlink("/dev/binderfs", "./binderfs" [pid 5410] close(16 [pid 5429] <... symlink resumed>) = 0 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] mkdir("./file0", 000 [pid 5410] close(17 [pid 5429] <... mkdir resumed>) = 0 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] open("./file0", O_RDONLY [pid 5410] close(18 [pid 5429] <... open resumed>) = 3 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5410] close(19 [pid 5429] <... mount resumed>) = 0 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5410] close(20 [pid 5429] <... openat resumed>) = 4 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] openat(4, "syz1", O_RDWR|O_PATH [ 137.997331][ T5412] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 138.005324][ T5412] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 138.013327][ T5412] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 138.021329][ T5412] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 138.029325][ T5412] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000d [ 138.037361][ T5412] [pid 5410] close(21 [pid 5429] <... openat resumed>) = 5 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5429] openat(5, "memory.max", O_RDWR [pid 5410] close(22 [pid 5429] <... openat resumed>) = 6 [pid 5429] write(6, "0x000000000000040e", 18 [pid 5410] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5410] close(23) = -1 EBADF (Bad file descriptor) [pid 5410] close(24) = -1 EBADF (Bad file descriptor) [pid 5410] close(25) = -1 EBADF (Bad file descriptor) [pid 5410] close(26) = -1 EBADF (Bad file descriptor) [pid 5410] close(27) = -1 EBADF (Bad file descriptor) [pid 5410] close(28) = -1 EBADF (Bad file descriptor) [pid 5410] close(29) = -1 EBADF (Bad file descriptor) [pid 5410] exit_group(0) = ? [pid 5410] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 138.093080][ T5412] memory: usage 8kB, limit 0kB, failcnt 36 [ 138.102971][ T5412] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 138.116915][ T5412] Memory cgroup stats for /syz1: [ 138.119659][ T5412] anon 0 [ 138.119659][ T5412] file 0 [ 138.119659][ T5412] kernel 8192 [ 138.119659][ T5412] kernel_stack 0 [ 138.119659][ T5412] pagetables 0 [ 138.119659][ T5412] sec_pagetables 0 [ 138.119659][ T5412] percpu 0 [ 138.119659][ T5412] sock 0 [ 138.119659][ T5412] vmalloc 0 [ 138.119659][ T5412] shmem 0 [ 138.119659][ T5412] zswap 0 [ 138.119659][ T5412] zswapped 0 [ 138.119659][ T5412] file_mapped 0 [ 138.119659][ T5412] file_dirty 0 [ 138.119659][ T5412] file_writeback 0 [ 138.119659][ T5412] swapcached 0 [ 138.119659][ T5412] anon_thp 0 [ 138.119659][ T5412] file_thp 0 [ 138.119659][ T5412] shmem_thp 0 [ 138.119659][ T5412] inactive_anon 0 [ 138.119659][ T5412] active_anon 0 [ 138.119659][ T5412] inactive_file 0 [ 138.119659][ T5412] active_file 0 [ 138.119659][ T5412] unevictable 0 [ 138.119659][ T5412] slab_reclaimable 6752 [ 138.119659][ T5412] slab_unreclaimable 0 [ 138.119659][ T5412] slab 6752 [ 138.119659][ T5412] workingset_refault_anon 0 [ 138.119659][ T5412] workingset_refault_file 0 [ 138.119659][ T5412] workingset_activate_anon 0 [ 138.119659][ T5412] workingset_activate_file 0 [ 138.119659][ T5412] workingset_restore_anon 0 [ 138.119659][ T5412] workingset_restore_file 0 [ 138.119659][ T5412] workingset_nodereclaim 0 [ 138.119659][ T5412] pgscan 831 [ 138.119659][ T5412] pgsteal 2 [ 138.119659][ T5412] pgscan_kswapd 0 [ 138.119659][ T5412] pgscan_direct 831 [ 138.119659][ T5412] pgscan_khugepaged 0 [ 138.119659][ T5412] pgsteal_kswapd 0 [ 138.119659][ T5412] pgsteal_direct 2 [ 138.119659][ T5412] pgsteal_khugepaged 0 [ 138.119659][ T5412] pgfault 21 [ 138.119659][ T5412] pgmajfault 0 [ 138.119659][ T5412] pgrefill 830 [ 138.119659][ T5412] pgactivate 829 [pid 5090] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./15/binderfs") = 0 [pid 5090] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 138.119659][ T5412] pgdeactivate 830 [ 138.119659][ T5412] pglazyfree 0 [ 138.119659][ T5412] pglazyfreed 0 [ 138.119659][ T5412] zswpin 0 [ 138.119659][ T5412] zswpout 0 [ 138.119659][ T5412] thp_fault_alloc 0 [ 138.119659][ T5412] thp_collapse_alloc 0 [ 138.321985][ T5412] Tasks state (memory values in pages): [ 138.327713][ T5412] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5412] <... write resumed>) = 18 [pid 5412] close(3) = 0 [pid 5412] close(4) = 0 [pid 5412] close(5) = 0 [pid 5412] close(6) = 0 [pid 5412] close(7) = -1 EBADF (Bad file descriptor) [pid 5412] close(8 [pid 5090] lstat("./15/cgroup", [pid 5412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5412] close(9 [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5090] unlink("./15/cgroup" [pid 5412] close(10) = -1 EBADF (Bad file descriptor) [ 138.352874][ T5412] Out of memory and no killable processes... [ 138.359006][ T5417] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 138.373244][ T5417] CPU: 0 PID: 5417 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 138.383228][ T5417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 138.393349][ T5417] Call Trace: [ 138.396669][ T5417] [ 138.399639][ T5417] dump_stack_lvl+0x136/0x150 [ 138.404384][ T5417] dump_header+0x10a/0xd70 [ 138.408865][ T5417] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 138.415033][ T5417] out_of_memory+0xd64/0x1660 [ 138.419802][ T5417] ? oom_killer_disable+0x2b0/0x2b0 [ 138.425100][ T5417] mem_cgroup_out_of_memory+0x206/0x270 [ 138.430730][ T5417] ? mem_cgroup_margin+0x130/0x130 [ 138.435941][ T5417] memory_max_write+0x2f9/0x3c0 [ 138.440876][ T5417] ? mem_cgroup_force_empty_write+0x160/0x160 [ 138.447049][ T5417] ? lock_sync+0x190/0x190 [ 138.451546][ T5417] cgroup_file_write+0x1e2/0x7b0 [ 138.456585][ T5417] ? mem_cgroup_force_empty_write+0x160/0x160 [ 138.462722][ T5417] ? kill_css+0x3b0/0x3b0 [ 138.467102][ T5417] ? lock_acquire+0x32/0xc0 [ 138.471678][ T5417] ? kill_css+0x3b0/0x3b0 [ 138.476087][ T5417] kernfs_fop_write_iter+0x3f1/0x600 [ 138.481420][ T5417] vfs_write+0x9ed/0xe10 [ 138.485715][ T5417] ? kernel_write+0x670/0x670 [ 138.490446][ T5417] ? find_held_lock+0x2d/0x110 [ 138.495253][ T5417] ? __fget_light+0x20a/0x270 [ 138.499980][ T5417] ksys_write+0x12b/0x250 [ 138.504357][ T5417] ? __ia32_sys_read+0xb0/0xb0 [ 138.509168][ T5417] ? lockdep_hardirqs_on+0x7d/0x100 [ 138.514405][ T5417] ? _raw_spin_unlock_irq+0x2e/0x50 [ 138.519647][ T5417] ? ptrace_notify+0xfe/0x140 [ 138.524367][ T5417] do_syscall_64+0x39/0xb0 [ 138.528832][ T5417] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 138.534785][ T5417] RIP: 0033:0x7faecf034129 [ 138.539237][ T5417] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 138.558890][ T5417] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 138.567330][ T5417] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 138.575318][ T5417] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 138.583310][ T5417] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 138.591306][ T5417] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5412] close(11 [pid 5090] <... unlink resumed>) = 0 [pid 5412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5412] close(12) = -1 EBADF (Bad file descriptor) [pid 5412] close(13) = -1 EBADF (Bad file descriptor) [pid 5412] close(14) = -1 EBADF (Bad file descriptor) [pid 5412] close(15) = -1 EBADF (Bad file descriptor) [pid 5412] close(16) = -1 EBADF (Bad file descriptor) [pid 5412] close(17) = -1 EBADF (Bad file descriptor) [pid 5412] close(18) = -1 EBADF (Bad file descriptor) [pid 5412] close(19) = -1 EBADF (Bad file descriptor) [pid 5412] close(20) = -1 EBADF (Bad file descriptor) [pid 5412] close(21) = -1 EBADF (Bad file descriptor) [pid 5412] close(22) = -1 EBADF (Bad file descriptor) [pid 5412] close(23) = -1 EBADF (Bad file descriptor) [pid 5412] close(24) = -1 EBADF (Bad file descriptor) [pid 5412] close(25) = -1 EBADF (Bad file descriptor) [pid 5412] close(26) = -1 EBADF (Bad file descriptor) [pid 5412] close(27) = -1 EBADF (Bad file descriptor) [pid 5412] close(28) = -1 EBADF (Bad file descriptor) [pid 5412] close(29) = -1 EBADF (Bad file descriptor) [pid 5412] exit_group(0) = ? [pid 5412] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5087] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./13/binderfs") = 0 [pid 5087] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./13/cgroup") = 0 [pid 5087] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./13/cgroup.net") = 0 [pid 5087] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... umount2 resumed>) = 0 [pid 5087] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./13/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./13/file0" [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] <... rmdir resumed>) = 0 [pid 5090] lstat("./15/cgroup.net", [pid 5087] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] unlink("./15/cgroup.net" [pid 5087] lstat("./13/cgroup.cpu", [pid 5090] <... unlink resumed>) = 0 [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] unlink("./13/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./13") = 0 [pid 5087] mkdir("./14", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5432 attached [pid 5432] chdir("./14" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 16 [pid 5432] <... chdir resumed>) = 0 [pid 5432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5432] setpgid(0, 0) = 0 [pid 5432] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5432] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5432] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5432] write(3, "1000", 4) = 4 [pid 5432] close(3) = 0 [pid 5432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5432] mkdir("./file0", 000) = 0 [pid 5432] open("./file0", O_RDONLY) = 3 [pid 5432] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5432] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 138.599302][ T5417] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000f [ 138.607339][ T5417] [pid 5432] openat(4, "syz1", O_RDWR|O_PATH [pid 5090] <... umount2 resumed>) = 0 [pid 5432] <... openat resumed>) = 5 [pid 5090] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5432] openat(5, "memory.max", O_RDWR [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5432] <... openat resumed>) = 6 [pid 5090] lstat("./15/file0", [pid 5432] write(6, "0x000000000000040e", 18 [pid 5090] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./15/file0") = 0 [pid 5090] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./15/cgroup.cpu") = 0 [ 138.651853][ T5417] memory: usage 8kB, limit 0kB, failcnt 36 [ 138.657880][ T5417] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 138.684142][ T5417] Memory cgroup stats for /syz1: [ 138.684418][ T5417] anon 0 [ 138.684418][ T5417] file 0 [ 138.684418][ T5417] kernel 8192 [ 138.684418][ T5417] kernel_stack 0 [ 138.684418][ T5417] pagetables 0 [ 138.684418][ T5417] sec_pagetables 0 [ 138.684418][ T5417] percpu 0 [ 138.684418][ T5417] sock 0 [ 138.684418][ T5417] vmalloc 0 [ 138.684418][ T5417] shmem 0 [ 138.684418][ T5417] zswap 0 [ 138.684418][ T5417] zswapped 0 [ 138.684418][ T5417] file_mapped 0 [ 138.684418][ T5417] file_dirty 0 [ 138.684418][ T5417] file_writeback 0 [ 138.684418][ T5417] swapcached 0 [ 138.684418][ T5417] anon_thp 0 [ 138.684418][ T5417] file_thp 0 [ 138.684418][ T5417] shmem_thp 0 [ 138.684418][ T5417] inactive_anon 0 [ 138.684418][ T5417] active_anon 0 [ 138.684418][ T5417] inactive_file 0 [ 138.684418][ T5417] active_file 0 [ 138.684418][ T5417] unevictable 0 [ 138.684418][ T5417] slab_reclaimable 6752 [ 138.684418][ T5417] slab_unreclaimable 0 [ 138.684418][ T5417] slab 6752 [ 138.684418][ T5417] workingset_refault_anon 0 [ 138.684418][ T5417] workingset_refault_file 0 [ 138.684418][ T5417] workingset_activate_anon 0 [ 138.684418][ T5417] workingset_activate_file 0 [ 138.684418][ T5417] workingset_restore_anon 0 [ 138.684418][ T5417] workingset_restore_file 0 [ 138.684418][ T5417] workingset_nodereclaim 0 [ 138.684418][ T5417] pgscan 831 [ 138.684418][ T5417] pgsteal 2 [ 138.684418][ T5417] pgscan_kswapd 0 [ 138.684418][ T5417] pgscan_direct 831 [ 138.684418][ T5417] pgscan_khugepaged 0 [ 138.684418][ T5417] pgsteal_kswapd 0 [ 138.684418][ T5417] pgsteal_direct 2 [ 138.684418][ T5417] pgsteal_khugepaged 0 [ 138.684418][ T5417] pgfault 21 [ 138.684418][ T5417] pgmajfault 0 [ 138.684418][ T5417] pgrefill 830 [ 138.684418][ T5417] pgactivate 829 [ 138.684418][ T5417] pgdeactivate 830 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./15") = 0 [pid 5090] mkdir("./16", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5433 attached , child_tidptr=0x555555c0c5d0) = 18 [ 138.684418][ T5417] pglazyfree 0 [ 138.684418][ T5417] pglazyfreed 0 [ 138.684418][ T5417] zswpin 0 [ 138.684418][ T5417] zswpout 0 [ 138.684418][ T5417] thp_fault_alloc 0 [ 138.684418][ T5417] thp_collapse_alloc 0 [pid 5433] chdir("./16") = 0 [pid 5433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5433] setpgid(0, 0) = 0 [pid 5417] <... write resumed>) = 18 [pid 5433] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5433] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5433] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5433] write(3, "1000", 4 [pid 5417] close(3 [pid 5433] <... write resumed>) = 4 [pid 5417] <... close resumed>) = 0 [pid 5433] close(3 [pid 5417] close(4 [pid 5433] <... close resumed>) = 0 [pid 5417] <... close resumed>) = 0 [ 138.894784][ T5417] Tasks state (memory values in pages): [ 138.903766][ T5417] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 138.913559][ T5417] Out of memory and no killable processes... [ 138.919654][ T5423] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5433] symlink("/dev/binderfs", "./binderfs" [pid 5417] close(5 [pid 5433] <... symlink resumed>) = 0 [pid 5417] <... close resumed>) = 0 [pid 5433] mkdir("./file0", 000 [pid 5417] close(6 [pid 5433] <... mkdir resumed>) = 0 [pid 5417] <... close resumed>) = 0 [pid 5433] open("./file0", O_RDONLY [pid 5417] close(7 [pid 5433] <... open resumed>) = 3 [pid 5417] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5433] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5417] close(8 [pid 5433] <... mount resumed>) = 0 [pid 5417] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5433] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5417] close(9 [pid 5433] <... openat resumed>) = 4 [pid 5417] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5433] openat(4, "syz1", O_RDWR|O_PATH [pid 5417] close(10 [pid 5433] <... openat resumed>) = 5 [pid 5417] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5433] openat(5, "memory.max", O_RDWR [pid 5417] close(11 [pid 5433] <... openat resumed>) = 6 [pid 5417] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5433] write(6, "0x000000000000040e", 18 [pid 5417] close(12) = -1 EBADF (Bad file descriptor) [pid 5417] close(13) = -1 EBADF (Bad file descriptor) [pid 5417] close(14) = -1 EBADF (Bad file descriptor) [pid 5417] close(15) = -1 EBADF (Bad file descriptor) [pid 5417] close(16) = -1 EBADF (Bad file descriptor) [pid 5417] close(17) = -1 EBADF (Bad file descriptor) [pid 5417] close(18) = -1 EBADF (Bad file descriptor) [pid 5417] close(19) = -1 EBADF (Bad file descriptor) [ 138.937861][ T5423] CPU: 1 PID: 5423 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 138.947839][ T5423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 138.957943][ T5423] Call Trace: [ 138.961371][ T5423] [ 138.964347][ T5423] dump_stack_lvl+0x136/0x150 [ 138.969096][ T5423] dump_header+0x10a/0xd70 [ 138.973583][ T5423] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 138.979744][ T5423] out_of_memory+0xd64/0x1660 [ 138.984505][ T5423] ? oom_killer_disable+0x2b0/0x2b0 [ 138.989811][ T5423] mem_cgroup_out_of_memory+0x206/0x270 [pid 5417] close(20) = -1 EBADF (Bad file descriptor) [pid 5417] close(21) = -1 EBADF (Bad file descriptor) [pid 5417] close(22) = -1 EBADF (Bad file descriptor) [pid 5417] close(23) = -1 EBADF (Bad file descriptor) [pid 5417] close(24) = -1 EBADF (Bad file descriptor) [pid 5417] close(25) = -1 EBADF (Bad file descriptor) [pid 5417] close(26) = -1 EBADF (Bad file descriptor) [pid 5417] close(27) = -1 EBADF (Bad file descriptor) [pid 5417] close(28) = -1 EBADF (Bad file descriptor) [pid 5417] close(29) = -1 EBADF (Bad file descriptor) [pid 5417] exit_group(0) = ? [pid 5417] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5089] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./15/binderfs") = 0 [ 138.995444][ T5423] ? mem_cgroup_margin+0x130/0x130 [ 139.000656][ T5423] memory_max_write+0x2f9/0x3c0 [ 139.005609][ T5423] ? mem_cgroup_force_empty_write+0x160/0x160 [ 139.011761][ T5423] ? lock_sync+0x190/0x190 [ 139.016252][ T5423] cgroup_file_write+0x1e2/0x7b0 [ 139.021263][ T5423] ? mem_cgroup_force_empty_write+0x160/0x160 [ 139.027535][ T5423] ? kill_css+0x3b0/0x3b0 [ 139.031957][ T5423] ? lock_acquire+0x32/0xc0 [ 139.036569][ T5423] ? kill_css+0x3b0/0x3b0 [ 139.040985][ T5423] kernfs_fop_write_iter+0x3f1/0x600 [ 139.046371][ T5423] vfs_write+0x9ed/0xe10 [ 139.050935][ T5423] ? kernel_write+0x670/0x670 [ 139.055682][ T5423] ? find_held_lock+0x2d/0x110 [ 139.060495][ T5423] ? __fget_light+0x20a/0x270 [ 139.065228][ T5423] ksys_write+0x12b/0x250 [ 139.069608][ T5423] ? __ia32_sys_read+0xb0/0xb0 [ 139.074412][ T5423] ? lockdep_hardirqs_on+0x7d/0x100 [ 139.079645][ T5423] ? _raw_spin_unlock_irq+0x2e/0x50 [ 139.084884][ T5423] ? ptrace_notify+0xfe/0x140 [ 139.089640][ T5423] do_syscall_64+0x39/0xb0 [ 139.094123][ T5423] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 139.100069][ T5423] RIP: 0033:0x7faecf034129 [ 139.104523][ T5423] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 139.124160][ T5423] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 139.132603][ T5423] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5089] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./15/cgroup") = 0 [pid 5089] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 139.140596][ T5423] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 139.148866][ T5423] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 139.156862][ T5423] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 139.164852][ T5423] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000c [ 139.172870][ T5423] [ 139.182028][ T5423] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5089] unlink("./15/cgroup.net") = 0 [pid 5089] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./15/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./15/file0") = 0 [pid 5089] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./15/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./15") = 0 [pid 5089] mkdir("./16", 0777) = 0 [ 139.194663][ T5423] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 139.212639][ T5423] Memory cgroup stats for /syz1: [ 139.212919][ T5423] anon 0 [ 139.212919][ T5423] file 0 [ 139.212919][ T5423] kernel 8192 [ 139.212919][ T5423] kernel_stack 0 [ 139.212919][ T5423] pagetables 0 [ 139.212919][ T5423] sec_pagetables 0 [ 139.212919][ T5423] percpu 0 [ 139.212919][ T5423] sock 0 [ 139.212919][ T5423] vmalloc 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5437 attached [pid 5437] chdir("./16" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 18 [pid 5437] <... chdir resumed>) = 0 [pid 5437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5437] setpgid(0, 0) = 0 [pid 5437] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5437] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5437] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 139.212919][ T5423] shmem 0 [ 139.212919][ T5423] zswap 0 [ 139.212919][ T5423] zswapped 0 [ 139.212919][ T5423] file_mapped 0 [ 139.212919][ T5423] file_dirty 0 [ 139.212919][ T5423] file_writeback 0 [ 139.212919][ T5423] swapcached 0 [ 139.212919][ T5423] anon_thp 0 [ 139.212919][ T5423] file_thp 0 [ 139.212919][ T5423] shmem_thp 0 [ 139.212919][ T5423] inactive_anon 0 [ 139.212919][ T5423] active_anon 0 [ 139.212919][ T5423] inactive_file 0 [ 139.212919][ T5423] active_file 0 [ 139.212919][ T5423] unevictable 0 [ 139.212919][ T5423] slab_reclaimable 6752 [ 139.212919][ T5423] slab_unreclaimable 0 [ 139.212919][ T5423] slab 6752 [ 139.212919][ T5423] workingset_refault_anon 0 [ 139.212919][ T5423] workingset_refault_file 0 [ 139.212919][ T5423] workingset_activate_anon 0 [ 139.212919][ T5423] workingset_activate_file 0 [ 139.212919][ T5423] workingset_restore_anon 0 [ 139.212919][ T5423] workingset_restore_file 0 [ 139.212919][ T5423] workingset_nodereclaim 0 [ 139.212919][ T5423] pgscan 831 [ 139.212919][ T5423] pgsteal 2 [ 139.212919][ T5423] pgscan_kswapd 0 [ 139.212919][ T5423] pgscan_direct 831 [ 139.212919][ T5423] pgscan_khugepaged 0 [ 139.212919][ T5423] pgsteal_kswapd 0 [ 139.212919][ T5423] pgsteal_direct 2 [ 139.212919][ T5423] pgsteal_khugepaged 0 [ 139.212919][ T5423] pgfault 21 [ 139.212919][ T5423] pgmajfault 0 [ 139.212919][ T5423] pgrefill 830 [ 139.212919][ T5423] pgactivate 829 [ 139.212919][ T5423] pgdeactivate 830 [ 139.212919][ T5423] pglazyfree 0 [ 139.212919][ T5423] pglazyfreed 0 [ 139.212919][ T5423] zswpin 0 [ 139.212919][ T5423] zswpout 0 [ 139.212919][ T5423] thp_fault_alloc 0 [pid 5437] write(3, "1000", 4) = 4 [pid 5437] close(3) = 0 [pid 5437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5437] mkdir("./file0", 000) = 0 [pid 5437] open("./file0", O_RDONLY) = 3 [pid 5437] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5437] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5437] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5437] openat(5, "memory.max", O_RDWR) = 6 [ 139.212919][ T5423] thp_collapse_alloc 0 [pid 5437] write(6, "0x000000000000040e", 18 [pid 5423] <... write resumed>) = 18 [ 139.417535][ T5423] Tasks state (memory values in pages): [ 139.431317][ T5423] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 139.443240][ T5423] Out of memory and no killable processes... [pid 5423] close(3) = 0 [pid 5423] close(4) = 0 [pid 5423] close(5) = 0 [ 139.457902][ T5429] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 139.474722][ T5429] CPU: 1 PID: 5429 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 139.484724][ T5429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 139.494835][ T5429] Call Trace: [ 139.498158][ T5429] [ 139.501144][ T5429] dump_stack_lvl+0x136/0x150 [ 139.505892][ T5429] dump_header+0x10a/0xd70 [ 139.510377][ T5429] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 139.516541][ T5429] out_of_memory+0xd64/0x1660 [ 139.521303][ T5429] ? oom_killer_disable+0x2b0/0x2b0 [ 139.526587][ T5429] ? find_held_lock+0x2d/0x110 [ 139.531422][ T5429] mem_cgroup_out_of_memory+0x206/0x270 [ 139.537050][ T5429] ? mem_cgroup_margin+0x130/0x130 [ 139.542246][ T5429] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 139.548146][ T5429] memory_max_write+0x2f9/0x3c0 [ 139.553092][ T5429] ? mem_cgroup_force_empty_write+0x160/0x160 [ 139.559253][ T5429] ? lock_sync+0x190/0x190 [ 139.563745][ T5429] cgroup_file_write+0x1e2/0x7b0 [ 139.568787][ T5429] ? mem_cgroup_force_empty_write+0x160/0x160 [ 139.574936][ T5429] ? kill_css+0x3b0/0x3b0 [ 139.579335][ T5429] ? lock_acquire+0x32/0xc0 [ 139.583916][ T5429] ? kill_css+0x3b0/0x3b0 [ 139.588315][ T5429] kernfs_fop_write_iter+0x3f1/0x600 [ 139.593696][ T5429] vfs_write+0x9ed/0xe10 [ 139.598019][ T5429] ? kernel_write+0x670/0x670 [ 139.602780][ T5429] ? find_held_lock+0x2d/0x110 [ 139.607620][ T5429] ? __fget_light+0x20a/0x270 [ 139.612376][ T5429] ksys_write+0x12b/0x250 [pid 5423] close(6) = 0 [pid 5423] close(7) = -1 EBADF (Bad file descriptor) [pid 5423] close(8) = -1 EBADF (Bad file descriptor) [pid 5423] close(9) = -1 EBADF (Bad file descriptor) [pid 5423] close(10) = -1 EBADF (Bad file descriptor) [pid 5423] close(11) = -1 EBADF (Bad file descriptor) [pid 5423] close(12) = -1 EBADF (Bad file descriptor) [pid 5423] close(13) = -1 EBADF (Bad file descriptor) [pid 5423] close(14) = -1 EBADF (Bad file descriptor) [pid 5423] close(15) = -1 EBADF (Bad file descriptor) [pid 5423] close(16) = -1 EBADF (Bad file descriptor) [pid 5423] close(17) = -1 EBADF (Bad file descriptor) [pid 5423] close(18) = -1 EBADF (Bad file descriptor) [pid 5423] close(19) = -1 EBADF (Bad file descriptor) [pid 5423] close(20) = -1 EBADF (Bad file descriptor) [pid 5423] close(21) = -1 EBADF (Bad file descriptor) [pid 5423] close(22) = -1 EBADF (Bad file descriptor) [pid 5423] close(23) = -1 EBADF (Bad file descriptor) [pid 5423] close(24) = -1 EBADF (Bad file descriptor) [pid 5423] close(25) = -1 EBADF (Bad file descriptor) [pid 5423] close(26) = -1 EBADF (Bad file descriptor) [pid 5423] close(27) = -1 EBADF (Bad file descriptor) [pid 5423] close(28) = -1 EBADF (Bad file descriptor) [pid 5423] close(29) = -1 EBADF (Bad file descriptor) [pid 5423] exit_group(0) = ? [pid 5423] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./12/binderfs") = 0 [pid 5086] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./12/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./12/cgroup") = 0 [pid 5086] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./12/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./12/cgroup.net") = 0 [ 139.616788][ T5429] ? __ia32_sys_read+0xb0/0xb0 [ 139.621619][ T5429] ? lockdep_hardirqs_on+0x7d/0x100 [ 139.626877][ T5429] ? _raw_spin_unlock_irq+0x2e/0x50 [ 139.632144][ T5429] ? ptrace_notify+0xfe/0x140 [ 139.636906][ T5429] do_syscall_64+0x39/0xb0 [ 139.641391][ T5429] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 139.647355][ T5429] RIP: 0033:0x7faecf034129 [ 139.651993][ T5429] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 139.671664][ T5429] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 139.680147][ T5429] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 139.688178][ T5429] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 139.696210][ T5429] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 139.704229][ T5429] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5086] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./12/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 139.712253][ T5429] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000c [ 139.720305][ T5429] [pid 5086] close(4) = 0 [pid 5086] rmdir("./12/file0") = 0 [pid 5086] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./12/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./12/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./12") = 0 [pid 5086] mkdir("./13", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5442 attached [pid 5442] chdir("./13" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 15 [pid 5442] <... chdir resumed>) = 0 [pid 5442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5442] setpgid(0, 0) = 0 [pid 5442] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5442] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5442] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [ 139.740819][ T5429] memory: usage 8kB, limit 0kB, failcnt 36 [ 139.747023][ T5429] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 139.771722][ T5429] Memory cgroup stats for /syz1: [ 139.772006][ T5429] anon 0 [ 139.772006][ T5429] file 0 [ 139.772006][ T5429] kernel 8192 [ 139.772006][ T5429] kernel_stack 0 [pid 5442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5442] write(3, "1000", 4) = 4 [pid 5442] close(3) = 0 [pid 5442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5442] mkdir("./file0", 000) = 0 [pid 5442] open("./file0", O_RDONLY) = 3 [pid 5442] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5442] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5442] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5442] openat(5, "memory.max", O_RDWR) = 6 [ 139.772006][ T5429] pagetables 0 [ 139.772006][ T5429] sec_pagetables 0 [ 139.772006][ T5429] percpu 0 [ 139.772006][ T5429] sock 0 [ 139.772006][ T5429] vmalloc 0 [ 139.772006][ T5429] shmem 0 [ 139.772006][ T5429] zswap 0 [ 139.772006][ T5429] zswapped 0 [ 139.772006][ T5429] file_mapped 0 [ 139.772006][ T5429] file_dirty 0 [ 139.772006][ T5429] file_writeback 0 [ 139.772006][ T5429] swapcached 0 [ 139.772006][ T5429] anon_thp 0 [ 139.772006][ T5429] file_thp 0 [ 139.772006][ T5429] shmem_thp 0 [ 139.772006][ T5429] inactive_anon 0 [ 139.772006][ T5429] active_anon 0 [ 139.772006][ T5429] inactive_file 0 [ 139.772006][ T5429] active_file 0 [ 139.772006][ T5429] unevictable 0 [ 139.772006][ T5429] slab_reclaimable 6752 [ 139.772006][ T5429] slab_unreclaimable 0 [ 139.772006][ T5429] slab 6752 [ 139.772006][ T5429] workingset_refault_anon 0 [ 139.772006][ T5429] workingset_refault_file 0 [ 139.772006][ T5429] workingset_activate_anon 0 [ 139.772006][ T5429] workingset_activate_file 0 [ 139.772006][ T5429] workingset_restore_anon 0 [ 139.772006][ T5429] workingset_restore_file 0 [ 139.772006][ T5429] workingset_nodereclaim 0 [ 139.772006][ T5429] pgscan 831 [ 139.772006][ T5429] pgsteal 2 [ 139.772006][ T5429] pgscan_kswapd 0 [ 139.772006][ T5429] pgscan_direct 831 [ 139.772006][ T5429] pgscan_khugepaged 0 [ 139.772006][ T5429] pgsteal_kswapd 0 [ 139.772006][ T5429] pgsteal_direct 2 [ 139.772006][ T5429] pgsteal_khugepaged 0 [ 139.772006][ T5429] pgfault 21 [ 139.772006][ T5429] pgmajfault 0 [ 139.772006][ T5429] pgrefill 830 [ 139.772006][ T5429] pgactivate 829 [ 139.772006][ T5429] pgdeactivate 830 [ 139.772006][ T5429] pglazyfree 0 [ 139.772006][ T5429] pglazyfreed 0 [ 139.772006][ T5429] zswpin 0 [ 139.772006][ T5429] zswpout 0 [ 139.772006][ T5429] thp_fault_alloc 0 [ 139.772006][ T5429] thp_collapse_alloc 0 [ 139.972180][ T5429] Tasks state (memory values in pages): [ 139.978161][ T5429] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5442] write(6, "0x000000000000040e", 18 [pid 5429] <... write resumed>) = 18 [pid 5429] close(3) = 0 [pid 5429] close(4) = 0 [pid 5429] close(5) = 0 [pid 5429] close(6) = 0 [pid 5429] close(7) = -1 EBADF (Bad file descriptor) [pid 5429] close(8) = -1 EBADF (Bad file descriptor) [pid 5429] close(9) = -1 EBADF (Bad file descriptor) [pid 5429] close(10) = -1 EBADF (Bad file descriptor) [pid 5429] close(11) = -1 EBADF (Bad file descriptor) [pid 5429] close(12) = -1 EBADF (Bad file descriptor) [pid 5429] close(13) = -1 EBADF (Bad file descriptor) [pid 5429] close(14) = -1 EBADF (Bad file descriptor) [pid 5429] close(15) = -1 EBADF (Bad file descriptor) [pid 5429] close(16) = -1 EBADF (Bad file descriptor) [pid 5429] close(17) = -1 EBADF (Bad file descriptor) [pid 5429] close(18) = -1 EBADF (Bad file descriptor) [ 139.990166][ T5429] Out of memory and no killable processes... [ 140.000256][ T5432] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 140.023531][ T5432] CPU: 1 PID: 5432 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5429] close(19) = -1 EBADF (Bad file descriptor) [pid 5429] close(20) = -1 EBADF (Bad file descriptor) [pid 5429] close(21) = -1 EBADF (Bad file descriptor) [pid 5429] close(22) = -1 EBADF (Bad file descriptor) [pid 5429] close(23) = -1 EBADF (Bad file descriptor) [pid 5429] close(24) = -1 EBADF (Bad file descriptor) [pid 5429] close(25) = -1 EBADF (Bad file descriptor) [pid 5429] close(26) = -1 EBADF (Bad file descriptor) [pid 5429] close(27) = -1 EBADF (Bad file descriptor) [pid 5429] close(28) = -1 EBADF (Bad file descriptor) [pid 5429] close(29) = -1 EBADF (Bad file descriptor) [pid 5429] exit_group(0) = ? [pid 5429] +++ exited with 0 +++ [ 140.033526][ T5432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 140.043654][ T5432] Call Trace: [ 140.046983][ T5432] [ 140.049968][ T5432] dump_stack_lvl+0x136/0x150 [ 140.054722][ T5432] dump_header+0x10a/0xd70 [ 140.059205][ T5432] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 140.065379][ T5432] out_of_memory+0xd64/0x1660 [ 140.070140][ T5432] ? oom_killer_disable+0x2b0/0x2b0 [ 140.075421][ T5432] mem_cgroup_out_of_memory+0x206/0x270 [ 140.081040][ T5432] ? mem_cgroup_margin+0x130/0x130 [ 140.086249][ T5432] memory_max_write+0x2f9/0x3c0 [ 140.091187][ T5432] ? mem_cgroup_force_empty_write+0x160/0x160 [ 140.097359][ T5432] ? lock_sync+0x190/0x190 [ 140.101856][ T5432] cgroup_file_write+0x1e2/0x7b0 [ 140.106888][ T5432] ? mem_cgroup_force_empty_write+0x160/0x160 [ 140.113035][ T5432] ? kill_css+0x3b0/0x3b0 [ 140.117527][ T5432] ? lock_acquire+0x32/0xc0 [ 140.122120][ T5432] ? kill_css+0x3b0/0x3b0 [ 140.126547][ T5432] kernfs_fop_write_iter+0x3f1/0x600 [ 140.131922][ T5432] vfs_write+0x9ed/0xe10 [ 140.136238][ T5432] ? kernel_write+0x670/0x670 [ 140.140968][ T5432] ? find_held_lock+0x2d/0x110 [ 140.145769][ T5432] ? __fget_light+0x20a/0x270 [ 140.150495][ T5432] ksys_write+0x12b/0x250 [ 140.154894][ T5432] ? __ia32_sys_read+0xb0/0xb0 [ 140.159695][ T5432] ? lockdep_hardirqs_on+0x7d/0x100 [ 140.164928][ T5432] ? _raw_spin_unlock_irq+0x2e/0x50 [ 140.170164][ T5432] ? ptrace_notify+0xfe/0x140 [ 140.174965][ T5432] do_syscall_64+0x39/0xb0 [ 140.179427][ T5432] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 140.185365][ T5432] RIP: 0033:0x7faecf034129 [ 140.189808][ T5432] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 140.209443][ T5432] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 140.217888][ T5432] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 140.225882][ T5432] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 140.233879][ T5432] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 140.241879][ T5432] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 140.249878][ T5432] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000e [ 140.257910][ T5432] [ 140.262617][ T5432] memory: usage 8kB, limit 0kB, failcnt 36 [ 140.268486][ T5432] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 140.275572][ T5432] Memory cgroup stats for /syz1: [ 140.275842][ T5432] anon 0 [ 140.275842][ T5432] file 0 [ 140.275842][ T5432] kernel 8192 [ 140.275842][ T5432] kernel_stack 0 [ 140.275842][ T5432] pagetables 0 [ 140.275842][ T5432] sec_pagetables 0 [ 140.275842][ T5432] percpu 0 [ 140.275842][ T5432] sock 0 [ 140.275842][ T5432] vmalloc 0 [ 140.275842][ T5432] shmem 0 [ 140.275842][ T5432] zswap 0 [ 140.275842][ T5432] zswapped 0 [ 140.275842][ T5432] file_mapped 0 [ 140.275842][ T5432] file_dirty 0 [ 140.275842][ T5432] file_writeback 0 [ 140.275842][ T5432] swapcached 0 [ 140.275842][ T5432] anon_thp 0 [ 140.275842][ T5432] file_thp 0 [ 140.275842][ T5432] shmem_thp 0 [ 140.275842][ T5432] inactive_anon 0 [ 140.275842][ T5432] active_anon 0 [ 140.275842][ T5432] inactive_file 0 [ 140.275842][ T5432] active_file 0 [ 140.275842][ T5432] unevictable 0 [ 140.275842][ T5432] slab_reclaimable 6752 [ 140.275842][ T5432] slab_unreclaimable 0 [ 140.275842][ T5432] slab 6752 [ 140.275842][ T5432] workingset_refault_anon 0 [ 140.275842][ T5432] workingset_refault_file 0 [ 140.275842][ T5432] workingset_activate_anon 0 [ 140.275842][ T5432] workingset_activate_file 0 [ 140.275842][ T5432] workingset_restore_anon 0 [ 140.275842][ T5432] workingset_restore_file 0 [ 140.275842][ T5432] workingset_nodereclaim 0 [ 140.275842][ T5432] pgscan 831 [ 140.275842][ T5432] pgsteal 2 [ 140.275842][ T5432] pgscan_kswapd 0 [ 140.275842][ T5432] pgscan_direct 831 [ 140.275842][ T5432] pgscan_khugepaged 0 [ 140.275842][ T5432] pgsteal_kswapd 0 [ 140.275842][ T5432] pgsteal_direct 2 [ 140.275842][ T5432] pgsteal_khugepaged 0 [ 140.275842][ T5432] pgfault 21 [ 140.275842][ T5432] pgmajfault 0 [ 140.275842][ T5432] pgrefill 830 [ 140.275842][ T5432] pgactivate 829 [ 140.275842][ T5432] pgdeactivate 830 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5085] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 140.275842][ T5432] pglazyfree 0 [ 140.275842][ T5432] pglazyfreed 0 [ 140.275842][ T5432] zswpin 0 [ 140.275842][ T5432] zswpout 0 [ 140.275842][ T5432] thp_fault_alloc 0 [ 140.275842][ T5432] thp_collapse_alloc 0 [ 140.483721][ T5432] Tasks state (memory values in pages): [pid 5085] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./12/binderfs") = 0 [pid 5085] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./12/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./12/cgroup" [pid 5432] <... write resumed>) = 18 [pid 5432] close(3 [pid 5085] <... unlink resumed>) = 0 [pid 5085] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./12/cgroup.net", [pid 5432] <... close resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5432] close(4) = 0 [ 140.489344][ T5432] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 140.503926][ T5432] Out of memory and no killable processes... [ 140.514775][ T5433] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5432] close(5) = 0 [pid 5085] unlink("./12/cgroup.net" [pid 5432] close(6) = 0 [pid 5432] close(7) = -1 EBADF (Bad file descriptor) [pid 5432] close(8) = -1 EBADF (Bad file descriptor) [pid 5432] close(9) = -1 EBADF (Bad file descriptor) [pid 5432] close(10) = -1 EBADF (Bad file descriptor) [pid 5432] close(11) = -1 EBADF (Bad file descriptor) [pid 5432] close(12) = -1 EBADF (Bad file descriptor) [pid 5432] close(13) = -1 EBADF (Bad file descriptor) [pid 5432] close(14) = -1 EBADF (Bad file descriptor) [pid 5432] close(15) = -1 EBADF (Bad file descriptor) [pid 5432] close(16) = -1 EBADF (Bad file descriptor) [pid 5432] close(17) = -1 EBADF (Bad file descriptor) [pid 5432] close(18) = -1 EBADF (Bad file descriptor) [pid 5432] close(19) = -1 EBADF (Bad file descriptor) [pid 5432] close(20) = -1 EBADF (Bad file descriptor) [pid 5432] close(21) = -1 EBADF (Bad file descriptor) [pid 5432] close(22) = -1 EBADF (Bad file descriptor) [pid 5432] close(23) = -1 EBADF (Bad file descriptor) [pid 5432] close(24) = -1 EBADF (Bad file descriptor) [pid 5432] close(25) = -1 EBADF (Bad file descriptor) [pid 5432] close(26) = -1 EBADF (Bad file descriptor) [pid 5432] close(27) = -1 EBADF (Bad file descriptor) [ 140.546622][ T5433] CPU: 1 PID: 5433 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 140.556626][ T5433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 140.566741][ T5433] Call Trace: [ 140.570067][ T5433] [ 140.573050][ T5433] dump_stack_lvl+0x136/0x150 [ 140.577808][ T5433] dump_header+0x10a/0xd70 [ 140.582301][ T5433] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 140.588478][ T5433] out_of_memory+0xd64/0x1660 [pid 5432] close(28) = -1 EBADF (Bad file descriptor) [pid 5432] close(29) = -1 EBADF (Bad file descriptor) [pid 5432] exit_group(0) = ? [pid 5432] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./14/binderfs") = 0 [pid 5087] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./14/cgroup") = 0 [pid 5087] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./14/cgroup.net") = 0 [ 140.593249][ T5433] ? oom_killer_disable+0x2b0/0x2b0 [ 140.598550][ T5433] mem_cgroup_out_of_memory+0x206/0x270 [ 140.604175][ T5433] ? mem_cgroup_margin+0x130/0x130 [ 140.609393][ T5433] memory_max_write+0x2f9/0x3c0 [ 140.614328][ T5433] ? mem_cgroup_force_empty_write+0x160/0x160 [ 140.620498][ T5433] ? lock_sync+0x190/0x190 [ 140.625026][ T5433] cgroup_file_write+0x1e2/0x7b0 [ 140.630051][ T5433] ? mem_cgroup_force_empty_write+0x160/0x160 [ 140.636214][ T5433] ? kill_css+0x3b0/0x3b0 [ 140.640682][ T5433] ? lock_acquire+0x32/0xc0 [pid 5087] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... unlink resumed>) = 0 [ 140.645275][ T5433] ? kill_css+0x3b0/0x3b0 [ 140.649685][ T5433] kernfs_fop_write_iter+0x3f1/0x600 [ 140.655056][ T5433] vfs_write+0x9ed/0xe10 [ 140.659393][ T5433] ? kernel_write+0x670/0x670 [ 140.664168][ T5433] ? find_held_lock+0x2d/0x110 [ 140.669018][ T5433] ? __fget_light+0x20a/0x270 [ 140.673781][ T5433] ksys_write+0x12b/0x250 [ 140.678209][ T5433] ? __ia32_sys_read+0xb0/0xb0 [ 140.683052][ T5433] ? lockdep_hardirqs_on+0x7d/0x100 [ 140.688355][ T5433] ? _raw_spin_unlock_irq+0x2e/0x50 [ 140.693646][ T5433] ? ptrace_notify+0xfe/0x140 [ 140.698399][ T5433] do_syscall_64+0x39/0xb0 [ 140.702896][ T5433] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 140.708859][ T5433] RIP: 0033:0x7faecf034129 [ 140.713327][ T5433] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 140.733099][ T5433] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5085] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... umount2 resumed>) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5087] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./14/file0", [pid 5085] lstat("./12/file0", [pid 5087] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5087] <... openat resumed>) = 4 [pid 5085] <... openat resumed>) = 4 [pid 5087] fstat(4, [pid 5085] fstat(4, [pid 5087] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, [pid 5085] getdents64(4, [pid 5087] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, [pid 5085] getdents64(4, [pid 5087] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4 [pid 5085] close(4 [pid 5087] <... close resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5087] rmdir("./14/file0" [pid 5085] rmdir("./12/file0" [pid 5087] <... rmdir resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5087] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./14/cgroup.cpu", [pid 5085] lstat("./12/cgroup.cpu", [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 140.741594][ T5433] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 140.749630][ T5433] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 140.757663][ T5433] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 140.765694][ T5433] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 140.773719][ T5433] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000010 [ 140.781780][ T5433] [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./14/cgroup.cpu" [pid 5085] unlink("./12/cgroup.cpu" [pid 5087] <... unlink resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5087] getdents64(3, [pid 5085] getdents64(3, [pid 5087] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3 [pid 5085] close(3 [pid 5087] <... close resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5087] rmdir("./14" [pid 5085] rmdir("./12" [pid 5087] <... rmdir resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5087] mkdir("./15", 0777 [pid 5085] mkdir("./13", 0777 [pid 5087] <... mkdir resumed>) = 0 [pid 5085] <... mkdir resumed>) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5449 attached [pid 5449] chdir("./15" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 17 [pid 5449] <... chdir resumed>) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 15 [pid 5449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5449] setpgid(0, 0) = 0 [pid 5449] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5449] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5449] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5449] write(3, "1000", 4) = 4 [pid 5449] close(3) = 0 [pid 5449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5449] mkdir("./file0", 000) = 0 [ 140.821054][ T5433] memory: usage 8kB, limit 0kB, failcnt 36 [ 140.829090][ T5433] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 140.845511][ T5433] Memory cgroup stats for /syz1: [ 140.845803][ T5433] anon 0 [ 140.845803][ T5433] file 0 [ 140.845803][ T5433] kernel 8192 [ 140.845803][ T5433] kernel_stack 0 [ 140.845803][ T5433] pagetables 0 [ 140.845803][ T5433] sec_pagetables 0 [pid 5449] open("./file0", O_RDONLY) = 3 [pid 5449] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5449] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5449] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5449] openat(5, "memory.max", O_RDWR) = 6 [ 140.845803][ T5433] percpu 0 [ 140.845803][ T5433] sock 0 [ 140.845803][ T5433] vmalloc 0 [ 140.845803][ T5433] shmem 0 [ 140.845803][ T5433] zswap 0 [ 140.845803][ T5433] zswapped 0 [ 140.845803][ T5433] file_mapped 0 [ 140.845803][ T5433] file_dirty 0 [ 140.845803][ T5433] file_writeback 0 [ 140.845803][ T5433] swapcached 0 [ 140.845803][ T5433] anon_thp 0 [ 140.845803][ T5433] file_thp 0 [ 140.845803][ T5433] shmem_thp 0 [ 140.845803][ T5433] inactive_anon 0 [ 140.845803][ T5433] active_anon 0 [ 140.845803][ T5433] inactive_file 0 [ 140.845803][ T5433] active_file 0 [ 140.845803][ T5433] unevictable 0 [ 140.845803][ T5433] slab_reclaimable 6752 [ 140.845803][ T5433] slab_unreclaimable 0 [ 140.845803][ T5433] slab 6752 [ 140.845803][ T5433] workingset_refault_anon 0 [ 140.845803][ T5433] workingset_refault_file 0 [ 140.845803][ T5433] workingset_activate_anon 0 [ 140.845803][ T5433] workingset_activate_file 0 [ 140.845803][ T5433] workingset_restore_anon 0 [ 140.845803][ T5433] workingset_restore_file 0 [ 140.845803][ T5433] workingset_nodereclaim 0 [ 140.845803][ T5433] pgscan 831 [ 140.845803][ T5433] pgsteal 2 [ 140.845803][ T5433] pgscan_kswapd 0 [ 140.845803][ T5433] pgscan_direct 831 [ 140.845803][ T5433] pgscan_khugepaged 0 [ 140.845803][ T5433] pgsteal_kswapd 0 [ 140.845803][ T5433] pgsteal_direct 2 [ 140.845803][ T5433] pgsteal_khugepaged 0 [ 140.845803][ T5433] pgfault 21 [ 140.845803][ T5433] pgmajfault 0 [ 140.845803][ T5433] pgrefill 830 [ 140.845803][ T5433] pgactivate 829 [ 140.845803][ T5433] pgdeactivate 830 [ 140.845803][ T5433] pglazyfree 0 [ 140.845803][ T5433] pglazyfreed 0 [ 140.845803][ T5433] zswpin 0 [pid 5449] write(6, "0x000000000000040e", 18./strace-static-x86_64: Process 5450 attached [pid 5450] chdir("./13") = 0 [pid 5450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5450] setpgid(0, 0) = 0 [pid 5450] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5450] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5450] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5450] write(3, "1000", 4) = 4 [pid 5450] close(3) = 0 [pid 5450] symlink("/dev/binderfs", "./binderfs") = 0 [ 140.845803][ T5433] zswpout 0 [ 140.845803][ T5433] thp_fault_alloc 0 [ 140.845803][ T5433] thp_collapse_alloc 0 [pid 5450] mkdir("./file0", 000) = 0 [pid 5450] open("./file0", O_RDONLY) = 3 [pid 5450] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5450] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5450] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5450] openat(5, "memory.max", O_RDWR) = 6 [pid 5450] write(6, "0x000000000000040e", 18 [pid 5433] <... write resumed>) = 18 [pid 5433] close(3) = 0 [pid 5433] close(4) = 0 [pid 5433] close(5) = 0 [pid 5433] close(6) = 0 [pid 5433] close(7) = -1 EBADF (Bad file descriptor) [pid 5433] close(8) = -1 EBADF (Bad file descriptor) [pid 5433] close(9) = -1 EBADF (Bad file descriptor) [pid 5433] close(10) = -1 EBADF (Bad file descriptor) [pid 5433] close(11) = -1 EBADF (Bad file descriptor) [pid 5433] close(12) = -1 EBADF (Bad file descriptor) [pid 5433] close(13) = -1 EBADF (Bad file descriptor) [pid 5433] close(14) = -1 EBADF (Bad file descriptor) [pid 5433] close(15) = -1 EBADF (Bad file descriptor) [pid 5433] close(16) = -1 EBADF (Bad file descriptor) [pid 5433] close(17) = -1 EBADF (Bad file descriptor) [ 141.079470][ T5433] Tasks state (memory values in pages): [ 141.087681][ T5433] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 141.097557][ T5433] Out of memory and no killable processes... [ 141.116921][ T5437] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5433] close(18) = -1 EBADF (Bad file descriptor) [ 141.161778][ T5437] CPU: 0 PID: 5437 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 141.171759][ T5437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 141.181847][ T5437] Call Trace: [ 141.185158][ T5437] [ 141.188110][ T5437] dump_stack_lvl+0x136/0x150 [ 141.192833][ T5437] dump_header+0x10a/0xd70 [ 141.197285][ T5437] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 141.203446][ T5437] out_of_memory+0xd64/0x1660 [ 141.208171][ T5437] ? oom_killer_disable+0x2b0/0x2b0 [ 141.213426][ T5437] mem_cgroup_out_of_memory+0x206/0x270 [ 141.219012][ T5437] ? mem_cgroup_margin+0x130/0x130 [ 141.224180][ T5437] memory_max_write+0x2f9/0x3c0 [ 141.229078][ T5437] ? mem_cgroup_force_empty_write+0x160/0x160 [ 141.235192][ T5437] ? lock_sync+0x190/0x190 [ 141.239646][ T5437] cgroup_file_write+0x1e2/0x7b0 [ 141.244630][ T5437] ? mem_cgroup_force_empty_write+0x160/0x160 [ 141.250737][ T5437] ? kill_css+0x3b0/0x3b0 [ 141.255102][ T5437] ? lock_acquire+0x32/0xc0 [ 141.259653][ T5437] ? kill_css+0x3b0/0x3b0 [ 141.264025][ T5437] kernfs_fop_write_iter+0x3f1/0x600 [ 141.269359][ T5437] vfs_write+0x9ed/0xe10 [ 141.273659][ T5437] ? kernel_write+0x670/0x670 [ 141.278385][ T5437] ? find_held_lock+0x2d/0x110 [ 141.283209][ T5437] ? __fget_light+0x20a/0x270 [ 141.287934][ T5437] ksys_write+0x12b/0x250 [ 141.292312][ T5437] ? __ia32_sys_read+0xb0/0xb0 [ 141.297118][ T5437] ? lockdep_hardirqs_on+0x7d/0x100 [ 141.302353][ T5437] ? _raw_spin_unlock_irq+0x2e/0x50 [ 141.307622][ T5437] ? ptrace_notify+0xfe/0x140 [ 141.312343][ T5437] do_syscall_64+0x39/0xb0 [ 141.316810][ T5437] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 141.322742][ T5437] RIP: 0033:0x7faecf034129 [ 141.327183][ T5437] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 141.346824][ T5437] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5433] close(19) = -1 EBADF (Bad file descriptor) [pid 5433] close(20) = -1 EBADF (Bad file descriptor) [pid 5433] close(21) = -1 EBADF (Bad file descriptor) [pid 5433] close(22) = -1 EBADF (Bad file descriptor) [pid 5433] close(23) = -1 EBADF (Bad file descriptor) [pid 5433] close(24) = -1 EBADF (Bad file descriptor) [pid 5433] close(25) = -1 EBADF (Bad file descriptor) [pid 5433] close(26) = -1 EBADF (Bad file descriptor) [pid 5433] close(27) = -1 EBADF (Bad file descriptor) [ 141.355272][ T5437] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 141.363273][ T5437] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 141.371272][ T5437] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 141.379267][ T5437] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 141.387278][ T5437] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000010 [ 141.395302][ T5437] [pid 5433] close(28) = -1 EBADF (Bad file descriptor) [pid 5433] close(29) = -1 EBADF (Bad file descriptor) [pid 5433] exit_group(0) = ? [pid 5433] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5090] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./16/binderfs") = 0 [pid 5090] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 141.421021][ T5437] memory: usage 8kB, limit 0kB, failcnt 36 [ 141.430626][ T5437] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 141.446897][ T5437] Memory cgroup stats for /syz1: [ 141.447189][ T5437] anon 0 [ 141.447189][ T5437] file 0 [ 141.447189][ T5437] kernel 8192 [ 141.447189][ T5437] kernel_stack 0 [ 141.447189][ T5437] pagetables 0 [ 141.447189][ T5437] sec_pagetables 0 [pid 5090] unlink("./16/cgroup") = 0 [pid 5090] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./16/cgroup.net") = 0 [ 141.447189][ T5437] percpu 0 [ 141.447189][ T5437] sock 0 [ 141.447189][ T5437] vmalloc 0 [ 141.447189][ T5437] shmem 0 [ 141.447189][ T5437] zswap 0 [ 141.447189][ T5437] zswapped 0 [ 141.447189][ T5437] file_mapped 0 [ 141.447189][ T5437] file_dirty 0 [ 141.447189][ T5437] file_writeback 0 [ 141.447189][ T5437] swapcached 0 [ 141.447189][ T5437] anon_thp 0 [ 141.447189][ T5437] file_thp 0 [ 141.447189][ T5437] shmem_thp 0 [ 141.447189][ T5437] inactive_anon 0 [ 141.447189][ T5437] active_anon 0 [ 141.447189][ T5437] inactive_file 0 [ 141.447189][ T5437] active_file 0 [ 141.447189][ T5437] unevictable 0 [ 141.447189][ T5437] slab_reclaimable 6752 [ 141.447189][ T5437] slab_unreclaimable 0 [ 141.447189][ T5437] slab 6752 [ 141.447189][ T5437] workingset_refault_anon 0 [ 141.447189][ T5437] workingset_refault_file 0 [ 141.447189][ T5437] workingset_activate_anon 0 [ 141.447189][ T5437] workingset_activate_file 0 [ 141.447189][ T5437] workingset_restore_anon 0 [ 141.447189][ T5437] workingset_restore_file 0 [ 141.447189][ T5437] workingset_nodereclaim 0 [ 141.447189][ T5437] pgscan 831 [ 141.447189][ T5437] pgsteal 2 [ 141.447189][ T5437] pgscan_kswapd 0 [ 141.447189][ T5437] pgscan_direct 831 [ 141.447189][ T5437] pgscan_khugepaged 0 [ 141.447189][ T5437] pgsteal_kswapd 0 [ 141.447189][ T5437] pgsteal_direct 2 [ 141.447189][ T5437] pgsteal_khugepaged 0 [ 141.447189][ T5437] pgfault 21 [ 141.447189][ T5437] pgmajfault 0 [ 141.447189][ T5437] pgrefill 830 [ 141.447189][ T5437] pgactivate 829 [ 141.447189][ T5437] pgdeactivate 830 [ 141.447189][ T5437] pglazyfree 0 [ 141.447189][ T5437] pglazyfreed 0 [pid 5090] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./16/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./16/file0") = 0 [pid 5090] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 141.447189][ T5437] zswpin 0 [ 141.447189][ T5437] zswpout 0 [ 141.447189][ T5437] thp_fault_alloc 0 [ 141.447189][ T5437] thp_collapse_alloc 0 [pid 5090] unlink("./16/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./16") = 0 [pid 5090] mkdir("./17", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5455 attached , child_tidptr=0x555555c0c5d0) = 19 [pid 5455] chdir("./17") = 0 [pid 5455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5455] setpgid(0, 0 [pid 5437] <... write resumed>) = 18 [pid 5455] <... setpgid resumed>) = 0 [pid 5437] close(3 [pid 5455] symlink("/syzcgroup/unified/syz4", "./cgroup" [ 141.682543][ T5437] Tasks state (memory values in pages): [ 141.688172][ T5437] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 141.707566][ T5437] Out of memory and no killable processes... [ 141.715952][ T5442] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5437] <... close resumed>) = 0 [pid 5455] <... symlink resumed>) = 0 [ 141.733778][ T5442] CPU: 1 PID: 5442 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 141.743785][ T5442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 141.753903][ T5442] Call Trace: [ 141.757226][ T5442] [ 141.760206][ T5442] dump_stack_lvl+0x136/0x150 [ 141.764968][ T5442] dump_header+0x10a/0xd70 [ 141.769449][ T5442] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 141.775623][ T5442] out_of_memory+0xd64/0x1660 [ 141.780380][ T5442] ? oom_killer_disable+0x2b0/0x2b0 [ 141.785665][ T5442] mem_cgroup_out_of_memory+0x206/0x270 [ 141.791289][ T5442] ? mem_cgroup_margin+0x130/0x130 [ 141.796511][ T5442] memory_max_write+0x2f9/0x3c0 [ 141.801447][ T5442] ? mem_cgroup_force_empty_write+0x160/0x160 [ 141.807597][ T5442] ? lock_sync+0x190/0x190 [ 141.812085][ T5442] cgroup_file_write+0x1e2/0x7b0 [ 141.817101][ T5442] ? mem_cgroup_force_empty_write+0x160/0x160 [ 141.823336][ T5442] ? kill_css+0x3b0/0x3b0 [ 141.827740][ T5442] ? lock_acquire+0x32/0xc0 [ 141.832331][ T5442] ? kill_css+0x3b0/0x3b0 [ 141.836735][ T5442] kernfs_fop_write_iter+0x3f1/0x600 [ 141.842123][ T5442] vfs_write+0x9ed/0xe10 [ 141.846496][ T5442] ? kernel_write+0x670/0x670 [ 141.851262][ T5442] ? find_held_lock+0x2d/0x110 [ 141.856095][ T5442] ? __fget_light+0x20a/0x270 [ 141.860858][ T5442] ksys_write+0x12b/0x250 [ 141.865268][ T5442] ? __ia32_sys_read+0xb0/0xb0 [ 141.870109][ T5442] ? lockdep_hardirqs_on+0x7d/0x100 [ 141.875382][ T5442] ? _raw_spin_unlock_irq+0x2e/0x50 [ 141.880661][ T5442] ? ptrace_notify+0xfe/0x140 [ 141.885418][ T5442] do_syscall_64+0x39/0xb0 [ 141.889916][ T5442] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 141.895905][ T5442] RIP: 0033:0x7faecf034129 [ 141.900434][ T5442] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 141.920112][ T5442] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5455] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [ 141.928605][ T5442] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 141.936637][ T5442] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 141.944666][ T5442] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 141.952697][ T5442] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 141.960726][ T5442] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000d [ 141.968787][ T5442] [pid 5437] close(4 [pid 5455] <... symlink resumed>) = 0 [pid 5437] <... close resumed>) = 0 [pid 5455] symlink("/syzcgroup/net/syz4", "./cgroup.net" [ 141.983619][ T5442] memory: usage 8kB, limit 0kB, failcnt 36 [ 141.989505][ T5442] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 141.997327][ T5442] Memory cgroup stats for /syz1: [ 141.997628][ T5442] anon 0 [ 141.997628][ T5442] file 0 [ 141.997628][ T5442] kernel 8192 [ 141.997628][ T5442] kernel_stack 0 [ 141.997628][ T5442] pagetables 0 [ 141.997628][ T5442] sec_pagetables 0 [ 141.997628][ T5442] percpu 0 [ 141.997628][ T5442] sock 0 [ 141.997628][ T5442] vmalloc 0 [ 141.997628][ T5442] shmem 0 [ 141.997628][ T5442] zswap 0 [ 141.997628][ T5442] zswapped 0 [ 141.997628][ T5442] file_mapped 0 [ 141.997628][ T5442] file_dirty 0 [ 141.997628][ T5442] file_writeback 0 [ 141.997628][ T5442] swapcached 0 [ 141.997628][ T5442] anon_thp 0 [ 141.997628][ T5442] file_thp 0 [ 141.997628][ T5442] shmem_thp 0 [ 141.997628][ T5442] inactive_anon 0 [ 141.997628][ T5442] active_anon 0 [ 141.997628][ T5442] inactive_file 0 [ 141.997628][ T5442] active_file 0 [ 141.997628][ T5442] unevictable 0 [ 141.997628][ T5442] slab_reclaimable 6752 [ 141.997628][ T5442] slab_unreclaimable 0 [ 141.997628][ T5442] slab 6752 [ 141.997628][ T5442] workingset_refault_anon 0 [ 141.997628][ T5442] workingset_refault_file 0 [ 141.997628][ T5442] workingset_activate_anon 0 [ 141.997628][ T5442] workingset_activate_file 0 [ 141.997628][ T5442] workingset_restore_anon 0 [ 141.997628][ T5442] workingset_restore_file 0 [ 141.997628][ T5442] workingset_nodereclaim 0 [ 141.997628][ T5442] pgscan 831 [ 141.997628][ T5442] pgsteal 2 [ 141.997628][ T5442] pgscan_kswapd 0 [ 141.997628][ T5442] pgscan_direct 831 [pid 5437] close(5 [pid 5455] <... symlink resumed>) = 0 [pid 5455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5455] write(3, "1000", 4) = 4 [pid 5455] close(3) = 0 [pid 5437] <... close resumed>) = 0 [pid 5455] symlink("/dev/binderfs", "./binderfs" [pid 5437] close(6 [pid 5455] <... symlink resumed>) = 0 [pid 5437] <... close resumed>) = 0 [pid 5455] mkdir("./file0", 000 [pid 5437] close(7 [pid 5455] <... mkdir resumed>) = 0 [pid 5437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5455] open("./file0", O_RDONLY [pid 5437] close(8 [pid 5455] <... open resumed>) = 3 [pid 5437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5455] mount(NULL, "./file0", "cgroup2", 0, NULL [ 141.997628][ T5442] pgscan_khugepaged 0 [ 141.997628][ T5442] pgsteal_kswapd 0 [ 141.997628][ T5442] pgsteal_direct 2 [ 141.997628][ T5442] pgsteal_khugepaged 0 [ 141.997628][ T5442] pgfault 21 [ 141.997628][ T5442] pgmajfault 0 [ 141.997628][ T5442] pgrefill 830 [ 141.997628][ T5442] pgactivate 829 [ 141.997628][ T5442] pgdeactivate 830 [ 141.997628][ T5442] pglazyfree 0 [ 141.997628][ T5442] pglazyfreed 0 [ 141.997628][ T5442] zswpin 0 [ 141.997628][ T5442] zswpout 0 [ 141.997628][ T5442] thp_fault_alloc 0 [ 141.997628][ T5442] thp_collapse_alloc 0 [pid 5437] close(9 [pid 5455] <... mount resumed>) = 0 [pid 5437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5455] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5437] close(10 [pid 5455] <... openat resumed>) = 4 [pid 5437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5455] openat(4, "syz1", O_RDWR|O_PATH [pid 5437] close(11 [pid 5455] <... openat resumed>) = 5 [pid 5437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5455] openat(5, "memory.max", O_RDWR [pid 5437] close(12 [pid 5455] <... openat resumed>) = 6 [pid 5437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5455] write(6, "0x000000000000040e", 18 [pid 5437] close(13) = -1 EBADF (Bad file descriptor) [pid 5437] close(14) = -1 EBADF (Bad file descriptor) [pid 5437] close(15) = -1 EBADF (Bad file descriptor) [pid 5437] close(16) = -1 EBADF (Bad file descriptor) [pid 5437] close(17) = -1 EBADF (Bad file descriptor) [pid 5437] close(18) = -1 EBADF (Bad file descriptor) [pid 5437] close(19) = -1 EBADF (Bad file descriptor) [pid 5437] close(20) = -1 EBADF (Bad file descriptor) [pid 5437] close(21) = -1 EBADF (Bad file descriptor) [pid 5437] close(22) = -1 EBADF (Bad file descriptor) [pid 5437] close(23) = -1 EBADF (Bad file descriptor) [pid 5437] close(24) = -1 EBADF (Bad file descriptor) [pid 5437] close(25) = -1 EBADF (Bad file descriptor) [pid 5437] close(26) = -1 EBADF (Bad file descriptor) [pid 5437] close(27) = -1 EBADF (Bad file descriptor) [pid 5437] close(28) = -1 EBADF (Bad file descriptor) [pid 5437] close(29) = -1 EBADF (Bad file descriptor) [pid 5437] exit_group(0) = ? [pid 5437] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 142.269977][ T5442] Tasks state (memory values in pages): [ 142.276208][ T5442] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5089] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./16/binderfs") = 0 [pid 5089] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./16/cgroup") = 0 [pid 5089] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5442] <... write resumed>) = 18 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5442] close(3 [pid 5089] lstat("./16/cgroup.net", [pid 5442] <... close resumed>) = 0 [pid 5089] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5442] close(4) = 0 [pid 5442] close(5) = 0 [pid 5442] close(6) = 0 [pid 5442] close(7) = -1 EBADF (Bad file descriptor) [pid 5442] close(8) = -1 EBADF (Bad file descriptor) [ 142.320809][ T5442] Out of memory and no killable processes... [ 142.346108][ T5449] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5442] close(9) = -1 EBADF (Bad file descriptor) [pid 5442] close(10) = -1 EBADF (Bad file descriptor) [pid 5442] close(11) = -1 EBADF (Bad file descriptor) [pid 5442] close(12) = -1 EBADF (Bad file descriptor) [pid 5442] close(13) = -1 EBADF (Bad file descriptor) [pid 5442] close(14) = -1 EBADF (Bad file descriptor) [pid 5442] close(15) = -1 EBADF (Bad file descriptor) [pid 5442] close(16) = -1 EBADF (Bad file descriptor) [pid 5442] close(17) = -1 EBADF (Bad file descriptor) [pid 5442] close(18) = -1 EBADF (Bad file descriptor) [pid 5442] close(19) = -1 EBADF (Bad file descriptor) [pid 5442] close(20) = -1 EBADF (Bad file descriptor) [pid 5442] close(21) = -1 EBADF (Bad file descriptor) [pid 5442] close(22) = -1 EBADF (Bad file descriptor) [pid 5442] close(23) = -1 EBADF (Bad file descriptor) [pid 5442] close(24) = -1 EBADF (Bad file descriptor) [pid 5442] close(25) = -1 EBADF (Bad file descriptor) [pid 5442] close(26) = -1 EBADF (Bad file descriptor) [pid 5442] close(27) = -1 EBADF (Bad file descriptor) [pid 5442] close(28) = -1 EBADF (Bad file descriptor) [pid 5442] close(29) = -1 EBADF (Bad file descriptor) [pid 5442] exit_group(0) = ? [pid 5442] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 142.361877][ T5449] CPU: 1 PID: 5449 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 142.371912][ T5449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 142.382047][ T5449] Call Trace: [ 142.385377][ T5449] [ 142.388374][ T5449] dump_stack_lvl+0x136/0x150 [ 142.393127][ T5449] dump_header+0x10a/0xd70 [ 142.397613][ T5449] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 142.403777][ T5449] out_of_memory+0xd64/0x1660 [ 142.408550][ T5449] ? oom_killer_disable+0x2b0/0x2b0 [ 142.413845][ T5449] mem_cgroup_out_of_memory+0x206/0x270 [pid 5086] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] unlink("./16/cgroup.net" [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] <... unlink resumed>) = 0 [pid 5086] lstat("./13/binderfs", [pid 5089] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./13/binderfs") = 0 [pid 5086] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./13/cgroup") = 0 [pid 5086] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./13/cgroup.net") = 0 [ 142.419467][ T5449] ? mem_cgroup_margin+0x130/0x130 [ 142.424686][ T5449] memory_max_write+0x2f9/0x3c0 [ 142.429627][ T5449] ? mem_cgroup_force_empty_write+0x160/0x160 [ 142.435784][ T5449] ? lock_sync+0x190/0x190 [ 142.440290][ T5449] cgroup_file_write+0x1e2/0x7b0 [ 142.445313][ T5449] ? mem_cgroup_force_empty_write+0x160/0x160 [ 142.451469][ T5449] ? kill_css+0x3b0/0x3b0 [ 142.455878][ T5449] ? lock_acquire+0x32/0xc0 [ 142.460495][ T5449] ? kill_css+0x3b0/0x3b0 [ 142.464903][ T5449] kernfs_fop_write_iter+0x3f1/0x600 [ 142.470275][ T5449] vfs_write+0x9ed/0xe10 [ 142.474610][ T5449] ? kernel_write+0x670/0x670 [ 142.479373][ T5449] ? find_held_lock+0x2d/0x110 [ 142.484225][ T5449] ? __fget_light+0x20a/0x270 [ 142.488993][ T5449] ksys_write+0x12b/0x250 [ 142.493408][ T5449] ? __ia32_sys_read+0xb0/0xb0 [ 142.498254][ T5449] ? lockdep_hardirqs_on+0x7d/0x100 [ 142.503526][ T5449] ? _raw_spin_unlock_irq+0x2e/0x50 [ 142.508813][ T5449] ? ptrace_notify+0xfe/0x140 [ 142.513579][ T5449] do_syscall_64+0x39/0xb0 [ 142.518100][ T5449] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.524066][ T5449] RIP: 0033:0x7faecf034129 [ 142.528540][ T5449] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 142.548240][ T5449] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 142.556731][ T5449] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5086] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... umount2 resumed>) = 0 [pid 5089] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = 0 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] lstat("./16/file0", [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 142.564767][ T5449] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 142.572799][ T5449] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 142.580838][ T5449] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 142.588875][ T5449] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000f [ 142.596939][ T5449] [pid 5086] lstat("./13/file0", [pid 5089] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] <... openat resumed>) = 4 [pid 5086] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5089] fstat(4, [pid 5086] <... openat resumed>) = 4 [pid 5089] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] fstat(4, [pid 5089] getdents64(4, [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, [pid 5089] getdents64(4, [pid 5086] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] getdents64(4, [pid 5089] close(4 [pid 5086] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] <... close resumed>) = 0 [pid 5086] close(4 [pid 5089] rmdir("./16/file0" [pid 5086] <... close resumed>) = 0 [pid 5089] <... rmdir resumed>) = 0 [pid 5086] rmdir("./13/file0" [pid 5089] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... rmdir resumed>) = 0 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] lstat("./16/cgroup.cpu", [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] lstat("./13/cgroup.cpu", [pid 5089] unlink("./16/cgroup.cpu" [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] <... unlink resumed>) = 0 [pid 5086] unlink("./13/cgroup.cpu" [pid 5089] getdents64(3, [pid 5086] <... unlink resumed>) = 0 [pid 5089] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] getdents64(3, [pid 5089] close(3 [pid 5086] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] <... close resumed>) = 0 [pid 5086] close(3 [pid 5089] rmdir("./16" [pid 5086] <... close resumed>) = 0 [pid 5089] <... rmdir resumed>) = 0 [pid 5086] rmdir("./13" [pid 5089] mkdir("./17", 0777 [pid 5086] <... rmdir resumed>) = 0 [pid 5089] <... mkdir resumed>) = 0 [pid 5086] mkdir("./14", 0777 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] <... mkdir resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5467 attached [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 19 [pid 5467] chdir("./14" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 16 [pid 5467] <... chdir resumed>) = 0 [pid 5467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5467] setpgid(0, 0) = 0 [pid 5467] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 142.620302][ T5449] memory: usage 8kB, limit 0kB, failcnt 36 [ 142.628415][ T5449] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 142.645651][ T5449] Memory cgroup stats for /syz1: [ 142.646111][ T5449] anon 0 [ 142.646111][ T5449] file 0 [ 142.646111][ T5449] kernel 8192 [ 142.646111][ T5449] kernel_stack 0 [ 142.646111][ T5449] pagetables 0 [ 142.646111][ T5449] sec_pagetables 0 [pid 5467] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5467] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5467] write(3, "1000", 4) = 4 [pid 5467] close(3) = 0 [pid 5467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5467] mkdir("./file0", 000) = 0 [pid 5467] open("./file0", O_RDONLY) = 3 [pid 5467] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5467] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5467] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5467] openat(5, "memory.max", O_RDWR) = 6 [ 142.646111][ T5449] percpu 0 [ 142.646111][ T5449] sock 0 [ 142.646111][ T5449] vmalloc 0 [ 142.646111][ T5449] shmem 0 [ 142.646111][ T5449] zswap 0 [ 142.646111][ T5449] zswapped 0 [ 142.646111][ T5449] file_mapped 0 [ 142.646111][ T5449] file_dirty 0 [ 142.646111][ T5449] file_writeback 0 [ 142.646111][ T5449] swapcached 0 [ 142.646111][ T5449] anon_thp 0 [ 142.646111][ T5449] file_thp 0 [ 142.646111][ T5449] shmem_thp 0 [ 142.646111][ T5449] inactive_anon 0 [ 142.646111][ T5449] active_anon 0 [ 142.646111][ T5449] inactive_file 0 [ 142.646111][ T5449] active_file 0 [ 142.646111][ T5449] unevictable 0 [ 142.646111][ T5449] slab_reclaimable 6752 [ 142.646111][ T5449] slab_unreclaimable 0 [ 142.646111][ T5449] slab 6752 [ 142.646111][ T5449] workingset_refault_anon 0 [ 142.646111][ T5449] workingset_refault_file 0 [ 142.646111][ T5449] workingset_activate_anon 0 [ 142.646111][ T5449] workingset_activate_file 0 [ 142.646111][ T5449] workingset_restore_anon 0 [ 142.646111][ T5449] workingset_restore_file 0 [ 142.646111][ T5449] workingset_nodereclaim 0 [ 142.646111][ T5449] pgscan 831 [ 142.646111][ T5449] pgsteal 2 [ 142.646111][ T5449] pgscan_kswapd 0 [ 142.646111][ T5449] pgscan_direct 831 [ 142.646111][ T5449] pgscan_khugepaged 0 [ 142.646111][ T5449] pgsteal_kswapd 0 [ 142.646111][ T5449] pgsteal_direct 2 [ 142.646111][ T5449] pgsteal_khugepaged 0 [ 142.646111][ T5449] pgfault 21 [ 142.646111][ T5449] pgmajfault 0 [ 142.646111][ T5449] pgrefill 830 [ 142.646111][ T5449] pgactivate 829 [ 142.646111][ T5449] pgdeactivate 830 [ 142.646111][ T5449] pglazyfree 0 [ 142.646111][ T5449] pglazyfreed 0 [ 142.646111][ T5449] zswpin 0 [pid 5467] write(6, "0x000000000000040e", 18./strace-static-x86_64: Process 5466 attached [pid 5466] chdir("./17") = 0 [pid 5466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5466] setpgid(0, 0) = 0 [pid 5466] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5466] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5466] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5466] write(3, "1000", 4) = 4 [pid 5466] close(3) = 0 [pid 5466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5466] mkdir("./file0", 000) = 0 [pid 5466] open("./file0", O_RDONLY) = 3 [pid 5466] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 142.646111][ T5449] zswpout 0 [ 142.646111][ T5449] thp_fault_alloc 0 [ 142.646111][ T5449] thp_collapse_alloc 0 [ 142.843074][ T5449] Tasks state (memory values in pages): [ 142.848703][ T5449] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5466] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5466] openat(4, "syz1", O_RDWR|O_PATH [pid 5449] <... write resumed>) = 18 [pid 5466] <... openat resumed>) = 5 [pid 5449] close(3 [pid 5466] openat(5, "memory.max", O_RDWR [pid 5449] <... close resumed>) = 0 [pid 5466] <... openat resumed>) = 6 [pid 5449] close(4 [ 142.905107][ T5449] Out of memory and no killable processes... [ 142.911405][ T5450] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 142.928161][ T5450] CPU: 1 PID: 5450 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 142.938185][ T5450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 142.948303][ T5450] Call Trace: [ 142.951631][ T5450] [pid 5466] write(6, "0x000000000000040e", 18 [pid 5449] <... close resumed>) = 0 [pid 5449] close(5) = 0 [pid 5449] close(6) = 0 [pid 5449] close(7) = -1 EBADF (Bad file descriptor) [pid 5449] close(8) = -1 EBADF (Bad file descriptor) [pid 5449] close(9) = -1 EBADF (Bad file descriptor) [pid 5449] close(10) = -1 EBADF (Bad file descriptor) [pid 5449] close(11) = -1 EBADF (Bad file descriptor) [ 142.954607][ T5450] dump_stack_lvl+0x136/0x150 [ 142.959351][ T5450] dump_header+0x10a/0xd70 [ 142.963824][ T5450] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 142.969982][ T5450] out_of_memory+0xd64/0x1660 [ 142.974753][ T5450] ? oom_killer_disable+0x2b0/0x2b0 [ 142.980049][ T5450] mem_cgroup_out_of_memory+0x206/0x270 [ 142.985680][ T5450] ? mem_cgroup_margin+0x130/0x130 [ 142.990889][ T5450] memory_max_write+0x2f9/0x3c0 [ 142.995835][ T5450] ? mem_cgroup_force_empty_write+0x160/0x160 [ 143.001989][ T5450] ? lock_sync+0x190/0x190 [ 143.006459][ T5450] cgroup_file_write+0x1e2/0x7b0 [ 143.011449][ T5450] ? mem_cgroup_force_empty_write+0x160/0x160 [ 143.017571][ T5450] ? kill_css+0x3b0/0x3b0 [ 143.021947][ T5450] ? lock_acquire+0x32/0xc0 [ 143.026496][ T5450] ? kill_css+0x3b0/0x3b0 [ 143.030865][ T5450] kernfs_fop_write_iter+0x3f1/0x600 [ 143.036207][ T5450] vfs_write+0x9ed/0xe10 [ 143.040513][ T5450] ? kernel_write+0x670/0x670 [ 143.045240][ T5450] ? find_held_lock+0x2d/0x110 [ 143.050047][ T5450] ? __fget_light+0x20a/0x270 [ 143.054777][ T5450] ksys_write+0x12b/0x250 [ 143.059153][ T5450] ? __ia32_sys_read+0xb0/0xb0 [ 143.063965][ T5450] ? lockdep_hardirqs_on+0x7d/0x100 [ 143.069207][ T5450] ? _raw_spin_unlock_irq+0x2e/0x50 [ 143.074447][ T5450] ? ptrace_notify+0xfe/0x140 [ 143.079160][ T5450] do_syscall_64+0x39/0xb0 [ 143.083634][ T5450] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 143.089585][ T5450] RIP: 0033:0x7faecf034129 [ 143.094037][ T5450] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 143.113681][ T5450] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 143.122264][ T5450] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 143.130271][ T5450] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 143.138269][ T5450] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 143.146266][ T5450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5449] close(12) = -1 EBADF (Bad file descriptor) [pid 5449] close(13) = -1 EBADF (Bad file descriptor) [pid 5449] close(14) = -1 EBADF (Bad file descriptor) [pid 5449] close(15) = -1 EBADF (Bad file descriptor) [pid 5449] close(16) = -1 EBADF (Bad file descriptor) [pid 5449] close(17) = -1 EBADF (Bad file descriptor) [pid 5449] close(18) = -1 EBADF (Bad file descriptor) [pid 5449] close(19) = -1 EBADF (Bad file descriptor) [pid 5449] close(20) = -1 EBADF (Bad file descriptor) [pid 5449] close(21) = -1 EBADF (Bad file descriptor) [ 143.154269][ T5450] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000d [ 143.162314][ T5450] [ 143.185334][ T5450] memory: usage 8kB, limit 0kB, failcnt 36 [ 143.191353][ T5450] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 143.198689][ T5450] Memory cgroup stats for /syz1: [pid 5449] close(22) = -1 EBADF (Bad file descriptor) [pid 5449] close(23) = -1 EBADF (Bad file descriptor) [pid 5449] close(24) = -1 EBADF (Bad file descriptor) [pid 5449] close(25) = -1 EBADF (Bad file descriptor) [pid 5449] close(26) = -1 EBADF (Bad file descriptor) [pid 5449] close(27) = -1 EBADF (Bad file descriptor) [pid 5449] close(28) = -1 EBADF (Bad file descriptor) [pid 5449] close(29) = -1 EBADF (Bad file descriptor) [pid 5449] exit_group(0) = ? [pid 5449] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5087] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./15/binderfs") = 0 [pid 5087] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 143.198969][ T5450] anon 0 [ 143.198969][ T5450] file 0 [ 143.198969][ T5450] kernel 8192 [ 143.198969][ T5450] kernel_stack 0 [ 143.198969][ T5450] pagetables 0 [ 143.198969][ T5450] sec_pagetables 0 [ 143.198969][ T5450] percpu 0 [ 143.198969][ T5450] sock 0 [ 143.198969][ T5450] vmalloc 0 [ 143.198969][ T5450] shmem 0 [ 143.198969][ T5450] zswap 0 [ 143.198969][ T5450] zswapped 0 [ 143.198969][ T5450] file_mapped 0 [ 143.198969][ T5450] file_dirty 0 [ 143.198969][ T5450] file_writeback 0 [ 143.198969][ T5450] swapcached 0 [ 143.198969][ T5450] anon_thp 0 [pid 5087] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./15/cgroup") = 0 [pid 5087] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./15/cgroup.net") = 0 [ 143.198969][ T5450] file_thp 0 [ 143.198969][ T5450] shmem_thp 0 [ 143.198969][ T5450] inactive_anon 0 [ 143.198969][ T5450] active_anon 0 [ 143.198969][ T5450] inactive_file 0 [ 143.198969][ T5450] active_file 0 [ 143.198969][ T5450] unevictable 0 [ 143.198969][ T5450] slab_reclaimable 6752 [ 143.198969][ T5450] slab_unreclaimable 0 [ 143.198969][ T5450] slab 6752 [ 143.198969][ T5450] workingset_refault_anon 0 [ 143.198969][ T5450] workingset_refault_file 0 [ 143.198969][ T5450] workingset_activate_anon 0 [ 143.198969][ T5450] workingset_activate_file 0 [ 143.198969][ T5450] workingset_restore_anon 0 [ 143.198969][ T5450] workingset_restore_file 0 [ 143.198969][ T5450] workingset_nodereclaim 0 [ 143.198969][ T5450] pgscan 831 [ 143.198969][ T5450] pgsteal 2 [ 143.198969][ T5450] pgscan_kswapd 0 [ 143.198969][ T5450] pgscan_direct 831 [ 143.198969][ T5450] pgscan_khugepaged 0 [ 143.198969][ T5450] pgsteal_kswapd 0 [ 143.198969][ T5450] pgsteal_direct 2 [ 143.198969][ T5450] pgsteal_khugepaged 0 [ 143.198969][ T5450] pgfault 21 [ 143.198969][ T5450] pgmajfault 0 [pid 5087] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./15/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./15/file0") = 0 [pid 5087] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./15/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./15") = 0 [pid 5087] mkdir("./16", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5470 attached [pid 5470] chdir("./16" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 18 [pid 5470] <... chdir resumed>) = 0 [pid 5470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5470] setpgid(0, 0) = 0 [pid 5470] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5470] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [ 143.198969][ T5450] pgrefill 830 [ 143.198969][ T5450] pgactivate 829 [ 143.198969][ T5450] pgdeactivate 830 [ 143.198969][ T5450] pglazyfree 0 [ 143.198969][ T5450] pglazyfreed 0 [ 143.198969][ T5450] zswpin 0 [ 143.198969][ T5450] zswpout 0 [ 143.198969][ T5450] thp_fault_alloc 0 [ 143.198969][ T5450] thp_collapse_alloc 0 [pid 5470] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5470] write(3, "1000", 4) = 4 [pid 5470] close(3) = 0 [pid 5470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5470] mkdir("./file0", 000) = 0 [pid 5470] open("./file0", O_RDONLY) = 3 [pid 5470] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5470] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5470] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5470] openat(5, "memory.max", O_RDWR) = 6 [pid 5470] write(6, "0x000000000000040e", 18 [pid 5450] <... write resumed>) = 18 [pid 5450] close(3) = 0 [pid 5450] close(4) = 0 [pid 5450] close(5) = 0 [pid 5450] close(6) = 0 [pid 5450] close(7) = -1 EBADF (Bad file descriptor) [pid 5450] close(8) = -1 EBADF (Bad file descriptor) [pid 5450] close(9) = -1 EBADF (Bad file descriptor) [pid 5450] close(10) = -1 EBADF (Bad file descriptor) [pid 5450] close(11) = -1 EBADF (Bad file descriptor) [pid 5450] close(12) = -1 EBADF (Bad file descriptor) [ 143.483879][ T5450] Tasks state (memory values in pages): [ 143.489871][ T5450] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 143.503016][ T5450] Out of memory and no killable processes... [ 143.511266][ T5455] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 143.554900][ T5455] CPU: 0 PID: 5455 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 143.564893][ T5455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 143.575018][ T5455] Call Trace: [ 143.578337][ T5455] [ 143.581309][ T5455] dump_stack_lvl+0x136/0x150 [ 143.586047][ T5455] dump_header+0x10a/0xd70 [ 143.590507][ T5455] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 143.596650][ T5455] out_of_memory+0xd64/0x1660 [ 143.601383][ T5455] ? oom_killer_disable+0x2b0/0x2b0 [ 143.606638][ T5455] mem_cgroup_out_of_memory+0x206/0x270 [ 143.612274][ T5455] ? mem_cgroup_margin+0x130/0x130 [ 143.617451][ T5455] memory_max_write+0x2f9/0x3c0 [ 143.622355][ T5455] ? mem_cgroup_force_empty_write+0x160/0x160 [ 143.628475][ T5455] ? lock_sync+0x190/0x190 [ 143.632957][ T5455] cgroup_file_write+0x1e2/0x7b0 [ 143.637954][ T5455] ? mem_cgroup_force_empty_write+0x160/0x160 [ 143.644068][ T5455] ? kill_css+0x3b0/0x3b0 [ 143.648444][ T5455] ? lock_acquire+0x32/0xc0 [ 143.652994][ T5455] ? kill_css+0x3b0/0x3b0 [ 143.657369][ T5455] kernfs_fop_write_iter+0x3f1/0x600 [ 143.662707][ T5455] vfs_write+0x9ed/0xe10 [ 143.667019][ T5455] ? kernel_write+0x670/0x670 [ 143.671750][ T5455] ? find_held_lock+0x2d/0x110 [ 143.676561][ T5455] ? __fget_light+0x20a/0x270 [ 143.681301][ T5455] ksys_write+0x12b/0x250 [ 143.685684][ T5455] ? __ia32_sys_read+0xb0/0xb0 [ 143.690494][ T5455] ? lockdep_hardirqs_on+0x7d/0x100 [ 143.695808][ T5455] ? _raw_spin_unlock_irq+0x2e/0x50 [ 143.701094][ T5455] ? ptrace_notify+0xfe/0x140 [ 143.705878][ T5455] do_syscall_64+0x39/0xb0 [ 143.710373][ T5455] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 143.716331][ T5455] RIP: 0033:0x7faecf034129 [ 143.720804][ T5455] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 143.740455][ T5455] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5450] close(13) = -1 EBADF (Bad file descriptor) [ 143.748920][ T5455] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 143.756929][ T5455] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 143.764962][ T5455] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 143.772958][ T5455] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 143.780954][ T5455] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000011 [ 143.788983][ T5455] [pid 5450] close(14) = -1 EBADF (Bad file descriptor) [pid 5450] close(15) = -1 EBADF (Bad file descriptor) [pid 5450] close(16) = -1 EBADF (Bad file descriptor) [pid 5450] close(17) = -1 EBADF (Bad file descriptor) [pid 5450] close(18) = -1 EBADF (Bad file descriptor) [pid 5450] close(19) = -1 EBADF (Bad file descriptor) [pid 5450] close(20) = -1 EBADF (Bad file descriptor) [pid 5450] close(21) = -1 EBADF (Bad file descriptor) [pid 5450] close(22) = -1 EBADF (Bad file descriptor) [pid 5450] close(23) = -1 EBADF (Bad file descriptor) [pid 5450] close(24) = -1 EBADF (Bad file descriptor) [pid 5450] close(25) = -1 EBADF (Bad file descriptor) [pid 5450] close(26) = -1 EBADF (Bad file descriptor) [pid 5450] close(27) = -1 EBADF (Bad file descriptor) [pid 5450] close(28) = -1 EBADF (Bad file descriptor) [pid 5450] close(29) = -1 EBADF (Bad file descriptor) [pid 5450] exit_group(0) = ? [pid 5450] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5085] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 143.801979][ T5455] memory: usage 8kB, limit 0kB, failcnt 36 [ 143.807888][ T5455] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 143.831828][ T5455] Memory cgroup stats for /syz1: [ 143.832109][ T5455] anon 0 [ 143.832109][ T5455] file 0 [ 143.832109][ T5455] kernel 8192 [ 143.832109][ T5455] kernel_stack 0 [ 143.832109][ T5455] pagetables 0 [ 143.832109][ T5455] sec_pagetables 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./13/binderfs") = 0 [pid 5085] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./13/cgroup") = 0 [pid 5085] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./13/cgroup.net") = 0 [ 143.832109][ T5455] percpu 0 [ 143.832109][ T5455] sock 0 [ 143.832109][ T5455] vmalloc 0 [ 143.832109][ T5455] shmem 0 [ 143.832109][ T5455] zswap 0 [ 143.832109][ T5455] zswapped 0 [ 143.832109][ T5455] file_mapped 0 [ 143.832109][ T5455] file_dirty 0 [ 143.832109][ T5455] file_writeback 0 [ 143.832109][ T5455] swapcached 0 [ 143.832109][ T5455] anon_thp 0 [ 143.832109][ T5455] file_thp 0 [ 143.832109][ T5455] shmem_thp 0 [ 143.832109][ T5455] inactive_anon 0 [ 143.832109][ T5455] active_anon 0 [ 143.832109][ T5455] inactive_file 0 [ 143.832109][ T5455] active_file 0 [ 143.832109][ T5455] unevictable 0 [ 143.832109][ T5455] slab_reclaimable 6752 [ 143.832109][ T5455] slab_unreclaimable 0 [ 143.832109][ T5455] slab 6752 [ 143.832109][ T5455] workingset_refault_anon 0 [ 143.832109][ T5455] workingset_refault_file 0 [ 143.832109][ T5455] workingset_activate_anon 0 [ 143.832109][ T5455] workingset_activate_file 0 [ 143.832109][ T5455] workingset_restore_anon 0 [ 143.832109][ T5455] workingset_restore_file 0 [ 143.832109][ T5455] workingset_nodereclaim 0 [ 143.832109][ T5455] pgscan 831 [ 143.832109][ T5455] pgsteal 2 [ 143.832109][ T5455] pgscan_kswapd 0 [ 143.832109][ T5455] pgscan_direct 831 [ 143.832109][ T5455] pgscan_khugepaged 0 [ 143.832109][ T5455] pgsteal_kswapd 0 [ 143.832109][ T5455] pgsteal_direct 2 [ 143.832109][ T5455] pgsteal_khugepaged 0 [ 143.832109][ T5455] pgfault 21 [ 143.832109][ T5455] pgmajfault 0 [ 143.832109][ T5455] pgrefill 830 [ 143.832109][ T5455] pgactivate 829 [ 143.832109][ T5455] pgdeactivate 830 [ 143.832109][ T5455] pglazyfree 0 [ 143.832109][ T5455] pglazyfreed 0 [ 143.832109][ T5455] zswpin 0 [pid 5085] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./13/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./13/file0") = 0 [pid 5085] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 143.832109][ T5455] zswpout 0 [ 143.832109][ T5455] thp_fault_alloc 0 [ 143.832109][ T5455] thp_collapse_alloc 0 [ 144.028395][ T5455] Tasks state (memory values in pages): [ 144.041778][ T5455] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5085] unlink("./13/cgroup.cpu") = 0 [pid 5455] <... write resumed>) = 18 [pid 5455] close(3) = 0 [pid 5455] close(4) = 0 [pid 5455] close(5) = 0 [pid 5455] close(6) = 0 [pid 5085] getdents64(3, [pid 5455] close(7 [pid 5085] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5455] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] close(3 [pid 5455] close(8) = -1 EBADF (Bad file descriptor) [pid 5085] <... close resumed>) = 0 [pid 5085] rmdir("./13" [pid 5455] close(9) = -1 EBADF (Bad file descriptor) [pid 5455] close(10) = -1 EBADF (Bad file descriptor) [pid 5455] close(11) = -1 EBADF (Bad file descriptor) [pid 5085] <... rmdir resumed>) = 0 [pid 5455] close(12 [pid 5085] mkdir("./14", 0777 [pid 5455] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 144.062441][ T5455] Out of memory and no killable processes... [ 144.068875][ T5467] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 144.086104][ T5467] CPU: 0 PID: 5467 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 144.096094][ T5467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 144.106223][ T5467] Call Trace: [ 144.109546][ T5467] [ 144.112521][ T5467] dump_stack_lvl+0x136/0x150 [ 144.117266][ T5467] dump_header+0x10a/0xd70 [ 144.121741][ T5467] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 144.127911][ T5467] out_of_memory+0xd64/0x1660 [ 144.132690][ T5467] ? oom_killer_disable+0x2b0/0x2b0 [ 144.137959][ T5467] mem_cgroup_out_of_memory+0x206/0x270 [ 144.143555][ T5467] ? mem_cgroup_margin+0x130/0x130 [ 144.148730][ T5467] memory_max_write+0x2f9/0x3c0 [ 144.153631][ T5467] ? mem_cgroup_force_empty_write+0x160/0x160 [ 144.159751][ T5467] ? lock_sync+0x190/0x190 [ 144.164220][ T5467] cgroup_file_write+0x1e2/0x7b0 [ 144.169206][ T5467] ? mem_cgroup_force_empty_write+0x160/0x160 [ 144.175323][ T5467] ? kill_css+0x3b0/0x3b0 [ 144.179698][ T5467] ? lock_acquire+0x32/0xc0 [ 144.184281][ T5467] ? kill_css+0x3b0/0x3b0 [ 144.188684][ T5467] kernfs_fop_write_iter+0x3f1/0x600 [ 144.194018][ T5467] vfs_write+0x9ed/0xe10 [ 144.198309][ T5467] ? kernel_write+0x670/0x670 [ 144.203033][ T5467] ? find_held_lock+0x2d/0x110 [ 144.207841][ T5467] ? __fget_light+0x20a/0x270 [ 144.212572][ T5467] ksys_write+0x12b/0x250 [ 144.216957][ T5467] ? __ia32_sys_read+0xb0/0xb0 [ 144.221770][ T5467] ? lockdep_hardirqs_on+0x7d/0x100 [ 144.227015][ T5467] ? _raw_spin_unlock_irq+0x2e/0x50 [ 144.232268][ T5467] ? ptrace_notify+0xfe/0x140 [ 144.236989][ T5467] do_syscall_64+0x39/0xb0 [ 144.241455][ T5467] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 144.247390][ T5467] RIP: 0033:0x7faecf034129 [ 144.251835][ T5467] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 144.271472][ T5467] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 144.279911][ T5467] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 144.287912][ T5467] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 144.295906][ T5467] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 144.303905][ T5467] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5455] close(13 [pid 5085] <... mkdir resumed>) = 0 [pid 5455] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5455] close(14) = -1 EBADF (Bad file descriptor) [pid 5455] close(15) = -1 EBADF (Bad file descriptor) [pid 5455] close(16) = -1 EBADF (Bad file descriptor) [pid 5455] close(17) = -1 EBADF (Bad file descriptor) [pid 5455] close(18) = -1 EBADF (Bad file descriptor) [pid 5455] close(19) = -1 EBADF (Bad file descriptor) [pid 5455] close(20) = -1 EBADF (Bad file descriptor) [pid 5455] close(21) = -1 EBADF (Bad file descriptor) [pid 5455] close(22) = -1 EBADF (Bad file descriptor) [pid 5455] close(23) = -1 EBADF (Bad file descriptor) [pid 5455] close(24) = -1 EBADF (Bad file descriptor) [pid 5455] close(25) = -1 EBADF (Bad file descriptor) [pid 5455] close(26) = -1 EBADF (Bad file descriptor) [pid 5455] close(27) = -1 EBADF (Bad file descriptor) [pid 5455] close(28) = -1 EBADF (Bad file descriptor) [pid 5455] close(29) = -1 EBADF (Bad file descriptor) [pid 5455] exit_group(0) = ? [pid 5455] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./17/binderfs") = 0 [pid 5090] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./17/cgroup") = 0 [pid 5090] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./17/cgroup.net") = 0 [pid 5090] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 16 [pid 5090] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5475 attached [pid 5090] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5475] chdir("./14" [pid 5090] lstat("./17/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5475] <... chdir resumed>) = 0 [pid 5090] getdents64(4, [pid 5475] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5090] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4 [pid 5475] <... prctl resumed>) = 0 [pid 5090] <... close resumed>) = 0 [pid 5090] rmdir("./17/file0" [pid 5475] setpgid(0, 0 [pid 5090] <... rmdir resumed>) = 0 [pid 5090] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./17/cgroup.cpu", [pid 5475] <... setpgid resumed>) = 0 [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5475] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5090] unlink("./17/cgroup.cpu" [pid 5475] <... symlink resumed>) = 0 [pid 5090] <... unlink resumed>) = 0 [pid 5475] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5090] getdents64(3, [pid 5475] <... symlink resumed>) = 0 [pid 5090] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5475] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5090] close(3 [pid 5475] <... symlink resumed>) = 0 [pid 5090] <... close resumed>) = 0 [pid 5475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5090] rmdir("./17" [pid 5475] <... openat resumed>) = 3 [pid 5475] write(3, "1000", 4 [pid 5090] <... rmdir resumed>) = 0 [pid 5475] <... write resumed>) = 4 [pid 5090] mkdir("./18", 0777 [pid 5475] close(3) = 0 [pid 5090] <... mkdir resumed>) = 0 [ 144.311899][ T5467] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000e [ 144.319916][ T5467] [pid 5475] symlink("/dev/binderfs", "./binderfs" [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5475] <... symlink resumed>) = 0 [pid 5475] mkdir("./file0", 000) = 0 [pid 5475] open("./file0", O_RDONLY) = 3 [pid 5475] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5475] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5475] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5475] openat(5, "memory.max", O_RDWR) = 6 [pid 5475] write(6, "0x000000000000040e", 18 [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 20 ./strace-static-x86_64: Process 5477 attached [pid 5477] chdir("./18") = 0 [pid 5477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5477] setpgid(0, 0) = 0 [pid 5477] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [ 144.371473][ T5467] memory: usage 8kB, limit 0kB, failcnt 36 [ 144.378273][ T5467] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 144.399816][ T5467] Memory cgroup stats for /syz1: [ 144.400066][ T5467] anon 0 [ 144.400066][ T5467] file 0 [ 144.400066][ T5467] kernel 8192 [ 144.400066][ T5467] kernel_stack 0 [ 144.400066][ T5467] pagetables 0 [pid 5477] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5477] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5477] write(3, "1000", 4) = 4 [pid 5477] close(3) = 0 [pid 5477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5477] mkdir("./file0", 000) = 0 [pid 5477] open("./file0", O_RDONLY) = 3 [pid 5477] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5477] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5477] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5477] openat(5, "memory.max", O_RDWR) = 6 [ 144.400066][ T5467] sec_pagetables 0 [ 144.400066][ T5467] percpu 0 [ 144.400066][ T5467] sock 0 [ 144.400066][ T5467] vmalloc 0 [ 144.400066][ T5467] shmem 0 [ 144.400066][ T5467] zswap 0 [ 144.400066][ T5467] zswapped 0 [ 144.400066][ T5467] file_mapped 0 [ 144.400066][ T5467] file_dirty 0 [ 144.400066][ T5467] file_writeback 0 [ 144.400066][ T5467] swapcached 0 [ 144.400066][ T5467] anon_thp 0 [ 144.400066][ T5467] file_thp 0 [ 144.400066][ T5467] shmem_thp 0 [ 144.400066][ T5467] inactive_anon 0 [ 144.400066][ T5467] active_anon 0 [ 144.400066][ T5467] inactive_file 0 [ 144.400066][ T5467] active_file 0 [ 144.400066][ T5467] unevictable 0 [ 144.400066][ T5467] slab_reclaimable 6752 [ 144.400066][ T5467] slab_unreclaimable 0 [ 144.400066][ T5467] slab 6752 [ 144.400066][ T5467] workingset_refault_anon 0 [ 144.400066][ T5467] workingset_refault_file 0 [ 144.400066][ T5467] workingset_activate_anon 0 [ 144.400066][ T5467] workingset_activate_file 0 [ 144.400066][ T5467] workingset_restore_anon 0 [ 144.400066][ T5467] workingset_restore_file 0 [ 144.400066][ T5467] workingset_nodereclaim 0 [ 144.400066][ T5467] pgscan 831 [ 144.400066][ T5467] pgsteal 2 [ 144.400066][ T5467] pgscan_kswapd 0 [ 144.400066][ T5467] pgscan_direct 831 [ 144.400066][ T5467] pgscan_khugepaged 0 [ 144.400066][ T5467] pgsteal_kswapd 0 [ 144.400066][ T5467] pgsteal_direct 2 [ 144.400066][ T5467] pgsteal_khugepaged 0 [ 144.400066][ T5467] pgfault 21 [ 144.400066][ T5467] pgmajfault 0 [ 144.400066][ T5467] pgrefill 830 [ 144.400066][ T5467] pgactivate 829 [ 144.400066][ T5467] pgdeactivate 830 [ 144.400066][ T5467] pglazyfree 0 [ 144.400066][ T5467] pglazyfreed 0 [ 144.400066][ T5467] zswpin 0 [ 144.400066][ T5467] zswpout 0 [ 144.400066][ T5467] thp_fault_alloc 0 [ 144.400066][ T5467] thp_collapse_alloc 0 [ 144.605309][ T5467] Tasks state (memory values in pages): [ 144.610939][ T5467] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5477] write(6, "0x000000000000040e", 18 [pid 5467] <... write resumed>) = 18 [pid 5467] close(3) = 0 [pid 5467] close(4) = 0 [pid 5467] close(5) = 0 [pid 5467] close(6) = 0 [pid 5467] close(7) = -1 EBADF (Bad file descriptor) [pid 5467] close(8) = -1 EBADF (Bad file descriptor) [pid 5467] close(9) = -1 EBADF (Bad file descriptor) [pid 5467] close(10) = -1 EBADF (Bad file descriptor) [pid 5467] close(11) = -1 EBADF (Bad file descriptor) [pid 5467] close(12) = -1 EBADF (Bad file descriptor) [pid 5467] close(13) = -1 EBADF (Bad file descriptor) [ 144.629561][ T5467] Out of memory and no killable processes... [ 144.636040][ T5466] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 144.655838][ T5466] CPU: 1 PID: 5466 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 144.665823][ T5466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 144.675940][ T5466] Call Trace: [pid 5467] close(14) = -1 EBADF (Bad file descriptor) [pid 5467] close(15) = -1 EBADF (Bad file descriptor) [pid 5467] close(16) = -1 EBADF (Bad file descriptor) [pid 5467] close(17) = -1 EBADF (Bad file descriptor) [pid 5467] close(18) = -1 EBADF (Bad file descriptor) [pid 5467] close(19) = -1 EBADF (Bad file descriptor) [pid 5467] close(20) = -1 EBADF (Bad file descriptor) [pid 5467] close(21) = -1 EBADF (Bad file descriptor) [pid 5467] close(22) = -1 EBADF (Bad file descriptor) [pid 5467] close(23) = -1 EBADF (Bad file descriptor) [pid 5467] close(24) = -1 EBADF (Bad file descriptor) [pid 5467] close(25) = -1 EBADF (Bad file descriptor) [pid 5467] close(26) = -1 EBADF (Bad file descriptor) [pid 5467] close(27) = -1 EBADF (Bad file descriptor) [pid 5467] close(28) = -1 EBADF (Bad file descriptor) [pid 5467] close(29) = -1 EBADF (Bad file descriptor) [pid 5467] exit_group(0) = ? [pid 5467] +++ exited with 0 +++ [ 144.679270][ T5466] [ 144.682249][ T5466] dump_stack_lvl+0x136/0x150 [ 144.687002][ T5466] dump_header+0x10a/0xd70 [ 144.691507][ T5466] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 144.697673][ T5466] out_of_memory+0xd64/0x1660 [ 144.702445][ T5466] ? oom_killer_disable+0x2b0/0x2b0 [ 144.707737][ T5466] mem_cgroup_out_of_memory+0x206/0x270 [ 144.713376][ T5466] ? mem_cgroup_margin+0x130/0x130 [ 144.718608][ T5466] memory_max_write+0x2f9/0x3c0 [ 144.723584][ T5466] ? mem_cgroup_force_empty_write+0x160/0x160 [ 144.729749][ T5466] ? lock_sync+0x190/0x190 [ 144.734239][ T5466] cgroup_file_write+0x1e2/0x7b0 [ 144.739257][ T5466] ? mem_cgroup_force_empty_write+0x160/0x160 [ 144.745405][ T5466] ? kill_css+0x3b0/0x3b0 [ 144.749821][ T5466] ? lock_acquire+0x32/0xc0 [ 144.754411][ T5466] ? kill_css+0x3b0/0x3b0 [ 144.758818][ T5466] kernfs_fop_write_iter+0x3f1/0x600 [ 144.764203][ T5466] vfs_write+0x9ed/0xe10 [ 144.768536][ T5466] ? kernel_write+0x670/0x670 [ 144.773305][ T5466] ? find_held_lock+0x2d/0x110 [ 144.778148][ T5466] ? __fget_light+0x20a/0x270 [ 144.782909][ T5466] ksys_write+0x12b/0x250 [ 144.787322][ T5466] ? __ia32_sys_read+0xb0/0xb0 [ 144.792162][ T5466] ? lockdep_hardirqs_on+0x7d/0x100 [ 144.797452][ T5466] ? _raw_spin_unlock_irq+0x2e/0x50 [ 144.802725][ T5466] ? ptrace_notify+0xfe/0x140 [ 144.807478][ T5466] do_syscall_64+0x39/0xb0 [ 144.811982][ T5466] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 144.817943][ T5466] RIP: 0033:0x7faecf034129 [ 144.822416][ T5466] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 144.842092][ T5466] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 144.850580][ T5466] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 144.858617][ T5466] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 144.866642][ T5466] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./14/binderfs") = 0 [pid 5086] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 144.874667][ T5466] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 144.882709][ T5466] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000011 [ 144.890787][ T5466] [pid 5086] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./14/cgroup") = 0 [pid 5086] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./14/cgroup.net") = 0 [pid 5086] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./14/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./14/file0") = 0 [pid 5086] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 144.928625][ T5466] memory: usage 8kB, limit 0kB, failcnt 36 [ 144.936729][ T5466] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 144.968960][ T5466] Memory cgroup stats for /syz1: [ 144.969253][ T5466] anon 0 [ 144.969253][ T5466] file 0 [ 144.969253][ T5466] kernel 8192 [ 144.969253][ T5466] kernel_stack 0 [ 144.969253][ T5466] pagetables 0 [ 144.969253][ T5466] sec_pagetables 0 [ 144.969253][ T5466] percpu 0 [ 144.969253][ T5466] sock 0 [ 144.969253][ T5466] vmalloc 0 [ 144.969253][ T5466] shmem 0 [ 144.969253][ T5466] zswap 0 [ 144.969253][ T5466] zswapped 0 [ 144.969253][ T5466] file_mapped 0 [ 144.969253][ T5466] file_dirty 0 [pid 5086] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./14/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./14") = 0 [pid 5086] mkdir("./15", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5481 attached [pid 5481] chdir("./15" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 17 [pid 5481] <... chdir resumed>) = 0 [pid 5481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5481] setpgid(0, 0) = 0 [pid 5481] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5481] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5481] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5481] write(3, "1000", 4) = 4 [pid 5481] close(3) = 0 [pid 5481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5481] mkdir("./file0", 000) = 0 [pid 5481] open("./file0", O_RDONLY) = 3 [pid 5481] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5481] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5481] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5481] openat(5, "memory.max", O_RDWR) = 6 [ 144.969253][ T5466] file_writeback 0 [ 144.969253][ T5466] swapcached 0 [ 144.969253][ T5466] anon_thp 0 [ 144.969253][ T5466] file_thp 0 [ 144.969253][ T5466] shmem_thp 0 [ 144.969253][ T5466] inactive_anon 0 [ 144.969253][ T5466] active_anon 0 [ 144.969253][ T5466] inactive_file 0 [ 144.969253][ T5466] active_file 0 [ 144.969253][ T5466] unevictable 0 [ 144.969253][ T5466] slab_reclaimable 6752 [ 144.969253][ T5466] slab_unreclaimable 0 [ 144.969253][ T5466] slab 6752 [ 144.969253][ T5466] workingset_refault_anon 0 [ 144.969253][ T5466] workingset_refault_file 0 [ 144.969253][ T5466] workingset_activate_anon 0 [ 144.969253][ T5466] workingset_activate_file 0 [ 144.969253][ T5466] workingset_restore_anon 0 [ 144.969253][ T5466] workingset_restore_file 0 [ 144.969253][ T5466] workingset_nodereclaim 0 [ 144.969253][ T5466] pgscan 831 [ 144.969253][ T5466] pgsteal 2 [ 144.969253][ T5466] pgscan_kswapd 0 [ 144.969253][ T5466] pgscan_direct 831 [ 144.969253][ T5466] pgscan_khugepaged 0 [ 144.969253][ T5466] pgsteal_kswapd 0 [ 144.969253][ T5466] pgsteal_direct 2 [ 144.969253][ T5466] pgsteal_khugepaged 0 [ 144.969253][ T5466] pgfault 21 [ 144.969253][ T5466] pgmajfault 0 [ 144.969253][ T5466] pgrefill 830 [ 144.969253][ T5466] pgactivate 829 [ 144.969253][ T5466] pgdeactivate 830 [ 144.969253][ T5466] pglazyfree 0 [ 144.969253][ T5466] pglazyfreed 0 [ 144.969253][ T5466] zswpin 0 [ 144.969253][ T5466] zswpout 0 [ 144.969253][ T5466] thp_fault_alloc 0 [ 144.969253][ T5466] thp_collapse_alloc 0 [pid 5481] write(6, "0x000000000000040e", 18 [pid 5466] <... write resumed>) = 18 [ 145.168748][ T5466] Tasks state (memory values in pages): [ 145.174690][ T5466] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 145.191686][ T5466] Out of memory and no killable processes... [ 145.197803][ T5470] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 145.216512][ T5470] CPU: 0 PID: 5470 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 145.226578][ T5470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 145.236692][ T5470] Call Trace: [ 145.240015][ T5470] [ 145.242994][ T5470] dump_stack_lvl+0x136/0x150 [ 145.247747][ T5470] dump_header+0x10a/0xd70 [ 145.252234][ T5470] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 145.258397][ T5470] out_of_memory+0xd64/0x1660 [ 145.263161][ T5470] ? oom_killer_disable+0x2b0/0x2b0 [pid 5466] close(3) = 0 [pid 5466] close(4) = 0 [pid 5466] close(5) = 0 [pid 5466] close(6) = 0 [ 145.268457][ T5470] mem_cgroup_out_of_memory+0x206/0x270 [ 145.274086][ T5470] ? mem_cgroup_margin+0x130/0x130 [ 145.279314][ T5470] memory_max_write+0x2f9/0x3c0 [ 145.284254][ T5470] ? mem_cgroup_force_empty_write+0x160/0x160 [ 145.290425][ T5470] ? lock_sync+0x190/0x190 [ 145.294925][ T5470] cgroup_file_write+0x1e2/0x7b0 [ 145.299952][ T5470] ? mem_cgroup_force_empty_write+0x160/0x160 [ 145.306111][ T5470] ? kill_css+0x3b0/0x3b0 [ 145.310522][ T5470] ? lock_acquire+0x32/0xc0 [ 145.315117][ T5470] ? kill_css+0x3b0/0x3b0 [ 145.319532][ T5470] kernfs_fop_write_iter+0x3f1/0x600 [ 145.324905][ T5470] vfs_write+0x9ed/0xe10 [ 145.329226][ T5470] ? kernel_write+0x670/0x670 [ 145.333967][ T5470] ? find_held_lock+0x2d/0x110 [ 145.338776][ T5470] ? __fget_light+0x20a/0x270 [ 145.343519][ T5470] ksys_write+0x12b/0x250 [ 145.347913][ T5470] ? __ia32_sys_read+0xb0/0xb0 [ 145.352723][ T5470] ? lockdep_hardirqs_on+0x7d/0x100 [ 145.357961][ T5470] ? _raw_spin_unlock_irq+0x2e/0x50 [ 145.363202][ T5470] ? ptrace_notify+0xfe/0x140 [ 145.367918][ T5470] do_syscall_64+0x39/0xb0 [ 145.372391][ T5470] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 145.378322][ T5470] RIP: 0033:0x7faecf034129 [ 145.382763][ T5470] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 145.402401][ T5470] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 145.410856][ T5470] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5466] close(7) = -1 EBADF (Bad file descriptor) [pid 5466] close(8) = -1 EBADF (Bad file descriptor) [pid 5466] close(9) = -1 EBADF (Bad file descriptor) [pid 5466] close(10) = -1 EBADF (Bad file descriptor) [pid 5466] close(11) = -1 EBADF (Bad file descriptor) [pid 5466] close(12) = -1 EBADF (Bad file descriptor) [pid 5466] close(13) = -1 EBADF (Bad file descriptor) [pid 5466] close(14) = -1 EBADF (Bad file descriptor) [pid 5466] close(15) = -1 EBADF (Bad file descriptor) [pid 5466] close(16) = -1 EBADF (Bad file descriptor) [pid 5466] close(17) = -1 EBADF (Bad file descriptor) [pid 5466] close(18) = -1 EBADF (Bad file descriptor) [pid 5466] close(19) = -1 EBADF (Bad file descriptor) [pid 5466] close(20) = -1 EBADF (Bad file descriptor) [pid 5466] close(21) = -1 EBADF (Bad file descriptor) [pid 5466] close(22) = -1 EBADF (Bad file descriptor) [pid 5466] close(23) = -1 EBADF (Bad file descriptor) [pid 5466] close(24) = -1 EBADF (Bad file descriptor) [pid 5466] close(25) = -1 EBADF (Bad file descriptor) [pid 5466] close(26) = -1 EBADF (Bad file descriptor) [pid 5466] close(27) = -1 EBADF (Bad file descriptor) [pid 5466] close(28) = -1 EBADF (Bad file descriptor) [pid 5466] close(29) = -1 EBADF (Bad file descriptor) [pid 5466] exit_group(0) = ? [pid 5466] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 145.418850][ T5470] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 145.426850][ T5470] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 145.434846][ T5470] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 145.442841][ T5470] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000010 [ 145.450862][ T5470] [pid 5089] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 145.486929][ T5470] memory: usage 8kB, limit 0kB, failcnt 36 [ 145.500101][ T5470] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 145.511371][ T5470] Memory cgroup stats for /syz1: [ 145.511770][ T5470] anon 0 [ 145.511770][ T5470] file 0 [ 145.511770][ T5470] kernel 8192 [ 145.511770][ T5470] kernel_stack 0 [ 145.511770][ T5470] pagetables 0 [ 145.511770][ T5470] sec_pagetables 0 [ 145.511770][ T5470] percpu 0 [ 145.511770][ T5470] sock 0 [ 145.511770][ T5470] vmalloc 0 [ 145.511770][ T5470] shmem 0 [ 145.511770][ T5470] zswap 0 [ 145.511770][ T5470] zswapped 0 [ 145.511770][ T5470] file_mapped 0 [ 145.511770][ T5470] file_dirty 0 [ 145.511770][ T5470] file_writeback 0 [ 145.511770][ T5470] swapcached 0 [ 145.511770][ T5470] anon_thp 0 [ 145.511770][ T5470] file_thp 0 [ 145.511770][ T5470] shmem_thp 0 [ 145.511770][ T5470] inactive_anon 0 [ 145.511770][ T5470] active_anon 0 [ 145.511770][ T5470] inactive_file 0 [ 145.511770][ T5470] active_file 0 [ 145.511770][ T5470] unevictable 0 [ 145.511770][ T5470] slab_reclaimable 6752 [ 145.511770][ T5470] slab_unreclaimable 0 [ 145.511770][ T5470] slab 6752 [ 145.511770][ T5470] workingset_refault_anon 0 [ 145.511770][ T5470] workingset_refault_file 0 [ 145.511770][ T5470] workingset_activate_anon 0 [ 145.511770][ T5470] workingset_activate_file 0 [ 145.511770][ T5470] workingset_restore_anon 0 [ 145.511770][ T5470] workingset_restore_file 0 [ 145.511770][ T5470] workingset_nodereclaim 0 [ 145.511770][ T5470] pgscan 831 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 145.511770][ T5470] pgsteal 2 [ 145.511770][ T5470] pgscan_kswapd 0 [ 145.511770][ T5470] pgscan_direct 831 [ 145.511770][ T5470] pgscan_khugepaged 0 [ 145.511770][ T5470] pgsteal_kswapd 0 [ 145.511770][ T5470] pgsteal_direct 2 [ 145.511770][ T5470] pgsteal_khugepaged 0 [ 145.511770][ T5470] pgfault 21 [ 145.511770][ T5470] pgmajfault 0 [ 145.511770][ T5470] pgrefill 830 [ 145.511770][ T5470] pgactivate 829 [ 145.511770][ T5470] pgdeactivate 830 [ 145.511770][ T5470] pglazyfree 0 [ 145.511770][ T5470] pglazyfreed 0 [ 145.511770][ T5470] zswpin 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./17/binderfs") = 0 [pid 5089] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./17/cgroup") = 0 [pid 5089] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./17/cgroup.net") = 0 [pid 5089] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./17/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./17/file0") = 0 [pid 5089] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 145.511770][ T5470] zswpout 0 [ 145.511770][ T5470] thp_fault_alloc 0 [ 145.511770][ T5470] thp_collapse_alloc 0 [ 145.719242][ T5470] Tasks state (memory values in pages): [pid 5089] lstat("./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./17/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./17") = 0 [pid 5089] mkdir("./18", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 20 ./strace-static-x86_64: Process 5488 attached [pid 5488] chdir("./18") = 0 [pid 5488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5488] setpgid(0, 0) = 0 [pid 5488] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5470] <... write resumed>) = 18 [ 145.740915][ T5470] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 145.757575][ T5470] Out of memory and no killable processes... [ 145.769251][ T5475] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 145.785829][ T5475] CPU: 0 PID: 5475 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 145.795811][ T5475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 145.806010][ T5475] Call Trace: [ 145.809336][ T5475] [ 145.812311][ T5475] dump_stack_lvl+0x136/0x150 [ 145.817064][ T5475] dump_header+0x10a/0xd70 [ 145.821559][ T5475] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 145.827723][ T5475] out_of_memory+0xd64/0x1660 [ 145.832494][ T5475] ? oom_killer_disable+0x2b0/0x2b0 [pid 5488] <... symlink resumed>) = 0 [pid 5488] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5488] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5488] write(3, "1000", 4) = 4 [ 145.837789][ T5475] mem_cgroup_out_of_memory+0x206/0x270 [ 145.843419][ T5475] ? mem_cgroup_margin+0x130/0x130 [ 145.848636][ T5475] memory_max_write+0x2f9/0x3c0 [ 145.853571][ T5475] ? mem_cgroup_force_empty_write+0x160/0x160 [ 145.859730][ T5475] ? lock_sync+0x190/0x190 [ 145.864230][ T5475] cgroup_file_write+0x1e2/0x7b0 [ 145.869263][ T5475] ? mem_cgroup_force_empty_write+0x160/0x160 [ 145.875415][ T5475] ? kill_css+0x3b0/0x3b0 [ 145.879827][ T5475] ? lock_acquire+0x32/0xc0 [ 145.884411][ T5475] ? kill_css+0x3b0/0x3b0 [pid 5488] close(3) = 0 [pid 5488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5488] mkdir("./file0", 000) = 0 [pid 5488] open("./file0", O_RDONLY) = 3 [pid 5488] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 145.888830][ T5475] kernfs_fop_write_iter+0x3f1/0x600 [ 145.894292][ T5475] vfs_write+0x9ed/0xe10 [ 145.898630][ T5475] ? kernel_write+0x670/0x670 [ 145.903404][ T5475] ? find_held_lock+0x2d/0x110 [ 145.908252][ T5475] ? __fget_light+0x20a/0x270 [ 145.913016][ T5475] ksys_write+0x12b/0x250 [ 145.917437][ T5475] ? __ia32_sys_read+0xb0/0xb0 [ 145.922293][ T5475] ? lockdep_hardirqs_on+0x7d/0x100 [ 145.927553][ T5475] ? _raw_spin_unlock_irq+0x2e/0x50 [ 145.932824][ T5475] ? ptrace_notify+0xfe/0x140 [ 145.937580][ T5475] do_syscall_64+0x39/0xb0 [pid 5488] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5488] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5488] openat(5, "memory.max", O_RDWR) = 6 [ 145.942091][ T5475] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 145.948083][ T5475] RIP: 0033:0x7faecf034129 [ 145.952554][ T5475] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 145.972253][ T5475] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 145.980739][ T5475] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5488] write(6, "0x000000000000040e", 18 [pid 5470] close(3) = 0 [pid 5470] close(4) = 0 [pid 5470] close(5) = 0 [pid 5470] close(6) = 0 [pid 5470] close(7) = -1 EBADF (Bad file descriptor) [pid 5470] close(8) = -1 EBADF (Bad file descriptor) [pid 5470] close(9) = -1 EBADF (Bad file descriptor) [pid 5470] close(10) = -1 EBADF (Bad file descriptor) [pid 5470] close(11) = -1 EBADF (Bad file descriptor) [pid 5470] close(12) = -1 EBADF (Bad file descriptor) [pid 5470] close(13) = -1 EBADF (Bad file descriptor) [pid 5470] close(14) = -1 EBADF (Bad file descriptor) [pid 5470] close(15) = -1 EBADF (Bad file descriptor) [pid 5470] close(16) = -1 EBADF (Bad file descriptor) [pid 5470] close(17) = -1 EBADF (Bad file descriptor) [pid 5470] close(18) = -1 EBADF (Bad file descriptor) [pid 5470] close(19) = -1 EBADF (Bad file descriptor) [pid 5470] close(20) = -1 EBADF (Bad file descriptor) [pid 5470] close(21) = -1 EBADF (Bad file descriptor) [pid 5470] close(22) = -1 EBADF (Bad file descriptor) [pid 5470] close(23) = -1 EBADF (Bad file descriptor) [pid 5470] close(24) = -1 EBADF (Bad file descriptor) [pid 5470] close(25) = -1 EBADF (Bad file descriptor) [pid 5470] close(26) = -1 EBADF (Bad file descriptor) [pid 5470] close(27) = -1 EBADF (Bad file descriptor) [pid 5470] close(28) = -1 EBADF (Bad file descriptor) [pid 5470] close(29) = -1 EBADF (Bad file descriptor) [pid 5470] exit_group(0) = ? [pid 5470] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./16/binderfs") = 0 [pid 5087] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./16/cgroup") = 0 [pid 5087] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./16/cgroup.net") = 0 [ 145.988774][ T5475] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 145.996812][ T5475] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 146.004844][ T5475] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 146.012878][ T5475] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000e [ 146.020940][ T5475] [ 146.046545][ T5475] memory: usage 8kB, limit 0kB, failcnt 36 [ 146.053154][ T5475] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 146.060070][ T5475] Memory cgroup stats for /syz1: [ 146.060378][ T5475] anon 0 [ 146.060378][ T5475] file 0 [ 146.060378][ T5475] kernel 8192 [ 146.060378][ T5475] kernel_stack 0 [ 146.060378][ T5475] pagetables 0 [ 146.060378][ T5475] sec_pagetables 0 [ 146.060378][ T5475] percpu 0 [ 146.060378][ T5475] sock 0 [ 146.060378][ T5475] vmalloc 0 [ 146.060378][ T5475] shmem 0 [ 146.060378][ T5475] zswap 0 [ 146.060378][ T5475] zswapped 0 [ 146.060378][ T5475] file_mapped 0 [ 146.060378][ T5475] file_dirty 0 [ 146.060378][ T5475] file_writeback 0 [ 146.060378][ T5475] swapcached 0 [ 146.060378][ T5475] anon_thp 0 [ 146.060378][ T5475] file_thp 0 [ 146.060378][ T5475] shmem_thp 0 [ 146.060378][ T5475] inactive_anon 0 [ 146.060378][ T5475] active_anon 0 [ 146.060378][ T5475] inactive_file 0 [ 146.060378][ T5475] active_file 0 [ 146.060378][ T5475] unevictable 0 [ 146.060378][ T5475] slab_reclaimable 6752 [ 146.060378][ T5475] slab_unreclaimable 0 [ 146.060378][ T5475] slab 6752 [ 146.060378][ T5475] workingset_refault_anon 0 [ 146.060378][ T5475] workingset_refault_file 0 [ 146.060378][ T5475] workingset_activate_anon 0 [ 146.060378][ T5475] workingset_activate_file 0 [ 146.060378][ T5475] workingset_restore_anon 0 [ 146.060378][ T5475] workingset_restore_file 0 [ 146.060378][ T5475] workingset_nodereclaim 0 [ 146.060378][ T5475] pgscan 831 [ 146.060378][ T5475] pgsteal 2 [ 146.060378][ T5475] pgscan_kswapd 0 [ 146.060378][ T5475] pgscan_direct 831 [pid 5087] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./16/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./16/file0") = 0 [pid 5087] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./16/cgroup.cpu") = 0 [ 146.060378][ T5475] pgscan_khugepaged 0 [ 146.060378][ T5475] pgsteal_kswapd 0 [ 146.060378][ T5475] pgsteal_direct 2 [ 146.060378][ T5475] pgsteal_khugepaged 0 [ 146.060378][ T5475] pgfault 21 [ 146.060378][ T5475] pgmajfault 0 [ 146.060378][ T5475] pgrefill 830 [ 146.060378][ T5475] pgactivate 829 [ 146.060378][ T5475] pgdeactivate 830 [ 146.060378][ T5475] pglazyfree 0 [ 146.060378][ T5475] pglazyfreed 0 [ 146.060378][ T5475] zswpin 0 [ 146.060378][ T5475] zswpout 0 [ 146.060378][ T5475] thp_fault_alloc 0 [ 146.060378][ T5475] thp_collapse_alloc 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./16") = 0 [pid 5087] mkdir("./17", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5494 attached [pid 5494] chdir("./17" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 19 [pid 5494] <... chdir resumed>) = 0 [pid 5494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5494] setpgid(0, 0) = 0 [pid 5494] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5494] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5494] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5494] write(3, "1000", 4) = 4 [pid 5494] close(3) = 0 [pid 5494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5494] mkdir("./file0", 000) = 0 [pid 5494] open("./file0", O_RDONLY) = 3 [pid 5494] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5494] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5494] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5494] openat(5, "memory.max", O_RDWR) = 6 [pid 5494] write(6, "0x000000000000040e", 18 [pid 5475] <... write resumed>) = 18 [pid 5475] close(3) = 0 [pid 5475] close(4) = 0 [pid 5475] close(5) = 0 [pid 5475] close(6) = 0 [pid 5475] close(7) = -1 EBADF (Bad file descriptor) [pid 5475] close(8) = -1 EBADF (Bad file descriptor) [pid 5475] close(9) = -1 EBADF (Bad file descriptor) [pid 5475] close(10) = -1 EBADF (Bad file descriptor) [pid 5475] close(11) = -1 EBADF (Bad file descriptor) [ 146.367213][ T5475] Tasks state (memory values in pages): [ 146.375060][ T5475] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 146.387258][ T5475] Out of memory and no killable processes... [ 146.395860][ T5477] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 146.430728][ T5477] CPU: 1 PID: 5477 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 146.440725][ T5477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 146.450836][ T5477] Call Trace: [ 146.454167][ T5477] [ 146.457135][ T5477] dump_stack_lvl+0x136/0x150 [ 146.461894][ T5477] dump_header+0x10a/0xd70 [ 146.466366][ T5477] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 146.472527][ T5477] out_of_memory+0xd64/0x1660 [ 146.477285][ T5477] ? oom_killer_disable+0x2b0/0x2b0 [ 146.482567][ T5477] mem_cgroup_out_of_memory+0x206/0x270 [ 146.488198][ T5477] ? mem_cgroup_margin+0x130/0x130 [ 146.493407][ T5477] memory_max_write+0x2f9/0x3c0 [ 146.498348][ T5477] ? mem_cgroup_force_empty_write+0x160/0x160 [ 146.504504][ T5477] ? lock_sync+0x190/0x190 [ 146.508992][ T5477] cgroup_file_write+0x1e2/0x7b0 [ 146.514011][ T5477] ? mem_cgroup_force_empty_write+0x160/0x160 [ 146.520157][ T5477] ? kill_css+0x3b0/0x3b0 [ 146.524554][ T5477] ? lock_acquire+0x32/0xc0 [ 146.529113][ T5477] ? kill_css+0x3b0/0x3b0 [ 146.533491][ T5477] kernfs_fop_write_iter+0x3f1/0x600 [ 146.538825][ T5477] vfs_write+0x9ed/0xe10 [ 146.543131][ T5477] ? kernel_write+0x670/0x670 [ 146.547862][ T5477] ? find_held_lock+0x2d/0x110 [ 146.552686][ T5477] ? __fget_light+0x20a/0x270 [ 146.557413][ T5477] ksys_write+0x12b/0x250 [ 146.561794][ T5477] ? __ia32_sys_read+0xb0/0xb0 [ 146.566596][ T5477] ? lockdep_hardirqs_on+0x7d/0x100 [ 146.571834][ T5477] ? _raw_spin_unlock_irq+0x2e/0x50 [ 146.577093][ T5477] ? ptrace_notify+0xfe/0x140 [ 146.581828][ T5477] do_syscall_64+0x39/0xb0 [ 146.586296][ T5477] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 146.592227][ T5477] RIP: 0033:0x7faecf034129 [ 146.596669][ T5477] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 146.616305][ T5477] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 146.624755][ T5477] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 146.632752][ T5477] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 146.640752][ T5477] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 146.648748][ T5477] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 146.656744][ T5477] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000012 [ 146.664760][ T5477] [pid 5475] close(12) = -1 EBADF (Bad file descriptor) [pid 5475] close(13) = -1 EBADF (Bad file descriptor) [pid 5475] close(14) = -1 EBADF (Bad file descriptor) [pid 5475] close(15) = -1 EBADF (Bad file descriptor) [pid 5475] close(16) = -1 EBADF (Bad file descriptor) [pid 5475] close(17) = -1 EBADF (Bad file descriptor) [pid 5475] close(18) = -1 EBADF (Bad file descriptor) [pid 5475] close(19) = -1 EBADF (Bad file descriptor) [pid 5475] close(20) = -1 EBADF (Bad file descriptor) [pid 5475] close(21) = -1 EBADF (Bad file descriptor) [pid 5475] close(22) = -1 EBADF (Bad file descriptor) [pid 5475] close(23) = -1 EBADF (Bad file descriptor) [pid 5475] close(24) = -1 EBADF (Bad file descriptor) [pid 5475] close(25) = -1 EBADF (Bad file descriptor) [pid 5475] close(26) = -1 EBADF (Bad file descriptor) [pid 5475] close(27) = -1 EBADF (Bad file descriptor) [pid 5475] close(28) = -1 EBADF (Bad file descriptor) [pid 5475] close(29) = -1 EBADF (Bad file descriptor) [pid 5475] exit_group(0) = ? [pid 5475] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 146.681827][ T5477] memory: usage 8kB, limit 0kB, failcnt 36 [ 146.688509][ T5477] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 146.711840][ T5477] Memory cgroup stats for /syz1: [ 146.712263][ T5477] anon 0 [ 146.712263][ T5477] file 0 [ 146.712263][ T5477] kernel 8192 [ 146.712263][ T5477] kernel_stack 0 [pid 5085] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./14/binderfs") = 0 [pid 5085] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./14/cgroup") = 0 [ 146.712263][ T5477] pagetables 0 [ 146.712263][ T5477] sec_pagetables 0 [ 146.712263][ T5477] percpu 0 [ 146.712263][ T5477] sock 0 [ 146.712263][ T5477] vmalloc 0 [ 146.712263][ T5477] shmem 0 [ 146.712263][ T5477] zswap 0 [ 146.712263][ T5477] zswapped 0 [ 146.712263][ T5477] file_mapped 0 [ 146.712263][ T5477] file_dirty 0 [ 146.712263][ T5477] file_writeback 0 [ 146.712263][ T5477] swapcached 0 [ 146.712263][ T5477] anon_thp 0 [ 146.712263][ T5477] file_thp 0 [ 146.712263][ T5477] shmem_thp 0 [ 146.712263][ T5477] inactive_anon 0 [ 146.712263][ T5477] active_anon 0 [ 146.712263][ T5477] inactive_file 0 [ 146.712263][ T5477] active_file 0 [ 146.712263][ T5477] unevictable 0 [ 146.712263][ T5477] slab_reclaimable 6752 [ 146.712263][ T5477] slab_unreclaimable 0 [ 146.712263][ T5477] slab 6752 [ 146.712263][ T5477] workingset_refault_anon 0 [ 146.712263][ T5477] workingset_refault_file 0 [ 146.712263][ T5477] workingset_activate_anon 0 [ 146.712263][ T5477] workingset_activate_file 0 [ 146.712263][ T5477] workingset_restore_anon 0 [ 146.712263][ T5477] workingset_restore_file 0 [ 146.712263][ T5477] workingset_nodereclaim 0 [ 146.712263][ T5477] pgscan 831 [ 146.712263][ T5477] pgsteal 2 [ 146.712263][ T5477] pgscan_kswapd 0 [ 146.712263][ T5477] pgscan_direct 831 [ 146.712263][ T5477] pgscan_khugepaged 0 [ 146.712263][ T5477] pgsteal_kswapd 0 [ 146.712263][ T5477] pgsteal_direct 2 [ 146.712263][ T5477] pgsteal_khugepaged 0 [ 146.712263][ T5477] pgfault 21 [ 146.712263][ T5477] pgmajfault 0 [ 146.712263][ T5477] pgrefill 830 [ 146.712263][ T5477] pgactivate 829 [ 146.712263][ T5477] pgdeactivate 830 [ 146.712263][ T5477] pglazyfree 0 [pid 5085] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./14/cgroup.net") = 0 [pid 5085] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./14/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./14/file0") = 0 [pid 5085] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./14/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./14") = 0 [pid 5085] mkdir("./15", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5498 attached [pid 5498] chdir("./15" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 17 [pid 5498] <... chdir resumed>) = 0 [pid 5498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5498] setpgid(0, 0) = 0 [pid 5498] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5498] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [ 146.712263][ T5477] pglazyfreed 0 [ 146.712263][ T5477] zswpin 0 [ 146.712263][ T5477] zswpout 0 [ 146.712263][ T5477] thp_fault_alloc 0 [ 146.712263][ T5477] thp_collapse_alloc 0 [pid 5498] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5498] write(3, "1000", 4) = 4 [pid 5498] close(3) = 0 [pid 5498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5498] mkdir("./file0", 000) = 0 [pid 5498] open("./file0", O_RDONLY) = 3 [pid 5498] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5498] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5498] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5498] openat(5, "memory.max", O_RDWR) = 6 [ 147.001428][ T5477] Tasks state (memory values in pages): [ 147.011471][ T5477] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 147.037652][ T5477] Out of memory and no killable processes... [pid 5498] write(6, "0x000000000000040e", 18 [pid 5477] <... write resumed>) = 18 [pid 5477] close(3) = 0 [pid 5477] close(4) = 0 [pid 5477] close(5) = 0 [pid 5477] close(6) = 0 [pid 5477] close(7) = -1 EBADF (Bad file descriptor) [ 147.046000][ T5481] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5477] close(8) = -1 EBADF (Bad file descriptor) [pid 5477] close(9) = -1 EBADF (Bad file descriptor) [pid 5477] close(10) = -1 EBADF (Bad file descriptor) [pid 5477] close(11) = -1 EBADF (Bad file descriptor) [pid 5477] close(12) = -1 EBADF (Bad file descriptor) [pid 5477] close(13) = -1 EBADF (Bad file descriptor) [pid 5477] close(14) = -1 EBADF (Bad file descriptor) [pid 5477] close(15) = -1 EBADF (Bad file descriptor) [pid 5477] close(16) = -1 EBADF (Bad file descriptor) [pid 5477] close(17) = -1 EBADF (Bad file descriptor) [pid 5477] close(18) = -1 EBADF (Bad file descriptor) [pid 5477] close(19) = -1 EBADF (Bad file descriptor) [pid 5477] close(20) = -1 EBADF (Bad file descriptor) [ 147.072083][ T5481] CPU: 0 PID: 5481 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 147.082093][ T5481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 147.092216][ T5481] Call Trace: [ 147.095548][ T5481] [ 147.098527][ T5481] dump_stack_lvl+0x136/0x150 [ 147.103300][ T5481] dump_header+0x10a/0xd70 [ 147.107791][ T5481] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 147.113980][ T5481] out_of_memory+0xd64/0x1660 [pid 5477] close(21) = -1 EBADF (Bad file descriptor) [pid 5477] close(22) = -1 EBADF (Bad file descriptor) [pid 5477] close(23) = -1 EBADF (Bad file descriptor) [pid 5477] close(24) = -1 EBADF (Bad file descriptor) [pid 5477] close(25) = -1 EBADF (Bad file descriptor) [pid 5477] close(26) = -1 EBADF (Bad file descriptor) [pid 5477] close(27) = -1 EBADF (Bad file descriptor) [pid 5477] close(28) = -1 EBADF (Bad file descriptor) [pid 5477] close(29) = -1 EBADF (Bad file descriptor) [ 147.118743][ T5481] ? oom_killer_disable+0x2b0/0x2b0 [ 147.124036][ T5481] mem_cgroup_out_of_memory+0x206/0x270 [ 147.129666][ T5481] ? mem_cgroup_margin+0x130/0x130 [ 147.134878][ T5481] memory_max_write+0x2f9/0x3c0 [ 147.139813][ T5481] ? mem_cgroup_force_empty_write+0x160/0x160 [ 147.145986][ T5481] ? lock_sync+0x190/0x190 [ 147.150479][ T5481] cgroup_file_write+0x1e2/0x7b0 [ 147.155496][ T5481] ? mem_cgroup_force_empty_write+0x160/0x160 [ 147.161661][ T5481] ? kill_css+0x3b0/0x3b0 [ 147.166084][ T5481] ? lock_acquire+0x32/0xc0 [ 147.170669][ T5481] ? kill_css+0x3b0/0x3b0 [ 147.175070][ T5481] kernfs_fop_write_iter+0x3f1/0x600 [ 147.180445][ T5481] vfs_write+0x9ed/0xe10 [ 147.184775][ T5481] ? kernel_write+0x670/0x670 [ 147.189546][ T5481] ? find_held_lock+0x2d/0x110 [ 147.194384][ T5481] ? __fget_light+0x20a/0x270 [ 147.199204][ T5481] ksys_write+0x12b/0x250 [ 147.203599][ T5481] ? __ia32_sys_read+0xb0/0xb0 [ 147.208412][ T5481] ? lockdep_hardirqs_on+0x7d/0x100 [ 147.213650][ T5481] ? _raw_spin_unlock_irq+0x2e/0x50 [ 147.218893][ T5481] ? ptrace_notify+0xfe/0x140 [ 147.223611][ T5481] do_syscall_64+0x39/0xb0 [ 147.228075][ T5481] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 147.234011][ T5481] RIP: 0033:0x7faecf034129 [ 147.238453][ T5481] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 147.258106][ T5481] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5477] exit_group(0) = ? [pid 5477] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./18/binderfs") = 0 [pid 5090] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./18/cgroup") = 0 [pid 5090] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./18/cgroup.net") = 0 [ 147.266553][ T5481] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 147.274555][ T5481] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 147.282551][ T5481] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 147.290548][ T5481] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 147.298543][ T5481] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000f [ 147.306564][ T5481] [ 147.315060][ T5481] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5090] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./18/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./18/file0") = 0 [pid 5090] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./18/cgroup.cpu") = 0 [ 147.320955][ T5481] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 147.328152][ T5481] Memory cgroup stats for /syz1: [ 147.328435][ T5481] anon 0 [ 147.328435][ T5481] file 0 [ 147.328435][ T5481] kernel 8192 [ 147.328435][ T5481] kernel_stack 0 [ 147.328435][ T5481] pagetables 0 [ 147.328435][ T5481] sec_pagetables 0 [ 147.328435][ T5481] percpu 0 [ 147.328435][ T5481] sock 0 [ 147.328435][ T5481] vmalloc 0 [ 147.328435][ T5481] shmem 0 [ 147.328435][ T5481] zswap 0 [ 147.328435][ T5481] zswapped 0 [ 147.328435][ T5481] file_mapped 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./18") = 0 [pid 5090] mkdir("./19", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5503 attached [pid 5503] chdir("./19" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 21 [pid 5503] <... chdir resumed>) = 0 [pid 5503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5503] setpgid(0, 0) = 0 [pid 5503] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5503] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5503] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5503] write(3, "1000", 4) = 4 [pid 5503] close(3) = 0 [pid 5503] symlink("/dev/binderfs", "./binderfs") = 0 [ 147.328435][ T5481] file_dirty 0 [ 147.328435][ T5481] file_writeback 0 [ 147.328435][ T5481] swapcached 0 [ 147.328435][ T5481] anon_thp 0 [ 147.328435][ T5481] file_thp 0 [ 147.328435][ T5481] shmem_thp 0 [ 147.328435][ T5481] inactive_anon 0 [ 147.328435][ T5481] active_anon 0 [ 147.328435][ T5481] inactive_file 0 [ 147.328435][ T5481] active_file 0 [ 147.328435][ T5481] unevictable 0 [ 147.328435][ T5481] slab_reclaimable 6752 [ 147.328435][ T5481] slab_unreclaimable 0 [ 147.328435][ T5481] slab 6752 [pid 5503] mkdir("./file0", 000) = 0 [pid 5503] open("./file0", O_RDONLY) = 3 [pid 5503] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5503] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5503] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5503] openat(5, "memory.max", O_RDWR) = 6 [ 147.328435][ T5481] workingset_refault_anon 0 [ 147.328435][ T5481] workingset_refault_file 0 [ 147.328435][ T5481] workingset_activate_anon 0 [ 147.328435][ T5481] workingset_activate_file 0 [ 147.328435][ T5481] workingset_restore_anon 0 [ 147.328435][ T5481] workingset_restore_file 0 [ 147.328435][ T5481] workingset_nodereclaim 0 [ 147.328435][ T5481] pgscan 831 [ 147.328435][ T5481] pgsteal 2 [ 147.328435][ T5481] pgscan_kswapd 0 [ 147.328435][ T5481] pgscan_direct 831 [ 147.328435][ T5481] pgscan_khugepaged 0 [ 147.328435][ T5481] pgsteal_kswapd 0 [ 147.328435][ T5481] pgsteal_direct 2 [ 147.328435][ T5481] pgsteal_khugepaged 0 [ 147.328435][ T5481] pgfault 21 [ 147.328435][ T5481] pgmajfault 0 [ 147.328435][ T5481] pgrefill 830 [ 147.328435][ T5481] pgactivate 829 [ 147.328435][ T5481] pgdeactivate 830 [ 147.328435][ T5481] pglazyfree 0 [ 147.328435][ T5481] pglazyfreed 0 [ 147.328435][ T5481] zswpin 0 [ 147.328435][ T5481] zswpout 0 [ 147.328435][ T5481] thp_fault_alloc 0 [ 147.328435][ T5481] thp_collapse_alloc 0 [ 147.535328][ T5481] Tasks state (memory values in pages): [ 147.553736][ T5481] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5503] write(6, "0x000000000000040e", 18 [pid 5481] <... write resumed>) = 18 [ 147.580959][ T5481] Out of memory and no killable processes... [ 147.602240][ T5488] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 147.613304][ T5488] CPU: 1 PID: 5488 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 147.623286][ T5488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5481] close(3) = 0 [pid 5481] close(4) = 0 [pid 5481] close(5) = 0 [pid 5481] close(6) = 0 [pid 5481] close(7) = -1 EBADF (Bad file descriptor) [pid 5481] close(8) = -1 EBADF (Bad file descriptor) [pid 5481] close(9) = -1 EBADF (Bad file descriptor) [pid 5481] close(10) = -1 EBADF (Bad file descriptor) [pid 5481] close(11) = -1 EBADF (Bad file descriptor) [pid 5481] close(12) = -1 EBADF (Bad file descriptor) [pid 5481] close(13) = -1 EBADF (Bad file descriptor) [pid 5481] close(14) = -1 EBADF (Bad file descriptor) [pid 5481] close(15) = -1 EBADF (Bad file descriptor) [ 147.633412][ T5488] Call Trace: [ 147.636733][ T5488] [ 147.639705][ T5488] dump_stack_lvl+0x136/0x150 [ 147.644460][ T5488] dump_header+0x10a/0xd70 [ 147.648953][ T5488] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 147.655127][ T5488] out_of_memory+0xd64/0x1660 [ 147.659909][ T5488] ? oom_killer_disable+0x2b0/0x2b0 [ 147.665199][ T5488] ? find_held_lock+0x2d/0x110 [ 147.670071][ T5488] mem_cgroup_out_of_memory+0x206/0x270 [ 147.675691][ T5488] ? mem_cgroup_margin+0x130/0x130 [ 147.680856][ T5488] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 147.686722][ T5488] memory_max_write+0x2f9/0x3c0 [ 147.691637][ T5488] ? mem_cgroup_force_empty_write+0x160/0x160 [ 147.697752][ T5488] ? lock_sync+0x190/0x190 [ 147.702216][ T5488] cgroup_file_write+0x1e2/0x7b0 [ 147.707197][ T5488] ? mem_cgroup_force_empty_write+0x160/0x160 [ 147.713306][ T5488] ? kill_css+0x3b0/0x3b0 [ 147.717682][ T5488] ? lock_acquire+0x32/0xc0 [ 147.722240][ T5488] ? kill_css+0x3b0/0x3b0 [ 147.726613][ T5488] kernfs_fop_write_iter+0x3f1/0x600 [ 147.731948][ T5488] vfs_write+0x9ed/0xe10 [ 147.736252][ T5488] ? kernel_write+0x670/0x670 [ 147.740974][ T5488] ? find_held_lock+0x2d/0x110 [ 147.745778][ T5488] ? __fget_light+0x20a/0x270 [ 147.750502][ T5488] ksys_write+0x12b/0x250 [ 147.754873][ T5488] ? __ia32_sys_read+0xb0/0xb0 [ 147.759683][ T5488] ? lockdep_hardirqs_on+0x7d/0x100 [ 147.765024][ T5488] ? _raw_spin_unlock_irq+0x2e/0x50 [ 147.770299][ T5488] ? ptrace_notify+0xfe/0x140 [ 147.775050][ T5488] do_syscall_64+0x39/0xb0 [ 147.779527][ T5488] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 147.785464][ T5488] RIP: 0033:0x7faecf034129 [ 147.789905][ T5488] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 147.809544][ T5488] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 147.817987][ T5488] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 147.825983][ T5488] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5481] close(16) = -1 EBADF (Bad file descriptor) [pid 5481] close(17) = -1 EBADF (Bad file descriptor) [pid 5481] close(18) = -1 EBADF (Bad file descriptor) [pid 5481] close(19) = -1 EBADF (Bad file descriptor) [pid 5481] close(20) = -1 EBADF (Bad file descriptor) [pid 5481] close(21) = -1 EBADF (Bad file descriptor) [pid 5481] close(22) = -1 EBADF (Bad file descriptor) [pid 5481] close(23) = -1 EBADF (Bad file descriptor) [pid 5481] close(24) = -1 EBADF (Bad file descriptor) [pid 5481] close(25) = -1 EBADF (Bad file descriptor) [pid 5481] close(26) = -1 EBADF (Bad file descriptor) [pid 5481] close(27) = -1 EBADF (Bad file descriptor) [ 147.833979][ T5488] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 147.841987][ T5488] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 147.849983][ T5488] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000012 [ 147.858014][ T5488] [pid 5481] close(28) = -1 EBADF (Bad file descriptor) [pid 5481] close(29) = -1 EBADF (Bad file descriptor) [pid 5481] exit_group(0) = ? [pid 5481] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./15/binderfs") = 0 [pid 5086] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./15/cgroup") = 0 [pid 5086] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 147.904584][ T5488] memory: usage 8kB, limit 0kB, failcnt 36 [ 147.911847][ T5488] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 147.945479][ T5488] Memory cgroup stats for /syz1: [ 147.945771][ T5488] anon 0 [ 147.945771][ T5488] file 0 [ 147.945771][ T5488] kernel 8192 [ 147.945771][ T5488] kernel_stack 0 [ 147.945771][ T5488] pagetables 0 [ 147.945771][ T5488] sec_pagetables 0 [ 147.945771][ T5488] percpu 0 [ 147.945771][ T5488] sock 0 [ 147.945771][ T5488] vmalloc 0 [ 147.945771][ T5488] shmem 0 [ 147.945771][ T5488] zswap 0 [ 147.945771][ T5488] zswapped 0 [ 147.945771][ T5488] file_mapped 0 [ 147.945771][ T5488] file_dirty 0 [ 147.945771][ T5488] file_writeback 0 [ 147.945771][ T5488] swapcached 0 [ 147.945771][ T5488] anon_thp 0 [ 147.945771][ T5488] file_thp 0 [ 147.945771][ T5488] shmem_thp 0 [ 147.945771][ T5488] inactive_anon 0 [ 147.945771][ T5488] active_anon 0 [ 147.945771][ T5488] inactive_file 0 [ 147.945771][ T5488] active_file 0 [ 147.945771][ T5488] unevictable 0 [ 147.945771][ T5488] slab_reclaimable 6752 [ 147.945771][ T5488] slab_unreclaimable 0 [ 147.945771][ T5488] slab 6752 [ 147.945771][ T5488] workingset_refault_anon 0 [ 147.945771][ T5488] workingset_refault_file 0 [ 147.945771][ T5488] workingset_activate_anon 0 [ 147.945771][ T5488] workingset_activate_file 0 [ 147.945771][ T5488] workingset_restore_anon 0 [ 147.945771][ T5488] workingset_restore_file 0 [ 147.945771][ T5488] workingset_nodereclaim 0 [ 147.945771][ T5488] pgscan 831 [ 147.945771][ T5488] pgsteal 2 [ 147.945771][ T5488] pgscan_kswapd 0 [ 147.945771][ T5488] pgscan_direct 831 [ 147.945771][ T5488] pgscan_khugepaged 0 [ 147.945771][ T5488] pgsteal_kswapd 0 [ 147.945771][ T5488] pgsteal_direct 2 [ 147.945771][ T5488] pgsteal_khugepaged 0 [pid 5086] unlink("./15/cgroup.net") = 0 [pid 5086] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./15/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [ 147.945771][ T5488] pgfault 21 [ 147.945771][ T5488] pgmajfault 0 [ 147.945771][ T5488] pgrefill 830 [ 147.945771][ T5488] pgactivate 829 [ 147.945771][ T5488] pgdeactivate 830 [ 147.945771][ T5488] pglazyfree 0 [ 147.945771][ T5488] pglazyfreed 0 [ 147.945771][ T5488] zswpin 0 [ 147.945771][ T5488] zswpout 0 [ 147.945771][ T5488] thp_fault_alloc 0 [ 147.945771][ T5488] thp_collapse_alloc 0 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./15/file0") = 0 [pid 5086] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./15/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./15") = 0 [pid 5086] mkdir("./16", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5506 attached , child_tidptr=0x555555c0c5d0) = 18 [pid 5506] chdir("./16") = 0 [pid 5506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5506] setpgid(0, 0) = 0 [pid 5506] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5506] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5506] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5506] write(3, "1000", 4) = 4 [pid 5506] close(3) = 0 [pid 5506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5506] mkdir("./file0", 000) = 0 [pid 5506] open("./file0", O_RDONLY) = 3 [pid 5506] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5506] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5506] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5506] openat(5, "memory.max", O_RDWR) = 6 [ 148.227530][ T5488] Tasks state (memory values in pages): [ 148.250066][ T5488] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5506] write(6, "0x000000000000040e", 18 [pid 5488] <... write resumed>) = 18 [pid 5488] close(3) = 0 [pid 5488] close(4) = 0 [pid 5488] close(5) = 0 [ 148.277554][ T5488] Out of memory and no killable processes... [ 148.301552][ T5494] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5488] close(6) = 0 [pid 5488] close(7) = -1 EBADF (Bad file descriptor) [pid 5488] close(8) = -1 EBADF (Bad file descriptor) [pid 5488] close(9) = -1 EBADF (Bad file descriptor) [pid 5488] close(10) = -1 EBADF (Bad file descriptor) [pid 5488] close(11) = -1 EBADF (Bad file descriptor) [pid 5488] close(12) = -1 EBADF (Bad file descriptor) [pid 5488] close(13) = -1 EBADF (Bad file descriptor) [pid 5488] close(14) = -1 EBADF (Bad file descriptor) [pid 5488] close(15) = -1 EBADF (Bad file descriptor) [pid 5488] close(16) = -1 EBADF (Bad file descriptor) [pid 5488] close(17) = -1 EBADF (Bad file descriptor) [pid 5488] close(18) = -1 EBADF (Bad file descriptor) [pid 5488] close(19) = -1 EBADF (Bad file descriptor) [pid 5488] close(20) = -1 EBADF (Bad file descriptor) [pid 5488] close(21) = -1 EBADF (Bad file descriptor) [pid 5488] close(22) = -1 EBADF (Bad file descriptor) [pid 5488] close(23) = -1 EBADF (Bad file descriptor) [pid 5488] close(24) = -1 EBADF (Bad file descriptor) [pid 5488] close(25) = -1 EBADF (Bad file descriptor) [pid 5488] close(26) = -1 EBADF (Bad file descriptor) [pid 5488] close(27) = -1 EBADF (Bad file descriptor) [pid 5488] close(28) = -1 EBADF (Bad file descriptor) [pid 5488] close(29) = -1 EBADF (Bad file descriptor) [pid 5488] exit_group(0) = ? [pid 5488] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 148.321741][ T5494] CPU: 0 PID: 5494 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 148.331728][ T5494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 148.341839][ T5494] Call Trace: [ 148.345162][ T5494] [ 148.348136][ T5494] dump_stack_lvl+0x136/0x150 [ 148.352886][ T5494] dump_header+0x10a/0xd70 [ 148.357368][ T5494] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 148.363529][ T5494] out_of_memory+0xd64/0x1660 [ 148.368287][ T5494] ? oom_killer_disable+0x2b0/0x2b0 [pid 5089] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./18/binderfs") = 0 [pid 5089] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./18/cgroup") = 0 [pid 5089] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 148.373572][ T5494] mem_cgroup_out_of_memory+0x206/0x270 [ 148.379195][ T5494] ? mem_cgroup_margin+0x130/0x130 [ 148.384425][ T5494] memory_max_write+0x2f9/0x3c0 [ 148.389364][ T5494] ? mem_cgroup_force_empty_write+0x160/0x160 [ 148.395515][ T5494] ? lock_sync+0x190/0x190 [ 148.400012][ T5494] cgroup_file_write+0x1e2/0x7b0 [ 148.405037][ T5494] ? mem_cgroup_force_empty_write+0x160/0x160 [ 148.411182][ T5494] ? kill_css+0x3b0/0x3b0 [ 148.415584][ T5494] ? lock_acquire+0x32/0xc0 [ 148.420149][ T5494] ? kill_css+0x3b0/0x3b0 [ 148.424531][ T5494] kernfs_fop_write_iter+0x3f1/0x600 [ 148.429876][ T5494] vfs_write+0x9ed/0xe10 [ 148.434169][ T5494] ? kernel_write+0x670/0x670 [ 148.438893][ T5494] ? find_held_lock+0x2d/0x110 [ 148.443699][ T5494] ? __fget_light+0x20a/0x270 [ 148.448424][ T5494] ksys_write+0x12b/0x250 [ 148.452804][ T5494] ? __ia32_sys_read+0xb0/0xb0 [ 148.457616][ T5494] ? lockdep_hardirqs_on+0x7d/0x100 [ 148.462850][ T5494] ? _raw_spin_unlock_irq+0x2e/0x50 [ 148.468095][ T5494] ? ptrace_notify+0xfe/0x140 [ 148.472813][ T5494] do_syscall_64+0x39/0xb0 [ 148.477275][ T5494] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.483207][ T5494] RIP: 0033:0x7faecf034129 [ 148.487646][ T5494] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 148.507286][ T5494] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 148.515735][ T5494] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5089] unlink("./18/cgroup.net") = 0 [pid 5089] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./18/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 148.523735][ T5494] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 148.531733][ T5494] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 148.539730][ T5494] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 148.547738][ T5494] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000011 [ 148.555775][ T5494] [pid 5089] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./18/file0") = 0 [pid 5089] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./18/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 148.603110][ T5494] memory: usage 8kB, limit 0kB, failcnt 36 [ 148.609767][ T5494] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 148.634127][ T5494] Memory cgroup stats for /syz1: [ 148.636182][ T5494] anon 0 [ 148.636182][ T5494] file 0 [ 148.636182][ T5494] kernel 8192 [ 148.636182][ T5494] kernel_stack 0 [ 148.636182][ T5494] pagetables 0 [ 148.636182][ T5494] sec_pagetables 0 [ 148.636182][ T5494] percpu 0 [ 148.636182][ T5494] sock 0 [ 148.636182][ T5494] vmalloc 0 [ 148.636182][ T5494] shmem 0 [ 148.636182][ T5494] zswap 0 [ 148.636182][ T5494] zswapped 0 [ 148.636182][ T5494] file_mapped 0 [ 148.636182][ T5494] file_dirty 0 [ 148.636182][ T5494] file_writeback 0 [ 148.636182][ T5494] swapcached 0 [ 148.636182][ T5494] anon_thp 0 [ 148.636182][ T5494] file_thp 0 [ 148.636182][ T5494] shmem_thp 0 [ 148.636182][ T5494] inactive_anon 0 [pid 5089] close(3) = 0 [ 148.636182][ T5494] active_anon 0 [ 148.636182][ T5494] inactive_file 0 [ 148.636182][ T5494] active_file 0 [ 148.636182][ T5494] unevictable 0 [ 148.636182][ T5494] slab_reclaimable 6752 [ 148.636182][ T5494] slab_unreclaimable 0 [ 148.636182][ T5494] slab 6752 [ 148.636182][ T5494] workingset_refault_anon 0 [ 148.636182][ T5494] workingset_refault_file 0 [ 148.636182][ T5494] workingset_activate_anon 0 [ 148.636182][ T5494] workingset_activate_file 0 [ 148.636182][ T5494] workingset_restore_anon 0 [ 148.636182][ T5494] workingset_restore_file 0 [ 148.636182][ T5494] workingset_nodereclaim 0 [ 148.636182][ T5494] pgscan 831 [ 148.636182][ T5494] pgsteal 2 [ 148.636182][ T5494] pgscan_kswapd 0 [ 148.636182][ T5494] pgscan_direct 831 [ 148.636182][ T5494] pgscan_khugepaged 0 [ 148.636182][ T5494] pgsteal_kswapd 0 [ 148.636182][ T5494] pgsteal_direct 2 [ 148.636182][ T5494] pgsteal_khugepaged 0 [ 148.636182][ T5494] pgfault 21 [ 148.636182][ T5494] pgmajfault 0 [ 148.636182][ T5494] pgrefill 830 [ 148.636182][ T5494] pgactivate 829 [ 148.636182][ T5494] pgdeactivate 830 [pid 5089] rmdir("./18") = 0 [pid 5089] mkdir("./19", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5510 attached [pid 5510] chdir("./19" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 21 [pid 5510] <... chdir resumed>) = 0 [ 148.636182][ T5494] pglazyfree 0 [ 148.636182][ T5494] pglazyfreed 0 [ 148.636182][ T5494] zswpin 0 [ 148.636182][ T5494] zswpout 0 [ 148.636182][ T5494] thp_fault_alloc 0 [ 148.636182][ T5494] thp_collapse_alloc 0 [ 148.836599][ T5494] Tasks state (memory values in pages): [ 148.842814][ T5494] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5510] setpgid(0, 0) = 0 [pid 5510] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5510] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5510] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5494] <... write resumed>) = 18 [pid 5510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 148.853087][ T5494] Out of memory and no killable processes... [ 148.872940][ T5498] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 148.886410][ T5498] CPU: 1 PID: 5498 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 148.896390][ T5498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 148.906503][ T5498] Call Trace: [ 148.909835][ T5498] [ 148.912812][ T5498] dump_stack_lvl+0x136/0x150 [ 148.917569][ T5498] dump_header+0x10a/0xd70 [ 148.922050][ T5498] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 148.928206][ T5498] out_of_memory+0xd64/0x1660 [ 148.932970][ T5498] ? oom_killer_disable+0x2b0/0x2b0 [ 148.938249][ T5498] mem_cgroup_out_of_memory+0x206/0x270 [ 148.943870][ T5498] ? mem_cgroup_margin+0x130/0x130 [ 148.949102][ T5498] memory_max_write+0x2f9/0x3c0 [ 148.954035][ T5498] ? mem_cgroup_force_empty_write+0x160/0x160 [ 148.960182][ T5498] ? lock_sync+0x190/0x190 [ 148.964667][ T5498] cgroup_file_write+0x1e2/0x7b0 [ 148.969679][ T5498] ? mem_cgroup_force_empty_write+0x160/0x160 [ 148.975847][ T5498] ? kill_css+0x3b0/0x3b0 [ 148.980245][ T5498] ? lock_acquire+0x32/0xc0 [ 148.984836][ T5498] ? kill_css+0x3b0/0x3b0 [ 148.989236][ T5498] kernfs_fop_write_iter+0x3f1/0x600 [ 148.994612][ T5498] vfs_write+0x9ed/0xe10 [ 148.998934][ T5498] ? kernel_write+0x670/0x670 [ 149.003688][ T5498] ? find_held_lock+0x2d/0x110 [ 149.008534][ T5498] ? __fget_light+0x20a/0x270 [ 149.013305][ T5498] ksys_write+0x12b/0x250 [ 149.017717][ T5498] ? __ia32_sys_read+0xb0/0xb0 [ 149.022576][ T5498] ? lockdep_hardirqs_on+0x7d/0x100 [ 149.027867][ T5498] ? _raw_spin_unlock_irq+0x2e/0x50 [ 149.033142][ T5498] ? ptrace_notify+0xfe/0x140 [ 149.037978][ T5498] do_syscall_64+0x39/0xb0 [ 149.042474][ T5498] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 149.048431][ T5498] RIP: 0033:0x7faecf034129 [ 149.052882][ T5498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 149.072533][ T5498] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 149.080981][ T5498] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 149.089000][ T5498] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 149.097019][ T5498] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5494] close(3 [pid 5510] <... openat resumed>) = 3 [pid 5510] write(3, "1000", 4 [pid 5494] <... close resumed>) = 0 [pid 5510] <... write resumed>) = 4 [pid 5494] close(4 [pid 5510] close(3 [pid 5494] <... close resumed>) = 0 [pid 5510] <... close resumed>) = 0 [pid 5494] close(5 [pid 5510] symlink("/dev/binderfs", "./binderfs" [pid 5494] <... close resumed>) = 0 [pid 5510] <... symlink resumed>) = 0 [pid 5494] close(6 [pid 5510] mkdir("./file0", 000 [pid 5494] <... close resumed>) = 0 [pid 5510] <... mkdir resumed>) = 0 [pid 5510] open("./file0", O_RDONLY [pid 5494] close(7 [pid 5510] <... open resumed>) = 3 [pid 5494] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5510] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5494] close(8 [pid 5510] <... mount resumed>) = 0 [pid 5494] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5510] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5494] close(9 [pid 5510] <... openat resumed>) = 4 [pid 5494] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 149.105016][ T5498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 149.113013][ T5498] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000000f [ 149.121031][ T5498] [pid 5510] openat(4, "syz1", O_RDWR|O_PATH [pid 5494] close(10 [pid 5510] <... openat resumed>) = 5 [pid 5494] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5510] openat(5, "memory.max", O_RDWR [pid 5494] close(11 [pid 5510] <... openat resumed>) = 6 [pid 5510] write(6, "0x000000000000040e", 18 [pid 5494] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5494] close(12) = -1 EBADF (Bad file descriptor) [pid 5494] close(13) = -1 EBADF (Bad file descriptor) [pid 5494] close(14) = -1 EBADF (Bad file descriptor) [pid 5494] close(15) = -1 EBADF (Bad file descriptor) [ 149.159622][ T5498] memory: usage 8kB, limit 0kB, failcnt 36 [ 149.168250][ T5498] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 149.200481][ T5498] Memory cgroup stats for /syz1: [ 149.200726][ T5498] anon 0 [ 149.200726][ T5498] file 0 [ 149.200726][ T5498] kernel 8192 [ 149.200726][ T5498] kernel_stack 0 [ 149.200726][ T5498] pagetables 0 [ 149.200726][ T5498] sec_pagetables 0 [ 149.200726][ T5498] percpu 0 [ 149.200726][ T5498] sock 0 [ 149.200726][ T5498] vmalloc 0 [ 149.200726][ T5498] shmem 0 [ 149.200726][ T5498] zswap 0 [ 149.200726][ T5498] zswapped 0 [ 149.200726][ T5498] file_mapped 0 [ 149.200726][ T5498] file_dirty 0 [ 149.200726][ T5498] file_writeback 0 [ 149.200726][ T5498] swapcached 0 [ 149.200726][ T5498] anon_thp 0 [ 149.200726][ T5498] file_thp 0 [ 149.200726][ T5498] shmem_thp 0 [ 149.200726][ T5498] inactive_anon 0 [ 149.200726][ T5498] active_anon 0 [ 149.200726][ T5498] inactive_file 0 [ 149.200726][ T5498] active_file 0 [ 149.200726][ T5498] unevictable 0 [ 149.200726][ T5498] slab_reclaimable 6752 [ 149.200726][ T5498] slab_unreclaimable 0 [ 149.200726][ T5498] slab 6752 [ 149.200726][ T5498] workingset_refault_anon 0 [ 149.200726][ T5498] workingset_refault_file 0 [ 149.200726][ T5498] workingset_activate_anon 0 [ 149.200726][ T5498] workingset_activate_file 0 [ 149.200726][ T5498] workingset_restore_anon 0 [ 149.200726][ T5498] workingset_restore_file 0 [ 149.200726][ T5498] workingset_nodereclaim 0 [ 149.200726][ T5498] pgscan 831 [ 149.200726][ T5498] pgsteal 2 [ 149.200726][ T5498] pgscan_kswapd 0 [ 149.200726][ T5498] pgscan_direct 831 [ 149.200726][ T5498] pgscan_khugepaged 0 [ 149.200726][ T5498] pgsteal_kswapd 0 [ 149.200726][ T5498] pgsteal_direct 2 [ 149.200726][ T5498] pgsteal_khugepaged 0 [ 149.200726][ T5498] pgfault 21 [ 149.200726][ T5498] pgmajfault 0 [ 149.200726][ T5498] pgrefill 830 [ 149.200726][ T5498] pgactivate 829 [ 149.200726][ T5498] pgdeactivate 830 [ 149.200726][ T5498] pglazyfree 0 [ 149.200726][ T5498] pglazyfreed 0 [ 149.200726][ T5498] zswpin 0 [ 149.200726][ T5498] zswpout 0 [ 149.200726][ T5498] thp_fault_alloc 0 [ 149.200726][ T5498] thp_collapse_alloc 0 [pid 5494] close(16) = -1 EBADF (Bad file descriptor) [pid 5494] close(17) = -1 EBADF (Bad file descriptor) [pid 5494] close(18) = -1 EBADF (Bad file descriptor) [pid 5494] close(19) = -1 EBADF (Bad file descriptor) [pid 5494] close(20) = -1 EBADF (Bad file descriptor) [pid 5494] close(21) = -1 EBADF (Bad file descriptor) [pid 5494] close(22) = -1 EBADF (Bad file descriptor) [pid 5494] close(23) = -1 EBADF (Bad file descriptor) [pid 5494] close(24) = -1 EBADF (Bad file descriptor) [pid 5494] close(25) = -1 EBADF (Bad file descriptor) [pid 5494] close(26) = -1 EBADF (Bad file descriptor) [pid 5494] close(27) = -1 EBADF (Bad file descriptor) [pid 5494] close(28) = -1 EBADF (Bad file descriptor) [pid 5494] close(29) = -1 EBADF (Bad file descriptor) [pid 5494] exit_group(0) = ? [pid 5494] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./17/binderfs") = 0 [pid 5087] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./17/cgroup" [pid 5498] <... write resumed>) = 18 [pid 5087] <... unlink resumed>) = 0 [pid 5498] close(3 [pid 5087] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5498] <... close resumed>) = 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5498] close(4 [pid 5087] lstat("./17/cgroup.net", [pid 5498] <... close resumed>) = 0 [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5498] close(5 [pid 5087] unlink("./17/cgroup.net" [pid 5498] <... close resumed>) = 0 [pid 5087] <... unlink resumed>) = 0 [pid 5498] close(6 [pid 5087] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5498] <... close resumed>) = 0 [pid 5498] close(7) = -1 EBADF (Bad file descriptor) [ 149.542009][ T5498] Tasks state (memory values in pages): [ 149.547796][ T5498] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 149.564455][ T5498] Out of memory and no killable processes... [ 149.570588][ T5503] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 149.604004][ T5503] CPU: 0 PID: 5503 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 149.614083][ T5503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 149.624207][ T5503] Call Trace: [ 149.627529][ T5503] [ 149.630508][ T5503] dump_stack_lvl+0x136/0x150 [ 149.635247][ T5503] dump_header+0x10a/0xd70 [ 149.639700][ T5503] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 149.645824][ T5503] out_of_memory+0xd64/0x1660 [ 149.650552][ T5503] ? oom_killer_disable+0x2b0/0x2b0 [ 149.655802][ T5503] mem_cgroup_out_of_memory+0x206/0x270 [ 149.661420][ T5503] ? mem_cgroup_margin+0x130/0x130 [ 149.666594][ T5503] memory_max_write+0x2f9/0x3c0 [ 149.671493][ T5503] ? mem_cgroup_force_empty_write+0x160/0x160 [ 149.677610][ T5503] ? lock_sync+0x190/0x190 [ 149.682065][ T5503] cgroup_file_write+0x1e2/0x7b0 [ 149.687060][ T5503] ? mem_cgroup_force_empty_write+0x160/0x160 [ 149.693174][ T5503] ? kill_css+0x3b0/0x3b0 [ 149.697548][ T5503] ? lock_acquire+0x32/0xc0 [ 149.702100][ T5503] ? kill_css+0x3b0/0x3b0 [ 149.706489][ T5503] kernfs_fop_write_iter+0x3f1/0x600 [ 149.711844][ T5503] vfs_write+0x9ed/0xe10 [ 149.716145][ T5503] ? kernel_write+0x670/0x670 [ 149.720878][ T5503] ? find_held_lock+0x2d/0x110 [ 149.725681][ T5503] ? __fget_light+0x20a/0x270 [ 149.730405][ T5503] ksys_write+0x12b/0x250 [ 149.734780][ T5503] ? __ia32_sys_read+0xb0/0xb0 [ 149.739586][ T5503] ? lockdep_hardirqs_on+0x7d/0x100 [ 149.744821][ T5503] ? _raw_spin_unlock_irq+0x2e/0x50 [ 149.750083][ T5503] ? ptrace_notify+0xfe/0x140 [ 149.754799][ T5503] do_syscall_64+0x39/0xb0 [ 149.759265][ T5503] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 149.765193][ T5503] RIP: 0033:0x7faecf034129 [ 149.769628][ T5503] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 149.789272][ T5503] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5498] close(8) = -1 EBADF (Bad file descriptor) [pid 5498] close(9) = -1 EBADF (Bad file descriptor) [pid 5498] close(10) = -1 EBADF (Bad file descriptor) [pid 5498] close(11) = -1 EBADF (Bad file descriptor) [pid 5498] close(12) = -1 EBADF (Bad file descriptor) [pid 5498] close(13) = -1 EBADF (Bad file descriptor) [ 149.797718][ T5503] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 149.805733][ T5503] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 149.813758][ T5503] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 149.821759][ T5503] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 149.829764][ T5503] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000013 [ 149.837791][ T5503] [pid 5498] close(14) = -1 EBADF (Bad file descriptor) [pid 5498] close(15 [pid 5087] <... umount2 resumed>) = 0 [pid 5087] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./17/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5087] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5498] close(16 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5087] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5498] close(17 [pid 5087] <... openat resumed>) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./17/file0") = 0 [pid 5087] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./17/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./17") = 0 [pid 5087] mkdir("./18", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 20 [ 149.872223][ T5503] memory: usage 8kB, limit 0kB, failcnt 36 [ 149.878118][ T5503] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 149.888832][ T5503] Memory cgroup stats for /syz1: [ 149.889135][ T5503] anon 0 [ 149.889135][ T5503] file 0 [ 149.889135][ T5503] kernel 8192 [ 149.889135][ T5503] kernel_stack 0 [ 149.889135][ T5503] pagetables 0 [ 149.889135][ T5503] sec_pagetables 0 [ 149.889135][ T5503] percpu 0 [ 149.889135][ T5503] sock 0 [ 149.889135][ T5503] vmalloc 0 [ 149.889135][ T5503] shmem 0 [ 149.889135][ T5503] zswap 0 [ 149.889135][ T5503] zswapped 0 [ 149.889135][ T5503] file_mapped 0 [ 149.889135][ T5503] file_dirty 0 [ 149.889135][ T5503] file_writeback 0 [ 149.889135][ T5503] swapcached 0 [ 149.889135][ T5503] anon_thp 0 [ 149.889135][ T5503] file_thp 0 [ 149.889135][ T5503] shmem_thp 0 [ 149.889135][ T5503] inactive_anon 0 [ 149.889135][ T5503] active_anon 0 [ 149.889135][ T5503] inactive_file 0 [ 149.889135][ T5503] active_file 0 [ 149.889135][ T5503] unevictable 0 [ 149.889135][ T5503] slab_reclaimable 6752 [ 149.889135][ T5503] slab_unreclaimable 0 [ 149.889135][ T5503] slab 6752 [ 149.889135][ T5503] workingset_refault_anon 0 [ 149.889135][ T5503] workingset_refault_file 0 [ 149.889135][ T5503] workingset_activate_anon 0 [ 149.889135][ T5503] workingset_activate_file 0 [ 149.889135][ T5503] workingset_restore_anon 0 [ 149.889135][ T5503] workingset_restore_file 0 [ 149.889135][ T5503] workingset_nodereclaim 0 [ 149.889135][ T5503] pgscan 831 [ 149.889135][ T5503] pgsteal 2 [ 149.889135][ T5503] pgscan_kswapd 0 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5498] close(18) = -1 EBADF (Bad file descriptor) [ 149.889135][ T5503] pgscan_direct 831 [ 149.889135][ T5503] pgscan_khugepaged 0 [ 149.889135][ T5503] pgsteal_kswapd 0 [ 149.889135][ T5503] pgsteal_direct 2 [ 149.889135][ T5503] pgsteal_khugepaged 0 [ 149.889135][ T5503] pgfault 21 [ 149.889135][ T5503] pgmajfault 0 [ 149.889135][ T5503] pgrefill 830 [ 149.889135][ T5503] pgactivate 829 [ 149.889135][ T5503] pgdeactivate 830 [ 149.889135][ T5503] pglazyfree 0 [ 149.889135][ T5503] pglazyfreed 0 [ 149.889135][ T5503] zswpin 0 [ 149.889135][ T5503] zswpout 0 [ 149.889135][ T5503] thp_fault_alloc 0 [pid 5498] close(19./strace-static-x86_64: Process 5518 attached ) = -1 EBADF (Bad file descriptor) [pid 5518] chdir("./18" [pid 5498] close(20 [pid 5518] <... chdir resumed>) = 0 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5518] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5498] close(21 [pid 5518] <... prctl resumed>) = 0 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5518] setpgid(0, 0 [pid 5498] close(22 [pid 5518] <... setpgid resumed>) = 0 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5518] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5498] close(23 [pid 5518] <... symlink resumed>) = 0 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5518] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5498] close(24 [pid 5518] <... symlink resumed>) = 0 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5518] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5498] close(25 [pid 5518] <... symlink resumed>) = 0 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 149.889135][ T5503] thp_collapse_alloc 0 [pid 5498] close(26 [pid 5518] <... openat resumed>) = 3 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5518] write(3, "1000", 4 [pid 5498] close(27 [pid 5518] <... write resumed>) = 4 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5518] close(3 [pid 5498] close(28 [pid 5518] <... close resumed>) = 0 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5518] symlink("/dev/binderfs", "./binderfs" [pid 5498] close(29 [pid 5518] <... symlink resumed>) = 0 [pid 5498] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5498] exit_group(0) = ? [pid 5518] mkdir("./file0", 000 [pid 5498] +++ exited with 0 +++ [pid 5518] <... mkdir resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5518] open("./file0", O_RDONLY) = 3 [pid 5518] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5085] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5518] <... mount resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5518] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5085] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5518] <... openat resumed>) = 4 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 150.127001][ T5503] Tasks state (memory values in pages): [ 150.141217][ T5503] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 150.160902][ T5503] Out of memory and no killable processes... [pid 5085] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5518] openat(4, "syz1", O_RDWR|O_PATH [pid 5085] unlink("./15/binderfs") = 0 [pid 5518] <... openat resumed>) = 5 [pid 5085] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5518] openat(5, "memory.max", O_RDWR [pid 5503] <... write resumed>) = 18 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5518] <... openat resumed>) = 6 [pid 5503] close(3 [pid 5085] lstat("./15/cgroup", [pid 5518] write(6, "0x000000000000040e", 18 [pid 5503] <... close resumed>) = 0 [ 150.167411][ T5506] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./15/cgroup") = 0 [pid 5085] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./15/cgroup.net") = 0 [ 150.205002][ T5506] CPU: 1 PID: 5506 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 150.214996][ T5506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 150.225108][ T5506] Call Trace: [ 150.228436][ T5506] [ 150.231412][ T5506] dump_stack_lvl+0x136/0x150 [ 150.236294][ T5506] dump_header+0x10a/0xd70 [ 150.240777][ T5506] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 150.246939][ T5506] out_of_memory+0xd64/0x1660 [ 150.251720][ T5506] ? oom_killer_disable+0x2b0/0x2b0 [ 150.257005][ T5506] mem_cgroup_out_of_memory+0x206/0x270 [ 150.262637][ T5506] ? mem_cgroup_margin+0x130/0x130 [ 150.267859][ T5506] memory_max_write+0x2f9/0x3c0 [ 150.272795][ T5506] ? mem_cgroup_force_empty_write+0x160/0x160 [ 150.278942][ T5506] ? lock_sync+0x190/0x190 [ 150.283426][ T5506] cgroup_file_write+0x1e2/0x7b0 [ 150.288440][ T5506] ? mem_cgroup_force_empty_write+0x160/0x160 [ 150.294584][ T5506] ? kill_css+0x3b0/0x3b0 [ 150.298992][ T5506] ? lock_acquire+0x32/0xc0 [ 150.303570][ T5506] ? kill_css+0x3b0/0x3b0 [ 150.307977][ T5506] kernfs_fop_write_iter+0x3f1/0x600 [ 150.313347][ T5506] vfs_write+0x9ed/0xe10 [ 150.317665][ T5506] ? kernel_write+0x670/0x670 [ 150.322421][ T5506] ? find_held_lock+0x2d/0x110 [ 150.327252][ T5506] ? __fget_light+0x20a/0x270 [ 150.332015][ T5506] ksys_write+0x12b/0x250 [ 150.336423][ T5506] ? __ia32_sys_read+0xb0/0xb0 [ 150.341257][ T5506] ? lockdep_hardirqs_on+0x7d/0x100 [ 150.346520][ T5506] ? _raw_spin_unlock_irq+0x2e/0x50 [ 150.351786][ T5506] ? ptrace_notify+0xfe/0x140 [ 150.356529][ T5506] do_syscall_64+0x39/0xb0 [ 150.361021][ T5506] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 150.366977][ T5506] RIP: 0033:0x7faecf034129 [ 150.371442][ T5506] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 150.391115][ T5506] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5085] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./15/file0", [pid 5503] close(4 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5503] <... close resumed>) = 0 [pid 5085] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5503] close(5 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5503] <... close resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5503] close(6 [pid 5085] <... openat resumed>) = 4 [pid 5503] <... close resumed>) = 0 [pid 5085] fstat(4, [pid 5503] close(7 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 150.399592][ T5506] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 150.407618][ T5506] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 150.415690][ T5506] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 150.423715][ T5506] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 150.431734][ T5506] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000010 [ 150.439794][ T5506] [pid 5085] getdents64(4, [pid 5503] close(8 [pid 5085] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5503] close(9 [pid 5085] close(4) = 0 [pid 5085] rmdir("./15/file0") = 0 [pid 5085] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] unlink("./15/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./15") = 0 [pid 5085] mkdir("./16", 0777) = 0 [ 150.480390][ T5506] memory: usage 8kB, limit 0kB, failcnt 36 [ 150.486449][ T5506] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 150.502399][ T5506] Memory cgroup stats for /syz1: [ 150.502702][ T5506] anon 0 [ 150.502702][ T5506] file 0 [ 150.502702][ T5506] kernel 8192 [ 150.502702][ T5506] kernel_stack 0 [ 150.502702][ T5506] pagetables 0 [ 150.502702][ T5506] sec_pagetables 0 [ 150.502702][ T5506] percpu 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5522 attached [pid 5522] chdir("./16" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 18 [pid 5522] <... chdir resumed>) = 0 [pid 5522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5522] setpgid(0, 0) = 0 [pid 5522] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5522] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5522] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5522] write(3, "1000", 4) = 4 [pid 5522] close(3) = 0 [pid 5522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5522] mkdir("./file0", 000) = 0 [pid 5522] open("./file0", O_RDONLY) = 3 [pid 5522] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5522] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5522] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 150.502702][ T5506] sock 0 [ 150.502702][ T5506] vmalloc 0 [ 150.502702][ T5506] shmem 0 [ 150.502702][ T5506] zswap 0 [ 150.502702][ T5506] zswapped 0 [ 150.502702][ T5506] file_mapped 0 [ 150.502702][ T5506] file_dirty 0 [ 150.502702][ T5506] file_writeback 0 [ 150.502702][ T5506] swapcached 0 [ 150.502702][ T5506] anon_thp 0 [ 150.502702][ T5506] file_thp 0 [ 150.502702][ T5506] shmem_thp 0 [ 150.502702][ T5506] inactive_anon 0 [ 150.502702][ T5506] active_anon 0 [ 150.502702][ T5506] inactive_file 0 [ 150.502702][ T5506] active_file 0 [pid 5522] openat(5, "memory.max", O_RDWR) = 6 [ 150.502702][ T5506] unevictable 0 [ 150.502702][ T5506] slab_reclaimable 6752 [ 150.502702][ T5506] slab_unreclaimable 0 [ 150.502702][ T5506] slab 6752 [ 150.502702][ T5506] workingset_refault_anon 0 [ 150.502702][ T5506] workingset_refault_file 0 [ 150.502702][ T5506] workingset_activate_anon 0 [ 150.502702][ T5506] workingset_activate_file 0 [ 150.502702][ T5506] workingset_restore_anon 0 [ 150.502702][ T5506] workingset_restore_file 0 [ 150.502702][ T5506] workingset_nodereclaim 0 [ 150.502702][ T5506] pgscan 831 [ 150.502702][ T5506] pgsteal 2 [ 150.502702][ T5506] pgscan_kswapd 0 [ 150.502702][ T5506] pgscan_direct 831 [ 150.502702][ T5506] pgscan_khugepaged 0 [ 150.502702][ T5506] pgsteal_kswapd 0 [ 150.502702][ T5506] pgsteal_direct 2 [ 150.502702][ T5506] pgsteal_khugepaged 0 [ 150.502702][ T5506] pgfault 21 [ 150.502702][ T5506] pgmajfault 0 [ 150.502702][ T5506] pgrefill 830 [ 150.502702][ T5506] pgactivate 829 [ 150.502702][ T5506] pgdeactivate 830 [ 150.502702][ T5506] pglazyfree 0 [ 150.502702][ T5506] pglazyfreed 0 [ 150.502702][ T5506] zswpin 0 [ 150.502702][ T5506] zswpout 0 [ 150.502702][ T5506] thp_fault_alloc 0 [ 150.502702][ T5506] thp_collapse_alloc 0 [ 150.751943][ T5506] Tasks state (memory values in pages): [ 150.757657][ T5506] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5522] write(6, "0x000000000000040e", 18 [pid 5503] close(10) = -1 EBADF (Bad file descriptor) [pid 5503] close(11) = -1 EBADF (Bad file descriptor) [pid 5503] close(12) = -1 EBADF (Bad file descriptor) [pid 5503] close(13) = -1 EBADF (Bad file descriptor) [pid 5503] close(14) = -1 EBADF (Bad file descriptor) [pid 5503] close(15) = -1 EBADF (Bad file descriptor) [pid 5503] close(16 [pid 5506] <... write resumed>) = 18 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5506] close(3 [pid 5503] close(17) = -1 EBADF (Bad file descriptor) [pid 5503] close(18) = -1 EBADF (Bad file descriptor) [pid 5503] close(19) = -1 EBADF (Bad file descriptor) [pid 5503] close(20 [pid 5506] <... close resumed>) = 0 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5506] close(4 [pid 5503] close(21 [pid 5506] <... close resumed>) = 0 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 150.797063][ T5506] Out of memory and no killable processes... [ 150.829235][ T5510] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 150.857230][ T5510] CPU: 0 PID: 5510 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 150.867224][ T5510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 150.877336][ T5510] Call Trace: [ 150.880661][ T5510] [ 150.883644][ T5510] dump_stack_lvl+0x136/0x150 [ 150.888389][ T5510] dump_header+0x10a/0xd70 [ 150.892871][ T5510] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 150.899038][ T5510] out_of_memory+0xd64/0x1660 [ 150.903806][ T5510] ? oom_killer_disable+0x2b0/0x2b0 [ 150.909077][ T5510] ? find_held_lock+0x2d/0x110 [ 150.913905][ T5510] mem_cgroup_out_of_memory+0x206/0x270 [ 150.919531][ T5510] ? mem_cgroup_margin+0x130/0x130 [ 150.924730][ T5510] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 150.930612][ T5510] memory_max_write+0x2f9/0x3c0 [ 150.935529][ T5510] ? mem_cgroup_force_empty_write+0x160/0x160 [ 150.941662][ T5510] ? lock_sync+0x190/0x190 [ 150.946128][ T5510] cgroup_file_write+0x1e2/0x7b0 [ 150.951123][ T5510] ? mem_cgroup_force_empty_write+0x160/0x160 [ 150.957240][ T5510] ? kill_css+0x3b0/0x3b0 [ 150.961621][ T5510] ? lock_acquire+0x32/0xc0 [ 150.966182][ T5510] ? kill_css+0x3b0/0x3b0 [ 150.970558][ T5510] kernfs_fop_write_iter+0x3f1/0x600 [ 150.975893][ T5510] vfs_write+0x9ed/0xe10 [ 150.980188][ T5510] ? kernel_write+0x670/0x670 [ 150.984913][ T5510] ? find_held_lock+0x2d/0x110 [ 150.989722][ T5510] ? __fget_light+0x20a/0x270 [ 150.994453][ T5510] ksys_write+0x12b/0x250 [ 150.998830][ T5510] ? __ia32_sys_read+0xb0/0xb0 [ 151.003653][ T5510] ? lockdep_hardirqs_on+0x7d/0x100 [ 151.008889][ T5510] ? _raw_spin_unlock_irq+0x2e/0x50 [ 151.014133][ T5510] ? ptrace_notify+0xfe/0x140 [ 151.018852][ T5510] do_syscall_64+0x39/0xb0 [ 151.023312][ T5510] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 151.029238][ T5510] RIP: 0033:0x7faecf034129 [ 151.033676][ T5510] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5506] close(5 [pid 5503] close(22 [pid 5506] <... close resumed>) = 0 [pid 5506] close(6) = 0 [pid 5506] close(7) = -1 EBADF (Bad file descriptor) [pid 5506] close(8) = -1 EBADF (Bad file descriptor) [pid 5506] close(9) = -1 EBADF (Bad file descriptor) [pid 5506] close(10) = -1 EBADF (Bad file descriptor) [pid 5506] close(11) = -1 EBADF (Bad file descriptor) [pid 5506] close(12) = -1 EBADF (Bad file descriptor) [pid 5506] close(13) = -1 EBADF (Bad file descriptor) [pid 5506] close(14) = -1 EBADF (Bad file descriptor) [ 151.053314][ T5510] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 151.061779][ T5510] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 151.069773][ T5510] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 151.077767][ T5510] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 151.085763][ T5510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 151.093759][ T5510] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000013 [ 151.101790][ T5510] [pid 5506] close(15) = -1 EBADF (Bad file descriptor) [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5506] close(16) = -1 EBADF (Bad file descriptor) [pid 5506] close(17) = -1 EBADF (Bad file descriptor) [pid 5506] close(18) = -1 EBADF (Bad file descriptor) [pid 5506] close(19) = -1 EBADF (Bad file descriptor) [pid 5506] close(20) = -1 EBADF (Bad file descriptor) [pid 5506] close(21) = -1 EBADF (Bad file descriptor) [pid 5506] close(22) = -1 EBADF (Bad file descriptor) [pid 5506] close(23) = -1 EBADF (Bad file descriptor) [pid 5506] close(24) = -1 EBADF (Bad file descriptor) [pid 5506] close(25) = -1 EBADF (Bad file descriptor) [pid 5506] close(26) = -1 EBADF (Bad file descriptor) [pid 5506] close(27) = -1 EBADF (Bad file descriptor) [pid 5506] close(28) = -1 EBADF (Bad file descriptor) [pid 5506] close(29) = -1 EBADF (Bad file descriptor) [pid 5506] exit_group(0) = ? [pid 5506] +++ exited with 0 +++ [pid 5503] close(23) = -1 EBADF (Bad file descriptor) [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5503] close(24) = -1 EBADF (Bad file descriptor) [pid 5503] close(25) = -1 EBADF (Bad file descriptor) [pid 5503] close(26) = -1 EBADF (Bad file descriptor) [pid 5503] close(27) = -1 EBADF (Bad file descriptor) [pid 5503] close(28) = -1 EBADF (Bad file descriptor) [pid 5503] close(29 [pid 5086] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5503] exit_group(0 [pid 5086] <... openat resumed>) = 3 [pid 5503] <... exit_group resumed>) = ? [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5503] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./16/binderfs") = 0 [pid 5086] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] unlink("./16/cgroup" [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... unlink resumed>) = 0 [pid 5090] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] <... openat resumed>) = 3 [pid 5086] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] fstat(3, [pid 5086] unlink("./16/cgroup.net" [pid 5090] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5090] getdents64(3, [pid 5086] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./19/binderfs") = 0 [pid 5090] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./19/cgroup") = 0 [pid 5090] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./19/cgroup.net") = 0 [pid 5090] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = 0 [pid 5086] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./16/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 151.209817][ T5510] memory: usage 8kB, limit 0kB, failcnt 36 [ 151.222685][ T5510] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 151.238958][ T5510] Memory cgroup stats for /syz1: [ 151.239258][ T5510] anon 0 [ 151.239258][ T5510] file 0 [ 151.239258][ T5510] kernel 8192 [ 151.239258][ T5510] kernel_stack 0 [ 151.239258][ T5510] pagetables 0 [pid 5090] <... umount2 resumed>) = 0 [pid 5086] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5090] lstat("./19/file0", [pid 5086] <... openat resumed>) = 4 [pid 5090] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] fstat(4, [pid 5090] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] getdents64(4, [pid 5090] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] <... openat resumed>) = 4 [pid 5086] getdents64(4, [pid 5090] fstat(4, [pid 5086] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] close(4 [pid 5090] getdents64(4, [pid 5086] <... close resumed>) = 0 [pid 5090] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] rmdir("./16/file0" [pid 5090] getdents64(4, [pid 5086] <... rmdir resumed>) = 0 [ 151.239258][ T5510] sec_pagetables 0 [ 151.239258][ T5510] percpu 0 [ 151.239258][ T5510] sock 0 [ 151.239258][ T5510] vmalloc 0 [ 151.239258][ T5510] shmem 0 [ 151.239258][ T5510] zswap 0 [ 151.239258][ T5510] zswapped 0 [ 151.239258][ T5510] file_mapped 0 [ 151.239258][ T5510] file_dirty 0 [ 151.239258][ T5510] file_writeback 0 [ 151.239258][ T5510] swapcached 0 [ 151.239258][ T5510] anon_thp 0 [ 151.239258][ T5510] file_thp 0 [ 151.239258][ T5510] shmem_thp 0 [ 151.239258][ T5510] inactive_anon 0 [ 151.239258][ T5510] active_anon 0 [pid 5090] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] close(4 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] <... close resumed>) = 0 [pid 5086] lstat("./16/cgroup.cpu", [pid 5090] rmdir("./19/file0" [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] <... rmdir resumed>) = 0 [pid 5086] unlink("./16/cgroup.cpu" [pid 5090] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... unlink resumed>) = 0 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] getdents64(3, [pid 5090] lstat("./19/cgroup.cpu", [pid 5086] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] close(3 [pid 5090] unlink("./19/cgroup.cpu" [pid 5086] <... close resumed>) = 0 [pid 5090] <... unlink resumed>) = 0 [pid 5086] rmdir("./16" [pid 5090] getdents64(3, [pid 5086] <... rmdir resumed>) = 0 [pid 5090] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] mkdir("./17", 0777 [pid 5090] close(3 [pid 5086] <... mkdir resumed>) = 0 [pid 5090] <... close resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5526 attached [pid 5090] rmdir("./19" [pid 5526] chdir("./17" [pid 5090] <... rmdir resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 19 [pid 5526] <... chdir resumed>) = 0 [pid 5090] mkdir("./20", 0777 [pid 5526] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5090] <... mkdir resumed>) = 0 [pid 5526] <... prctl resumed>) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5526] setpgid(0, 0) = 0 [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 22 [pid 5526] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5526] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5526] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5526] write(3, "1000", 4) = 4 [ 151.239258][ T5510] inactive_file 0 [ 151.239258][ T5510] active_file 0 [ 151.239258][ T5510] unevictable 0 [ 151.239258][ T5510] slab_reclaimable 6752 [ 151.239258][ T5510] slab_unreclaimable 0 [ 151.239258][ T5510] slab 6752 [ 151.239258][ T5510] workingset_refault_anon 0 [ 151.239258][ T5510] workingset_refault_file 0 [ 151.239258][ T5510] workingset_activate_anon 0 [ 151.239258][ T5510] workingset_activate_file 0 [ 151.239258][ T5510] workingset_restore_anon 0 [ 151.239258][ T5510] workingset_restore_file 0 [pid 5526] close(3) = 0 [pid 5526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5526] mkdir("./file0", 000) = 0 [pid 5526] open("./file0", O_RDONLY) = 3 [pid 5526] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5526] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5526] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5526] openat(5, "memory.max", O_RDWR) = 6 [ 151.239258][ T5510] workingset_nodereclaim 0 [ 151.239258][ T5510] pgscan 831 [ 151.239258][ T5510] pgsteal 2 [ 151.239258][ T5510] pgscan_kswapd 0 [ 151.239258][ T5510] pgscan_direct 831 [ 151.239258][ T5510] pgscan_khugepaged 0 [ 151.239258][ T5510] pgsteal_kswapd 0 [ 151.239258][ T5510] pgsteal_direct 2 [ 151.239258][ T5510] pgsteal_khugepaged 0 [ 151.239258][ T5510] pgfault 21 [ 151.239258][ T5510] pgmajfault 0 [ 151.239258][ T5510] pgrefill 830 [ 151.239258][ T5510] pgactivate 829 [ 151.239258][ T5510] pgdeactivate 830 [ 151.239258][ T5510] pglazyfree 0 [pid 5526] write(6, "0x000000000000040e", 18./strace-static-x86_64: Process 5527 attached [pid 5527] chdir("./20") = 0 [pid 5527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5527] setpgid(0, 0) = 0 [pid 5527] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5527] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5527] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [ 151.239258][ T5510] pglazyfreed 0 [ 151.239258][ T5510] zswpin 0 [ 151.239258][ T5510] zswpout 0 [ 151.239258][ T5510] thp_fault_alloc 0 [ 151.239258][ T5510] thp_collapse_alloc 0 [ 151.436484][ T5510] Tasks state (memory values in pages): [ 151.442742][ T5510] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5527] write(3, "1000", 4) = 4 [pid 5527] close(3) = 0 [pid 5527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5510] <... write resumed>) = 18 [pid 5527] mkdir("./file0", 000 [pid 5510] close(3 [pid 5527] <... mkdir resumed>) = 0 [pid 5527] open("./file0", O_RDONLY [pid 5510] <... close resumed>) = 0 [pid 5527] <... open resumed>) = 3 [pid 5510] close(4 [pid 5527] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5510] <... close resumed>) = 0 [pid 5527] <... mount resumed>) = 0 [pid 5510] close(5 [pid 5527] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5510] <... close resumed>) = 0 [pid 5527] <... openat resumed>) = 4 [ 151.470186][ T5510] Out of memory and no killable processes... [ 151.487610][ T5518] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 151.525190][ T5518] CPU: 0 PID: 5518 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 151.535187][ T5518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 151.545307][ T5518] Call Trace: [ 151.548628][ T5518] [ 151.551605][ T5518] dump_stack_lvl+0x136/0x150 [ 151.556343][ T5518] dump_header+0x10a/0xd70 [ 151.560825][ T5518] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 151.566979][ T5518] out_of_memory+0xd64/0x1660 [ 151.571733][ T5518] ? oom_killer_disable+0x2b0/0x2b0 [ 151.577003][ T5518] ? find_held_lock+0x2d/0x110 [ 151.581837][ T5518] mem_cgroup_out_of_memory+0x206/0x270 [ 151.587457][ T5518] ? mem_cgroup_margin+0x130/0x130 [ 151.592653][ T5518] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 151.598548][ T5518] memory_max_write+0x2f9/0x3c0 [ 151.603474][ T5518] ? mem_cgroup_force_empty_write+0x160/0x160 [ 151.609632][ T5518] ? lock_sync+0x190/0x190 [ 151.614114][ T5518] cgroup_file_write+0x1e2/0x7b0 [ 151.619131][ T5518] ? mem_cgroup_force_empty_write+0x160/0x160 [ 151.625280][ T5518] ? kill_css+0x3b0/0x3b0 [ 151.629685][ T5518] ? lock_acquire+0x32/0xc0 [ 151.634273][ T5518] ? kill_css+0x3b0/0x3b0 [ 151.638675][ T5518] kernfs_fop_write_iter+0x3f1/0x600 [ 151.644040][ T5518] vfs_write+0x9ed/0xe10 [ 151.648370][ T5518] ? kernel_write+0x670/0x670 [ 151.653132][ T5518] ? find_held_lock+0x2d/0x110 [ 151.657975][ T5518] ? __fget_light+0x20a/0x270 [ 151.662739][ T5518] ksys_write+0x12b/0x250 [ 151.667243][ T5518] ? __ia32_sys_read+0xb0/0xb0 [pid 5510] close(6 [pid 5527] openat(4, "syz1", O_RDWR|O_PATH [pid 5510] <... close resumed>) = 0 [pid 5527] <... openat resumed>) = 5 [pid 5510] close(7 [pid 5527] openat(5, "memory.max", O_RDWR [pid 5510] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5527] <... openat resumed>) = 6 [pid 5510] close(8 [pid 5527] write(6, "0x000000000000040e", 18 [pid 5510] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5510] close(9) = -1 EBADF (Bad file descriptor) [pid 5510] close(10) = -1 EBADF (Bad file descriptor) [pid 5510] close(11) = -1 EBADF (Bad file descriptor) [pid 5510] close(12) = -1 EBADF (Bad file descriptor) [pid 5510] close(13) = -1 EBADF (Bad file descriptor) [pid 5510] close(14) = -1 EBADF (Bad file descriptor) [pid 5510] close(15) = -1 EBADF (Bad file descriptor) [pid 5510] close(16) = -1 EBADF (Bad file descriptor) [pid 5510] close(17) = -1 EBADF (Bad file descriptor) [pid 5510] close(18) = -1 EBADF (Bad file descriptor) [pid 5510] close(19) = -1 EBADF (Bad file descriptor) [pid 5510] close(20) = -1 EBADF (Bad file descriptor) [pid 5510] close(21) = -1 EBADF (Bad file descriptor) [pid 5510] close(22) = -1 EBADF (Bad file descriptor) [pid 5510] close(23) = -1 EBADF (Bad file descriptor) [pid 5510] close(24) = -1 EBADF (Bad file descriptor) [pid 5510] close(25) = -1 EBADF (Bad file descriptor) [pid 5510] close(26) = -1 EBADF (Bad file descriptor) [pid 5510] close(27) = -1 EBADF (Bad file descriptor) [pid 5510] close(28) = -1 EBADF (Bad file descriptor) [pid 5510] close(29) = -1 EBADF (Bad file descriptor) [pid 5510] exit_group(0) = ? [pid 5510] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 151.672083][ T5518] ? lockdep_hardirqs_on+0x7d/0x100 [ 151.677342][ T5518] ? _raw_spin_unlock_irq+0x2e/0x50 [ 151.682612][ T5518] ? ptrace_notify+0xfe/0x140 [ 151.687392][ T5518] do_syscall_64+0x39/0xb0 [ 151.691890][ T5518] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 151.697862][ T5518] RIP: 0033:0x7faecf034129 [ 151.702348][ T5518] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5089] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./19/binderfs") = 0 [pid 5089] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./19/cgroup") = 0 [pid 5089] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./19/cgroup.net") = 0 [pid 5089] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./19/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 151.722022][ T5518] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 151.730504][ T5518] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 151.738531][ T5518] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 151.746562][ T5518] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 151.754589][ T5518] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 151.762616][ T5518] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000012 [ 151.770680][ T5518] [pid 5089] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./19/file0") = 0 [pid 5089] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./19/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./19/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./19") = 0 [pid 5089] mkdir("./20", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5534 attached [pid 5534] chdir("./20") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 22 [pid 5534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5534] setpgid(0, 0) = 0 [pid 5534] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5534] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 151.785872][ T5518] memory: usage 8kB, limit 0kB, failcnt 36 [ 151.792161][ T5518] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 151.821636][ T5518] Memory cgroup stats for /syz1: [ 151.821921][ T5518] anon 0 [ 151.821921][ T5518] file 0 [ 151.821921][ T5518] kernel 8192 [pid 5534] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5534] write(3, "1000", 4) = 4 [pid 5534] close(3) = 0 [pid 5534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5534] mkdir("./file0", 000) = 0 [pid 5534] open("./file0", O_RDONLY) = 3 [ 151.821921][ T5518] kernel_stack 0 [ 151.821921][ T5518] pagetables 0 [ 151.821921][ T5518] sec_pagetables 0 [ 151.821921][ T5518] percpu 0 [ 151.821921][ T5518] sock 0 [ 151.821921][ T5518] vmalloc 0 [ 151.821921][ T5518] shmem 0 [ 151.821921][ T5518] zswap 0 [ 151.821921][ T5518] zswapped 0 [ 151.821921][ T5518] file_mapped 0 [ 151.821921][ T5518] file_dirty 0 [ 151.821921][ T5518] file_writeback 0 [ 151.821921][ T5518] swapcached 0 [ 151.821921][ T5518] anon_thp 0 [ 151.821921][ T5518] file_thp 0 [ 151.821921][ T5518] shmem_thp 0 [pid 5534] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5534] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5534] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5534] openat(5, "memory.max", O_RDWR) = 6 [ 151.821921][ T5518] inactive_anon 0 [ 151.821921][ T5518] active_anon 0 [ 151.821921][ T5518] inactive_file 0 [ 151.821921][ T5518] active_file 0 [ 151.821921][ T5518] unevictable 0 [ 151.821921][ T5518] slab_reclaimable 6752 [ 151.821921][ T5518] slab_unreclaimable 0 [ 151.821921][ T5518] slab 6752 [ 151.821921][ T5518] workingset_refault_anon 0 [ 151.821921][ T5518] workingset_refault_file 0 [ 151.821921][ T5518] workingset_activate_anon 0 [ 151.821921][ T5518] workingset_activate_file 0 [ 151.821921][ T5518] workingset_restore_anon 0 [ 151.821921][ T5518] workingset_restore_file 0 [ 151.821921][ T5518] workingset_nodereclaim 0 [ 151.821921][ T5518] pgscan 831 [ 151.821921][ T5518] pgsteal 2 [ 151.821921][ T5518] pgscan_kswapd 0 [ 151.821921][ T5518] pgscan_direct 831 [ 151.821921][ T5518] pgscan_khugepaged 0 [ 151.821921][ T5518] pgsteal_kswapd 0 [ 151.821921][ T5518] pgsteal_direct 2 [ 151.821921][ T5518] pgsteal_khugepaged 0 [ 151.821921][ T5518] pgfault 21 [ 151.821921][ T5518] pgmajfault 0 [ 151.821921][ T5518] pgrefill 830 [ 151.821921][ T5518] pgactivate 829 [ 151.821921][ T5518] pgdeactivate 830 [ 151.821921][ T5518] pglazyfree 0 [ 151.821921][ T5518] pglazyfreed 0 [ 151.821921][ T5518] zswpin 0 [ 151.821921][ T5518] zswpout 0 [ 151.821921][ T5518] thp_fault_alloc 0 [ 151.821921][ T5518] thp_collapse_alloc 0 [ 152.026414][ T5518] Tasks state (memory values in pages): [pid 5534] write(6, "0x000000000000040e", 18 [pid 5518] <... write resumed>) = 18 [ 152.035972][ T5518] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 152.051300][ T5518] Out of memory and no killable processes... [ 152.061128][ T5522] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 152.080738][ T5522] CPU: 0 PID: 5522 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 152.090723][ T5522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 152.100840][ T5522] Call Trace: [ 152.104166][ T5522] [ 152.107144][ T5522] dump_stack_lvl+0x136/0x150 [ 152.111894][ T5522] dump_header+0x10a/0xd70 [ 152.116382][ T5522] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 152.122559][ T5522] out_of_memory+0xd64/0x1660 [ 152.127353][ T5522] ? oom_killer_disable+0x2b0/0x2b0 [ 152.132632][ T5522] ? find_held_lock+0x2d/0x110 [ 152.137470][ T5522] mem_cgroup_out_of_memory+0x206/0x270 [ 152.143088][ T5522] ? mem_cgroup_margin+0x130/0x130 [ 152.148285][ T5522] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 152.154179][ T5522] memory_max_write+0x2f9/0x3c0 [ 152.159137][ T5522] ? mem_cgroup_force_empty_write+0x160/0x160 [ 152.165289][ T5522] ? lock_sync+0x190/0x190 [ 152.169792][ T5522] cgroup_file_write+0x1e2/0x7b0 [ 152.174814][ T5522] ? mem_cgroup_force_empty_write+0x160/0x160 [ 152.180967][ T5522] ? kill_css+0x3b0/0x3b0 [pid 5518] close(3) = 0 [pid 5518] close(4) = 0 [pid 5518] close(5) = 0 [pid 5518] close(6) = 0 [pid 5518] close(7) = -1 EBADF (Bad file descriptor) [pid 5518] close(8) = -1 EBADF (Bad file descriptor) [pid 5518] close(9) = -1 EBADF (Bad file descriptor) [pid 5518] close(10) = -1 EBADF (Bad file descriptor) [pid 5518] close(11) = -1 EBADF (Bad file descriptor) [pid 5518] close(12) = -1 EBADF (Bad file descriptor) [pid 5518] close(13) = -1 EBADF (Bad file descriptor) [ 152.185376][ T5522] ? lock_acquire+0x32/0xc0 [ 152.189978][ T5522] ? kill_css+0x3b0/0x3b0 [ 152.194385][ T5522] kernfs_fop_write_iter+0x3f1/0x600 [ 152.199760][ T5522] vfs_write+0x9ed/0xe10 [ 152.204106][ T5522] ? kernel_write+0x670/0x670 [ 152.208869][ T5522] ? find_held_lock+0x2d/0x110 [ 152.213715][ T5522] ? __fget_light+0x20a/0x270 [ 152.218480][ T5522] ksys_write+0x12b/0x250 [ 152.222896][ T5522] ? __ia32_sys_read+0xb0/0xb0 [ 152.227735][ T5522] ? lockdep_hardirqs_on+0x7d/0x100 [ 152.233000][ T5522] ? _raw_spin_unlock_irq+0x2e/0x50 [ 152.238269][ T5522] ? ptrace_notify+0xfe/0x140 [ 152.243035][ T5522] do_syscall_64+0x39/0xb0 [ 152.247526][ T5522] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 152.253518][ T5522] RIP: 0033:0x7faecf034129 [ 152.257987][ T5522] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 152.277665][ T5522] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5518] close(14) = -1 EBADF (Bad file descriptor) [pid 5518] close(15) = -1 EBADF (Bad file descriptor) [pid 5518] close(16) = -1 EBADF (Bad file descriptor) [pid 5518] close(17) = -1 EBADF (Bad file descriptor) [pid 5518] close(18) = -1 EBADF (Bad file descriptor) [pid 5518] close(19) = -1 EBADF (Bad file descriptor) [pid 5518] close(20) = -1 EBADF (Bad file descriptor) [pid 5518] close(21) = -1 EBADF (Bad file descriptor) [pid 5518] close(22) = -1 EBADF (Bad file descriptor) [pid 5518] close(23) = -1 EBADF (Bad file descriptor) [pid 5518] close(24) = -1 EBADF (Bad file descriptor) [pid 5518] close(25) = -1 EBADF (Bad file descriptor) [pid 5518] close(26) = -1 EBADF (Bad file descriptor) [pid 5518] close(27) = -1 EBADF (Bad file descriptor) [pid 5518] close(28) = -1 EBADF (Bad file descriptor) [pid 5518] close(29) = -1 EBADF (Bad file descriptor) [pid 5518] exit_group(0) = ? [pid 5518] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5087] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./18/binderfs") = 0 [pid 5087] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./18/cgroup") = 0 [pid 5087] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./18/cgroup.net") = 0 [pid 5087] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./18/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 152.286147][ T5522] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 152.294173][ T5522] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 152.302202][ T5522] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 152.310230][ T5522] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 152.318257][ T5522] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000010 [ 152.326315][ T5522] [pid 5087] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./18/file0") = 0 [pid 5087] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./18/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [ 152.352622][ T5522] memory: usage 8kB, limit 0kB, failcnt 36 [ 152.358512][ T5522] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 152.387298][ T5522] Memory cgroup stats for /syz1: [ 152.387610][ T5522] anon 0 [ 152.387610][ T5522] file 0 [ 152.387610][ T5522] kernel 8192 [ 152.387610][ T5522] kernel_stack 0 [ 152.387610][ T5522] pagetables 0 [ 152.387610][ T5522] sec_pagetables 0 [ 152.387610][ T5522] percpu 0 [ 152.387610][ T5522] sock 0 [ 152.387610][ T5522] vmalloc 0 [ 152.387610][ T5522] shmem 0 [ 152.387610][ T5522] zswap 0 [ 152.387610][ T5522] zswapped 0 [ 152.387610][ T5522] file_mapped 0 [ 152.387610][ T5522] file_dirty 0 [ 152.387610][ T5522] file_writeback 0 [ 152.387610][ T5522] swapcached 0 [ 152.387610][ T5522] anon_thp 0 [ 152.387610][ T5522] file_thp 0 [ 152.387610][ T5522] shmem_thp 0 [ 152.387610][ T5522] inactive_anon 0 [ 152.387610][ T5522] active_anon 0 [ 152.387610][ T5522] inactive_file 0 [ 152.387610][ T5522] active_file 0 [ 152.387610][ T5522] unevictable 0 [ 152.387610][ T5522] slab_reclaimable 6752 [ 152.387610][ T5522] slab_unreclaimable 0 [ 152.387610][ T5522] slab 6752 [ 152.387610][ T5522] workingset_refault_anon 0 [ 152.387610][ T5522] workingset_refault_file 0 [ 152.387610][ T5522] workingset_activate_anon 0 [ 152.387610][ T5522] workingset_activate_file 0 [ 152.387610][ T5522] workingset_restore_anon 0 [ 152.387610][ T5522] workingset_restore_file 0 [ 152.387610][ T5522] workingset_nodereclaim 0 [ 152.387610][ T5522] pgscan 831 [ 152.387610][ T5522] pgsteal 2 [ 152.387610][ T5522] pgscan_kswapd 0 [ 152.387610][ T5522] pgscan_direct 831 [ 152.387610][ T5522] pgscan_khugepaged 0 [ 152.387610][ T5522] pgsteal_kswapd 0 [ 152.387610][ T5522] pgsteal_direct 2 [ 152.387610][ T5522] pgsteal_khugepaged 0 [ 152.387610][ T5522] pgfault 21 [ 152.387610][ T5522] pgmajfault 0 [ 152.387610][ T5522] pgrefill 830 [ 152.387610][ T5522] pgactivate 829 [pid 5087] rmdir("./18") = 0 [pid 5087] mkdir("./19", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 21 [ 152.387610][ T5522] pgdeactivate 830 [ 152.387610][ T5522] pglazyfree 0 [ 152.387610][ T5522] pglazyfreed 0 [ 152.387610][ T5522] zswpin 0 [ 152.387610][ T5522] zswpout 0 [ 152.387610][ T5522] thp_fault_alloc 0 [ 152.387610][ T5522] thp_collapse_alloc 0 [ 152.586222][ T5522] Tasks state (memory values in pages): ./strace-static-x86_64: Process 5539 attached [pid 5539] chdir("./19") = 0 [pid 5539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5539] setpgid(0, 0) = 0 [pid 5539] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5539] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5522] <... write resumed>) = 18 [pid 5539] <... symlink resumed>) = 0 [pid 5522] close(3 [pid 5539] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5522] <... close resumed>) = 0 [ 152.597937][ T5522] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 152.613821][ T5522] Out of memory and no killable processes... [ 152.620798][ T5526] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 152.647174][ T5526] CPU: 0 PID: 5526 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 152.657170][ T5526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 152.667283][ T5526] Call Trace: [ 152.670619][ T5526] [ 152.673602][ T5526] dump_stack_lvl+0x136/0x150 [ 152.678345][ T5526] dump_header+0x10a/0xd70 [ 152.682859][ T5526] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 152.689019][ T5526] out_of_memory+0xd64/0x1660 [ 152.693778][ T5526] ? oom_killer_disable+0x2b0/0x2b0 [ 152.699059][ T5526] ? find_held_lock+0x2d/0x110 [ 152.703888][ T5526] mem_cgroup_out_of_memory+0x206/0x270 [ 152.709509][ T5526] ? mem_cgroup_margin+0x130/0x130 [ 152.714706][ T5526] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 152.720598][ T5526] memory_max_write+0x2f9/0x3c0 [ 152.725532][ T5526] ? mem_cgroup_force_empty_write+0x160/0x160 [ 152.731692][ T5526] ? lock_sync+0x190/0x190 [ 152.736181][ T5526] cgroup_file_write+0x1e2/0x7b0 [ 152.741203][ T5526] ? mem_cgroup_force_empty_write+0x160/0x160 [ 152.747372][ T5526] ? kill_css+0x3b0/0x3b0 [ 152.751780][ T5526] ? lock_acquire+0x32/0xc0 [ 152.756365][ T5526] ? kill_css+0x3b0/0x3b0 [ 152.760770][ T5526] kernfs_fop_write_iter+0x3f1/0x600 [ 152.766136][ T5526] vfs_write+0x9ed/0xe10 [ 152.770458][ T5526] ? kernel_write+0x670/0x670 [ 152.775214][ T5526] ? find_held_lock+0x2d/0x110 [ 152.780058][ T5526] ? __fget_light+0x20a/0x270 [ 152.784820][ T5526] ksys_write+0x12b/0x250 [ 152.789228][ T5526] ? __ia32_sys_read+0xb0/0xb0 [ 152.794068][ T5526] ? lockdep_hardirqs_on+0x7d/0x100 [ 152.799329][ T5526] ? _raw_spin_unlock_irq+0x2e/0x50 [ 152.804603][ T5526] ? ptrace_notify+0xfe/0x140 [ 152.809352][ T5526] do_syscall_64+0x39/0xb0 [ 152.813848][ T5526] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 152.819820][ T5526] RIP: 0033:0x7faecf034129 [ 152.824284][ T5526] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 152.843952][ T5526] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5539] <... symlink resumed>) = 0 [ 152.852436][ T5526] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 152.860465][ T5526] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 152.868492][ T5526] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 152.876522][ T5526] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 152.884554][ T5526] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000011 [ 152.892703][ T5526] [pid 5539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5522] close(4 [pid 5539] write(3, "1000", 4 [pid 5522] <... close resumed>) = 0 [pid 5539] <... write resumed>) = 4 [ 152.905745][ T5526] memory: usage 8kB, limit 0kB, failcnt 36 [ 152.912234][ T5526] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 152.919828][ T5526] Memory cgroup stats for /syz1: [ 152.920118][ T5526] anon 0 [ 152.920118][ T5526] file 0 [ 152.920118][ T5526] kernel 8192 [ 152.920118][ T5526] kernel_stack 0 [ 152.920118][ T5526] pagetables 0 [ 152.920118][ T5526] sec_pagetables 0 [ 152.920118][ T5526] percpu 0 [ 152.920118][ T5526] sock 0 [ 152.920118][ T5526] vmalloc 0 [ 152.920118][ T5526] shmem 0 [ 152.920118][ T5526] zswap 0 [ 152.920118][ T5526] zswapped 0 [ 152.920118][ T5526] file_mapped 0 [ 152.920118][ T5526] file_dirty 0 [ 152.920118][ T5526] file_writeback 0 [ 152.920118][ T5526] swapcached 0 [ 152.920118][ T5526] anon_thp 0 [ 152.920118][ T5526] file_thp 0 [ 152.920118][ T5526] shmem_thp 0 [ 152.920118][ T5526] inactive_anon 0 [ 152.920118][ T5526] active_anon 0 [ 152.920118][ T5526] inactive_file 0 [ 152.920118][ T5526] active_file 0 [ 152.920118][ T5526] unevictable 0 [ 152.920118][ T5526] slab_reclaimable 6752 [ 152.920118][ T5526] slab_unreclaimable 0 [ 152.920118][ T5526] slab 6752 [ 152.920118][ T5526] workingset_refault_anon 0 [ 152.920118][ T5526] workingset_refault_file 0 [ 152.920118][ T5526] workingset_activate_anon 0 [ 152.920118][ T5526] workingset_activate_file 0 [ 152.920118][ T5526] workingset_restore_anon 0 [ 152.920118][ T5526] workingset_restore_file 0 [ 152.920118][ T5526] workingset_nodereclaim 0 [ 152.920118][ T5526] pgscan 831 [ 152.920118][ T5526] pgsteal 2 [ 152.920118][ T5526] pgscan_kswapd 0 [ 152.920118][ T5526] pgscan_direct 831 [pid 5539] close(3 [pid 5522] close(5 [pid 5539] <... close resumed>) = 0 [pid 5522] <... close resumed>) = 0 [pid 5539] symlink("/dev/binderfs", "./binderfs" [pid 5522] close(6) = 0 [pid 5539] <... symlink resumed>) = 0 [pid 5522] close(7) = -1 EBADF (Bad file descriptor) [pid 5539] mkdir("./file0", 000 [pid 5522] close(8) = -1 EBADF (Bad file descriptor) [pid 5522] close(9 [pid 5539] <... mkdir resumed>) = 0 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] close(10) = -1 EBADF (Bad file descriptor) [pid 5522] close(11 [pid 5539] open("./file0", O_RDONLY [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 152.920118][ T5526] pgscan_khugepaged 0 [ 152.920118][ T5526] pgsteal_kswapd 0 [ 152.920118][ T5526] pgsteal_direct 2 [ 152.920118][ T5526] pgsteal_khugepaged 0 [ 152.920118][ T5526] pgfault 21 [ 152.920118][ T5526] pgmajfault 0 [ 152.920118][ T5526] pgrefill 830 [ 152.920118][ T5526] pgactivate 829 [ 152.920118][ T5526] pgdeactivate 830 [ 152.920118][ T5526] pglazyfree 0 [ 152.920118][ T5526] pglazyfreed 0 [ 152.920118][ T5526] zswpin 0 [ 152.920118][ T5526] zswpout 0 [ 152.920118][ T5526] thp_fault_alloc 0 [ 152.920118][ T5526] thp_collapse_alloc 0 [pid 5539] <... open resumed>) = 3 [pid 5522] close(12 [pid 5539] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5539] <... mount resumed>) = 0 [pid 5522] close(13 [pid 5539] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5539] <... openat resumed>) = 4 [pid 5522] close(14 [pid 5539] openat(4, "syz1", O_RDWR|O_PATH [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5539] <... openat resumed>) = 5 [pid 5522] close(15 [pid 5539] openat(5, "memory.max", O_RDWR [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5539] <... openat resumed>) = 6 [pid 5526] <... write resumed>) = 18 [ 153.131109][ T5526] Tasks state (memory values in pages): [ 153.140456][ T5526] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 153.163775][ T5526] Out of memory and no killable processes... [ 153.169919][ T5527] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 153.184799][ T5527] CPU: 1 PID: 5527 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 153.194787][ T5527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 153.204887][ T5527] Call Trace: [ 153.208210][ T5527] [ 153.211177][ T5527] dump_stack_lvl+0x136/0x150 [ 153.215918][ T5527] dump_header+0x10a/0xd70 [ 153.220389][ T5527] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 153.226543][ T5527] out_of_memory+0xd64/0x1660 [pid 5522] close(16 [pid 5539] write(6, "0x000000000000040e", 18 [pid 5526] close(3 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = 0 [pid 5522] close(17 [pid 5526] close(4 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = 0 [pid 5522] close(18 [pid 5526] close(5 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = 0 [pid 5522] close(19 [pid 5526] close(6 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = 0 [pid 5522] close(20 [pid 5526] close(7 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] close(21 [pid 5526] close(8 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] close(22 [pid 5526] close(9 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] close(23 [pid 5526] close(10 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] close(24 [pid 5526] close(11 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] close(25 [pid 5526] close(12 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] close(26 [pid 5526] close(13 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] close(27 [pid 5526] close(14 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] close(28 [pid 5526] close(15 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] close(29 [pid 5526] close(16 [pid 5522] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] exit_group(0 [pid 5526] close(17 [pid 5522] <... exit_group resumed>) = ? [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5522] +++ exited with 0 +++ [pid 5526] close(18 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5526] close(19) = -1 EBADF (Bad file descriptor) [pid 5085] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5526] close(20 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5526] close(21 [pid 5085] <... openat resumed>) = 3 [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] fstat(3, [pid 5526] close(22 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] getdents64(3, [pid 5526] close(23 [pid 5085] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5526] close(24 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] lstat("./16/binderfs", [pid 5526] close(25 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] unlink("./16/binderfs" [pid 5526] close(26 [pid 5085] <... unlink resumed>) = 0 [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5526] close(27 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] lstat("./16/cgroup", [pid 5526] close(28 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] unlink("./16/cgroup" [pid 5526] close(29 [pid 5085] <... unlink resumed>) = 0 [pid 5526] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5526] exit_group(0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5526] <... exit_group resumed>) = ? [pid 5085] lstat("./16/cgroup.net", [pid 5526] +++ exited with 0 +++ [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./16/cgroup.net") = 0 [pid 5085] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./17/binderfs") = 0 [ 153.231306][ T5527] ? oom_killer_disable+0x2b0/0x2b0 [ 153.236595][ T5527] mem_cgroup_out_of_memory+0x206/0x270 [ 153.242232][ T5527] ? mem_cgroup_margin+0x130/0x130 [ 153.247443][ T5527] memory_max_write+0x2f9/0x3c0 [ 153.252392][ T5527] ? mem_cgroup_force_empty_write+0x160/0x160 [ 153.258545][ T5527] ? lock_sync+0x190/0x190 [ 153.263037][ T5527] cgroup_file_write+0x1e2/0x7b0 [ 153.268072][ T5527] ? mem_cgroup_force_empty_write+0x160/0x160 [ 153.274221][ T5527] ? kill_css+0x3b0/0x3b0 [ 153.278623][ T5527] ? lock_acquire+0x32/0xc0 [pid 5086] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./17/cgroup") = 0 [ 153.283207][ T5527] ? kill_css+0x3b0/0x3b0 [ 153.287616][ T5527] kernfs_fop_write_iter+0x3f1/0x600 [ 153.292988][ T5527] vfs_write+0x9ed/0xe10 [ 153.297311][ T5527] ? kernel_write+0x670/0x670 [ 153.302037][ T5527] ? find_held_lock+0x2d/0x110 [ 153.306845][ T5527] ? __fget_light+0x20a/0x270 [ 153.311590][ T5527] ksys_write+0x12b/0x250 [ 153.315961][ T5527] ? __ia32_sys_read+0xb0/0xb0 [ 153.320767][ T5527] ? lockdep_hardirqs_on+0x7d/0x100 [ 153.326000][ T5527] ? _raw_spin_unlock_irq+0x2e/0x50 [ 153.331257][ T5527] ? ptrace_notify+0xfe/0x140 [ 153.335974][ T5527] do_syscall_64+0x39/0xb0 [ 153.340436][ T5527] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 153.346369][ T5527] RIP: 0033:0x7faecf034129 [ 153.350812][ T5527] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 153.370452][ T5527] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5086] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... umount2 resumed>) = 0 [ 153.378906][ T5527] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 153.386908][ T5527] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 153.394920][ T5527] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 153.402918][ T5527] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 153.410921][ T5527] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000014 [ 153.418943][ T5527] [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] lstat("./17/cgroup.net", [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] lstat("./16/file0", [pid 5086] unlink("./17/cgroup.net") = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./16/file0") = 0 [pid 5085] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./16/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5086] <... umount2 resumed>) = 0 [pid 5085] rmdir("./16" [pid 5086] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... rmdir resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] mkdir("./17", 0777 [pid 5086] lstat("./17/file0", [pid 5085] <... mkdir resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5547 attached ) = -1 EINVAL (Invalid argument) [pid 5547] chdir("./17") = 0 [pid 5086] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 19 [pid 5547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] <... openat resumed>) = 4 [pid 5547] setpgid(0, 0 [pid 5086] fstat(4, [pid 5547] <... setpgid resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5547] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5086] getdents64(4, [pid 5547] <... symlink resumed>) = 0 [pid 5547] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5086] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5547] <... symlink resumed>) = 0 [pid 5086] getdents64(4, [ 153.440032][ T5527] memory: usage 8kB, limit 0kB, failcnt 36 [ 153.475764][ T5527] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5547] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5086] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5547] write(3, "1000", 4) = 4 [pid 5547] close(3) = 0 [pid 5547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5547] mkdir("./file0", 000) = 0 [pid 5547] open("./file0", O_RDONLY) = 3 [ 153.498647][ T5527] Memory cgroup stats for /syz1: [ 153.498932][ T5527] anon 0 [ 153.498932][ T5527] file 0 [ 153.498932][ T5527] kernel 8192 [ 153.498932][ T5527] kernel_stack 0 [ 153.498932][ T5527] pagetables 0 [ 153.498932][ T5527] sec_pagetables 0 [ 153.498932][ T5527] percpu 0 [ 153.498932][ T5527] sock 0 [ 153.498932][ T5527] vmalloc 0 [ 153.498932][ T5527] shmem 0 [ 153.498932][ T5527] zswap 0 [ 153.498932][ T5527] zswapped 0 [ 153.498932][ T5527] file_mapped 0 [ 153.498932][ T5527] file_dirty 0 [pid 5547] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5547] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5547] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5547] openat(5, "memory.max", O_RDWR) = 6 [ 153.498932][ T5527] file_writeback 0 [ 153.498932][ T5527] swapcached 0 [ 153.498932][ T5527] anon_thp 0 [ 153.498932][ T5527] file_thp 0 [ 153.498932][ T5527] shmem_thp 0 [ 153.498932][ T5527] inactive_anon 0 [ 153.498932][ T5527] active_anon 0 [ 153.498932][ T5527] inactive_file 0 [ 153.498932][ T5527] active_file 0 [ 153.498932][ T5527] unevictable 0 [ 153.498932][ T5527] slab_reclaimable 6752 [ 153.498932][ T5527] slab_unreclaimable 0 [ 153.498932][ T5527] slab 6752 [ 153.498932][ T5527] workingset_refault_anon 0 [ 153.498932][ T5527] workingset_refault_file 0 [ 153.498932][ T5527] workingset_activate_anon 0 [ 153.498932][ T5527] workingset_activate_file 0 [ 153.498932][ T5527] workingset_restore_anon 0 [ 153.498932][ T5527] workingset_restore_file 0 [ 153.498932][ T5527] workingset_nodereclaim 0 [ 153.498932][ T5527] pgscan 831 [ 153.498932][ T5527] pgsteal 2 [ 153.498932][ T5527] pgscan_kswapd 0 [ 153.498932][ T5527] pgscan_direct 831 [ 153.498932][ T5527] pgscan_khugepaged 0 [ 153.498932][ T5527] pgsteal_kswapd 0 [ 153.498932][ T5527] pgsteal_direct 2 [ 153.498932][ T5527] pgsteal_khugepaged 0 [pid 5547] write(6, "0x000000000000040e", 18 [pid 5086] close(4) = 0 [pid 5086] rmdir("./17/file0") = 0 [pid 5086] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./17/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./17") = 0 [pid 5086] mkdir("./18", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 20 ./strace-static-x86_64: Process 5548 attached [ 153.498932][ T5527] pgfault 21 [ 153.498932][ T5527] pgmajfault 0 [ 153.498932][ T5527] pgrefill 830 [ 153.498932][ T5527] pgactivate 829 [ 153.498932][ T5527] pgdeactivate 830 [ 153.498932][ T5527] pglazyfree 0 [ 153.498932][ T5527] pglazyfreed 0 [ 153.498932][ T5527] zswpin 0 [ 153.498932][ T5527] zswpout 0 [ 153.498932][ T5527] thp_fault_alloc 0 [ 153.498932][ T5527] thp_collapse_alloc 0 [ 153.690151][ T5527] Tasks state (memory values in pages): [pid 5548] chdir("./18") = 0 [pid 5548] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5527] <... write resumed>) = 18 [pid 5548] <... prctl resumed>) = 0 [pid 5527] close(3 [pid 5548] setpgid(0, 0 [pid 5527] <... close resumed>) = 0 [pid 5548] <... setpgid resumed>) = 0 [pid 5527] close(4 [pid 5548] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5527] <... close resumed>) = 0 [pid 5548] <... symlink resumed>) = 0 [pid 5527] close(5 [pid 5548] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5527] <... close resumed>) = 0 [pid 5548] <... symlink resumed>) = 0 [pid 5527] close(6 [pid 5548] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5527] <... close resumed>) = 0 [pid 5548] <... symlink resumed>) = 0 [pid 5527] close(7 [pid 5548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5548] <... openat resumed>) = 3 [pid 5527] close(8 [pid 5548] write(3, "1000", 4 [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5548] <... write resumed>) = 4 [pid 5527] close(9 [pid 5548] close(3 [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5548] <... close resumed>) = 0 [pid 5527] close(10 [pid 5548] symlink("/dev/binderfs", "./binderfs" [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5548] <... symlink resumed>) = 0 [pid 5527] close(11 [pid 5548] mkdir("./file0", 000 [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5548] <... mkdir resumed>) = 0 [pid 5527] close(12 [pid 5548] open("./file0", O_RDONLY [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5548] <... open resumed>) = 3 [pid 5527] close(13 [pid 5548] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5548] <... mount resumed>) = 0 [pid 5527] close(14 [pid 5548] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5548] <... openat resumed>) = 4 [pid 5527] close(15 [pid 5548] openat(4, "syz1", O_RDWR|O_PATH [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5548] <... openat resumed>) = 5 [pid 5527] close(16 [pid 5548] openat(5, "memory.max", O_RDWR [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5548] <... openat resumed>) = 6 [pid 5527] close(17 [pid 5548] write(6, "0x000000000000040e", 18 [pid 5527] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5527] close(18) = -1 EBADF (Bad file descriptor) [pid 5527] close(19) = -1 EBADF (Bad file descriptor) [pid 5527] close(20) = -1 EBADF (Bad file descriptor) [pid 5527] close(21) = -1 EBADF (Bad file descriptor) [pid 5527] close(22) = -1 EBADF (Bad file descriptor) [pid 5527] close(23) = -1 EBADF (Bad file descriptor) [pid 5527] close(24) = -1 EBADF (Bad file descriptor) [pid 5527] close(25) = -1 EBADF (Bad file descriptor) [pid 5527] close(26) = -1 EBADF (Bad file descriptor) [pid 5527] close(27) = -1 EBADF (Bad file descriptor) [pid 5527] close(28) = -1 EBADF (Bad file descriptor) [pid 5527] close(29) = -1 EBADF (Bad file descriptor) [pid 5527] exit_group(0) = ? [ 153.696714][ T5527] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 153.707001][ T5527] Out of memory and no killable processes... [ 153.713652][ T5534] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5527] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5090] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./20/binderfs") = 0 [pid 5090] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./20/cgroup") = 0 [pid 5090] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 153.755187][ T5534] CPU: 0 PID: 5534 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 153.765178][ T5534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 153.775292][ T5534] Call Trace: [ 153.778623][ T5534] [ 153.781599][ T5534] dump_stack_lvl+0x136/0x150 [ 153.786345][ T5534] dump_header+0x10a/0xd70 [ 153.790844][ T5534] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 153.797002][ T5534] out_of_memory+0xd64/0x1660 [pid 5090] unlink("./20/cgroup.net") = 0 [ 153.801770][ T5534] ? oom_killer_disable+0x2b0/0x2b0 [ 153.807080][ T5534] mem_cgroup_out_of_memory+0x206/0x270 [ 153.812704][ T5534] ? mem_cgroup_margin+0x130/0x130 [ 153.817880][ T5534] memory_max_write+0x2f9/0x3c0 [ 153.822796][ T5534] ? mem_cgroup_force_empty_write+0x160/0x160 [ 153.828916][ T5534] ? lock_sync+0x190/0x190 [ 153.833385][ T5534] cgroup_file_write+0x1e2/0x7b0 [ 153.838368][ T5534] ? mem_cgroup_force_empty_write+0x160/0x160 [ 153.844491][ T5534] ? kill_css+0x3b0/0x3b0 [ 153.848871][ T5534] ? lock_acquire+0x32/0xc0 [ 153.853420][ T5534] ? kill_css+0x3b0/0x3b0 [ 153.857791][ T5534] kernfs_fop_write_iter+0x3f1/0x600 [ 153.863127][ T5534] vfs_write+0x9ed/0xe10 [ 153.867444][ T5534] ? kernel_write+0x670/0x670 [ 153.872282][ T5534] ? find_held_lock+0x2d/0x110 [ 153.877098][ T5534] ? __fget_light+0x20a/0x270 [ 153.881932][ T5534] ksys_write+0x12b/0x250 [ 153.886317][ T5534] ? __ia32_sys_read+0xb0/0xb0 [ 153.891126][ T5534] ? lockdep_hardirqs_on+0x7d/0x100 [ 153.896368][ T5534] ? _raw_spin_unlock_irq+0x2e/0x50 [ 153.901615][ T5534] ? ptrace_notify+0xfe/0x140 [ 153.906333][ T5534] do_syscall_64+0x39/0xb0 [ 153.910799][ T5534] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 153.916732][ T5534] RIP: 0033:0x7faecf034129 [ 153.921176][ T5534] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 153.940810][ T5534] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 153.949254][ T5534] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 153.957249][ T5534] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 153.965241][ T5534] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 153.973233][ T5534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 153.981228][ T5534] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000014 [ 153.989246][ T5534] [pid 5090] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 154.006687][ T5534] memory: usage 8kB, limit 0kB, failcnt 36 [ 154.014492][ T5534] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 154.022990][ T5534] Memory cgroup stats for /syz1: [ 154.023291][ T5534] anon 0 [ 154.023291][ T5534] file 0 [ 154.023291][ T5534] kernel 8192 [ 154.023291][ T5534] kernel_stack 0 [ 154.023291][ T5534] pagetables 0 [ 154.023291][ T5534] sec_pagetables 0 [ 154.023291][ T5534] percpu 0 [ 154.023291][ T5534] sock 0 [ 154.023291][ T5534] vmalloc 0 [pid 5090] lstat("./20/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./20/file0") = 0 [pid 5090] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./20/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./20") = 0 [pid 5090] mkdir("./21", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 23 [ 154.023291][ T5534] shmem 0 [ 154.023291][ T5534] zswap 0 [ 154.023291][ T5534] zswapped 0 [ 154.023291][ T5534] file_mapped 0 [ 154.023291][ T5534] file_dirty 0 [ 154.023291][ T5534] file_writeback 0 [ 154.023291][ T5534] swapcached 0 [ 154.023291][ T5534] anon_thp 0 [ 154.023291][ T5534] file_thp 0 [ 154.023291][ T5534] shmem_thp 0 [ 154.023291][ T5534] inactive_anon 0 [ 154.023291][ T5534] active_anon 0 [ 154.023291][ T5534] inactive_file 0 [ 154.023291][ T5534] active_file 0 [ 154.023291][ T5534] unevictable 0 [ 154.023291][ T5534] slab_reclaimable 6752 [ 154.023291][ T5534] slab_unreclaimable 0 [ 154.023291][ T5534] slab 6752 [ 154.023291][ T5534] workingset_refault_anon 0 [ 154.023291][ T5534] workingset_refault_file 0 [ 154.023291][ T5534] workingset_activate_anon 0 [ 154.023291][ T5534] workingset_activate_file 0 [ 154.023291][ T5534] workingset_restore_anon 0 [ 154.023291][ T5534] workingset_restore_file 0 [ 154.023291][ T5534] workingset_nodereclaim 0 [ 154.023291][ T5534] pgscan 831 [ 154.023291][ T5534] pgsteal 2 [ 154.023291][ T5534] pgscan_kswapd 0 ./strace-static-x86_64: Process 5551 attached [pid 5551] chdir("./21") = 0 [pid 5551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5551] setpgid(0, 0) = 0 [pid 5551] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5551] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5551] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [ 154.023291][ T5534] pgscan_direct 831 [ 154.023291][ T5534] pgscan_khugepaged 0 [ 154.023291][ T5534] pgsteal_kswapd 0 [ 154.023291][ T5534] pgsteal_direct 2 [ 154.023291][ T5534] pgsteal_khugepaged 0 [ 154.023291][ T5534] pgfault 21 [ 154.023291][ T5534] pgmajfault 0 [ 154.023291][ T5534] pgrefill 830 [ 154.023291][ T5534] pgactivate 829 [ 154.023291][ T5534] pgdeactivate 830 [ 154.023291][ T5534] pglazyfree 0 [ 154.023291][ T5534] pglazyfreed 0 [ 154.023291][ T5534] zswpin 0 [ 154.023291][ T5534] zswpout 0 [ 154.023291][ T5534] thp_fault_alloc 0 [pid 5551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5551] write(3, "1000", 4) = 4 [pid 5551] close(3) = 0 [pid 5551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5551] mkdir("./file0", 000) = 0 [pid 5551] open("./file0", O_RDONLY [pid 5534] <... write resumed>) = 18 [ 154.023291][ T5534] thp_collapse_alloc 0 [ 154.214714][ T5534] Tasks state (memory values in pages): [ 154.221239][ T5534] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 154.234550][ T5534] Out of memory and no killable processes... [ 154.243183][ T5539] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 154.257585][ T5539] CPU: 0 PID: 5539 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 154.267570][ T5539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 154.277682][ T5539] Call Trace: [ 154.281004][ T5539] [ 154.284007][ T5539] dump_stack_lvl+0x136/0x150 [ 154.288760][ T5539] dump_header+0x10a/0xd70 [ 154.293243][ T5539] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 154.299416][ T5539] out_of_memory+0xd64/0x1660 [ 154.304182][ T5539] ? oom_killer_disable+0x2b0/0x2b0 [ 154.309457][ T5539] ? find_held_lock+0x2d/0x110 [ 154.314287][ T5539] mem_cgroup_out_of_memory+0x206/0x270 [ 154.319917][ T5539] ? mem_cgroup_margin+0x130/0x130 [ 154.325105][ T5539] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 154.330997][ T5539] memory_max_write+0x2f9/0x3c0 [ 154.335928][ T5539] ? mem_cgroup_force_empty_write+0x160/0x160 [ 154.342054][ T5539] ? lock_sync+0x190/0x190 [ 154.346521][ T5539] cgroup_file_write+0x1e2/0x7b0 [ 154.351506][ T5539] ? mem_cgroup_force_empty_write+0x160/0x160 [ 154.357620][ T5539] ? kill_css+0x3b0/0x3b0 [ 154.361996][ T5539] ? lock_acquire+0x32/0xc0 [ 154.366549][ T5539] ? kill_css+0x3b0/0x3b0 [ 154.370921][ T5539] kernfs_fop_write_iter+0x3f1/0x600 [ 154.376257][ T5539] vfs_write+0x9ed/0xe10 [ 154.380549][ T5539] ? kernel_write+0x670/0x670 [ 154.385280][ T5539] ? find_held_lock+0x2d/0x110 [ 154.390084][ T5539] ? __fget_light+0x20a/0x270 [ 154.394814][ T5539] ksys_write+0x12b/0x250 [ 154.399192][ T5539] ? __ia32_sys_read+0xb0/0xb0 [ 154.404001][ T5539] ? lockdep_hardirqs_on+0x7d/0x100 [ 154.409235][ T5539] ? _raw_spin_unlock_irq+0x2e/0x50 [ 154.414473][ T5539] ? ptrace_notify+0xfe/0x140 [ 154.419191][ T5539] do_syscall_64+0x39/0xb0 [ 154.423671][ T5539] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 154.429601][ T5539] RIP: 0033:0x7faecf034129 [ 154.434043][ T5539] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5551] <... open resumed>) = 3 [pid 5534] close(3 [pid 5551] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 154.453677][ T5539] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 154.462130][ T5539] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 154.470134][ T5539] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 154.478130][ T5539] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 154.486123][ T5539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 154.494121][ T5539] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000013 [ 154.502144][ T5539] [pid 5551] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5534] <... close resumed>) = 0 [pid 5551] <... openat resumed>) = 4 [pid 5534] close(4) = 0 [pid 5551] openat(4, "syz1", O_RDWR|O_PATH [pid 5534] close(5 [pid 5551] <... openat resumed>) = 5 [pid 5534] <... close resumed>) = 0 [pid 5551] openat(5, "memory.max", O_RDWR [ 154.529028][ T5539] memory: usage 8kB, limit 0kB, failcnt 36 [ 154.543927][ T5539] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 154.571854][ T5539] Memory cgroup stats for /syz1: [ 154.572174][ T5539] anon 0 [ 154.572174][ T5539] file 0 [ 154.572174][ T5539] kernel 8192 [ 154.572174][ T5539] kernel_stack 0 [ 154.572174][ T5539] pagetables 0 [ 154.572174][ T5539] sec_pagetables 0 [ 154.572174][ T5539] percpu 0 [ 154.572174][ T5539] sock 0 [ 154.572174][ T5539] vmalloc 0 [ 154.572174][ T5539] shmem 0 [ 154.572174][ T5539] zswap 0 [ 154.572174][ T5539] zswapped 0 [ 154.572174][ T5539] file_mapped 0 [ 154.572174][ T5539] file_dirty 0 [pid 5534] close(6 [pid 5551] <... openat resumed>) = 6 [pid 5534] <... close resumed>) = 0 [pid 5551] write(6, "0x000000000000040e", 18 [ 154.572174][ T5539] file_writeback 0 [ 154.572174][ T5539] swapcached 0 [ 154.572174][ T5539] anon_thp 0 [ 154.572174][ T5539] file_thp 0 [ 154.572174][ T5539] shmem_thp 0 [ 154.572174][ T5539] inactive_anon 0 [ 154.572174][ T5539] active_anon 0 [ 154.572174][ T5539] inactive_file 0 [ 154.572174][ T5539] active_file 0 [ 154.572174][ T5539] unevictable 0 [ 154.572174][ T5539] slab_reclaimable 6752 [ 154.572174][ T5539] slab_unreclaimable 0 [ 154.572174][ T5539] slab 6752 [ 154.572174][ T5539] workingset_refault_anon 0 [ 154.572174][ T5539] workingset_refault_file 0 [ 154.572174][ T5539] workingset_activate_anon 0 [ 154.572174][ T5539] workingset_activate_file 0 [ 154.572174][ T5539] workingset_restore_anon 0 [ 154.572174][ T5539] workingset_restore_file 0 [ 154.572174][ T5539] workingset_nodereclaim 0 [ 154.572174][ T5539] pgscan 831 [ 154.572174][ T5539] pgsteal 2 [ 154.572174][ T5539] pgscan_kswapd 0 [ 154.572174][ T5539] pgscan_direct 831 [ 154.572174][ T5539] pgscan_khugepaged 0 [ 154.572174][ T5539] pgsteal_kswapd 0 [ 154.572174][ T5539] pgsteal_direct 2 [ 154.572174][ T5539] pgsteal_khugepaged 0 [pid 5534] close(7) = -1 EBADF (Bad file descriptor) [pid 5534] close(8) = -1 EBADF (Bad file descriptor) [pid 5534] close(9) = -1 EBADF (Bad file descriptor) [pid 5534] close(10) = -1 EBADF (Bad file descriptor) [pid 5534] close(11) = -1 EBADF (Bad file descriptor) [pid 5534] close(12) = -1 EBADF (Bad file descriptor) [pid 5534] close(13) = -1 EBADF (Bad file descriptor) [pid 5534] close(14) = -1 EBADF (Bad file descriptor) [pid 5534] close(15) = -1 EBADF (Bad file descriptor) [pid 5534] close(16) = -1 EBADF (Bad file descriptor) [pid 5534] close(17) = -1 EBADF (Bad file descriptor) [pid 5534] close(18) = -1 EBADF (Bad file descriptor) [pid 5534] close(19) = -1 EBADF (Bad file descriptor) [pid 5534] close(20) = -1 EBADF (Bad file descriptor) [pid 5534] close(21) = -1 EBADF (Bad file descriptor) [pid 5534] close(22) = -1 EBADF (Bad file descriptor) [pid 5534] close(23) = -1 EBADF (Bad file descriptor) [pid 5534] close(24) = -1 EBADF (Bad file descriptor) [pid 5534] close(25) = -1 EBADF (Bad file descriptor) [pid 5534] close(26) = -1 EBADF (Bad file descriptor) [pid 5534] close(27) = -1 EBADF (Bad file descriptor) [pid 5534] close(28) = -1 EBADF (Bad file descriptor) [pid 5534] close(29) = -1 EBADF (Bad file descriptor) [pid 5534] exit_group(0) = ? [pid 5534] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5089] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 154.572174][ T5539] pgfault 21 [ 154.572174][ T5539] pgmajfault 0 [ 154.572174][ T5539] pgrefill 830 [ 154.572174][ T5539] pgactivate 829 [ 154.572174][ T5539] pgdeactivate 830 [ 154.572174][ T5539] pglazyfree 0 [ 154.572174][ T5539] pglazyfreed 0 [ 154.572174][ T5539] zswpin 0 [ 154.572174][ T5539] zswpout 0 [ 154.572174][ T5539] thp_fault_alloc 0 [ 154.572174][ T5539] thp_collapse_alloc 0 [pid 5089] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./20/binderfs") = 0 [pid 5089] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./20/cgroup") = 0 [pid 5089] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./20/cgroup.net") = 0 [pid 5089] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./20/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./20/file0") = 0 [pid 5089] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./20/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./20") = 0 [pid 5089] mkdir("./21", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5554 attached [pid 5554] chdir("./21" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 23 [pid 5554] <... chdir resumed>) = 0 [pid 5554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5554] setpgid(0, 0) = 0 [pid 5554] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5554] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5554] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5554] write(3, "1000", 4) = 4 [pid 5554] close(3) = 0 [pid 5554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5554] mkdir("./file0", 000) = 0 [pid 5554] open("./file0", O_RDONLY) = 3 [pid 5554] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5554] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5554] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5554] openat(5, "memory.max", O_RDWR) = 6 [ 154.832004][ T5539] Tasks state (memory values in pages): [ 154.837785][ T5539] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 154.869900][ T5539] Out of memory and no killable processes... [pid 5554] write(6, "0x000000000000040e", 18 [pid 5539] <... write resumed>) = 18 [pid 5539] close(3) = 0 [pid 5539] close(4) = 0 [pid 5539] close(5) = 0 [pid 5539] close(6) = 0 [pid 5539] close(7) = -1 EBADF (Bad file descriptor) [pid 5539] close(8) = -1 EBADF (Bad file descriptor) [pid 5539] close(9) = -1 EBADF (Bad file descriptor) [pid 5539] close(10) = -1 EBADF (Bad file descriptor) [pid 5539] close(11) = -1 EBADF (Bad file descriptor) [ 154.892574][ T5547] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 154.929427][ T5547] CPU: 0 PID: 5547 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 154.939481][ T5547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 154.949590][ T5547] Call Trace: [ 154.952908][ T5547] [ 154.955884][ T5547] dump_stack_lvl+0x136/0x150 [ 154.960632][ T5547] dump_header+0x10a/0xd70 [ 154.965140][ T5547] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 154.971301][ T5547] out_of_memory+0xd64/0x1660 [ 154.976062][ T5547] ? oom_killer_disable+0x2b0/0x2b0 [ 154.981363][ T5547] mem_cgroup_out_of_memory+0x206/0x270 [ 154.987003][ T5547] ? mem_cgroup_margin+0x130/0x130 [pid 5539] close(12) = -1 EBADF (Bad file descriptor) [pid 5539] close(13) = -1 EBADF (Bad file descriptor) [pid 5539] close(14) = -1 EBADF (Bad file descriptor) [pid 5539] close(15) = -1 EBADF (Bad file descriptor) [pid 5539] close(16) = -1 EBADF (Bad file descriptor) [pid 5539] close(17) = -1 EBADF (Bad file descriptor) [pid 5539] close(18) = -1 EBADF (Bad file descriptor) [ 154.992229][ T5547] memory_max_write+0x2f9/0x3c0 [ 154.997169][ T5547] ? mem_cgroup_force_empty_write+0x160/0x160 [ 155.003366][ T5547] ? lock_sync+0x190/0x190 [ 155.007859][ T5547] cgroup_file_write+0x1e2/0x7b0 [ 155.012877][ T5547] ? mem_cgroup_force_empty_write+0x160/0x160 [ 155.019031][ T5547] ? kill_css+0x3b0/0x3b0 [ 155.023445][ T5547] ? lock_acquire+0x32/0xc0 [ 155.028042][ T5547] ? kill_css+0x3b0/0x3b0 [ 155.032455][ T5547] kernfs_fop_write_iter+0x3f1/0x600 [ 155.037826][ T5547] vfs_write+0x9ed/0xe10 [pid 5539] close(19) = -1 EBADF (Bad file descriptor) [pid 5539] close(20) = -1 EBADF (Bad file descriptor) [pid 5539] close(21) = -1 EBADF (Bad file descriptor) [pid 5539] close(22) = -1 EBADF (Bad file descriptor) [pid 5539] close(23) = -1 EBADF (Bad file descriptor) [pid 5539] close(24) = -1 EBADF (Bad file descriptor) [pid 5539] close(25) = -1 EBADF (Bad file descriptor) [pid 5539] close(26) = -1 EBADF (Bad file descriptor) [pid 5539] close(27) = -1 EBADF (Bad file descriptor) [ 155.042159][ T5547] ? kernel_write+0x670/0x670 [ 155.046942][ T5547] ? find_held_lock+0x2d/0x110 [ 155.051785][ T5547] ? __fget_light+0x20a/0x270 [ 155.056545][ T5547] ksys_write+0x12b/0x250 [ 155.060958][ T5547] ? __ia32_sys_read+0xb0/0xb0 [ 155.065800][ T5547] ? lockdep_hardirqs_on+0x7d/0x100 [ 155.071084][ T5547] ? _raw_spin_unlock_irq+0x2e/0x50 [ 155.076355][ T5547] ? ptrace_notify+0xfe/0x140 [ 155.081101][ T5547] do_syscall_64+0x39/0xb0 [ 155.085595][ T5547] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 155.091575][ T5547] RIP: 0033:0x7faecf034129 [ 155.096043][ T5547] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 155.115767][ T5547] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 155.124246][ T5547] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 155.132290][ T5547] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5539] close(28) = -1 EBADF (Bad file descriptor) [pid 5539] close(29) = -1 EBADF (Bad file descriptor) [pid 5539] exit_group(0) = ? [pid 5539] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5087] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./19/binderfs") = 0 [pid 5087] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./19/cgroup") = 0 [pid 5087] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./19/cgroup.net") = 0 [pid 5087] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 155.140406][ T5547] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 155.148435][ T5547] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 155.156464][ T5547] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000011 [ 155.164516][ T5547] [pid 5087] lstat("./19/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./19/file0") = 0 [pid 5087] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./19/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./19/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 155.186898][ T5547] memory: usage 8kB, limit 0kB, failcnt 36 [ 155.200186][ T5547] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 155.209875][ T5547] Memory cgroup stats for /syz1: [ 155.210346][ T5547] anon 0 [ 155.210346][ T5547] file 0 [ 155.210346][ T5547] kernel 8192 [ 155.210346][ T5547] kernel_stack 0 [ 155.210346][ T5547] pagetables 0 [ 155.210346][ T5547] sec_pagetables 0 [ 155.210346][ T5547] percpu 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./19") = 0 [pid 5087] mkdir("./20", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5561 attached [pid 5561] chdir("./20" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 22 [pid 5561] <... chdir resumed>) = 0 [ 155.210346][ T5547] sock 0 [ 155.210346][ T5547] vmalloc 0 [ 155.210346][ T5547] shmem 0 [ 155.210346][ T5547] zswap 0 [ 155.210346][ T5547] zswapped 0 [ 155.210346][ T5547] file_mapped 0 [ 155.210346][ T5547] file_dirty 0 [ 155.210346][ T5547] file_writeback 0 [ 155.210346][ T5547] swapcached 0 [ 155.210346][ T5547] anon_thp 0 [ 155.210346][ T5547] file_thp 0 [ 155.210346][ T5547] shmem_thp 0 [ 155.210346][ T5547] inactive_anon 0 [ 155.210346][ T5547] active_anon 0 [ 155.210346][ T5547] inactive_file 0 [ 155.210346][ T5547] active_file 0 [ 155.210346][ T5547] unevictable 0 [ 155.210346][ T5547] slab_reclaimable 6752 [ 155.210346][ T5547] slab_unreclaimable 0 [ 155.210346][ T5547] slab 6752 [ 155.210346][ T5547] workingset_refault_anon 0 [ 155.210346][ T5547] workingset_refault_file 0 [ 155.210346][ T5547] workingset_activate_anon 0 [ 155.210346][ T5547] workingset_activate_file 0 [ 155.210346][ T5547] workingset_restore_anon 0 [ 155.210346][ T5547] workingset_restore_file 0 [ 155.210346][ T5547] workingset_nodereclaim 0 [ 155.210346][ T5547] pgscan 831 [pid 5561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5561] setpgid(0, 0) = 0 [pid 5561] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5561] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5561] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5561] write(3, "1000", 4) = 4 [pid 5561] close(3) = 0 [pid 5561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5561] mkdir("./file0", 000) = 0 [pid 5561] open("./file0", O_RDONLY) = 3 [ 155.210346][ T5547] pgsteal 2 [ 155.210346][ T5547] pgscan_kswapd 0 [ 155.210346][ T5547] pgscan_direct 831 [ 155.210346][ T5547] pgscan_khugepaged 0 [ 155.210346][ T5547] pgsteal_kswapd 0 [ 155.210346][ T5547] pgsteal_direct 2 [ 155.210346][ T5547] pgsteal_khugepaged 0 [ 155.210346][ T5547] pgfault 21 [ 155.210346][ T5547] pgmajfault 0 [ 155.210346][ T5547] pgrefill 830 [ 155.210346][ T5547] pgactivate 829 [ 155.210346][ T5547] pgdeactivate 830 [ 155.210346][ T5547] pglazyfree 0 [ 155.210346][ T5547] pglazyfreed 0 [ 155.210346][ T5547] zswpin 0 [pid 5561] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5561] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5561] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5561] openat(5, "memory.max", O_RDWR) = 6 [ 155.210346][ T5547] zswpout 0 [ 155.210346][ T5547] thp_fault_alloc 0 [ 155.210346][ T5547] thp_collapse_alloc 0 [ 155.416271][ T5547] Tasks state (memory values in pages): [ 155.425481][ T5547] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5561] write(6, "0x000000000000040e", 18 [pid 5547] <... write resumed>) = 18 [ 155.440490][ T5547] Out of memory and no killable processes... [ 155.450287][ T5548] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 155.466203][ T5548] CPU: 0 PID: 5548 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 155.476190][ T5548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 155.486297][ T5548] Call Trace: [ 155.489617][ T5548] [ 155.492597][ T5548] dump_stack_lvl+0x136/0x150 [ 155.497349][ T5548] dump_header+0x10a/0xd70 [ 155.501834][ T5548] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 155.508000][ T5548] out_of_memory+0xd64/0x1660 [ 155.512771][ T5548] ? oom_killer_disable+0x2b0/0x2b0 [ 155.518072][ T5548] mem_cgroup_out_of_memory+0x206/0x270 [ 155.523701][ T5548] ? mem_cgroup_margin+0x130/0x130 [ 155.528922][ T5548] memory_max_write+0x2f9/0x3c0 [ 155.533863][ T5548] ? mem_cgroup_force_empty_write+0x160/0x160 [ 155.540022][ T5548] ? lock_sync+0x190/0x190 [ 155.544518][ T5548] cgroup_file_write+0x1e2/0x7b0 [ 155.549540][ T5548] ? mem_cgroup_force_empty_write+0x160/0x160 [ 155.555686][ T5548] ? kill_css+0x3b0/0x3b0 [ 155.560095][ T5548] ? lock_acquire+0x32/0xc0 [ 155.564680][ T5548] ? kill_css+0x3b0/0x3b0 [ 155.569088][ T5548] kernfs_fop_write_iter+0x3f1/0x600 [ 155.574453][ T5548] vfs_write+0x9ed/0xe10 [ 155.578781][ T5548] ? kernel_write+0x670/0x670 [ 155.583537][ T5548] ? find_held_lock+0x2d/0x110 [pid 5547] close(3) = 0 [ 155.588380][ T5548] ? __fget_light+0x20a/0x270 [ 155.593143][ T5548] ksys_write+0x12b/0x250 [ 155.597556][ T5548] ? __ia32_sys_read+0xb0/0xb0 [ 155.602416][ T5548] ? lockdep_hardirqs_on+0x7d/0x100 [ 155.607681][ T5548] ? _raw_spin_unlock_irq+0x2e/0x50 [ 155.612957][ T5548] ? ptrace_notify+0xfe/0x140 [ 155.617709][ T5548] do_syscall_64+0x39/0xb0 [ 155.622202][ T5548] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 155.628160][ T5548] RIP: 0033:0x7faecf034129 [pid 5547] close(4) = 0 [pid 5547] close(5) = 0 [pid 5547] close(6) = 0 [pid 5547] close(7) = -1 EBADF (Bad file descriptor) [pid 5547] close(8) = -1 EBADF (Bad file descriptor) [pid 5547] close(9) = -1 EBADF (Bad file descriptor) [pid 5547] close(10) = -1 EBADF (Bad file descriptor) [pid 5547] close(11) = -1 EBADF (Bad file descriptor) [pid 5547] close(12) = -1 EBADF (Bad file descriptor) [pid 5547] close(13) = -1 EBADF (Bad file descriptor) [pid 5547] close(14) = -1 EBADF (Bad file descriptor) [pid 5547] close(15) = -1 EBADF (Bad file descriptor) [pid 5547] close(16) = -1 EBADF (Bad file descriptor) [pid 5547] close(17) = -1 EBADF (Bad file descriptor) [pid 5547] close(18) = -1 EBADF (Bad file descriptor) [ 155.632623][ T5548] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 155.652303][ T5548] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 155.660810][ T5548] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 155.668841][ T5548] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 155.676882][ T5548] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5547] close(19) = -1 EBADF (Bad file descriptor) [pid 5547] close(20) = -1 EBADF (Bad file descriptor) [pid 5547] close(21) = -1 EBADF (Bad file descriptor) [pid 5547] close(22) = -1 EBADF (Bad file descriptor) [pid 5547] close(23) = -1 EBADF (Bad file descriptor) [pid 5547] close(24) = -1 EBADF (Bad file descriptor) [pid 5547] close(25) = -1 EBADF (Bad file descriptor) [pid 5547] close(26) = -1 EBADF (Bad file descriptor) [pid 5547] close(27) = -1 EBADF (Bad file descriptor) [pid 5547] close(28) = -1 EBADF (Bad file descriptor) [pid 5547] close(29) = -1 EBADF (Bad file descriptor) [pid 5547] exit_group(0) = ? [pid 5547] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5085] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./17/binderfs") = 0 [pid 5085] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./17/cgroup") = 0 [pid 5085] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 155.684928][ T5548] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 155.692970][ T5548] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000012 [ 155.701018][ T5548] [pid 5085] lstat("./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./17/cgroup.net") = 0 [pid 5085] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./17/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./17/file0") = 0 [pid 5085] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./17/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./17") = 0 [pid 5085] mkdir("./18", 0777) = 0 [ 155.788164][ T5548] memory: usage 8kB, limit 0kB, failcnt 36 [ 155.795364][ T5548] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 155.805205][ T5548] Memory cgroup stats for /syz1: [ 155.805487][ T5548] anon 0 [ 155.805487][ T5548] file 0 [ 155.805487][ T5548] kernel 8192 [ 155.805487][ T5548] kernel_stack 0 [ 155.805487][ T5548] pagetables 0 [ 155.805487][ T5548] sec_pagetables 0 [ 155.805487][ T5548] percpu 0 [ 155.805487][ T5548] sock 0 [ 155.805487][ T5548] vmalloc 0 [ 155.805487][ T5548] shmem 0 [ 155.805487][ T5548] zswap 0 [ 155.805487][ T5548] zswapped 0 [ 155.805487][ T5548] file_mapped 0 [ 155.805487][ T5548] file_dirty 0 [ 155.805487][ T5548] file_writeback 0 [ 155.805487][ T5548] swapcached 0 [ 155.805487][ T5548] anon_thp 0 [ 155.805487][ T5548] file_thp 0 [ 155.805487][ T5548] shmem_thp 0 [ 155.805487][ T5548] inactive_anon 0 [ 155.805487][ T5548] active_anon 0 [ 155.805487][ T5548] inactive_file 0 [ 155.805487][ T5548] active_file 0 [ 155.805487][ T5548] unevictable 0 [ 155.805487][ T5548] slab_reclaimable 6752 [ 155.805487][ T5548] slab_unreclaimable 0 [ 155.805487][ T5548] slab 6752 [ 155.805487][ T5548] workingset_refault_anon 0 [ 155.805487][ T5548] workingset_refault_file 0 [ 155.805487][ T5548] workingset_activate_anon 0 [ 155.805487][ T5548] workingset_activate_file 0 [ 155.805487][ T5548] workingset_restore_anon 0 [ 155.805487][ T5548] workingset_restore_file 0 [ 155.805487][ T5548] workingset_nodereclaim 0 [ 155.805487][ T5548] pgscan 831 [ 155.805487][ T5548] pgsteal 2 [ 155.805487][ T5548] pgscan_kswapd 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5564 attached [pid 5564] chdir("./18" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 20 [pid 5564] <... chdir resumed>) = 0 [pid 5564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5564] setpgid(0, 0) = 0 [pid 5564] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5564] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5564] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5564] write(3, "1000", 4) = 4 [pid 5564] close(3) = 0 [pid 5564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5564] mkdir("./file0", 000) = 0 [pid 5564] open("./file0", O_RDONLY) = 3 [pid 5564] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5564] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5564] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5564] openat(5, "memory.max", O_RDWR) = 6 [ 155.805487][ T5548] pgscan_direct 831 [ 155.805487][ T5548] pgscan_khugepaged 0 [ 155.805487][ T5548] pgsteal_kswapd 0 [ 155.805487][ T5548] pgsteal_direct 2 [ 155.805487][ T5548] pgsteal_khugepaged 0 [ 155.805487][ T5548] pgfault 21 [ 155.805487][ T5548] pgmajfault 0 [ 155.805487][ T5548] pgrefill 830 [ 155.805487][ T5548] pgactivate 829 [ 155.805487][ T5548] pgdeactivate 830 [ 155.805487][ T5548] pglazyfree 0 [ 155.805487][ T5548] pglazyfreed 0 [ 155.805487][ T5548] zswpin 0 [ 155.805487][ T5548] zswpout 0 [ 155.805487][ T5548] thp_fault_alloc 0 [ 155.805487][ T5548] thp_collapse_alloc 0 [ 156.001858][ T5548] Tasks state (memory values in pages): [ 156.007490][ T5548] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 156.030359][ T5548] Out of memory and no killable processes... [pid 5564] write(6, "0x000000000000040e", 18 [pid 5548] <... write resumed>) = 18 [pid 5548] close(3) = 0 [pid 5548] close(4) = 0 [pid 5548] close(5) = 0 [pid 5548] close(6) = 0 [pid 5548] close(7) = -1 EBADF (Bad file descriptor) [pid 5548] close(8) = -1 EBADF (Bad file descriptor) [pid 5548] close(9) = -1 EBADF (Bad file descriptor) [pid 5548] close(10) = -1 EBADF (Bad file descriptor) [pid 5548] close(11) = -1 EBADF (Bad file descriptor) [pid 5548] close(12) = -1 EBADF (Bad file descriptor) [pid 5548] close(13) = -1 EBADF (Bad file descriptor) [pid 5548] close(14) = -1 EBADF (Bad file descriptor) [pid 5548] close(15) = -1 EBADF (Bad file descriptor) [pid 5548] close(16) = -1 EBADF (Bad file descriptor) [pid 5548] close(17) = -1 EBADF (Bad file descriptor) [pid 5548] close(18) = -1 EBADF (Bad file descriptor) [pid 5548] close(19) = -1 EBADF (Bad file descriptor) [pid 5548] close(20) = -1 EBADF (Bad file descriptor) [pid 5548] close(21) = -1 EBADF (Bad file descriptor) [pid 5548] close(22) = -1 EBADF (Bad file descriptor) [pid 5548] close(23) = -1 EBADF (Bad file descriptor) [pid 5548] close(24) = -1 EBADF (Bad file descriptor) [pid 5548] close(25) = -1 EBADF (Bad file descriptor) [pid 5548] close(26) = -1 EBADF (Bad file descriptor) [pid 5548] close(27) = -1 EBADF (Bad file descriptor) [pid 5548] close(28) = -1 EBADF (Bad file descriptor) [pid 5548] close(29) = -1 EBADF (Bad file descriptor) [pid 5548] exit_group(0) = ? [pid 5548] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 156.038004][ T5551] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 156.061916][ T5551] CPU: 1 PID: 5551 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 156.071905][ T5551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 156.082015][ T5551] Call Trace: [ 156.085386][ T5551] [ 156.088361][ T5551] dump_stack_lvl+0x136/0x150 [ 156.093111][ T5551] dump_header+0x10a/0xd70 [ 156.097600][ T5551] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 156.103764][ T5551] out_of_memory+0xd64/0x1660 [ 156.108530][ T5551] ? oom_killer_disable+0x2b0/0x2b0 [ 156.113804][ T5551] ? find_held_lock+0x2d/0x110 [ 156.118682][ T5551] mem_cgroup_out_of_memory+0x206/0x270 [ 156.124301][ T5551] ? mem_cgroup_margin+0x130/0x130 [ 156.129510][ T5551] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 156.135373][ T5551] memory_max_write+0x2f9/0x3c0 [ 156.140273][ T5551] ? mem_cgroup_force_empty_write+0x160/0x160 [ 156.146432][ T5551] ? lock_sync+0x190/0x190 [ 156.150905][ T5551] cgroup_file_write+0x1e2/0x7b0 [ 156.155886][ T5551] ? mem_cgroup_force_empty_write+0x160/0x160 [ 156.161996][ T5551] ? kill_css+0x3b0/0x3b0 [ 156.166372][ T5551] ? lock_acquire+0x32/0xc0 [ 156.170925][ T5551] ? kill_css+0x3b0/0x3b0 [ 156.175303][ T5551] kernfs_fop_write_iter+0x3f1/0x600 [ 156.180644][ T5551] vfs_write+0x9ed/0xe10 [ 156.184974][ T5551] ? kernel_write+0x670/0x670 [ 156.189705][ T5551] ? find_held_lock+0x2d/0x110 [ 156.194514][ T5551] ? __fget_light+0x20a/0x270 [ 156.199247][ T5551] ksys_write+0x12b/0x250 [ 156.203634][ T5551] ? __ia32_sys_read+0xb0/0xb0 [ 156.208447][ T5551] ? lockdep_hardirqs_on+0x7d/0x100 [ 156.213682][ T5551] ? _raw_spin_unlock_irq+0x2e/0x50 [ 156.218922][ T5551] ? ptrace_notify+0xfe/0x140 [ 156.223643][ T5551] do_syscall_64+0x39/0xb0 [ 156.228113][ T5551] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 156.234046][ T5551] RIP: 0033:0x7faecf034129 [ 156.238491][ T5551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 156.258133][ T5551] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 156.266579][ T5551] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 156.274577][ T5551] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 156.282576][ T5551] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5086] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 156.290574][ T5551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 156.298571][ T5551] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000015 [ 156.306591][ T5551] [ 156.320601][ T5551] memory: usage 8kB, limit 0kB, failcnt 36 [ 156.329174][ T5551] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 156.339078][ T5551] Memory cgroup stats for /syz1: [ 156.339369][ T5551] anon 0 [ 156.339369][ T5551] file 0 [ 156.339369][ T5551] kernel 8192 [ 156.339369][ T5551] kernel_stack 0 [ 156.339369][ T5551] pagetables 0 [ 156.339369][ T5551] sec_pagetables 0 [ 156.339369][ T5551] percpu 0 [ 156.339369][ T5551] sock 0 [ 156.339369][ T5551] vmalloc 0 [ 156.339369][ T5551] shmem 0 [ 156.339369][ T5551] zswap 0 [ 156.339369][ T5551] zswapped 0 [ 156.339369][ T5551] file_mapped 0 [ 156.339369][ T5551] file_dirty 0 [ 156.339369][ T5551] file_writeback 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./18/binderfs") = 0 [pid 5086] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./18/cgroup") = 0 [pid 5086] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./18/cgroup.net") = 0 [ 156.339369][ T5551] swapcached 0 [ 156.339369][ T5551] anon_thp 0 [ 156.339369][ T5551] file_thp 0 [ 156.339369][ T5551] shmem_thp 0 [ 156.339369][ T5551] inactive_anon 0 [ 156.339369][ T5551] active_anon 0 [ 156.339369][ T5551] inactive_file 0 [ 156.339369][ T5551] active_file 0 [ 156.339369][ T5551] unevictable 0 [ 156.339369][ T5551] slab_reclaimable 6752 [ 156.339369][ T5551] slab_unreclaimable 0 [ 156.339369][ T5551] slab 6752 [ 156.339369][ T5551] workingset_refault_anon 0 [ 156.339369][ T5551] workingset_refault_file 0 [ 156.339369][ T5551] workingset_activate_anon 0 [ 156.339369][ T5551] workingset_activate_file 0 [ 156.339369][ T5551] workingset_restore_anon 0 [ 156.339369][ T5551] workingset_restore_file 0 [ 156.339369][ T5551] workingset_nodereclaim 0 [ 156.339369][ T5551] pgscan 831 [ 156.339369][ T5551] pgsteal 2 [ 156.339369][ T5551] pgscan_kswapd 0 [ 156.339369][ T5551] pgscan_direct 831 [ 156.339369][ T5551] pgscan_khugepaged 0 [ 156.339369][ T5551] pgsteal_kswapd 0 [ 156.339369][ T5551] pgsteal_direct 2 [ 156.339369][ T5551] pgsteal_khugepaged 0 [pid 5086] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./18/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 156.339369][ T5551] pgfault 21 [ 156.339369][ T5551] pgmajfault 0 [ 156.339369][ T5551] pgrefill 830 [ 156.339369][ T5551] pgactivate 829 [ 156.339369][ T5551] pgdeactivate 830 [ 156.339369][ T5551] pglazyfree 0 [ 156.339369][ T5551] pglazyfreed 0 [ 156.339369][ T5551] zswpin 0 [ 156.339369][ T5551] zswpout 0 [ 156.339369][ T5551] thp_fault_alloc 0 [ 156.339369][ T5551] thp_collapse_alloc 0 [ 156.531691][ T5551] Tasks state (memory values in pages): [pid 5086] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./18/file0") = 0 [pid 5086] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./18/cgroup.cpu") = 0 [pid 5551] <... write resumed>) = 18 [pid 5086] getdents64(3, [pid 5551] close(3 [pid 5086] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5551] <... close resumed>) = 0 [pid 5086] close(3 [pid 5551] close(4 [pid 5086] <... close resumed>) = 0 [pid 5551] <... close resumed>) = 0 [pid 5086] rmdir("./18" [pid 5551] close(5 [pid 5086] <... rmdir resumed>) = 0 [pid 5551] <... close resumed>) = 0 [pid 5086] mkdir("./19", 0777 [pid 5551] close(6 [pid 5086] <... mkdir resumed>) = 0 [pid 5551] <... close resumed>) = 0 [ 156.537395][ T5551] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 156.558562][ T5551] Out of memory and no killable processes... [ 156.573986][ T5554] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 156.614719][ T5554] CPU: 0 PID: 5554 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 156.624713][ T5554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 156.634818][ T5554] Call Trace: [ 156.638143][ T5554] [ 156.641123][ T5554] dump_stack_lvl+0x136/0x150 [ 156.645873][ T5554] dump_header+0x10a/0xd70 [ 156.650352][ T5554] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 156.656507][ T5554] out_of_memory+0xd64/0x1660 [ 156.661263][ T5554] ? oom_killer_disable+0x2b0/0x2b0 [ 156.666572][ T5554] mem_cgroup_out_of_memory+0x206/0x270 [ 156.672186][ T5554] ? mem_cgroup_margin+0x130/0x130 [ 156.677431][ T5554] memory_max_write+0x2f9/0x3c0 [ 156.682373][ T5554] ? mem_cgroup_force_empty_write+0x160/0x160 [ 156.688525][ T5554] ? lock_sync+0x190/0x190 [ 156.693014][ T5554] cgroup_file_write+0x1e2/0x7b0 [ 156.698031][ T5554] ? mem_cgroup_force_empty_write+0x160/0x160 [ 156.704192][ T5554] ? kill_css+0x3b0/0x3b0 [ 156.708629][ T5554] ? lock_acquire+0x32/0xc0 [ 156.713234][ T5554] ? kill_css+0x3b0/0x3b0 [ 156.717642][ T5554] kernfs_fop_write_iter+0x3f1/0x600 [ 156.723006][ T5554] vfs_write+0x9ed/0xe10 [ 156.727340][ T5554] ? kernel_write+0x670/0x670 [ 156.732102][ T5554] ? find_held_lock+0x2d/0x110 [ 156.736943][ T5554] ? __fget_light+0x20a/0x270 [ 156.741699][ T5554] ksys_write+0x12b/0x250 [ 156.746110][ T5554] ? __ia32_sys_read+0xb0/0xb0 [ 156.750949][ T5554] ? lockdep_hardirqs_on+0x7d/0x100 [ 156.756217][ T5554] ? _raw_spin_unlock_irq+0x2e/0x50 [ 156.761493][ T5554] ? ptrace_notify+0xfe/0x140 [ 156.766241][ T5554] do_syscall_64+0x39/0xb0 [ 156.770746][ T5554] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 156.776709][ T5554] RIP: 0033:0x7faecf034129 [ 156.781174][ T5554] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 156.800847][ T5554] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5568 attached [pid 5551] close(7 [pid 5568] chdir("./19" [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 21 [pid 5568] <... chdir resumed>) = 0 [pid 5551] close(8 [pid 5568] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... prctl resumed>) = 0 [pid 5551] close(9 [pid 5568] setpgid(0, 0 [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... setpgid resumed>) = 0 [pid 5551] close(10 [pid 5568] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... symlink resumed>) = 0 [pid 5551] close(11 [pid 5568] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5551] close(12 [pid 5568] <... symlink resumed>) = 0 [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5551] close(13 [pid 5568] <... symlink resumed>) = 0 [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5551] close(14 [pid 5568] <... openat resumed>) = 3 [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] write(3, "1000", 4 [pid 5551] close(15 [pid 5568] <... write resumed>) = 4 [pid 5568] close(3 [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... close resumed>) = 0 [pid 5551] close(16 [pid 5568] symlink("/dev/binderfs", "./binderfs" [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... symlink resumed>) = 0 [pid 5551] close(17 [pid 5568] mkdir("./file0", 000 [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... mkdir resumed>) = 0 [pid 5551] close(18 [pid 5568] open("./file0", O_RDONLY [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... open resumed>) = 3 [pid 5551] close(19 [pid 5568] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... mount resumed>) = 0 [ 156.809323][ T5554] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 156.817413][ T5554] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 156.825410][ T5554] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 156.833410][ T5554] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 156.841423][ T5554] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000015 [ 156.849445][ T5554] [pid 5551] close(20 [pid 5568] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... openat resumed>) = 4 [pid 5551] close(21 [pid 5568] openat(4, "syz1", O_RDWR|O_PATH [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... openat resumed>) = 5 [pid 5551] close(22 [pid 5568] openat(5, "memory.max", O_RDWR [pid 5551] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] <... openat resumed>) = 6 [pid 5551] close(23) = -1 EBADF (Bad file descriptor) [pid 5568] write(6, "0x000000000000040e", 18 [pid 5551] close(24) = -1 EBADF (Bad file descriptor) [pid 5551] close(25) = -1 EBADF (Bad file descriptor) [pid 5551] close(26) = -1 EBADF (Bad file descriptor) [pid 5551] close(27) = -1 EBADF (Bad file descriptor) [pid 5551] close(28) = -1 EBADF (Bad file descriptor) [pid 5551] close(29) = -1 EBADF (Bad file descriptor) [pid 5551] exit_group(0) = ? [pid 5551] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5090] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./21/binderfs") = 0 [pid 5090] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./21/cgroup") = 0 [pid 5090] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./21/cgroup.net") = 0 [ 156.908289][ T5554] memory: usage 8kB, limit 0kB, failcnt 36 [ 156.941093][ T5554] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 156.971783][ T5554] Memory cgroup stats for /syz1: [ 156.972116][ T5554] anon 0 [ 156.972116][ T5554] file 0 [ 156.972116][ T5554] kernel 8192 [ 156.972116][ T5554] kernel_stack 0 [ 156.972116][ T5554] pagetables 0 [ 156.972116][ T5554] sec_pagetables 0 [ 156.972116][ T5554] percpu 0 [ 156.972116][ T5554] sock 0 [ 156.972116][ T5554] vmalloc 0 [ 156.972116][ T5554] shmem 0 [ 156.972116][ T5554] zswap 0 [ 156.972116][ T5554] zswapped 0 [ 156.972116][ T5554] file_mapped 0 [ 156.972116][ T5554] file_dirty 0 [ 156.972116][ T5554] file_writeback 0 [ 156.972116][ T5554] swapcached 0 [ 156.972116][ T5554] anon_thp 0 [ 156.972116][ T5554] file_thp 0 [ 156.972116][ T5554] shmem_thp 0 [ 156.972116][ T5554] inactive_anon 0 [ 156.972116][ T5554] active_anon 0 [ 156.972116][ T5554] inactive_file 0 [ 156.972116][ T5554] active_file 0 [ 156.972116][ T5554] unevictable 0 [ 156.972116][ T5554] slab_reclaimable 6752 [ 156.972116][ T5554] slab_unreclaimable 0 [ 156.972116][ T5554] slab 6752 [ 156.972116][ T5554] workingset_refault_anon 0 [ 156.972116][ T5554] workingset_refault_file 0 [ 156.972116][ T5554] workingset_activate_anon 0 [ 156.972116][ T5554] workingset_activate_file 0 [ 156.972116][ T5554] workingset_restore_anon 0 [ 156.972116][ T5554] workingset_restore_file 0 [ 156.972116][ T5554] workingset_nodereclaim 0 [ 156.972116][ T5554] pgscan 831 [ 156.972116][ T5554] pgsteal 2 [ 156.972116][ T5554] pgscan_kswapd 0 [ 156.972116][ T5554] pgscan_direct 831 [ 156.972116][ T5554] pgscan_khugepaged 0 [ 156.972116][ T5554] pgsteal_kswapd 0 [ 156.972116][ T5554] pgsteal_direct 2 [ 156.972116][ T5554] pgsteal_khugepaged 0 [pid 5090] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./21/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./21/file0") = 0 [pid 5090] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./21/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [ 156.972116][ T5554] pgfault 21 [ 156.972116][ T5554] pgmajfault 0 [ 156.972116][ T5554] pgrefill 830 [ 156.972116][ T5554] pgactivate 829 [ 156.972116][ T5554] pgdeactivate 830 [ 156.972116][ T5554] pglazyfree 0 [ 156.972116][ T5554] pglazyfreed 0 [ 156.972116][ T5554] zswpin 0 [ 156.972116][ T5554] zswpout 0 [ 156.972116][ T5554] thp_fault_alloc 0 [ 156.972116][ T5554] thp_collapse_alloc 0 [pid 5090] rmdir("./21") = 0 [pid 5090] mkdir("./22", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5577 attached [pid 5577] chdir("./22" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 24 [pid 5577] <... chdir resumed>) = 0 [pid 5577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5577] setpgid(0, 0) = 0 [pid 5577] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5577] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5577] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5577] write(3, "1000", 4) = 4 [pid 5577] close(3) = 0 [pid 5577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5577] mkdir("./file0", 000) = 0 [pid 5577] open("./file0", O_RDONLY) = 3 [pid 5577] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5577] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5577] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5577] openat(5, "memory.max", O_RDWR) = 6 [ 157.200832][ T5554] Tasks state (memory values in pages): [ 157.239537][ T5554] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 157.270639][ T5554] Out of memory and no killable processes... [pid 5577] write(6, "0x000000000000040e", 18 [pid 5554] <... write resumed>) = 18 [pid 5554] close(3) = 0 [pid 5554] close(4) = 0 [pid 5554] close(5) = 0 [pid 5554] close(6) = 0 [pid 5554] close(7) = -1 EBADF (Bad file descriptor) [pid 5554] close(8) = -1 EBADF (Bad file descriptor) [pid 5554] close(9) = -1 EBADF (Bad file descriptor) [pid 5554] close(10) = -1 EBADF (Bad file descriptor) [pid 5554] close(11) = -1 EBADF (Bad file descriptor) [pid 5554] close(12) = -1 EBADF (Bad file descriptor) [pid 5554] close(13) = -1 EBADF (Bad file descriptor) [pid 5554] close(14) = -1 EBADF (Bad file descriptor) [pid 5554] close(15) = -1 EBADF (Bad file descriptor) [pid 5554] close(16) = -1 EBADF (Bad file descriptor) [pid 5554] close(17) = -1 EBADF (Bad file descriptor) [pid 5554] close(18) = -1 EBADF (Bad file descriptor) [ 157.311767][ T5561] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 157.334576][ T5561] CPU: 1 PID: 5561 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 157.344565][ T5561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 157.354684][ T5561] Call Trace: [ 157.358015][ T5561] [pid 5554] close(19) = -1 EBADF (Bad file descriptor) [pid 5554] close(20) = -1 EBADF (Bad file descriptor) [pid 5554] close(21) = -1 EBADF (Bad file descriptor) [pid 5554] close(22) = -1 EBADF (Bad file descriptor) [pid 5554] close(23) = -1 EBADF (Bad file descriptor) [pid 5554] close(24) = -1 EBADF (Bad file descriptor) [pid 5554] close(25) = -1 EBADF (Bad file descriptor) [pid 5554] close(26) = -1 EBADF (Bad file descriptor) [pid 5554] close(27) = -1 EBADF (Bad file descriptor) [pid 5554] close(28) = -1 EBADF (Bad file descriptor) [pid 5554] close(29) = -1 EBADF (Bad file descriptor) [pid 5554] exit_group(0) = ? [pid 5554] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 157.361000][ T5561] dump_stack_lvl+0x136/0x150 [ 157.365749][ T5561] dump_header+0x10a/0xd70 [ 157.370244][ T5561] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 157.376409][ T5561] out_of_memory+0xd64/0x1660 [ 157.381180][ T5561] ? oom_killer_disable+0x2b0/0x2b0 [ 157.386471][ T5561] mem_cgroup_out_of_memory+0x206/0x270 [ 157.392101][ T5561] ? mem_cgroup_margin+0x130/0x130 [ 157.397339][ T5561] memory_max_write+0x2f9/0x3c0 [ 157.402267][ T5561] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5089] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./21/binderfs") = 0 [pid 5089] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./21/cgroup") = 0 [pid 5089] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./21/cgroup.net") = 0 [ 157.408426][ T5561] ? lock_sync+0x190/0x190 [ 157.412930][ T5561] cgroup_file_write+0x1e2/0x7b0 [ 157.417960][ T5561] ? mem_cgroup_force_empty_write+0x160/0x160 [ 157.424134][ T5561] ? kill_css+0x3b0/0x3b0 [ 157.428555][ T5561] ? lock_acquire+0x32/0xc0 [ 157.433147][ T5561] ? kill_css+0x3b0/0x3b0 [ 157.437560][ T5561] kernfs_fop_write_iter+0x3f1/0x600 [ 157.442936][ T5561] vfs_write+0x9ed/0xe10 [ 157.447255][ T5561] ? kernel_write+0x670/0x670 [ 157.451989][ T5561] ? find_held_lock+0x2d/0x110 [ 157.456801][ T5561] ? __fget_light+0x20a/0x270 [ 157.461529][ T5561] ksys_write+0x12b/0x250 [ 157.465912][ T5561] ? __ia32_sys_read+0xb0/0xb0 [ 157.470719][ T5561] ? lockdep_hardirqs_on+0x7d/0x100 [ 157.475953][ T5561] ? _raw_spin_unlock_irq+0x2e/0x50 [ 157.481194][ T5561] ? ptrace_notify+0xfe/0x140 [ 157.485911][ T5561] do_syscall_64+0x39/0xb0 [ 157.490376][ T5561] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 157.496307][ T5561] RIP: 0033:0x7faecf034129 [ 157.500748][ T5561] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 157.520390][ T5561] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 157.528838][ T5561] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 157.536839][ T5561] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 157.544839][ T5561] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 157.552835][ T5561] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5089] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./21/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [ 157.560831][ T5561] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000014 [ 157.568851][ T5561] [ 157.588178][ T5561] memory: usage 8kB, limit 0kB, failcnt 36 [ 157.603372][ T5561] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5089] rmdir("./21/file0") = 0 [pid 5089] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./21/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./21") = 0 [pid 5089] mkdir("./22", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 24 [ 157.610299][ T5561] Memory cgroup stats for /syz1: [ 157.610585][ T5561] anon 0 [ 157.610585][ T5561] file 0 [ 157.610585][ T5561] kernel 8192 [ 157.610585][ T5561] kernel_stack 0 [ 157.610585][ T5561] pagetables 0 [ 157.610585][ T5561] sec_pagetables 0 [ 157.610585][ T5561] percpu 0 [ 157.610585][ T5561] sock 0 [ 157.610585][ T5561] vmalloc 0 [ 157.610585][ T5561] shmem 0 [ 157.610585][ T5561] zswap 0 [ 157.610585][ T5561] zswapped 0 [ 157.610585][ T5561] file_mapped 0 [ 157.610585][ T5561] file_dirty 0 [ 157.610585][ T5561] file_writeback 0 [ 157.610585][ T5561] swapcached 0 [ 157.610585][ T5561] anon_thp 0 [ 157.610585][ T5561] file_thp 0 [ 157.610585][ T5561] shmem_thp 0 [ 157.610585][ T5561] inactive_anon 0 [ 157.610585][ T5561] active_anon 0 [ 157.610585][ T5561] inactive_file 0 [ 157.610585][ T5561] active_file 0 [ 157.610585][ T5561] unevictable 0 [ 157.610585][ T5561] slab_reclaimable 6752 [ 157.610585][ T5561] slab_unreclaimable 0 [ 157.610585][ T5561] slab 6752 [ 157.610585][ T5561] workingset_refault_anon 0 [ 157.610585][ T5561] workingset_refault_file 0 [ 157.610585][ T5561] workingset_activate_anon 0 [ 157.610585][ T5561] workingset_activate_file 0 [ 157.610585][ T5561] workingset_restore_anon 0 [ 157.610585][ T5561] workingset_restore_file 0 [ 157.610585][ T5561] workingset_nodereclaim 0 [ 157.610585][ T5561] pgscan 831 [ 157.610585][ T5561] pgsteal 2 [ 157.610585][ T5561] pgscan_kswapd 0 [ 157.610585][ T5561] pgscan_direct 831 [ 157.610585][ T5561] pgscan_khugepaged 0 [ 157.610585][ T5561] pgsteal_kswapd 0 [ 157.610585][ T5561] pgsteal_direct 2 [ 157.610585][ T5561] pgsteal_khugepaged 0 [ 157.610585][ T5561] pgfault 21 ./strace-static-x86_64: Process 5580 attached [ 157.610585][ T5561] pgmajfault 0 [ 157.610585][ T5561] pgrefill 830 [ 157.610585][ T5561] pgactivate 829 [ 157.610585][ T5561] pgdeactivate 830 [ 157.610585][ T5561] pglazyfree 0 [ 157.610585][ T5561] pglazyfreed 0 [ 157.610585][ T5561] zswpin 0 [ 157.610585][ T5561] zswpout 0 [ 157.610585][ T5561] thp_fault_alloc 0 [ 157.610585][ T5561] thp_collapse_alloc 0 [ 157.799660][ T5561] Tasks state (memory values in pages): [pid 5580] chdir("./22") = 0 [pid 5580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5580] setpgid(0, 0) = 0 [pid 5580] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5580] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5580] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5580] write(3, "1000", 4) = 4 [pid 5580] close(3) = 0 [pid 5580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5580] mkdir("./file0", 000) = 0 [pid 5580] open("./file0", O_RDONLY) = 3 [pid 5580] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5580] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5580] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5580] openat(5, "memory.max", O_RDWR) = 6 [ 157.809621][ T5561] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5580] write(6, "0x000000000000040e", 18 [pid 5561] <... write resumed>) = 18 [pid 5561] close(3) = 0 [pid 5561] close(4) = 0 [pid 5561] close(5) = 0 [pid 5561] close(6) = 0 [pid 5561] close(7) = -1 EBADF (Bad file descriptor) [pid 5561] close(8) = -1 EBADF (Bad file descriptor) [pid 5561] close(9) = -1 EBADF (Bad file descriptor) [ 157.856570][ T5561] Out of memory and no killable processes... [ 157.865069][ T5564] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 157.903218][ T5564] CPU: 0 PID: 5564 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 157.913208][ T5564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 157.923321][ T5564] Call Trace: [ 157.926640][ T5564] [ 157.929609][ T5564] dump_stack_lvl+0x136/0x150 [ 157.934357][ T5564] dump_header+0x10a/0xd70 [ 157.938840][ T5564] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 157.944994][ T5564] out_of_memory+0xd64/0x1660 [pid 5561] close(10) = -1 EBADF (Bad file descriptor) [pid 5561] close(11) = -1 EBADF (Bad file descriptor) [pid 5561] close(12) = -1 EBADF (Bad file descriptor) [pid 5561] close(13) = -1 EBADF (Bad file descriptor) [pid 5561] close(14) = -1 EBADF (Bad file descriptor) [pid 5561] close(15) = -1 EBADF (Bad file descriptor) [pid 5561] close(16) = -1 EBADF (Bad file descriptor) [pid 5561] close(17) = -1 EBADF (Bad file descriptor) [pid 5561] close(18) = -1 EBADF (Bad file descriptor) [pid 5561] close(19) = -1 EBADF (Bad file descriptor) [pid 5561] close(20) = -1 EBADF (Bad file descriptor) [pid 5561] close(21) = -1 EBADF (Bad file descriptor) [pid 5561] close(22) = -1 EBADF (Bad file descriptor) [pid 5561] close(23) = -1 EBADF (Bad file descriptor) [pid 5561] close(24) = -1 EBADF (Bad file descriptor) [pid 5561] close(25) = -1 EBADF (Bad file descriptor) [pid 5561] close(26) = -1 EBADF (Bad file descriptor) [ 157.949751][ T5564] ? oom_killer_disable+0x2b0/0x2b0 [ 157.955022][ T5564] ? find_held_lock+0x2d/0x110 [ 157.959863][ T5564] mem_cgroup_out_of_memory+0x206/0x270 [ 157.965481][ T5564] ? mem_cgroup_margin+0x130/0x130 [ 157.970676][ T5564] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 157.976572][ T5564] memory_max_write+0x2f9/0x3c0 [ 157.981516][ T5564] ? mem_cgroup_force_empty_write+0x160/0x160 [ 157.987675][ T5564] ? lock_sync+0x190/0x190 [ 157.992165][ T5564] cgroup_file_write+0x1e2/0x7b0 [ 157.997185][ T5564] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5561] close(27) = -1 EBADF (Bad file descriptor) [pid 5561] close(28) = -1 EBADF (Bad file descriptor) [pid 5561] close(29) = -1 EBADF (Bad file descriptor) [pid 5561] exit_group(0) = ? [pid 5561] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 158.003334][ T5564] ? kill_css+0x3b0/0x3b0 [ 158.007745][ T5564] ? lock_acquire+0x32/0xc0 [ 158.012338][ T5564] ? kill_css+0x3b0/0x3b0 [ 158.016748][ T5564] kernfs_fop_write_iter+0x3f1/0x600 [ 158.022118][ T5564] vfs_write+0x9ed/0xe10 [ 158.026448][ T5564] ? kernel_write+0x670/0x670 [ 158.031214][ T5564] ? find_held_lock+0x2d/0x110 [ 158.036064][ T5564] ? __fget_light+0x20a/0x270 [ 158.040840][ T5564] ksys_write+0x12b/0x250 [ 158.045269][ T5564] ? __ia32_sys_read+0xb0/0xb0 [ 158.050113][ T5564] ? lockdep_hardirqs_on+0x7d/0x100 [ 158.055380][ T5564] ? _raw_spin_unlock_irq+0x2e/0x50 [ 158.060651][ T5564] ? ptrace_notify+0xfe/0x140 [ 158.065400][ T5564] do_syscall_64+0x39/0xb0 [ 158.069899][ T5564] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 158.075862][ T5564] RIP: 0033:0x7faecf034129 [ 158.080328][ T5564] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./20/binderfs") = 0 [pid 5087] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./20/cgroup") = 0 [pid 5087] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./20/cgroup.net") = 0 [pid 5087] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./20/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./20/file0") = 0 [ 158.100004][ T5564] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 158.108489][ T5564] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 158.116521][ T5564] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 158.124549][ T5564] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 158.132579][ T5564] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 158.140628][ T5564] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000012 [ 158.148774][ T5564] [pid 5087] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./20/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./20") = 0 [pid 5087] mkdir("./21", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5583 attached [pid 5583] chdir("./21" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 23 [pid 5583] <... chdir resumed>) = 0 [pid 5583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5583] setpgid(0, 0) = 0 [pid 5583] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5583] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5583] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5583] write(3, "1000", 4) = 4 [pid 5583] close(3) = 0 [ 158.173801][ T5564] memory: usage 8kB, limit 0kB, failcnt 36 [ 158.193363][ T5564] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 158.200876][ T5564] Memory cgroup stats for /syz1: [ 158.201309][ T5564] anon 0 [ 158.201309][ T5564] file 0 [ 158.201309][ T5564] kernel 8192 [ 158.201309][ T5564] kernel_stack 0 [ 158.201309][ T5564] pagetables 0 [pid 5583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5583] mkdir("./file0", 000) = 0 [pid 5583] open("./file0", O_RDONLY) = 3 [pid 5583] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5583] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5583] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5583] openat(5, "memory.max", O_RDWR) = 6 [ 158.201309][ T5564] sec_pagetables 0 [ 158.201309][ T5564] percpu 0 [ 158.201309][ T5564] sock 0 [ 158.201309][ T5564] vmalloc 0 [ 158.201309][ T5564] shmem 0 [ 158.201309][ T5564] zswap 0 [ 158.201309][ T5564] zswapped 0 [ 158.201309][ T5564] file_mapped 0 [ 158.201309][ T5564] file_dirty 0 [ 158.201309][ T5564] file_writeback 0 [ 158.201309][ T5564] swapcached 0 [ 158.201309][ T5564] anon_thp 0 [ 158.201309][ T5564] file_thp 0 [ 158.201309][ T5564] shmem_thp 0 [ 158.201309][ T5564] inactive_anon 0 [ 158.201309][ T5564] active_anon 0 [ 158.201309][ T5564] inactive_file 0 [ 158.201309][ T5564] active_file 0 [ 158.201309][ T5564] unevictable 0 [ 158.201309][ T5564] slab_reclaimable 6752 [ 158.201309][ T5564] slab_unreclaimable 0 [ 158.201309][ T5564] slab 6752 [ 158.201309][ T5564] workingset_refault_anon 0 [ 158.201309][ T5564] workingset_refault_file 0 [ 158.201309][ T5564] workingset_activate_anon 0 [ 158.201309][ T5564] workingset_activate_file 0 [ 158.201309][ T5564] workingset_restore_anon 0 [ 158.201309][ T5564] workingset_restore_file 0 [ 158.201309][ T5564] workingset_nodereclaim 0 [ 158.201309][ T5564] pgscan 831 [ 158.201309][ T5564] pgsteal 2 [ 158.201309][ T5564] pgscan_kswapd 0 [ 158.201309][ T5564] pgscan_direct 831 [ 158.201309][ T5564] pgscan_khugepaged 0 [ 158.201309][ T5564] pgsteal_kswapd 0 [ 158.201309][ T5564] pgsteal_direct 2 [ 158.201309][ T5564] pgsteal_khugepaged 0 [ 158.201309][ T5564] pgfault 21 [ 158.201309][ T5564] pgmajfault 0 [ 158.201309][ T5564] pgrefill 830 [ 158.201309][ T5564] pgactivate 829 [ 158.201309][ T5564] pgdeactivate 830 [ 158.201309][ T5564] pglazyfree 0 [ 158.201309][ T5564] pglazyfreed 0 [ 158.201309][ T5564] zswpin 0 [ 158.201309][ T5564] zswpout 0 [ 158.201309][ T5564] thp_fault_alloc 0 [ 158.201309][ T5564] thp_collapse_alloc 0 [ 158.394831][ T5564] Tasks state (memory values in pages): [ 158.400441][ T5564] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 158.410564][ T5564] Out of memory and no killable processes... [pid 5583] write(6, "0x000000000000040e", 18 [pid 5564] <... write resumed>) = 18 [pid 5564] close(3) = 0 [pid 5564] close(4) = 0 [pid 5564] close(5) = 0 [ 158.416819][ T5568] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 158.439885][ T5568] CPU: 0 PID: 5568 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 158.449882][ T5568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 158.459996][ T5568] Call Trace: [ 158.463315][ T5568] [ 158.466302][ T5568] dump_stack_lvl+0x136/0x150 [ 158.471045][ T5568] dump_header+0x10a/0xd70 [ 158.475519][ T5568] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 158.481676][ T5568] out_of_memory+0xd64/0x1660 [ 158.486439][ T5568] ? oom_killer_disable+0x2b0/0x2b0 [ 158.491735][ T5568] mem_cgroup_out_of_memory+0x206/0x270 [ 158.497345][ T5568] ? mem_cgroup_margin+0x130/0x130 [ 158.502517][ T5568] memory_max_write+0x2f9/0x3c0 [ 158.507417][ T5568] ? mem_cgroup_force_empty_write+0x160/0x160 [ 158.513537][ T5568] ? lock_sync+0x190/0x190 [ 158.518009][ T5568] cgroup_file_write+0x1e2/0x7b0 [ 158.522998][ T5568] ? mem_cgroup_force_empty_write+0x160/0x160 [ 158.529115][ T5568] ? kill_css+0x3b0/0x3b0 [ 158.533494][ T5568] ? lock_acquire+0x32/0xc0 [ 158.538043][ T5568] ? kill_css+0x3b0/0x3b0 [ 158.542420][ T5568] kernfs_fop_write_iter+0x3f1/0x600 [ 158.547789][ T5568] vfs_write+0x9ed/0xe10 [ 158.552085][ T5568] ? kernel_write+0x670/0x670 [ 158.556817][ T5568] ? find_held_lock+0x2d/0x110 [ 158.561635][ T5568] ? __fget_light+0x20a/0x270 [ 158.566371][ T5568] ksys_write+0x12b/0x250 [ 158.570749][ T5568] ? __ia32_sys_read+0xb0/0xb0 [ 158.575562][ T5568] ? lockdep_hardirqs_on+0x7d/0x100 [ 158.580798][ T5568] ? _raw_spin_unlock_irq+0x2e/0x50 [ 158.586039][ T5568] ? ptrace_notify+0xfe/0x140 [ 158.590756][ T5568] do_syscall_64+0x39/0xb0 [ 158.595221][ T5568] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 158.601153][ T5568] RIP: 0033:0x7faecf034129 [ 158.605596][ T5568] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 158.625235][ T5568] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 158.633695][ T5568] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 158.641695][ T5568] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 158.649690][ T5568] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 158.657689][ T5568] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 158.665688][ T5568] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000013 [pid 5564] close(6) = 0 [pid 5564] close(7) = -1 EBADF (Bad file descriptor) [pid 5564] close(8) = -1 EBADF (Bad file descriptor) [pid 5564] close(9) = -1 EBADF (Bad file descriptor) [pid 5564] close(10) = -1 EBADF (Bad file descriptor) [pid 5564] close(11) = -1 EBADF (Bad file descriptor) [pid 5564] close(12) = -1 EBADF (Bad file descriptor) [pid 5564] close(13) = -1 EBADF (Bad file descriptor) [pid 5564] close(14) = -1 EBADF (Bad file descriptor) [pid 5564] close(15) = -1 EBADF (Bad file descriptor) [pid 5564] close(16) = -1 EBADF (Bad file descriptor) [pid 5564] close(17) = -1 EBADF (Bad file descriptor) [pid 5564] close(18) = -1 EBADF (Bad file descriptor) [pid 5564] close(19) = -1 EBADF (Bad file descriptor) [pid 5564] close(20) = -1 EBADF (Bad file descriptor) [pid 5564] close(21) = -1 EBADF (Bad file descriptor) [pid 5564] close(22) = -1 EBADF (Bad file descriptor) [pid 5564] close(23) = -1 EBADF (Bad file descriptor) [pid 5564] close(24) = -1 EBADF (Bad file descriptor) [pid 5564] close(25) = -1 EBADF (Bad file descriptor) [ 158.673716][ T5568] [pid 5564] close(26) = -1 EBADF (Bad file descriptor) [pid 5564] close(27) = -1 EBADF (Bad file descriptor) [pid 5564] close(28) = -1 EBADF (Bad file descriptor) [pid 5564] close(29) = -1 EBADF (Bad file descriptor) [ 158.711873][ T5568] memory: usage 8kB, limit 0kB, failcnt 36 [ 158.717840][ T5568] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 158.729616][ T5568] Memory cgroup stats for /syz1: [ 158.729909][ T5568] anon 0 [ 158.729909][ T5568] file 0 [ 158.729909][ T5568] kernel 8192 [ 158.729909][ T5568] kernel_stack 0 [ 158.729909][ T5568] pagetables 0 [ 158.729909][ T5568] sec_pagetables 0 [ 158.729909][ T5568] percpu 0 [ 158.729909][ T5568] sock 0 [ 158.729909][ T5568] vmalloc 0 [ 158.729909][ T5568] shmem 0 [ 158.729909][ T5568] zswap 0 [ 158.729909][ T5568] zswapped 0 [ 158.729909][ T5568] file_mapped 0 [ 158.729909][ T5568] file_dirty 0 [ 158.729909][ T5568] file_writeback 0 [ 158.729909][ T5568] swapcached 0 [ 158.729909][ T5568] anon_thp 0 [ 158.729909][ T5568] file_thp 0 [ 158.729909][ T5568] shmem_thp 0 [ 158.729909][ T5568] inactive_anon 0 [ 158.729909][ T5568] active_anon 0 [ 158.729909][ T5568] inactive_file 0 [ 158.729909][ T5568] active_file 0 [ 158.729909][ T5568] unevictable 0 [ 158.729909][ T5568] slab_reclaimable 6752 [ 158.729909][ T5568] slab_unreclaimable 0 [ 158.729909][ T5568] slab 6752 [ 158.729909][ T5568] workingset_refault_anon 0 [ 158.729909][ T5568] workingset_refault_file 0 [ 158.729909][ T5568] workingset_activate_anon 0 [ 158.729909][ T5568] workingset_activate_file 0 [ 158.729909][ T5568] workingset_restore_anon 0 [ 158.729909][ T5568] workingset_restore_file 0 [ 158.729909][ T5568] workingset_nodereclaim 0 [ 158.729909][ T5568] pgscan 831 [ 158.729909][ T5568] pgsteal 2 [ 158.729909][ T5568] pgscan_kswapd 0 [ 158.729909][ T5568] pgscan_direct 831 [ 158.729909][ T5568] pgscan_khugepaged 0 [ 158.729909][ T5568] pgsteal_kswapd 0 [ 158.729909][ T5568] pgsteal_direct 2 [ 158.729909][ T5568] pgsteal_khugepaged 0 [ 158.729909][ T5568] pgfault 21 [ 158.729909][ T5568] pgmajfault 0 [ 158.729909][ T5568] pgrefill 830 [ 158.729909][ T5568] pgactivate 829 [ 158.729909][ T5568] pgdeactivate 830 [ 158.729909][ T5568] pglazyfree 0 [ 158.729909][ T5568] pglazyfreed 0 [ 158.729909][ T5568] zswpin 0 [ 158.729909][ T5568] zswpout 0 [ 158.729909][ T5568] thp_fault_alloc 0 [pid 5564] exit_group(0) = ? [pid 5564] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5085] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./18/binderfs") = 0 [pid 5085] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 158.729909][ T5568] thp_collapse_alloc 0 [pid 5085] lstat("./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./18/cgroup") = 0 [pid 5085] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./18/cgroup.net") = 0 [pid 5085] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./18/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./18/file0") = 0 [pid 5085] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./18/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./18") = 0 [pid 5085] mkdir("./19", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5589 attached [pid 5589] chdir("./19" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 21 [pid 5589] <... chdir resumed>) = 0 [pid 5589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5589] setpgid(0, 0) = 0 [pid 5589] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5589] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5589] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5589] write(3, "1000", 4) = 4 [ 158.992948][ T5568] Tasks state (memory values in pages): [ 159.001361][ T5568] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 159.030701][ T5568] Out of memory and no killable processes... [pid 5589] close(3) = 0 [pid 5568] <... write resumed>) = 18 [pid 5589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5568] close(3 [pid 5589] mkdir("./file0", 000 [pid 5568] <... close resumed>) = 0 [pid 5589] <... mkdir resumed>) = 0 [pid 5568] close(4 [pid 5589] open("./file0", O_RDONLY) = 3 [pid 5568] <... close resumed>) = 0 [pid 5589] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5568] close(5 [pid 5589] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5589] openat(4, "syz1", O_RDWR|O_PATH [pid 5568] <... close resumed>) = 0 [pid 5589] <... openat resumed>) = 5 [pid 5568] close(6 [pid 5589] openat(5, "memory.max", O_RDWR [pid 5568] <... close resumed>) = 0 [pid 5589] <... openat resumed>) = 6 [ 159.073029][ T5577] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 159.101759][ T5577] CPU: 1 PID: 5577 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 159.111750][ T5577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 159.121858][ T5577] Call Trace: [ 159.125186][ T5577] [ 159.128163][ T5577] dump_stack_lvl+0x136/0x150 [ 159.132914][ T5577] dump_header+0x10a/0xd70 [ 159.137394][ T5577] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 159.143552][ T5577] out_of_memory+0xd64/0x1660 [ 159.148310][ T5577] ? oom_killer_disable+0x2b0/0x2b0 [ 159.153599][ T5577] mem_cgroup_out_of_memory+0x206/0x270 [ 159.159221][ T5577] ? mem_cgroup_margin+0x130/0x130 [ 159.164425][ T5577] memory_max_write+0x2f9/0x3c0 [ 159.169381][ T5577] ? mem_cgroup_force_empty_write+0x160/0x160 [ 159.175527][ T5577] ? lock_sync+0x190/0x190 [ 159.180012][ T5577] cgroup_file_write+0x1e2/0x7b0 [ 159.185031][ T5577] ? mem_cgroup_force_empty_write+0x160/0x160 [ 159.191191][ T5577] ? kill_css+0x3b0/0x3b0 [ 159.195599][ T5577] ? lock_acquire+0x32/0xc0 [ 159.200194][ T5577] ? kill_css+0x3b0/0x3b0 [ 159.204599][ T5577] kernfs_fop_write_iter+0x3f1/0x600 [ 159.209969][ T5577] vfs_write+0x9ed/0xe10 [ 159.214297][ T5577] ? kernel_write+0x670/0x670 [ 159.219056][ T5577] ? find_held_lock+0x2d/0x110 [pid 5568] close(7 [pid 5589] write(6, "0x000000000000040e", 18 [pid 5568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5568] close(8) = -1 EBADF (Bad file descriptor) [ 159.223895][ T5577] ? __fget_light+0x20a/0x270 [ 159.228663][ T5577] ksys_write+0x12b/0x250 [ 159.233086][ T5577] ? __ia32_sys_read+0xb0/0xb0 [ 159.237929][ T5577] ? lockdep_hardirqs_on+0x7d/0x100 [ 159.243203][ T5577] ? _raw_spin_unlock_irq+0x2e/0x50 [ 159.248483][ T5577] ? ptrace_notify+0xfe/0x140 [ 159.253237][ T5577] do_syscall_64+0x39/0xb0 [ 159.257755][ T5577] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 159.263732][ T5577] RIP: 0033:0x7faecf034129 [pid 5568] close(9) = -1 EBADF (Bad file descriptor) [pid 5568] close(10) = -1 EBADF (Bad file descriptor) [pid 5568] close(11) = -1 EBADF (Bad file descriptor) [pid 5568] close(12) = -1 EBADF (Bad file descriptor) [pid 5568] close(13) = -1 EBADF (Bad file descriptor) [pid 5568] close(14) = -1 EBADF (Bad file descriptor) [pid 5568] close(15) = -1 EBADF (Bad file descriptor) [pid 5568] close(16) = -1 EBADF (Bad file descriptor) [pid 5568] close(17) = -1 EBADF (Bad file descriptor) [pid 5568] close(18) = -1 EBADF (Bad file descriptor) [pid 5568] close(19) = -1 EBADF (Bad file descriptor) [pid 5568] close(20) = -1 EBADF (Bad file descriptor) [pid 5568] close(21) = -1 EBADF (Bad file descriptor) [pid 5568] close(22) = -1 EBADF (Bad file descriptor) [pid 5568] close(23) = -1 EBADF (Bad file descriptor) [pid 5568] close(24) = -1 EBADF (Bad file descriptor) [pid 5568] close(25) = -1 EBADF (Bad file descriptor) [pid 5568] close(26) = -1 EBADF (Bad file descriptor) [ 159.268196][ T5577] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 159.287863][ T5577] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 159.296344][ T5577] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 159.304378][ T5577] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 159.312410][ T5577] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5568] close(27) = -1 EBADF (Bad file descriptor) [pid 5568] close(28) = -1 EBADF (Bad file descriptor) [pid 5568] close(29) = -1 EBADF (Bad file descriptor) [pid 5568] exit_group(0) = ? [pid 5568] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./19/binderfs") = 0 [pid 5086] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./19/cgroup") = 0 [pid 5086] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./19/cgroup.net") = 0 [pid 5086] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 159.320434][ T5577] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 159.328463][ T5577] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000016 [ 159.336526][ T5577] [ 159.358809][ T5577] memory: usage 8kB, limit 0kB, failcnt 36 [ 159.364970][ T5577] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5086] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./19/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./19/file0") = 0 [pid 5086] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./19/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./19/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./19") = 0 [pid 5086] mkdir("./20", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 22 [ 159.379307][ T5577] Memory cgroup stats for /syz1: [ 159.379587][ T5577] anon 0 [ 159.379587][ T5577] file 0 [ 159.379587][ T5577] kernel 8192 [ 159.379587][ T5577] kernel_stack 0 [ 159.379587][ T5577] pagetables 0 [ 159.379587][ T5577] sec_pagetables 0 [ 159.379587][ T5577] percpu 0 [ 159.379587][ T5577] sock 0 [ 159.379587][ T5577] vmalloc 0 [ 159.379587][ T5577] shmem 0 [ 159.379587][ T5577] zswap 0 [ 159.379587][ T5577] zswapped 0 [ 159.379587][ T5577] file_mapped 0 [ 159.379587][ T5577] file_dirty 0 [ 159.379587][ T5577] file_writeback 0 [ 159.379587][ T5577] swapcached 0 [ 159.379587][ T5577] anon_thp 0 [ 159.379587][ T5577] file_thp 0 [ 159.379587][ T5577] shmem_thp 0 [ 159.379587][ T5577] inactive_anon 0 [ 159.379587][ T5577] active_anon 0 [ 159.379587][ T5577] inactive_file 0 [ 159.379587][ T5577] active_file 0 [ 159.379587][ T5577] unevictable 0 [ 159.379587][ T5577] slab_reclaimable 6752 [ 159.379587][ T5577] slab_unreclaimable 0 [ 159.379587][ T5577] slab 6752 [ 159.379587][ T5577] workingset_refault_anon 0 [ 159.379587][ T5577] workingset_refault_file 0 [ 159.379587][ T5577] workingset_activate_anon 0 [ 159.379587][ T5577] workingset_activate_file 0 [ 159.379587][ T5577] workingset_restore_anon 0 [ 159.379587][ T5577] workingset_restore_file 0 [ 159.379587][ T5577] workingset_nodereclaim 0 [ 159.379587][ T5577] pgscan 831 [ 159.379587][ T5577] pgsteal 2 [ 159.379587][ T5577] pgscan_kswapd 0 [ 159.379587][ T5577] pgscan_direct 831 [ 159.379587][ T5577] pgscan_khugepaged 0 [ 159.379587][ T5577] pgsteal_kswapd 0 [ 159.379587][ T5577] pgsteal_direct 2 [ 159.379587][ T5577] pgsteal_khugepaged 0 ./strace-static-x86_64: Process 5591 attached [pid 5591] chdir("./20") = 0 [pid 5591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5591] setpgid(0, 0) = 0 [pid 5591] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5591] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5591] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5591] write(3, "1000", 4) = 4 [ 159.379587][ T5577] pgfault 21 [ 159.379587][ T5577] pgmajfault 0 [ 159.379587][ T5577] pgrefill 830 [ 159.379587][ T5577] pgactivate 829 [ 159.379587][ T5577] pgdeactivate 830 [ 159.379587][ T5577] pglazyfree 0 [ 159.379587][ T5577] pglazyfreed 0 [ 159.379587][ T5577] zswpin 0 [ 159.379587][ T5577] zswpout 0 [ 159.379587][ T5577] thp_fault_alloc 0 [ 159.379587][ T5577] thp_collapse_alloc 0 [pid 5591] close(3) = 0 [pid 5591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5591] mkdir("./file0", 000) = 0 [pid 5591] open("./file0", O_RDONLY) = 3 [pid 5591] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5591] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5591] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5591] openat(5, "memory.max", O_RDWR) = 6 [ 159.588003][ T5577] Tasks state (memory values in pages): [ 159.603497][ T5577] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 159.624727][ T5577] Out of memory and no killable processes... [pid 5591] write(6, "0x000000000000040e", 18 [pid 5577] <... write resumed>) = 18 [ 159.631065][ T5580] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 159.651456][ T5580] CPU: 0 PID: 5580 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 159.661430][ T5580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 159.671536][ T5580] Call Trace: [ 159.674860][ T5580] [ 159.677851][ T5580] dump_stack_lvl+0x136/0x150 [ 159.682600][ T5580] dump_header+0x10a/0xd70 [ 159.687095][ T5580] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 159.693260][ T5580] out_of_memory+0xd64/0x1660 [ 159.698018][ T5580] ? oom_killer_disable+0x2b0/0x2b0 [ 159.703307][ T5580] ? find_held_lock+0x2d/0x110 [ 159.708157][ T5580] mem_cgroup_out_of_memory+0x206/0x270 [ 159.713779][ T5580] ? mem_cgroup_margin+0x130/0x130 [ 159.718974][ T5580] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 159.725046][ T5580] memory_max_write+0x2f9/0x3c0 [ 159.729976][ T5580] ? mem_cgroup_force_empty_write+0x160/0x160 [ 159.736128][ T5580] ? lock_sync+0x190/0x190 [ 159.740634][ T5580] cgroup_file_write+0x1e2/0x7b0 [ 159.745650][ T5580] ? mem_cgroup_force_empty_write+0x160/0x160 [ 159.751798][ T5580] ? kill_css+0x3b0/0x3b0 [ 159.756201][ T5580] ? lock_acquire+0x32/0xc0 [ 159.760787][ T5580] ? kill_css+0x3b0/0x3b0 [ 159.765199][ T5580] kernfs_fop_write_iter+0x3f1/0x600 [ 159.770572][ T5580] vfs_write+0x9ed/0xe10 [ 159.774900][ T5580] ? kernel_write+0x670/0x670 [ 159.779746][ T5580] ? find_held_lock+0x2d/0x110 [pid 5577] close(3) = 0 [pid 5577] close(4) = 0 [pid 5577] close(5) = 0 [pid 5577] close(6) = 0 [pid 5577] close(7) = -1 EBADF (Bad file descriptor) [pid 5577] close(8) = -1 EBADF (Bad file descriptor) [ 159.784583][ T5580] ? __fget_light+0x20a/0x270 [ 159.789357][ T5580] ksys_write+0x12b/0x250 [ 159.793765][ T5580] ? __ia32_sys_read+0xb0/0xb0 [ 159.798606][ T5580] ? lockdep_hardirqs_on+0x7d/0x100 [ 159.803874][ T5580] ? _raw_spin_unlock_irq+0x2e/0x50 [ 159.809166][ T5580] ? ptrace_notify+0xfe/0x140 [ 159.813935][ T5580] do_syscall_64+0x39/0xb0 [ 159.818440][ T5580] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 159.824408][ T5580] RIP: 0033:0x7faecf034129 [pid 5577] close(9) = -1 EBADF (Bad file descriptor) [pid 5577] close(10) = -1 EBADF (Bad file descriptor) [pid 5577] close(11) = -1 EBADF (Bad file descriptor) [pid 5577] close(12) = -1 EBADF (Bad file descriptor) [pid 5577] close(13) = -1 EBADF (Bad file descriptor) [pid 5577] close(14) = -1 EBADF (Bad file descriptor) [pid 5577] close(15) = -1 EBADF (Bad file descriptor) [pid 5577] close(16) = -1 EBADF (Bad file descriptor) [pid 5577] close(17) = -1 EBADF (Bad file descriptor) [pid 5577] close(18) = -1 EBADF (Bad file descriptor) [pid 5577] close(19) = -1 EBADF (Bad file descriptor) [pid 5577] close(20) = -1 EBADF (Bad file descriptor) [pid 5577] close(21) = -1 EBADF (Bad file descriptor) [pid 5577] close(22) = -1 EBADF (Bad file descriptor) [pid 5577] close(23) = -1 EBADF (Bad file descriptor) [pid 5577] close(24) = -1 EBADF (Bad file descriptor) [ 159.828879][ T5580] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 159.848555][ T5580] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 159.857043][ T5580] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 159.865081][ T5580] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 159.873118][ T5580] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 159.881165][ T5580] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5577] close(25) = -1 EBADF (Bad file descriptor) [pid 5577] close(26) = -1 EBADF (Bad file descriptor) [pid 5577] close(27) = -1 EBADF (Bad file descriptor) [pid 5577] close(28) = -1 EBADF (Bad file descriptor) [pid 5577] close(29) = -1 EBADF (Bad file descriptor) [pid 5577] exit_group(0) = ? [pid 5577] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5090] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./22/binderfs") = 0 [pid 5090] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./22/cgroup") = 0 [pid 5090] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./22/cgroup.net") = 0 [pid 5090] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./22/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./22/file0") = 0 [pid 5090] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 159.889207][ T5580] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000016 [ 159.897298][ T5580] [ 159.914614][ T5580] memory: usage 8kB, limit 0kB, failcnt 36 [ 159.920504][ T5580] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5090] lstat("./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./22/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./22") = 0 [pid 5090] mkdir("./23", 0777) = 0 [ 159.962589][ T5580] Memory cgroup stats for /syz1: [ 159.962870][ T5580] anon 0 [ 159.962870][ T5580] file 0 [ 159.962870][ T5580] kernel 8192 [ 159.962870][ T5580] kernel_stack 0 [ 159.962870][ T5580] pagetables 0 [ 159.962870][ T5580] sec_pagetables 0 [ 159.962870][ T5580] percpu 0 [ 159.962870][ T5580] sock 0 [ 159.962870][ T5580] vmalloc 0 [ 159.962870][ T5580] shmem 0 [ 159.962870][ T5580] zswap 0 [ 159.962870][ T5580] zswapped 0 [ 159.962870][ T5580] file_mapped 0 [ 159.962870][ T5580] file_dirty 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 25 ./strace-static-x86_64: Process 5595 attached [pid 5595] chdir("./23") = 0 [pid 5595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5595] setpgid(0, 0) = 0 [pid 5595] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5595] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5595] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5595] write(3, "1000", 4) = 4 [pid 5595] close(3) = 0 [pid 5595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5595] mkdir("./file0", 000) = 0 [pid 5595] open("./file0", O_RDONLY) = 3 [ 159.962870][ T5580] file_writeback 0 [ 159.962870][ T5580] swapcached 0 [ 159.962870][ T5580] anon_thp 0 [ 159.962870][ T5580] file_thp 0 [ 159.962870][ T5580] shmem_thp 0 [ 159.962870][ T5580] inactive_anon 0 [ 159.962870][ T5580] active_anon 0 [ 159.962870][ T5580] inactive_file 0 [ 159.962870][ T5580] active_file 0 [ 159.962870][ T5580] unevictable 0 [ 159.962870][ T5580] slab_reclaimable 6752 [ 159.962870][ T5580] slab_unreclaimable 0 [ 159.962870][ T5580] slab 6752 [ 159.962870][ T5580] workingset_refault_anon 0 [ 159.962870][ T5580] workingset_refault_file 0 [pid 5595] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5595] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5595] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5595] openat(5, "memory.max", O_RDWR) = 6 [ 159.962870][ T5580] workingset_activate_anon 0 [ 159.962870][ T5580] workingset_activate_file 0 [ 159.962870][ T5580] workingset_restore_anon 0 [ 159.962870][ T5580] workingset_restore_file 0 [ 159.962870][ T5580] workingset_nodereclaim 0 [ 159.962870][ T5580] pgscan 831 [ 159.962870][ T5580] pgsteal 2 [ 159.962870][ T5580] pgscan_kswapd 0 [ 159.962870][ T5580] pgscan_direct 831 [ 159.962870][ T5580] pgscan_khugepaged 0 [ 159.962870][ T5580] pgsteal_kswapd 0 [ 159.962870][ T5580] pgsteal_direct 2 [ 159.962870][ T5580] pgsteal_khugepaged 0 [ 159.962870][ T5580] pgfault 21 [ 159.962870][ T5580] pgmajfault 0 [ 159.962870][ T5580] pgrefill 830 [ 159.962870][ T5580] pgactivate 829 [ 159.962870][ T5580] pgdeactivate 830 [ 159.962870][ T5580] pglazyfree 0 [ 159.962870][ T5580] pglazyfreed 0 [ 159.962870][ T5580] zswpin 0 [ 159.962870][ T5580] zswpout 0 [ 159.962870][ T5580] thp_fault_alloc 0 [ 159.962870][ T5580] thp_collapse_alloc 0 [pid 5595] write(6, "0x000000000000040e", 18 [pid 5580] <... write resumed>) = 18 [pid 5580] close(3) = 0 [pid 5580] close(4) = 0 [ 160.164829][ T5580] Tasks state (memory values in pages): [ 160.170536][ T5580] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 160.180734][ T5580] Out of memory and no killable processes... [ 160.187338][ T5583] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 160.198182][ T5583] CPU: 1 PID: 5583 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5580] close(5) = 0 [pid 5580] close(6) = 0 [pid 5580] close(7) = -1 EBADF (Bad file descriptor) [pid 5580] close(8) = -1 EBADF (Bad file descriptor) [pid 5580] close(9) = -1 EBADF (Bad file descriptor) [pid 5580] close(10) = -1 EBADF (Bad file descriptor) [pid 5580] close(11) = -1 EBADF (Bad file descriptor) [pid 5580] close(12) = -1 EBADF (Bad file descriptor) [pid 5580] close(13) = -1 EBADF (Bad file descriptor) [pid 5580] close(14) = -1 EBADF (Bad file descriptor) [pid 5580] close(15) = -1 EBADF (Bad file descriptor) [pid 5580] close(16) = -1 EBADF (Bad file descriptor) [pid 5580] close(17) = -1 EBADF (Bad file descriptor) [pid 5580] close(18) = -1 EBADF (Bad file descriptor) [pid 5580] close(19) = -1 EBADF (Bad file descriptor) [pid 5580] close(20) = -1 EBADF (Bad file descriptor) [ 160.208149][ T5583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 160.218262][ T5583] Call Trace: [ 160.221601][ T5583] [ 160.224580][ T5583] dump_stack_lvl+0x136/0x150 [ 160.229336][ T5583] dump_header+0x10a/0xd70 [ 160.233826][ T5583] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 160.239997][ T5583] out_of_memory+0xd64/0x1660 [ 160.244772][ T5583] ? oom_killer_disable+0x2b0/0x2b0 [ 160.250061][ T5583] ? find_held_lock+0x2d/0x110 [ 160.254910][ T5583] mem_cgroup_out_of_memory+0x206/0x270 [ 160.260523][ T5583] ? mem_cgroup_margin+0x130/0x130 [pid 5580] close(21) = -1 EBADF (Bad file descriptor) [pid 5580] close(22) = -1 EBADF (Bad file descriptor) [pid 5580] close(23) = -1 EBADF (Bad file descriptor) [pid 5580] close(24) = -1 EBADF (Bad file descriptor) [pid 5580] close(25) = -1 EBADF (Bad file descriptor) [pid 5580] close(26) = -1 EBADF (Bad file descriptor) [pid 5580] close(27) = -1 EBADF (Bad file descriptor) [pid 5580] close(28) = -1 EBADF (Bad file descriptor) [pid 5580] close(29) = -1 EBADF (Bad file descriptor) [pid 5580] exit_group(0) = ? [pid 5580] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 160.265717][ T5583] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 160.271618][ T5583] memory_max_write+0x2f9/0x3c0 [ 160.276556][ T5583] ? mem_cgroup_force_empty_write+0x160/0x160 [ 160.282717][ T5583] ? lock_sync+0x190/0x190 [ 160.287216][ T5583] cgroup_file_write+0x1e2/0x7b0 [ 160.292244][ T5583] ? mem_cgroup_force_empty_write+0x160/0x160 [ 160.298398][ T5583] ? kill_css+0x3b0/0x3b0 [ 160.302813][ T5583] ? lock_acquire+0x32/0xc0 [ 160.307399][ T5583] ? kill_css+0x3b0/0x3b0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./22/binderfs") = 0 [pid 5089] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./22/cgroup") = 0 [pid 5089] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./22/cgroup.net") = 0 [ 160.311794][ T5583] kernfs_fop_write_iter+0x3f1/0x600 [ 160.317159][ T5583] vfs_write+0x9ed/0xe10 [ 160.321489][ T5583] ? kernel_write+0x670/0x670 [ 160.326253][ T5583] ? find_held_lock+0x2d/0x110 [ 160.331099][ T5583] ? __fget_light+0x20a/0x270 [ 160.335873][ T5583] ksys_write+0x12b/0x250 [ 160.340287][ T5583] ? __ia32_sys_read+0xb0/0xb0 [ 160.345142][ T5583] ? lockdep_hardirqs_on+0x7d/0x100 [ 160.350413][ T5583] ? _raw_spin_unlock_irq+0x2e/0x50 [ 160.355685][ T5583] ? ptrace_notify+0xfe/0x140 [ 160.360432][ T5583] do_syscall_64+0x39/0xb0 [ 160.364918][ T5583] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.370843][ T5583] RIP: 0033:0x7faecf034129 [ 160.375296][ T5583] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 160.394963][ T5583] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 160.403441][ T5583] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5089] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./22/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 160.411456][ T5583] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 160.419464][ T5583] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 160.427473][ T5583] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 160.435501][ T5583] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000015 [ 160.443563][ T5583] [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./22/file0") = 0 [pid 5089] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./22/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./22") = 0 [pid 5089] mkdir("./23", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 25 ./strace-static-x86_64: Process 5596 attached [pid 5596] chdir("./23") = 0 [pid 5596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5596] setpgid(0, 0) = 0 [pid 5596] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5596] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5596] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [ 160.463664][ T5583] memory: usage 8kB, limit 0kB, failcnt 36 [ 160.469549][ T5583] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 160.485399][ T5583] Memory cgroup stats for /syz1: [ 160.485710][ T5583] anon 0 [ 160.485710][ T5583] file 0 [ 160.485710][ T5583] kernel 8192 [ 160.485710][ T5583] kernel_stack 0 [ 160.485710][ T5583] pagetables 0 [ 160.485710][ T5583] sec_pagetables 0 [ 160.485710][ T5583] percpu 0 [ 160.485710][ T5583] sock 0 [pid 5596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5596] write(3, "1000", 4) = 4 [pid 5596] close(3) = 0 [pid 5596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5596] mkdir("./file0", 000) = 0 [pid 5596] open("./file0", O_RDONLY) = 3 [pid 5596] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5596] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5596] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5596] openat(5, "memory.max", O_RDWR) = 6 [ 160.485710][ T5583] vmalloc 0 [ 160.485710][ T5583] shmem 0 [ 160.485710][ T5583] zswap 0 [ 160.485710][ T5583] zswapped 0 [ 160.485710][ T5583] file_mapped 0 [ 160.485710][ T5583] file_dirty 0 [ 160.485710][ T5583] file_writeback 0 [ 160.485710][ T5583] swapcached 0 [ 160.485710][ T5583] anon_thp 0 [ 160.485710][ T5583] file_thp 0 [ 160.485710][ T5583] shmem_thp 0 [ 160.485710][ T5583] inactive_anon 0 [ 160.485710][ T5583] active_anon 0 [ 160.485710][ T5583] inactive_file 0 [ 160.485710][ T5583] active_file 0 [ 160.485710][ T5583] unevictable 0 [ 160.485710][ T5583] slab_reclaimable 6752 [ 160.485710][ T5583] slab_unreclaimable 0 [ 160.485710][ T5583] slab 6752 [ 160.485710][ T5583] workingset_refault_anon 0 [ 160.485710][ T5583] workingset_refault_file 0 [ 160.485710][ T5583] workingset_activate_anon 0 [ 160.485710][ T5583] workingset_activate_file 0 [ 160.485710][ T5583] workingset_restore_anon 0 [ 160.485710][ T5583] workingset_restore_file 0 [ 160.485710][ T5583] workingset_nodereclaim 0 [ 160.485710][ T5583] pgscan 831 [ 160.485710][ T5583] pgsteal 2 [ 160.485710][ T5583] pgscan_kswapd 0 [ 160.485710][ T5583] pgscan_direct 831 [ 160.485710][ T5583] pgscan_khugepaged 0 [ 160.485710][ T5583] pgsteal_kswapd 0 [ 160.485710][ T5583] pgsteal_direct 2 [ 160.485710][ T5583] pgsteal_khugepaged 0 [ 160.485710][ T5583] pgfault 21 [ 160.485710][ T5583] pgmajfault 0 [ 160.485710][ T5583] pgrefill 830 [ 160.485710][ T5583] pgactivate 829 [ 160.485710][ T5583] pgdeactivate 830 [ 160.485710][ T5583] pglazyfree 0 [ 160.485710][ T5583] pglazyfreed 0 [ 160.485710][ T5583] zswpin 0 [ 160.485710][ T5583] zswpout 0 [ 160.485710][ T5583] thp_fault_alloc 0 [pid 5596] write(6, "0x000000000000040e", 18 [pid 5583] <... write resumed>) = 18 [pid 5583] close(3) = 0 [pid 5583] close(4) = 0 [pid 5583] close(5) = 0 [pid 5583] close(6) = 0 [pid 5583] close(7) = -1 EBADF (Bad file descriptor) [pid 5583] close(8) = -1 EBADF (Bad file descriptor) [pid 5583] close(9) = -1 EBADF (Bad file descriptor) [pid 5583] close(10) = -1 EBADF (Bad file descriptor) [pid 5583] close(11) = -1 EBADF (Bad file descriptor) [pid 5583] close(12) = -1 EBADF (Bad file descriptor) [pid 5583] close(13) = -1 EBADF (Bad file descriptor) [pid 5583] close(14) = -1 EBADF (Bad file descriptor) [pid 5583] close(15) = -1 EBADF (Bad file descriptor) [pid 5583] close(16) = -1 EBADF (Bad file descriptor) [pid 5583] close(17) = -1 EBADF (Bad file descriptor) [pid 5583] close(18) = -1 EBADF (Bad file descriptor) [pid 5583] close(19) = -1 EBADF (Bad file descriptor) [pid 5583] close(20) = -1 EBADF (Bad file descriptor) [pid 5583] close(21) = -1 EBADF (Bad file descriptor) [ 160.485710][ T5583] thp_collapse_alloc 0 [ 160.672923][ T5583] Tasks state (memory values in pages): [ 160.679540][ T5583] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 160.694286][ T5583] Out of memory and no killable processes... [ 160.700583][ T5589] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 160.718942][ T5589] CPU: 0 PID: 5589 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 160.729013][ T5589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 160.739118][ T5589] Call Trace: [ 160.742419][ T5589] [ 160.745373][ T5589] dump_stack_lvl+0x136/0x150 [ 160.750117][ T5589] dump_header+0x10a/0xd70 [ 160.754564][ T5589] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 160.760684][ T5589] out_of_memory+0xd64/0x1660 [ 160.765408][ T5589] ? oom_killer_disable+0x2b0/0x2b0 [ 160.770673][ T5589] mem_cgroup_out_of_memory+0x206/0x270 [ 160.776266][ T5589] ? mem_cgroup_margin+0x130/0x130 [ 160.781455][ T5589] memory_max_write+0x2f9/0x3c0 [ 160.786379][ T5589] ? mem_cgroup_force_empty_write+0x160/0x160 [ 160.792502][ T5589] ? lock_sync+0x190/0x190 [ 160.796980][ T5589] cgroup_file_write+0x1e2/0x7b0 [ 160.801965][ T5589] ? mem_cgroup_force_empty_write+0x160/0x160 [ 160.808077][ T5589] ? kill_css+0x3b0/0x3b0 [ 160.812452][ T5589] ? lock_acquire+0x32/0xc0 [ 160.817016][ T5589] ? kill_css+0x3b0/0x3b0 [ 160.821385][ T5589] kernfs_fop_write_iter+0x3f1/0x600 [ 160.826719][ T5589] vfs_write+0x9ed/0xe10 [ 160.831020][ T5589] ? kernel_write+0x670/0x670 [ 160.835748][ T5589] ? find_held_lock+0x2d/0x110 [ 160.840555][ T5589] ? __fget_light+0x20a/0x270 [ 160.845307][ T5589] ksys_write+0x12b/0x250 [ 160.849701][ T5589] ? __ia32_sys_read+0xb0/0xb0 [ 160.854529][ T5589] ? lockdep_hardirqs_on+0x7d/0x100 [ 160.859786][ T5589] ? _raw_spin_unlock_irq+0x2e/0x50 [ 160.865035][ T5589] ? ptrace_notify+0xfe/0x140 [ 160.869756][ T5589] do_syscall_64+0x39/0xb0 [ 160.874225][ T5589] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.880160][ T5589] RIP: 0033:0x7faecf034129 [ 160.884603][ T5589] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 160.904243][ T5589] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5583] close(22) = -1 EBADF (Bad file descriptor) [pid 5583] close(23) = -1 EBADF (Bad file descriptor) [pid 5583] close(24) = -1 EBADF (Bad file descriptor) [pid 5583] close(25) = -1 EBADF (Bad file descriptor) [pid 5583] close(26) = -1 EBADF (Bad file descriptor) [pid 5583] close(27) = -1 EBADF (Bad file descriptor) [pid 5583] close(28) = -1 EBADF (Bad file descriptor) [pid 5583] close(29) = -1 EBADF (Bad file descriptor) [pid 5583] exit_group(0) = ? [pid 5583] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5087] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./21/binderfs") = 0 [pid 5087] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 160.912690][ T5589] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 160.920688][ T5589] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 160.928686][ T5589] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 160.936681][ T5589] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 160.944676][ T5589] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000013 [ 160.952694][ T5589] [ 160.963903][ T5589] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5087] lstat("./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./21/cgroup") = 0 [pid 5087] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./21/cgroup.net") = 0 [ 160.971386][ T5589] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 160.978925][ T5589] Memory cgroup stats for /syz1: [ 160.979326][ T5589] anon 0 [ 160.979326][ T5589] file 0 [ 160.979326][ T5589] kernel 8192 [ 160.979326][ T5589] kernel_stack 0 [ 160.979326][ T5589] pagetables 0 [ 160.979326][ T5589] sec_pagetables 0 [ 160.979326][ T5589] percpu 0 [ 160.979326][ T5589] sock 0 [ 160.979326][ T5589] vmalloc 0 [ 160.979326][ T5589] shmem 0 [ 160.979326][ T5589] zswap 0 [ 160.979326][ T5589] zswapped 0 [ 160.979326][ T5589] file_mapped 0 [ 160.979326][ T5589] file_dirty 0 [ 160.979326][ T5589] file_writeback 0 [ 160.979326][ T5589] swapcached 0 [ 160.979326][ T5589] anon_thp 0 [ 160.979326][ T5589] file_thp 0 [ 160.979326][ T5589] shmem_thp 0 [ 160.979326][ T5589] inactive_anon 0 [ 160.979326][ T5589] active_anon 0 [ 160.979326][ T5589] inactive_file 0 [ 160.979326][ T5589] active_file 0 [ 160.979326][ T5589] unevictable 0 [ 160.979326][ T5589] slab_reclaimable 6752 [ 160.979326][ T5589] slab_unreclaimable 0 [ 160.979326][ T5589] slab 6752 [ 160.979326][ T5589] workingset_refault_anon 0 [ 160.979326][ T5589] workingset_refault_file 0 [ 160.979326][ T5589] workingset_activate_anon 0 [ 160.979326][ T5589] workingset_activate_file 0 [ 160.979326][ T5589] workingset_restore_anon 0 [ 160.979326][ T5589] workingset_restore_file 0 [ 160.979326][ T5589] workingset_nodereclaim 0 [ 160.979326][ T5589] pgscan 831 [ 160.979326][ T5589] pgsteal 2 [ 160.979326][ T5589] pgscan_kswapd 0 [ 160.979326][ T5589] pgscan_direct 831 [ 160.979326][ T5589] pgscan_khugepaged 0 [pid 5087] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./21/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 160.979326][ T5589] pgsteal_kswapd 0 [ 160.979326][ T5589] pgsteal_direct 2 [ 160.979326][ T5589] pgsteal_khugepaged 0 [ 160.979326][ T5589] pgfault 21 [ 160.979326][ T5589] pgmajfault 0 [ 160.979326][ T5589] pgrefill 830 [ 160.979326][ T5589] pgactivate 829 [ 160.979326][ T5589] pgdeactivate 830 [ 160.979326][ T5589] pglazyfree 0 [ 160.979326][ T5589] pglazyfreed 0 [ 160.979326][ T5589] zswpin 0 [ 160.979326][ T5589] zswpout 0 [ 160.979326][ T5589] thp_fault_alloc 0 [ 160.979326][ T5589] thp_collapse_alloc 0 [pid 5087] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./21/file0") = 0 [pid 5087] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./21/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./21") = 0 [pid 5087] mkdir("./22", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5597 attached [pid 5597] chdir("./22" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 24 [pid 5597] <... chdir resumed>) = 0 [pid 5597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5597] setpgid(0, 0) = 0 [pid 5597] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5597] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5597] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5597] write(3, "1000", 4) = 4 [pid 5597] close(3) = 0 [pid 5597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5597] mkdir("./file0", 000) = 0 [pid 5597] open("./file0", O_RDONLY) = 3 [ 161.173509][ T5589] Tasks state (memory values in pages): [ 161.196110][ T5589] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5597] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5597] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5597] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5597] openat(5, "memory.max", O_RDWR) = 6 [pid 5597] write(6, "0x000000000000040e", 18 [pid 5589] <... write resumed>) = 18 [pid 5589] close(3) = 0 [pid 5589] close(4) = 0 [pid 5589] close(5) = 0 [pid 5589] close(6) = 0 [ 161.229985][ T5589] Out of memory and no killable processes... [ 161.244940][ T5591] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 161.257519][ T5591] CPU: 0 PID: 5591 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 161.267506][ T5591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5589] close(7) = -1 EBADF (Bad file descriptor) [pid 5589] close(8) = -1 EBADF (Bad file descriptor) [pid 5589] close(9) = -1 EBADF (Bad file descriptor) [pid 5589] close(10) = -1 EBADF (Bad file descriptor) [pid 5589] close(11) = -1 EBADF (Bad file descriptor) [pid 5589] close(12) = -1 EBADF (Bad file descriptor) [pid 5589] close(13) = -1 EBADF (Bad file descriptor) [pid 5589] close(14) = -1 EBADF (Bad file descriptor) [pid 5589] close(15) = -1 EBADF (Bad file descriptor) [pid 5589] close(16) = -1 EBADF (Bad file descriptor) [pid 5589] close(17) = -1 EBADF (Bad file descriptor) [pid 5589] close(18) = -1 EBADF (Bad file descriptor) [pid 5589] close(19) = -1 EBADF (Bad file descriptor) [pid 5589] close(20) = -1 EBADF (Bad file descriptor) [pid 5589] close(21) = -1 EBADF (Bad file descriptor) [ 161.277615][ T5591] Call Trace: [ 161.280947][ T5591] [ 161.283934][ T5591] dump_stack_lvl+0x136/0x150 [ 161.288701][ T5591] dump_header+0x10a/0xd70 [ 161.293187][ T5591] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 161.299351][ T5591] out_of_memory+0xd64/0x1660 [ 161.304117][ T5591] ? oom_killer_disable+0x2b0/0x2b0 [ 161.309408][ T5591] mem_cgroup_out_of_memory+0x206/0x270 [ 161.315038][ T5591] ? mem_cgroup_margin+0x130/0x130 [ 161.320257][ T5591] memory_max_write+0x2f9/0x3c0 [pid 5589] close(22) = -1 EBADF (Bad file descriptor) [pid 5589] close(23) = -1 EBADF (Bad file descriptor) [pid 5589] close(24) = -1 EBADF (Bad file descriptor) [pid 5589] close(25) = -1 EBADF (Bad file descriptor) [pid 5589] close(26) = -1 EBADF (Bad file descriptor) [pid 5589] close(27) = -1 EBADF (Bad file descriptor) [pid 5589] close(28) = -1 EBADF (Bad file descriptor) [pid 5589] close(29) = -1 EBADF (Bad file descriptor) [pid 5589] exit_group(0) = ? [pid 5589] +++ exited with 0 +++ [ 161.325207][ T5591] ? mem_cgroup_force_empty_write+0x160/0x160 [ 161.331368][ T5591] ? lock_sync+0x190/0x190 [ 161.335843][ T5591] cgroup_file_write+0x1e2/0x7b0 [ 161.340835][ T5591] ? mem_cgroup_force_empty_write+0x160/0x160 [ 161.347015][ T5591] ? kill_css+0x3b0/0x3b0 [ 161.351418][ T5591] ? lock_acquire+0x32/0xc0 [ 161.356007][ T5591] ? kill_css+0x3b0/0x3b0 [ 161.360404][ T5591] kernfs_fop_write_iter+0x3f1/0x600 [ 161.365748][ T5591] vfs_write+0x9ed/0xe10 [ 161.370063][ T5591] ? kernel_write+0x670/0x670 [ 161.374783][ T5591] ? find_held_lock+0x2d/0x110 [ 161.379584][ T5591] ? __fget_light+0x20a/0x270 [ 161.384306][ T5591] ksys_write+0x12b/0x250 [ 161.388691][ T5591] ? __ia32_sys_read+0xb0/0xb0 [ 161.393531][ T5591] ? lockdep_hardirqs_on+0x7d/0x100 [ 161.398778][ T5591] ? _raw_spin_unlock_irq+0x2e/0x50 [ 161.404029][ T5591] ? ptrace_notify+0xfe/0x140 [ 161.408783][ T5591] do_syscall_64+0x39/0xb0 [ 161.413270][ T5591] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 161.419206][ T5591] RIP: 0033:0x7faecf034129 [ 161.423677][ T5591] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 161.443352][ T5591] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 161.451821][ T5591] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 161.459826][ T5591] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 161.467854][ T5591] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5085] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./19/binderfs") = 0 [pid 5085] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./19/cgroup") = 0 [pid 5085] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./19/cgroup.net") = 0 [pid 5085] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./19/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 161.475863][ T5591] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 161.483869][ T5591] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000014 [ 161.491927][ T5591] [pid 5085] close(4) = 0 [pid 5085] rmdir("./19/file0") = 0 [pid 5085] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./19/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./19/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./19") = 0 [pid 5085] mkdir("./20", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5598 attached [pid 5598] chdir("./20" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 22 [pid 5598] <... chdir resumed>) = 0 [pid 5598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5598] setpgid(0, 0) = 0 [pid 5598] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 161.521481][ T5591] memory: usage 8kB, limit 0kB, failcnt 36 [ 161.528659][ T5591] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 161.536522][ T5591] Memory cgroup stats for /syz1: [ 161.536894][ T5591] anon 0 [ 161.536894][ T5591] file 0 [ 161.536894][ T5591] kernel 8192 [ 161.536894][ T5591] kernel_stack 0 [ 161.536894][ T5591] pagetables 0 [ 161.536894][ T5591] sec_pagetables 0 [ 161.536894][ T5591] percpu 0 [ 161.536894][ T5591] sock 0 [ 161.536894][ T5591] vmalloc 0 [pid 5598] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5598] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5598] write(3, "1000", 4) = 4 [pid 5598] close(3) = 0 [pid 5598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5598] mkdir("./file0", 000) = 0 [pid 5598] open("./file0", O_RDONLY) = 3 [pid 5598] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5598] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5598] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5598] openat(5, "memory.max", O_RDWR) = 6 [ 161.536894][ T5591] shmem 0 [ 161.536894][ T5591] zswap 0 [ 161.536894][ T5591] zswapped 0 [ 161.536894][ T5591] file_mapped 0 [ 161.536894][ T5591] file_dirty 0 [ 161.536894][ T5591] file_writeback 0 [ 161.536894][ T5591] swapcached 0 [ 161.536894][ T5591] anon_thp 0 [ 161.536894][ T5591] file_thp 0 [ 161.536894][ T5591] shmem_thp 0 [ 161.536894][ T5591] inactive_anon 0 [ 161.536894][ T5591] active_anon 0 [ 161.536894][ T5591] inactive_file 0 [ 161.536894][ T5591] active_file 0 [ 161.536894][ T5591] unevictable 0 [ 161.536894][ T5591] slab_reclaimable 6752 [ 161.536894][ T5591] slab_unreclaimable 0 [ 161.536894][ T5591] slab 6752 [ 161.536894][ T5591] workingset_refault_anon 0 [ 161.536894][ T5591] workingset_refault_file 0 [ 161.536894][ T5591] workingset_activate_anon 0 [ 161.536894][ T5591] workingset_activate_file 0 [ 161.536894][ T5591] workingset_restore_anon 0 [ 161.536894][ T5591] workingset_restore_file 0 [ 161.536894][ T5591] workingset_nodereclaim 0 [ 161.536894][ T5591] pgscan 831 [ 161.536894][ T5591] pgsteal 2 [ 161.536894][ T5591] pgscan_kswapd 0 [ 161.536894][ T5591] pgscan_direct 831 [ 161.536894][ T5591] pgscan_khugepaged 0 [ 161.536894][ T5591] pgsteal_kswapd 0 [ 161.536894][ T5591] pgsteal_direct 2 [ 161.536894][ T5591] pgsteal_khugepaged 0 [ 161.536894][ T5591] pgfault 21 [ 161.536894][ T5591] pgmajfault 0 [ 161.536894][ T5591] pgrefill 830 [ 161.536894][ T5591] pgactivate 829 [ 161.536894][ T5591] pgdeactivate 830 [ 161.536894][ T5591] pglazyfree 0 [ 161.536894][ T5591] pglazyfreed 0 [ 161.536894][ T5591] zswpin 0 [ 161.536894][ T5591] zswpout 0 [ 161.536894][ T5591] thp_fault_alloc 0 [ 161.536894][ T5591] thp_collapse_alloc 0 [ 161.728984][ T5591] Tasks state (memory values in pages): [ 161.736404][ T5591] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 161.755373][ T5591] Out of memory and no killable processes... [pid 5598] write(6, "0x000000000000040e", 18 [pid 5591] <... write resumed>) = 18 [pid 5591] close(3) = 0 [pid 5591] close(4) = 0 [pid 5591] close(5) = 0 [pid 5591] close(6) = 0 [pid 5591] close(7) = -1 EBADF (Bad file descriptor) [pid 5591] close(8) = -1 EBADF (Bad file descriptor) [pid 5591] close(9) = -1 EBADF (Bad file descriptor) [pid 5591] close(10) = -1 EBADF (Bad file descriptor) [pid 5591] close(11) = -1 EBADF (Bad file descriptor) [pid 5591] close(12) = -1 EBADF (Bad file descriptor) [pid 5591] close(13) = -1 EBADF (Bad file descriptor) [pid 5591] close(14) = -1 EBADF (Bad file descriptor) [pid 5591] close(15) = -1 EBADF (Bad file descriptor) [pid 5591] close(16) = -1 EBADF (Bad file descriptor) [pid 5591] close(17) = -1 EBADF (Bad file descriptor) [pid 5591] close(18) = -1 EBADF (Bad file descriptor) [pid 5591] close(19) = -1 EBADF (Bad file descriptor) [pid 5591] close(20) = -1 EBADF (Bad file descriptor) [pid 5591] close(21) = -1 EBADF (Bad file descriptor) [pid 5591] close(22) = -1 EBADF (Bad file descriptor) [pid 5591] close(23) = -1 EBADF (Bad file descriptor) [ 161.767398][ T5595] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 161.788909][ T5595] CPU: 0 PID: 5595 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 161.798907][ T5595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 161.809035][ T5595] Call Trace: [ 161.812382][ T5595] [ 161.815361][ T5595] dump_stack_lvl+0x136/0x150 [pid 5591] close(24) = -1 EBADF (Bad file descriptor) [pid 5591] close(25) = -1 EBADF (Bad file descriptor) [pid 5591] close(26) = -1 EBADF (Bad file descriptor) [pid 5591] close(27) = -1 EBADF (Bad file descriptor) [pid 5591] close(28) = -1 EBADF (Bad file descriptor) [pid 5591] close(29) = -1 EBADF (Bad file descriptor) [pid 5591] exit_group(0) = ? [pid 5591] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5086] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./20/binderfs") = 0 [pid 5086] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 161.820115][ T5595] dump_header+0x10a/0xd70 [ 161.824602][ T5595] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 161.830773][ T5595] out_of_memory+0xd64/0x1660 [ 161.835541][ T5595] ? oom_killer_disable+0x2b0/0x2b0 [ 161.840851][ T5595] mem_cgroup_out_of_memory+0x206/0x270 [ 161.846482][ T5595] ? mem_cgroup_margin+0x130/0x130 [ 161.851706][ T5595] memory_max_write+0x2f9/0x3c0 [ 161.856647][ T5595] ? mem_cgroup_force_empty_write+0x160/0x160 [ 161.862811][ T5595] ? lock_sync+0x190/0x190 [ 161.867330][ T5595] cgroup_file_write+0x1e2/0x7b0 [ 161.872352][ T5595] ? mem_cgroup_force_empty_write+0x160/0x160 [ 161.878536][ T5595] ? kill_css+0x3b0/0x3b0 [ 161.882917][ T5595] ? lock_acquire+0x32/0xc0 [ 161.887474][ T5595] ? kill_css+0x3b0/0x3b0 [ 161.891863][ T5595] kernfs_fop_write_iter+0x3f1/0x600 [ 161.897198][ T5595] vfs_write+0x9ed/0xe10 [ 161.901493][ T5595] ? kernel_write+0x670/0x670 [ 161.906229][ T5595] ? find_held_lock+0x2d/0x110 [ 161.911040][ T5595] ? __fget_light+0x20a/0x270 [ 161.915769][ T5595] ksys_write+0x12b/0x250 [ 161.920150][ T5595] ? __ia32_sys_read+0xb0/0xb0 [ 161.924963][ T5595] ? lockdep_hardirqs_on+0x7d/0x100 [ 161.930199][ T5595] ? _raw_spin_unlock_irq+0x2e/0x50 [ 161.935531][ T5595] ? ptrace_notify+0xfe/0x140 [ 161.940249][ T5595] do_syscall_64+0x39/0xb0 [ 161.944717][ T5595] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 161.950653][ T5595] RIP: 0033:0x7faecf034129 [ 161.955097][ T5595] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 161.974737][ T5595] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 161.983187][ T5595] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 161.991186][ T5595] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 161.999179][ T5595] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 162.007268][ T5595] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 162.015266][ T5595] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000017 [pid 5086] unlink("./20/cgroup") = 0 [pid 5086] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./20/cgroup.net") = 0 [pid 5086] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./20/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./20/file0") = 0 [pid 5086] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./20/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [ 162.023284][ T5595] [ 162.035078][ T5595] memory: usage 8kB, limit 0kB, failcnt 36 [ 162.049121][ T5595] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 162.059787][ T5595] Memory cgroup stats for /syz1: [ 162.060040][ T5595] anon 0 [ 162.060040][ T5595] file 0 [ 162.060040][ T5595] kernel 8192 [pid 5086] rmdir("./20") = 0 [pid 5086] mkdir("./21", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5600 attached [pid 5600] chdir("./21" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 23 [pid 5600] <... chdir resumed>) = 0 [pid 5600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5600] setpgid(0, 0) = 0 [pid 5600] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5600] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5600] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5600] write(3, "1000", 4) = 4 [pid 5600] close(3) = 0 [ 162.060040][ T5595] kernel_stack 0 [ 162.060040][ T5595] pagetables 0 [ 162.060040][ T5595] sec_pagetables 0 [ 162.060040][ T5595] percpu 0 [ 162.060040][ T5595] sock 0 [ 162.060040][ T5595] vmalloc 0 [ 162.060040][ T5595] shmem 0 [ 162.060040][ T5595] zswap 0 [ 162.060040][ T5595] zswapped 0 [ 162.060040][ T5595] file_mapped 0 [ 162.060040][ T5595] file_dirty 0 [ 162.060040][ T5595] file_writeback 0 [ 162.060040][ T5595] swapcached 0 [ 162.060040][ T5595] anon_thp 0 [ 162.060040][ T5595] file_thp 0 [ 162.060040][ T5595] shmem_thp 0 [pid 5600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5600] mkdir("./file0", 000) = 0 [pid 5600] open("./file0", O_RDONLY) = 3 [pid 5600] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5600] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5600] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5600] openat(5, "memory.max", O_RDWR) = 6 [ 162.060040][ T5595] inactive_anon 0 [ 162.060040][ T5595] active_anon 0 [ 162.060040][ T5595] inactive_file 0 [ 162.060040][ T5595] active_file 0 [ 162.060040][ T5595] unevictable 0 [ 162.060040][ T5595] slab_reclaimable 6752 [ 162.060040][ T5595] slab_unreclaimable 0 [ 162.060040][ T5595] slab 6752 [ 162.060040][ T5595] workingset_refault_anon 0 [ 162.060040][ T5595] workingset_refault_file 0 [ 162.060040][ T5595] workingset_activate_anon 0 [ 162.060040][ T5595] workingset_activate_file 0 [ 162.060040][ T5595] workingset_restore_anon 0 [ 162.060040][ T5595] workingset_restore_file 0 [ 162.060040][ T5595] workingset_nodereclaim 0 [ 162.060040][ T5595] pgscan 831 [ 162.060040][ T5595] pgsteal 2 [ 162.060040][ T5595] pgscan_kswapd 0 [ 162.060040][ T5595] pgscan_direct 831 [ 162.060040][ T5595] pgscan_khugepaged 0 [ 162.060040][ T5595] pgsteal_kswapd 0 [ 162.060040][ T5595] pgsteal_direct 2 [ 162.060040][ T5595] pgsteal_khugepaged 0 [ 162.060040][ T5595] pgfault 21 [ 162.060040][ T5595] pgmajfault 0 [ 162.060040][ T5595] pgrefill 830 [ 162.060040][ T5595] pgactivate 829 [pid 5600] write(6, "0x000000000000040e", 18 [pid 5595] <... write resumed>) = 18 [ 162.060040][ T5595] pgdeactivate 830 [ 162.060040][ T5595] pglazyfree 0 [ 162.060040][ T5595] pglazyfreed 0 [ 162.060040][ T5595] zswpin 0 [ 162.060040][ T5595] zswpout 0 [ 162.060040][ T5595] thp_fault_alloc 0 [ 162.060040][ T5595] thp_collapse_alloc 0 [ 162.246409][ T5595] Tasks state (memory values in pages): [ 162.252155][ T5595] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 162.266941][ T5595] Out of memory and no killable processes... [pid 5595] close(3) = 0 [pid 5595] close(4) = 0 [pid 5595] close(5) = 0 [pid 5595] close(6) = 0 [pid 5595] close(7) = -1 EBADF (Bad file descriptor) [pid 5595] close(8) = -1 EBADF (Bad file descriptor) [pid 5595] close(9) = -1 EBADF (Bad file descriptor) [pid 5595] close(10) = -1 EBADF (Bad file descriptor) [pid 5595] close(11) = -1 EBADF (Bad file descriptor) [pid 5595] close(12) = -1 EBADF (Bad file descriptor) [pid 5595] close(13) = -1 EBADF (Bad file descriptor) [pid 5595] close(14) = -1 EBADF (Bad file descriptor) [pid 5595] close(15) = -1 EBADF (Bad file descriptor) [pid 5595] close(16) = -1 EBADF (Bad file descriptor) [pid 5595] close(17) = -1 EBADF (Bad file descriptor) [pid 5595] close(18) = -1 EBADF (Bad file descriptor) [pid 5595] close(19) = -1 EBADF (Bad file descriptor) [pid 5595] close(20) = -1 EBADF (Bad file descriptor) [pid 5595] close(21) = -1 EBADF (Bad file descriptor) [pid 5595] close(22) = -1 EBADF (Bad file descriptor) [pid 5595] close(23) = -1 EBADF (Bad file descriptor) [pid 5595] close(24) = -1 EBADF (Bad file descriptor) [ 162.276073][ T5596] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 162.301782][ T5596] CPU: 0 PID: 5596 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 162.311781][ T5596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 162.321898][ T5596] Call Trace: [pid 5595] close(25) = -1 EBADF (Bad file descriptor) [pid 5595] close(26) = -1 EBADF (Bad file descriptor) [pid 5595] close(27) = -1 EBADF (Bad file descriptor) [pid 5595] close(28) = -1 EBADF (Bad file descriptor) [pid 5595] close(29) = -1 EBADF (Bad file descriptor) [pid 5595] exit_group(0) = ? [pid 5595] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./23/binderfs") = 0 [pid 5090] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./23/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./23/cgroup") = 0 [pid 5090] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./23/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./23/cgroup.net") = 0 [ 162.325238][ T5596] [ 162.328218][ T5596] dump_stack_lvl+0x136/0x150 [ 162.332969][ T5596] dump_header+0x10a/0xd70 [ 162.337468][ T5596] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 162.343641][ T5596] out_of_memory+0xd64/0x1660 [ 162.348408][ T5596] ? oom_killer_disable+0x2b0/0x2b0 [ 162.353697][ T5596] mem_cgroup_out_of_memory+0x206/0x270 [ 162.359325][ T5596] ? mem_cgroup_margin+0x130/0x130 [ 162.364544][ T5596] memory_max_write+0x2f9/0x3c0 [ 162.369491][ T5596] ? mem_cgroup_force_empty_write+0x160/0x160 [ 162.375647][ T5596] ? lock_sync+0x190/0x190 [ 162.380141][ T5596] cgroup_file_write+0x1e2/0x7b0 [ 162.385157][ T5596] ? mem_cgroup_force_empty_write+0x160/0x160 [ 162.391303][ T5596] ? kill_css+0x3b0/0x3b0 [ 162.395706][ T5596] ? lock_acquire+0x32/0xc0 [ 162.400289][ T5596] ? kill_css+0x3b0/0x3b0 [ 162.404688][ T5596] kernfs_fop_write_iter+0x3f1/0x600 [ 162.410046][ T5596] vfs_write+0x9ed/0xe10 [ 162.414364][ T5596] ? kernel_write+0x670/0x670 [ 162.419133][ T5596] ? asm_common_interrupt+0x26/0x40 [ 162.424405][ T5596] ? asm_common_interrupt+0x26/0x40 [ 162.429691][ T5596] ? __fget_light+0x20a/0x270 [ 162.434450][ T5596] ksys_write+0x12b/0x250 [ 162.438848][ T5596] ? __ia32_sys_read+0xb0/0xb0 [ 162.443660][ T5596] ? _raw_spin_unlock_irq+0x2e/0x50 [ 162.448936][ T5596] ? ptrace_notify+0xfe/0x140 [ 162.453683][ T5596] do_syscall_64+0x39/0xb0 [ 162.458182][ T5596] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 162.464134][ T5596] RIP: 0033:0x7faecf034129 [ 162.468602][ T5596] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 162.488272][ T5596] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 162.496752][ T5596] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 162.504786][ T5596] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 162.512815][ T5596] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5090] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./23/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./23/file0") = 0 [pid 5090] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 162.520849][ T5596] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 162.528877][ T5596] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000017 [ 162.536946][ T5596] [ 162.565566][ T5596] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5090] lstat("./23/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./23/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./23") = 0 [pid 5090] mkdir("./24", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 26 [ 162.572729][ T5596] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 162.579919][ T5596] Memory cgroup stats for /syz1: [ 162.580327][ T5596] anon 0 [ 162.580327][ T5596] file 0 [ 162.580327][ T5596] kernel 8192 [ 162.580327][ T5596] kernel_stack 0 [ 162.580327][ T5596] pagetables 0 [ 162.580327][ T5596] sec_pagetables 0 [ 162.580327][ T5596] percpu 0 [ 162.580327][ T5596] sock 0 [ 162.580327][ T5596] vmalloc 0 [ 162.580327][ T5596] shmem 0 [ 162.580327][ T5596] zswap 0 [ 162.580327][ T5596] zswapped 0 [ 162.580327][ T5596] file_mapped 0 [ 162.580327][ T5596] file_dirty 0 [ 162.580327][ T5596] file_writeback 0 [ 162.580327][ T5596] swapcached 0 [ 162.580327][ T5596] anon_thp 0 [ 162.580327][ T5596] file_thp 0 [ 162.580327][ T5596] shmem_thp 0 [ 162.580327][ T5596] inactive_anon 0 [ 162.580327][ T5596] active_anon 0 [ 162.580327][ T5596] inactive_file 0 [ 162.580327][ T5596] active_file 0 [ 162.580327][ T5596] unevictable 0 [ 162.580327][ T5596] slab_reclaimable 6752 [ 162.580327][ T5596] slab_unreclaimable 0 [ 162.580327][ T5596] slab 6752 [ 162.580327][ T5596] workingset_refault_anon 0 [ 162.580327][ T5596] workingset_refault_file 0 [ 162.580327][ T5596] workingset_activate_anon 0 [ 162.580327][ T5596] workingset_activate_file 0 [ 162.580327][ T5596] workingset_restore_anon 0 [ 162.580327][ T5596] workingset_restore_file 0 [ 162.580327][ T5596] workingset_nodereclaim 0 [ 162.580327][ T5596] pgscan 831 [ 162.580327][ T5596] pgsteal 2 [ 162.580327][ T5596] pgscan_kswapd 0 [ 162.580327][ T5596] pgscan_direct 831 [ 162.580327][ T5596] pgscan_khugepaged 0 [ 162.580327][ T5596] pgsteal_kswapd 0 [ 162.580327][ T5596] pgsteal_direct 2 [ 162.580327][ T5596] pgsteal_khugepaged 0 [ 162.580327][ T5596] pgfault 21 [ 162.580327][ T5596] pgmajfault 0 [ 162.580327][ T5596] pgrefill 830 [ 162.580327][ T5596] pgactivate 829 [ 162.580327][ T5596] pgdeactivate 830 [ 162.580327][ T5596] pglazyfree 0 [ 162.580327][ T5596] pglazyfreed 0 [ 162.580327][ T5596] zswpin 0 [ 162.580327][ T5596] zswpout 0 [ 162.580327][ T5596] thp_fault_alloc 0 [ 162.580327][ T5596] thp_collapse_alloc 0 ./strace-static-x86_64: Process 5601 attached [pid 5601] chdir("./24") = 0 [pid 5601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5601] setpgid(0, 0) = 0 [pid 5601] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5601] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5601] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5601] write(3, "1000", 4) = 4 [pid 5601] close(3) = 0 [pid 5601] symlink("/dev/binderfs", "./binderfs" [pid 5596] <... write resumed>) = 18 [pid 5596] close(3) = 0 [pid 5596] close(4) = 0 [pid 5596] close(5) = 0 [pid 5596] close(6) = 0 [pid 5596] close(7) = -1 EBADF (Bad file descriptor) [pid 5596] close(8) = -1 EBADF (Bad file descriptor) [pid 5596] close(9) = -1 EBADF (Bad file descriptor) [pid 5596] close(10) = -1 EBADF (Bad file descriptor) [pid 5596] close(11) = -1 EBADF (Bad file descriptor) [pid 5596] close(12) = -1 EBADF (Bad file descriptor) [pid 5596] close(13) = -1 EBADF (Bad file descriptor) [pid 5596] close(14) = -1 EBADF (Bad file descriptor) [pid 5596] close(15) = -1 EBADF (Bad file descriptor) [pid 5596] close(16) = -1 EBADF (Bad file descriptor) [pid 5596] close(17) = -1 EBADF (Bad file descriptor) [pid 5596] close(18) = -1 EBADF (Bad file descriptor) [pid 5596] close(19) = -1 EBADF (Bad file descriptor) [pid 5596] close(20) = -1 EBADF (Bad file descriptor) [pid 5596] close(21) = -1 EBADF (Bad file descriptor) [pid 5596] close(22) = -1 EBADF (Bad file descriptor) [pid 5596] close(23) = -1 EBADF (Bad file descriptor) [pid 5596] close(24) = -1 EBADF (Bad file descriptor) [pid 5596] close(25) = -1 EBADF (Bad file descriptor) [pid 5596] close(26) = -1 EBADF (Bad file descriptor) [pid 5596] close(27) = -1 EBADF (Bad file descriptor) [pid 5596] close(28) = -1 EBADF (Bad file descriptor) [pid 5596] close(29) = -1 EBADF (Bad file descriptor) [pid 5596] exit_group(0) = ? [pid 5601] <... symlink resumed>) = 0 [pid 5596] +++ exited with 0 +++ [pid 5601] mkdir("./file0", 000) = 0 [pid 5601] open("./file0", O_RDONLY) = 3 [pid 5601] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 162.774819][ T5596] Tasks state (memory values in pages): [ 162.781000][ T5596] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 162.793661][ T5596] Out of memory and no killable processes... [ 162.799784][ T5597] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 162.812574][ T5597] CPU: 1 PID: 5597 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5601] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5601] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5601] openat(5, "memory.max", O_RDWR) = 6 [pid 5601] write(6, "0x000000000000040e", 18 [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./23/binderfs") = 0 [pid 5089] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./23/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./23/cgroup") = 0 [pid 5089] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./23/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./23/cgroup.net") = 0 [ 162.822558][ T5597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 162.832666][ T5597] Call Trace: [ 162.835994][ T5597] [ 162.838970][ T5597] dump_stack_lvl+0x136/0x150 [ 162.843718][ T5597] dump_header+0x10a/0xd70 [ 162.848200][ T5597] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 162.854372][ T5597] out_of_memory+0xd64/0x1660 [ 162.859149][ T5597] ? oom_killer_disable+0x2b0/0x2b0 [ 162.864444][ T5597] mem_cgroup_out_of_memory+0x206/0x270 [ 162.870065][ T5597] ? mem_cgroup_margin+0x130/0x130 [ 162.875277][ T5597] memory_max_write+0x2f9/0x3c0 [ 162.880237][ T5597] ? mem_cgroup_force_empty_write+0x160/0x160 [ 162.886418][ T5597] ? lock_sync+0x190/0x190 [ 162.890889][ T5597] cgroup_file_write+0x1e2/0x7b0 [ 162.895912][ T5597] ? mem_cgroup_force_empty_write+0x160/0x160 [ 162.902054][ T5597] ? kill_css+0x3b0/0x3b0 [ 162.906420][ T5597] ? lock_acquire+0x32/0xc0 [ 162.910987][ T5597] ? kill_css+0x3b0/0x3b0 [ 162.915394][ T5597] kernfs_fop_write_iter+0x3f1/0x600 [ 162.920757][ T5597] vfs_write+0x9ed/0xe10 [ 162.925084][ T5597] ? kernel_write+0x670/0x670 [ 162.929837][ T5597] ? find_held_lock+0x2d/0x110 [ 162.934656][ T5597] ? __fget_light+0x20a/0x270 [ 162.939408][ T5597] ksys_write+0x12b/0x250 [ 162.943802][ T5597] ? __ia32_sys_read+0xb0/0xb0 [ 162.948618][ T5597] ? lockdep_hardirqs_on+0x7d/0x100 [ 162.953877][ T5597] ? _raw_spin_unlock_irq+0x2e/0x50 [ 162.959109][ T5597] ? ptrace_notify+0xfe/0x140 [ 162.963839][ T5597] do_syscall_64+0x39/0xb0 [ 162.968331][ T5597] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 162.974312][ T5597] RIP: 0033:0x7faecf034129 [ 162.978777][ T5597] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 162.998454][ T5597] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 163.006934][ T5597] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 163.014946][ T5597] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5089] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./23/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./23/file0") = 0 [ 163.022982][ T5597] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 163.031010][ T5597] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 163.039045][ T5597] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000016 [ 163.047107][ T5597] [ 163.062669][ T5597] memory: usage 8kB, limit 0kB, failcnt 36 [ 163.068705][ T5597] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5089] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./23/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./23/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./23") = 0 [pid 5089] mkdir("./24", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5602 attached [pid 5602] chdir("./24" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 26 [pid 5602] <... chdir resumed>) = 0 [pid 5602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5602] setpgid(0, 0) = 0 [pid 5602] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5602] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5602] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 163.076298][ T5597] Memory cgroup stats for /syz1: [ 163.076581][ T5597] anon 0 [ 163.076581][ T5597] file 0 [ 163.076581][ T5597] kernel 8192 [ 163.076581][ T5597] kernel_stack 0 [ 163.076581][ T5597] pagetables 0 [ 163.076581][ T5597] sec_pagetables 0 [ 163.076581][ T5597] percpu 0 [ 163.076581][ T5597] sock 0 [ 163.076581][ T5597] vmalloc 0 [ 163.076581][ T5597] shmem 0 [ 163.076581][ T5597] zswap 0 [ 163.076581][ T5597] zswapped 0 [ 163.076581][ T5597] file_mapped 0 [ 163.076581][ T5597] file_dirty 0 [ 163.076581][ T5597] file_writeback 0 [pid 5602] write(3, "1000", 4) = 4 [pid 5602] close(3) = 0 [pid 5602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5602] mkdir("./file0", 000) = 0 [pid 5602] open("./file0", O_RDONLY) = 3 [pid 5602] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5602] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5602] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5602] openat(5, "memory.max", O_RDWR) = 6 [ 163.076581][ T5597] swapcached 0 [ 163.076581][ T5597] anon_thp 0 [ 163.076581][ T5597] file_thp 0 [ 163.076581][ T5597] shmem_thp 0 [ 163.076581][ T5597] inactive_anon 0 [ 163.076581][ T5597] active_anon 0 [ 163.076581][ T5597] inactive_file 0 [ 163.076581][ T5597] active_file 0 [ 163.076581][ T5597] unevictable 0 [ 163.076581][ T5597] slab_reclaimable 6752 [ 163.076581][ T5597] slab_unreclaimable 0 [ 163.076581][ T5597] slab 6752 [ 163.076581][ T5597] workingset_refault_anon 0 [ 163.076581][ T5597] workingset_refault_file 0 [ 163.076581][ T5597] workingset_activate_anon 0 [ 163.076581][ T5597] workingset_activate_file 0 [ 163.076581][ T5597] workingset_restore_anon 0 [ 163.076581][ T5597] workingset_restore_file 0 [ 163.076581][ T5597] workingset_nodereclaim 0 [ 163.076581][ T5597] pgscan 831 [ 163.076581][ T5597] pgsteal 2 [ 163.076581][ T5597] pgscan_kswapd 0 [ 163.076581][ T5597] pgscan_direct 831 [ 163.076581][ T5597] pgscan_khugepaged 0 [ 163.076581][ T5597] pgsteal_kswapd 0 [ 163.076581][ T5597] pgsteal_direct 2 [ 163.076581][ T5597] pgsteal_khugepaged 0 [ 163.076581][ T5597] pgfault 21 [ 163.076581][ T5597] pgmajfault 0 [ 163.076581][ T5597] pgrefill 830 [ 163.076581][ T5597] pgactivate 829 [ 163.076581][ T5597] pgdeactivate 830 [ 163.076581][ T5597] pglazyfree 0 [ 163.076581][ T5597] pglazyfreed 0 [ 163.076581][ T5597] zswpin 0 [ 163.076581][ T5597] zswpout 0 [ 163.076581][ T5597] thp_fault_alloc 0 [ 163.076581][ T5597] thp_collapse_alloc 0 [ 163.264683][ T5597] Tasks state (memory values in pages): [ 163.270293][ T5597] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5602] write(6, "0x000000000000040e", 18 [pid 5597] <... write resumed>) = 18 [pid 5597] close(3) = 0 [pid 5597] close(4) = 0 [pid 5597] close(5) = 0 [pid 5597] close(6) = 0 [pid 5597] close(7) = -1 EBADF (Bad file descriptor) [pid 5597] close(8) = -1 EBADF (Bad file descriptor) [pid 5597] close(9) = -1 EBADF (Bad file descriptor) [pid 5597] close(10) = -1 EBADF (Bad file descriptor) [pid 5597] close(11) = -1 EBADF (Bad file descriptor) [pid 5597] close(12) = -1 EBADF (Bad file descriptor) [pid 5597] close(13) = -1 EBADF (Bad file descriptor) [pid 5597] close(14) = -1 EBADF (Bad file descriptor) [pid 5597] close(15) = -1 EBADF (Bad file descriptor) [ 163.283575][ T5597] Out of memory and no killable processes... [ 163.289838][ T5598] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 163.301231][ T5598] CPU: 0 PID: 5598 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 163.311207][ T5598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 163.321401][ T5598] Call Trace: [ 163.324729][ T5598] [ 163.327713][ T5598] dump_stack_lvl+0x136/0x150 [pid 5597] close(16) = -1 EBADF (Bad file descriptor) [pid 5597] close(17) = -1 EBADF (Bad file descriptor) [pid 5597] close(18) = -1 EBADF (Bad file descriptor) [pid 5597] close(19) = -1 EBADF (Bad file descriptor) [pid 5597] close(20) = -1 EBADF (Bad file descriptor) [pid 5597] close(21) = -1 EBADF (Bad file descriptor) [pid 5597] close(22) = -1 EBADF (Bad file descriptor) [pid 5597] close(23) = -1 EBADF (Bad file descriptor) [pid 5597] close(24) = -1 EBADF (Bad file descriptor) [pid 5597] close(25) = -1 EBADF (Bad file descriptor) [pid 5597] close(26) = -1 EBADF (Bad file descriptor) [pid 5597] close(27) = -1 EBADF (Bad file descriptor) [pid 5597] close(28) = -1 EBADF (Bad file descriptor) [pid 5597] close(29) = -1 EBADF (Bad file descriptor) [pid 5597] exit_group(0) = ? [pid 5597] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 163.332467][ T5598] dump_header+0x10a/0xd70 [ 163.336958][ T5598] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 163.343119][ T5598] out_of_memory+0xd64/0x1660 [ 163.347887][ T5598] ? oom_killer_disable+0x2b0/0x2b0 [ 163.353185][ T5598] ? find_held_lock+0x2d/0x110 [ 163.358049][ T5598] mem_cgroup_out_of_memory+0x206/0x270 [ 163.363666][ T5598] ? mem_cgroup_margin+0x130/0x130 [ 163.368865][ T5598] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 163.374768][ T5598] memory_max_write+0x2f9/0x3c0 [pid 5087] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./22/binderfs") = 0 [pid 5087] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./22/cgroup") = 0 [pid 5087] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./22/cgroup.net") = 0 [ 163.379706][ T5598] ? mem_cgroup_force_empty_write+0x160/0x160 [ 163.385860][ T5598] ? lock_sync+0x190/0x190 [ 163.390358][ T5598] cgroup_file_write+0x1e2/0x7b0 [ 163.395372][ T5598] ? mem_cgroup_force_empty_write+0x160/0x160 [ 163.401518][ T5598] ? kill_css+0x3b0/0x3b0 [ 163.405935][ T5598] ? lock_acquire+0x32/0xc0 [ 163.410522][ T5598] ? kill_css+0x3b0/0x3b0 [ 163.414937][ T5598] kernfs_fop_write_iter+0x3f1/0x600 [ 163.420320][ T5598] vfs_write+0x9ed/0xe10 [ 163.424648][ T5598] ? kernel_write+0x670/0x670 [ 163.429412][ T5598] ? find_held_lock+0x2d/0x110 [ 163.434254][ T5598] ? __fget_light+0x20a/0x270 [ 163.439009][ T5598] ksys_write+0x12b/0x250 [ 163.443411][ T5598] ? __ia32_sys_read+0xb0/0xb0 [ 163.448249][ T5598] ? lockdep_hardirqs_on+0x7d/0x100 [ 163.453514][ T5598] ? _raw_spin_unlock_irq+0x2e/0x50 [ 163.458784][ T5598] ? ptrace_notify+0xfe/0x140 [ 163.463536][ T5598] do_syscall_64+0x39/0xb0 [ 163.468031][ T5598] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 163.473992][ T5598] RIP: 0033:0x7faecf034129 [ 163.478443][ T5598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 163.498094][ T5598] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 163.506572][ T5598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 163.514600][ T5598] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 163.522629][ T5598] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5087] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./22/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./22/file0") = 0 [ 163.530658][ T5598] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 163.538686][ T5598] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000014 [ 163.546758][ T5598] [ 163.564427][ T5598] memory: usage 8kB, limit 0kB, failcnt 36 [ 163.570313][ T5598] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 163.578450][ T5598] Memory cgroup stats for /syz1: [pid 5087] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./22/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./22") = 0 [pid 5087] mkdir("./23", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5603 attached [pid 5603] chdir("./23" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 25 [pid 5603] <... chdir resumed>) = 0 [pid 5603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5603] setpgid(0, 0) = 0 [pid 5603] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5603] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5603] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5603] write(3, "1000", 4) = 4 [ 163.578880][ T5598] anon 0 [ 163.578880][ T5598] file 0 [ 163.578880][ T5598] kernel 8192 [ 163.578880][ T5598] kernel_stack 0 [ 163.578880][ T5598] pagetables 0 [ 163.578880][ T5598] sec_pagetables 0 [ 163.578880][ T5598] percpu 0 [ 163.578880][ T5598] sock 0 [ 163.578880][ T5598] vmalloc 0 [ 163.578880][ T5598] shmem 0 [ 163.578880][ T5598] zswap 0 [ 163.578880][ T5598] zswapped 0 [ 163.578880][ T5598] file_mapped 0 [ 163.578880][ T5598] file_dirty 0 [ 163.578880][ T5598] file_writeback 0 [ 163.578880][ T5598] swapcached 0 [pid 5603] close(3) = 0 [pid 5603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5603] mkdir("./file0", 000) = 0 [pid 5603] open("./file0", O_RDONLY) = 3 [pid 5603] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5603] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5603] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5603] openat(5, "memory.max", O_RDWR) = 6 [ 163.578880][ T5598] anon_thp 0 [ 163.578880][ T5598] file_thp 0 [ 163.578880][ T5598] shmem_thp 0 [ 163.578880][ T5598] inactive_anon 0 [ 163.578880][ T5598] active_anon 0 [ 163.578880][ T5598] inactive_file 0 [ 163.578880][ T5598] active_file 0 [ 163.578880][ T5598] unevictable 0 [ 163.578880][ T5598] slab_reclaimable 6752 [ 163.578880][ T5598] slab_unreclaimable 0 [ 163.578880][ T5598] slab 6752 [ 163.578880][ T5598] workingset_refault_anon 0 [ 163.578880][ T5598] workingset_refault_file 0 [ 163.578880][ T5598] workingset_activate_anon 0 [ 163.578880][ T5598] workingset_activate_file 0 [ 163.578880][ T5598] workingset_restore_anon 0 [ 163.578880][ T5598] workingset_restore_file 0 [ 163.578880][ T5598] workingset_nodereclaim 0 [ 163.578880][ T5598] pgscan 831 [ 163.578880][ T5598] pgsteal 2 [ 163.578880][ T5598] pgscan_kswapd 0 [ 163.578880][ T5598] pgscan_direct 831 [ 163.578880][ T5598] pgscan_khugepaged 0 [ 163.578880][ T5598] pgsteal_kswapd 0 [ 163.578880][ T5598] pgsteal_direct 2 [ 163.578880][ T5598] pgsteal_khugepaged 0 [ 163.578880][ T5598] pgfault 21 [ 163.578880][ T5598] pgmajfault 0 [ 163.578880][ T5598] pgrefill 830 [ 163.578880][ T5598] pgactivate 829 [ 163.578880][ T5598] pgdeactivate 830 [ 163.578880][ T5598] pglazyfree 0 [ 163.578880][ T5598] pglazyfreed 0 [ 163.578880][ T5598] zswpin 0 [ 163.578880][ T5598] zswpout 0 [ 163.578880][ T5598] thp_fault_alloc 0 [ 163.578880][ T5598] thp_collapse_alloc 0 [pid 5603] write(6, "0x000000000000040e", 18 [pid 5598] <... write resumed>) = 18 [pid 5598] close(3) = 0 [pid 5598] close(4) = 0 [pid 5598] close(5) = 0 [pid 5598] close(6) = 0 [pid 5598] close(7) = -1 EBADF (Bad file descriptor) [pid 5598] close(8) = -1 EBADF (Bad file descriptor) [pid 5598] close(9) = -1 EBADF (Bad file descriptor) [pid 5598] close(10) = -1 EBADF (Bad file descriptor) [pid 5598] close(11) = -1 EBADF (Bad file descriptor) [pid 5598] close(12) = -1 EBADF (Bad file descriptor) [pid 5598] close(13) = -1 EBADF (Bad file descriptor) [pid 5598] close(14) = -1 EBADF (Bad file descriptor) [pid 5598] close(15) = -1 EBADF (Bad file descriptor) [pid 5598] close(16) = -1 EBADF (Bad file descriptor) [pid 5598] close(17) = -1 EBADF (Bad file descriptor) [pid 5598] close(18) = -1 EBADF (Bad file descriptor) [pid 5598] close(19) = -1 EBADF (Bad file descriptor) [pid 5598] close(20) = -1 EBADF (Bad file descriptor) [pid 5598] close(21) = -1 EBADF (Bad file descriptor) [pid 5598] close(22) = -1 EBADF (Bad file descriptor) [pid 5598] close(23) = -1 EBADF (Bad file descriptor) [pid 5598] close(24) = -1 EBADF (Bad file descriptor) [pid 5598] close(25) = -1 EBADF (Bad file descriptor) [ 163.801204][ T5598] Tasks state (memory values in pages): [ 163.809671][ T5598] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 163.821234][ T5598] Out of memory and no killable processes... [ 163.829560][ T5600] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5598] close(26) = -1 EBADF (Bad file descriptor) [pid 5598] close(27) = -1 EBADF (Bad file descriptor) [pid 5598] close(28) = -1 EBADF (Bad file descriptor) [pid 5598] close(29) = -1 EBADF (Bad file descriptor) [pid 5598] exit_group(0) = ? [pid 5598] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5085] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./20/binderfs") = 0 [pid 5085] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./20/cgroup") = 0 [pid 5085] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 163.845361][ T5600] CPU: 1 PID: 5600 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 163.855342][ T5600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 163.865480][ T5600] Call Trace: [ 163.868826][ T5600] [ 163.871809][ T5600] dump_stack_lvl+0x136/0x150 [ 163.876567][ T5600] dump_header+0x10a/0xd70 [ 163.881059][ T5600] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 163.887223][ T5600] out_of_memory+0xd64/0x1660 [ 163.892008][ T5600] ? oom_killer_disable+0x2b0/0x2b0 [ 163.897307][ T5600] mem_cgroup_out_of_memory+0x206/0x270 [ 163.902954][ T5600] ? mem_cgroup_margin+0x130/0x130 [ 163.908155][ T5600] memory_max_write+0x2f9/0x3c0 [ 163.913089][ T5600] ? mem_cgroup_force_empty_write+0x160/0x160 [ 163.919224][ T5600] ? lock_sync+0x190/0x190 [ 163.923693][ T5600] cgroup_file_write+0x1e2/0x7b0 [ 163.928691][ T5600] ? mem_cgroup_force_empty_write+0x160/0x160 [ 163.934824][ T5600] ? kill_css+0x3b0/0x3b0 [ 163.939205][ T5600] ? lock_acquire+0x32/0xc0 [ 163.943756][ T5600] ? kill_css+0x3b0/0x3b0 [ 163.948135][ T5600] kernfs_fop_write_iter+0x3f1/0x600 [ 163.953473][ T5600] vfs_write+0x9ed/0xe10 [ 163.957772][ T5600] ? kernel_write+0x670/0x670 [ 163.962516][ T5600] ? find_held_lock+0x2d/0x110 [ 163.967324][ T5600] ? __fget_light+0x20a/0x270 [ 163.972054][ T5600] ksys_write+0x12b/0x250 [ 163.976431][ T5600] ? __ia32_sys_read+0xb0/0xb0 [ 163.981249][ T5600] ? lockdep_hardirqs_on+0x7d/0x100 [ 163.986487][ T5600] ? _raw_spin_unlock_irq+0x2e/0x50 [ 163.991729][ T5600] ? ptrace_notify+0xfe/0x140 [ 163.996456][ T5600] do_syscall_64+0x39/0xb0 [ 164.000920][ T5600] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 164.006878][ T5600] RIP: 0033:0x7faecf034129 [ 164.011323][ T5600] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 164.030963][ T5600] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 164.039407][ T5600] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5085] unlink("./20/cgroup.net") = 0 [pid 5085] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 164.047407][ T5600] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 164.055406][ T5600] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 164.063403][ T5600] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 164.071414][ T5600] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000015 [ 164.079437][ T5600] [ 164.093282][ T5600] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5085] lstat("./20/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./20/file0") = 0 [pid 5085] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./20/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./20") = 0 [pid 5085] mkdir("./21", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5604 attached , child_tidptr=0x555555c0c5d0) = 23 [pid 5604] chdir("./21") = 0 [pid 5604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5604] setpgid(0, 0) = 0 [pid 5604] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 164.099422][ T5600] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 164.115335][ T5600] Memory cgroup stats for /syz1: [ 164.115620][ T5600] anon 0 [ 164.115620][ T5600] file 0 [ 164.115620][ T5600] kernel 8192 [ 164.115620][ T5600] kernel_stack 0 [ 164.115620][ T5600] pagetables 0 [ 164.115620][ T5600] sec_pagetables 0 [ 164.115620][ T5600] percpu 0 [ 164.115620][ T5600] sock 0 [ 164.115620][ T5600] vmalloc 0 [ 164.115620][ T5600] shmem 0 [pid 5604] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5604] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5604] write(3, "1000", 4) = 4 [pid 5604] close(3) = 0 [pid 5604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5604] mkdir("./file0", 000) = 0 [pid 5604] open("./file0", O_RDONLY) = 3 [ 164.115620][ T5600] zswap 0 [ 164.115620][ T5600] zswapped 0 [ 164.115620][ T5600] file_mapped 0 [ 164.115620][ T5600] file_dirty 0 [ 164.115620][ T5600] file_writeback 0 [ 164.115620][ T5600] swapcached 0 [ 164.115620][ T5600] anon_thp 0 [ 164.115620][ T5600] file_thp 0 [ 164.115620][ T5600] shmem_thp 0 [ 164.115620][ T5600] inactive_anon 0 [ 164.115620][ T5600] active_anon 0 [ 164.115620][ T5600] inactive_file 0 [ 164.115620][ T5600] active_file 0 [ 164.115620][ T5600] unevictable 0 [ 164.115620][ T5600] slab_reclaimable 6752 [pid 5604] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5604] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5604] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5604] openat(5, "memory.max", O_RDWR) = 6 [ 164.115620][ T5600] slab_unreclaimable 0 [ 164.115620][ T5600] slab 6752 [ 164.115620][ T5600] workingset_refault_anon 0 [ 164.115620][ T5600] workingset_refault_file 0 [ 164.115620][ T5600] workingset_activate_anon 0 [ 164.115620][ T5600] workingset_activate_file 0 [ 164.115620][ T5600] workingset_restore_anon 0 [ 164.115620][ T5600] workingset_restore_file 0 [ 164.115620][ T5600] workingset_nodereclaim 0 [ 164.115620][ T5600] pgscan 831 [ 164.115620][ T5600] pgsteal 2 [ 164.115620][ T5600] pgscan_kswapd 0 [ 164.115620][ T5600] pgscan_direct 831 [ 164.115620][ T5600] pgscan_khugepaged 0 [ 164.115620][ T5600] pgsteal_kswapd 0 [ 164.115620][ T5600] pgsteal_direct 2 [ 164.115620][ T5600] pgsteal_khugepaged 0 [ 164.115620][ T5600] pgfault 21 [ 164.115620][ T5600] pgmajfault 0 [ 164.115620][ T5600] pgrefill 830 [ 164.115620][ T5600] pgactivate 829 [ 164.115620][ T5600] pgdeactivate 830 [ 164.115620][ T5600] pglazyfree 0 [ 164.115620][ T5600] pglazyfreed 0 [ 164.115620][ T5600] zswpin 0 [ 164.115620][ T5600] zswpout 0 [ 164.115620][ T5600] thp_fault_alloc 0 [ 164.115620][ T5600] thp_collapse_alloc 0 [pid 5604] write(6, "0x000000000000040e", 18 [pid 5600] <... write resumed>) = 18 [pid 5600] close(3) = 0 [pid 5600] close(4) = 0 [pid 5600] close(5) = 0 [pid 5600] close(6) = 0 [pid 5600] close(7) = -1 EBADF (Bad file descriptor) [pid 5600] close(8) = -1 EBADF (Bad file descriptor) [pid 5600] close(9) = -1 EBADF (Bad file descriptor) [ 164.308670][ T5600] Tasks state (memory values in pages): [ 164.315217][ T5600] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 164.327515][ T5600] Out of memory and no killable processes... [ 164.336305][ T5601] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5600] close(10) = -1 EBADF (Bad file descriptor) [pid 5600] close(11) = -1 EBADF (Bad file descriptor) [pid 5600] close(12) = -1 EBADF (Bad file descriptor) [pid 5600] close(13) = -1 EBADF (Bad file descriptor) [pid 5600] close(14) = -1 EBADF (Bad file descriptor) [pid 5600] close(15) = -1 EBADF (Bad file descriptor) [pid 5600] close(16) = -1 EBADF (Bad file descriptor) [pid 5600] close(17) = -1 EBADF (Bad file descriptor) [pid 5600] close(18) = -1 EBADF (Bad file descriptor) [pid 5600] close(19) = -1 EBADF (Bad file descriptor) [pid 5600] close(20) = -1 EBADF (Bad file descriptor) [pid 5600] close(21) = -1 EBADF (Bad file descriptor) [pid 5600] close(22) = -1 EBADF (Bad file descriptor) [pid 5600] close(23) = -1 EBADF (Bad file descriptor) [pid 5600] close(24) = -1 EBADF (Bad file descriptor) [pid 5600] close(25) = -1 EBADF (Bad file descriptor) [pid 5600] close(26) = -1 EBADF (Bad file descriptor) [pid 5600] close(27) = -1 EBADF (Bad file descriptor) [pid 5600] close(28) = -1 EBADF (Bad file descriptor) [pid 5600] close(29) = -1 EBADF (Bad file descriptor) [pid 5600] exit_group(0) = ? [pid 5600] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 164.356844][ T5601] CPU: 0 PID: 5601 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 164.366834][ T5601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 164.376952][ T5601] Call Trace: [ 164.380296][ T5601] [ 164.383295][ T5601] dump_stack_lvl+0x136/0x150 [ 164.388052][ T5601] dump_header+0x10a/0xd70 [ 164.392545][ T5601] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 164.398712][ T5601] out_of_memory+0xd64/0x1660 [ 164.403480][ T5601] ? oom_killer_disable+0x2b0/0x2b0 [pid 5086] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./21/binderfs") = 0 [pid 5086] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./21/cgroup") = 0 [pid 5086] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./21/cgroup.net") = 0 [ 164.408773][ T5601] mem_cgroup_out_of_memory+0x206/0x270 [ 164.414418][ T5601] ? mem_cgroup_margin+0x130/0x130 [ 164.419720][ T5601] memory_max_write+0x2f9/0x3c0 [ 164.424670][ T5601] ? mem_cgroup_force_empty_write+0x160/0x160 [ 164.430889][ T5601] ? lock_sync+0x190/0x190 [ 164.435391][ T5601] cgroup_file_write+0x1e2/0x7b0 [ 164.440420][ T5601] ? mem_cgroup_force_empty_write+0x160/0x160 [ 164.446581][ T5601] ? kill_css+0x3b0/0x3b0 [ 164.450983][ T5601] ? lock_acquire+0x32/0xc0 [ 164.455546][ T5601] ? kill_css+0x3b0/0x3b0 [ 164.459954][ T5601] kernfs_fop_write_iter+0x3f1/0x600 [ 164.465326][ T5601] vfs_write+0x9ed/0xe10 [ 164.469659][ T5601] ? kernel_write+0x670/0x670 [ 164.474425][ T5601] ? find_held_lock+0x2d/0x110 [ 164.479276][ T5601] ? __fget_light+0x20a/0x270 [ 164.484027][ T5601] ksys_write+0x12b/0x250 [ 164.488414][ T5601] ? __ia32_sys_read+0xb0/0xb0 [ 164.493266][ T5601] ? lockdep_hardirqs_on+0x7d/0x100 [ 164.498533][ T5601] ? _raw_spin_unlock_irq+0x2e/0x50 [ 164.503823][ T5601] ? ptrace_notify+0xfe/0x140 [ 164.508554][ T5601] do_syscall_64+0x39/0xb0 [ 164.513060][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 164.519029][ T5601] RIP: 0033:0x7faecf034129 [ 164.523501][ T5601] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 164.543175][ T5601] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 164.551659][ T5601] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 164.559689][ T5601] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 164.567727][ T5601] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 164.575757][ T5601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 164.583787][ T5601] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000018 [ 164.591843][ T5601] [ 164.597361][ T5601] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5086] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./21/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./21/file0") = 0 [ 164.604435][ T5601] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5086] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./21/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./21") = 0 [pid 5086] mkdir("./22", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5605 attached [pid 5605] chdir("./22" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 24 [pid 5605] <... chdir resumed>) = 0 [pid 5605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5605] setpgid(0, 0) = 0 [pid 5605] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5605] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5605] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5605] write(3, "1000", 4) = 4 [pid 5605] close(3) = 0 [pid 5605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5605] mkdir("./file0", 000) = 0 [pid 5605] open("./file0", O_RDONLY) = 3 [ 164.611351][ T5601] Memory cgroup stats for /syz1: [ 164.636145][ T5601] anon 0 [ 164.636145][ T5601] file 0 [ 164.636145][ T5601] kernel 8192 [ 164.636145][ T5601] kernel_stack 0 [ 164.636145][ T5601] pagetables 0 [ 164.636145][ T5601] sec_pagetables 0 [ 164.636145][ T5601] percpu 0 [ 164.636145][ T5601] sock 0 [ 164.636145][ T5601] vmalloc 0 [ 164.636145][ T5601] shmem 0 [ 164.636145][ T5601] zswap 0 [ 164.636145][ T5601] zswapped 0 [ 164.636145][ T5601] file_mapped 0 [ 164.636145][ T5601] file_dirty 0 [pid 5605] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5605] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5605] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5605] openat(5, "memory.max", O_RDWR) = 6 [ 164.636145][ T5601] file_writeback 0 [ 164.636145][ T5601] swapcached 0 [ 164.636145][ T5601] anon_thp 0 [ 164.636145][ T5601] file_thp 0 [ 164.636145][ T5601] shmem_thp 0 [ 164.636145][ T5601] inactive_anon 0 [ 164.636145][ T5601] active_anon 0 [ 164.636145][ T5601] inactive_file 0 [ 164.636145][ T5601] active_file 0 [ 164.636145][ T5601] unevictable 0 [ 164.636145][ T5601] slab_reclaimable 6752 [ 164.636145][ T5601] slab_unreclaimable 0 [ 164.636145][ T5601] slab 6752 [ 164.636145][ T5601] workingset_refault_anon 0 [ 164.636145][ T5601] workingset_refault_file 0 [ 164.636145][ T5601] workingset_activate_anon 0 [ 164.636145][ T5601] workingset_activate_file 0 [ 164.636145][ T5601] workingset_restore_anon 0 [ 164.636145][ T5601] workingset_restore_file 0 [ 164.636145][ T5601] workingset_nodereclaim 0 [ 164.636145][ T5601] pgscan 831 [ 164.636145][ T5601] pgsteal 2 [ 164.636145][ T5601] pgscan_kswapd 0 [ 164.636145][ T5601] pgscan_direct 831 [ 164.636145][ T5601] pgscan_khugepaged 0 [ 164.636145][ T5601] pgsteal_kswapd 0 [ 164.636145][ T5601] pgsteal_direct 2 [ 164.636145][ T5601] pgsteal_khugepaged 0 [ 164.636145][ T5601] pgfault 21 [ 164.636145][ T5601] pgmajfault 0 [ 164.636145][ T5601] pgrefill 830 [ 164.636145][ T5601] pgactivate 829 [ 164.636145][ T5601] pgdeactivate 830 [ 164.636145][ T5601] pglazyfree 0 [ 164.636145][ T5601] pglazyfreed 0 [ 164.636145][ T5601] zswpin 0 [ 164.636145][ T5601] zswpout 0 [ 164.636145][ T5601] thp_fault_alloc 0 [ 164.636145][ T5601] thp_collapse_alloc 0 [ 164.832759][ T5601] Tasks state (memory values in pages): [ 164.839593][ T5601] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 164.857149][ T5601] Out of memory and no killable processes... [ 164.865466][ T5602] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 164.876620][ T5602] CPU: 1 PID: 5602 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5605] write(6, "0x000000000000040e", 18 [pid 5601] <... write resumed>) = 18 [pid 5601] close(3) = 0 [ 164.886583][ T5602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 164.896694][ T5602] Call Trace: [ 164.900013][ T5602] [ 164.902990][ T5602] dump_stack_lvl+0x136/0x150 [ 164.907747][ T5602] dump_header+0x10a/0xd70 [ 164.912255][ T5602] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 164.918420][ T5602] out_of_memory+0xd64/0x1660 [ 164.923183][ T5602] ? oom_killer_disable+0x2b0/0x2b0 [ 164.928463][ T5602] ? find_held_lock+0x2d/0x110 [pid 5601] close(4) = 0 [pid 5601] close(5) = 0 [pid 5601] close(6) = 0 [pid 5601] close(7) = -1 EBADF (Bad file descriptor) [pid 5601] close(8) = -1 EBADF (Bad file descriptor) [pid 5601] close(9) = -1 EBADF (Bad file descriptor) [pid 5601] close(10) = -1 EBADF (Bad file descriptor) [pid 5601] close(11) = -1 EBADF (Bad file descriptor) [pid 5601] close(12) = -1 EBADF (Bad file descriptor) [pid 5601] close(13) = -1 EBADF (Bad file descriptor) [pid 5601] close(14) = -1 EBADF (Bad file descriptor) [pid 5601] close(15) = -1 EBADF (Bad file descriptor) [pid 5601] close(16) = -1 EBADF (Bad file descriptor) [pid 5601] close(17) = -1 EBADF (Bad file descriptor) [pid 5601] close(18) = -1 EBADF (Bad file descriptor) [pid 5601] close(19) = -1 EBADF (Bad file descriptor) [pid 5601] close(20) = -1 EBADF (Bad file descriptor) [pid 5601] close(21) = -1 EBADF (Bad file descriptor) [pid 5601] close(22) = -1 EBADF (Bad file descriptor) [ 164.933305][ T5602] mem_cgroup_out_of_memory+0x206/0x270 [ 164.938947][ T5602] ? mem_cgroup_margin+0x130/0x130 [ 164.944148][ T5602] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 164.950042][ T5602] memory_max_write+0x2f9/0x3c0 [ 164.954970][ T5602] ? mem_cgroup_force_empty_write+0x160/0x160 [ 164.961121][ T5602] ? lock_sync+0x190/0x190 [ 164.965624][ T5602] cgroup_file_write+0x1e2/0x7b0 [ 164.970645][ T5602] ? mem_cgroup_force_empty_write+0x160/0x160 [ 164.976798][ T5602] ? kill_css+0x3b0/0x3b0 [ 164.981204][ T5602] ? lock_acquire+0x32/0xc0 [ 164.985807][ T5602] ? kill_css+0x3b0/0x3b0 [ 164.990188][ T5602] kernfs_fop_write_iter+0x3f1/0x600 [ 164.995525][ T5602] vfs_write+0x9ed/0xe10 [ 164.999821][ T5602] ? kernel_write+0x670/0x670 [ 165.004551][ T5602] ? find_held_lock+0x2d/0x110 [ 165.009360][ T5602] ? __fget_light+0x20a/0x270 [ 165.014088][ T5602] ksys_write+0x12b/0x250 [ 165.018461][ T5602] ? __ia32_sys_read+0xb0/0xb0 [ 165.023270][ T5602] ? lockdep_hardirqs_on+0x7d/0x100 [ 165.028507][ T5602] ? _raw_spin_unlock_irq+0x2e/0x50 [ 165.033756][ T5602] ? ptrace_notify+0xfe/0x140 [ 165.038473][ T5602] do_syscall_64+0x39/0xb0 [ 165.042936][ T5602] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 165.048866][ T5602] RIP: 0033:0x7faecf034129 [ 165.053320][ T5602] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 165.072965][ T5602] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5601] close(23) = -1 EBADF (Bad file descriptor) [pid 5601] close(24) = -1 EBADF (Bad file descriptor) [pid 5601] close(25) = -1 EBADF (Bad file descriptor) [pid 5601] close(26) = -1 EBADF (Bad file descriptor) [pid 5601] close(27) = -1 EBADF (Bad file descriptor) [pid 5601] close(28) = -1 EBADF (Bad file descriptor) [pid 5601] close(29) = -1 EBADF (Bad file descriptor) [pid 5601] exit_group(0) = ? [pid 5601] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 165.081416][ T5602] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 165.089418][ T5602] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 165.097417][ T5602] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 165.105412][ T5602] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 165.113405][ T5602] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000018 [ 165.121420][ T5602] [pid 5090] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./24/binderfs") = 0 [pid 5090] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./24/cgroup") = 0 [pid 5090] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./24/cgroup.net") = 0 [pid 5090] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./24/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [ 165.150190][ T5602] memory: usage 8kB, limit 0kB, failcnt 36 [ 165.156309][ T5602] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 165.173610][ T5602] Memory cgroup stats for /syz1: [ 165.173914][ T5602] anon 0 [ 165.173914][ T5602] file 0 [ 165.173914][ T5602] kernel 8192 [ 165.173914][ T5602] kernel_stack 0 [ 165.173914][ T5602] pagetables 0 [ 165.173914][ T5602] sec_pagetables 0 [ 165.173914][ T5602] percpu 0 [ 165.173914][ T5602] sock 0 [ 165.173914][ T5602] vmalloc 0 [ 165.173914][ T5602] shmem 0 [ 165.173914][ T5602] zswap 0 [ 165.173914][ T5602] zswapped 0 [ 165.173914][ T5602] file_mapped 0 [ 165.173914][ T5602] file_dirty 0 [ 165.173914][ T5602] file_writeback 0 [ 165.173914][ T5602] swapcached 0 [ 165.173914][ T5602] anon_thp 0 [ 165.173914][ T5602] file_thp 0 [ 165.173914][ T5602] shmem_thp 0 [ 165.173914][ T5602] inactive_anon 0 [ 165.173914][ T5602] active_anon 0 [ 165.173914][ T5602] inactive_file 0 [ 165.173914][ T5602] active_file 0 [ 165.173914][ T5602] unevictable 0 [ 165.173914][ T5602] slab_reclaimable 6752 [ 165.173914][ T5602] slab_unreclaimable 0 [ 165.173914][ T5602] slab 6752 [ 165.173914][ T5602] workingset_refault_anon 0 [ 165.173914][ T5602] workingset_refault_file 0 [ 165.173914][ T5602] workingset_activate_anon 0 [ 165.173914][ T5602] workingset_activate_file 0 [ 165.173914][ T5602] workingset_restore_anon 0 [ 165.173914][ T5602] workingset_restore_file 0 [ 165.173914][ T5602] workingset_nodereclaim 0 [ 165.173914][ T5602] pgscan 831 [ 165.173914][ T5602] pgsteal 2 [ 165.173914][ T5602] pgscan_kswapd 0 [ 165.173914][ T5602] pgscan_direct 831 [ 165.173914][ T5602] pgscan_khugepaged 0 [ 165.173914][ T5602] pgsteal_kswapd 0 [ 165.173914][ T5602] pgsteal_direct 2 [ 165.173914][ T5602] pgsteal_khugepaged 0 [ 165.173914][ T5602] pgfault 21 [ 165.173914][ T5602] pgmajfault 0 [ 165.173914][ T5602] pgrefill 830 [ 165.173914][ T5602] pgactivate 829 [ 165.173914][ T5602] pgdeactivate 830 [ 165.173914][ T5602] pglazyfree 0 [ 165.173914][ T5602] pglazyfreed 0 [ 165.173914][ T5602] zswpin 0 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./24/file0") = 0 [pid 5090] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./24/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./24") = 0 [pid 5090] mkdir("./25", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5607 attached [pid 5607] chdir("./25" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 27 [pid 5607] <... chdir resumed>) = 0 [pid 5607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5607] setpgid(0, 0) = 0 [pid 5607] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5607] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5607] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5607] write(3, "1000", 4) = 4 [pid 5607] close(3) = 0 [pid 5607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5607] mkdir("./file0", 000) = 0 [pid 5607] open("./file0", O_RDONLY) = 3 [pid 5607] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5607] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5607] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5607] openat(5, "memory.max", O_RDWR) = 6 [pid 5607] write(6, "0x000000000000040e", 18 [pid 5602] <... write resumed>) = 18 [ 165.173914][ T5602] zswpout 0 [ 165.173914][ T5602] thp_fault_alloc 0 [ 165.173914][ T5602] thp_collapse_alloc 0 [ 165.361035][ T5602] Tasks state (memory values in pages): [ 165.368166][ T5602] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 165.378365][ T5602] Out of memory and no killable processes... [ 165.385222][ T5603] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 165.396462][ T5603] CPU: 0 PID: 5603 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 165.406438][ T5603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 165.416521][ T5603] Call Trace: [ 165.419826][ T5603] [ 165.422798][ T5603] dump_stack_lvl+0x136/0x150 [ 165.427516][ T5603] dump_header+0x10a/0xd70 [ 165.431965][ T5603] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 165.438092][ T5603] out_of_memory+0xd64/0x1660 [ 165.442815][ T5603] ? oom_killer_disable+0x2b0/0x2b0 [ 165.448060][ T5603] ? find_held_lock+0x2d/0x110 [ 165.452863][ T5603] mem_cgroup_out_of_memory+0x206/0x270 [ 165.458450][ T5603] ? mem_cgroup_margin+0x130/0x130 [ 165.463613][ T5603] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 165.469469][ T5603] memory_max_write+0x2f9/0x3c0 [ 165.474372][ T5603] ? mem_cgroup_force_empty_write+0x160/0x160 [ 165.480492][ T5603] ? lock_sync+0x190/0x190 [ 165.484950][ T5603] cgroup_file_write+0x1e2/0x7b0 [ 165.489939][ T5603] ? mem_cgroup_force_empty_write+0x160/0x160 [ 165.496053][ T5603] ? kill_css+0x3b0/0x3b0 [ 165.500431][ T5603] ? lock_acquire+0x32/0xc0 [ 165.504984][ T5603] ? kill_css+0x3b0/0x3b0 [ 165.509359][ T5603] kernfs_fop_write_iter+0x3f1/0x600 [ 165.514693][ T5603] vfs_write+0x9ed/0xe10 [ 165.519009][ T5603] ? kernel_write+0x670/0x670 [ 165.523743][ T5603] ? find_held_lock+0x2d/0x110 [ 165.528556][ T5603] ? __fget_light+0x20a/0x270 [ 165.533287][ T5603] ksys_write+0x12b/0x250 [ 165.537665][ T5603] ? __ia32_sys_read+0xb0/0xb0 [ 165.542479][ T5603] ? lockdep_hardirqs_on+0x7d/0x100 [ 165.547724][ T5603] ? _raw_spin_unlock_irq+0x2e/0x50 [ 165.552962][ T5603] ? ptrace_notify+0xfe/0x140 [ 165.557686][ T5603] do_syscall_64+0x39/0xb0 [ 165.562154][ T5603] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 165.568101][ T5603] RIP: 0033:0x7faecf034129 [ 165.572542][ T5603] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 165.592179][ T5603] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 165.600621][ T5603] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 165.608622][ T5603] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 165.616617][ T5603] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 165.624614][ T5603] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 165.632609][ T5603] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000017 [ 165.640624][ T5603] [pid 5602] close(3) = 0 [pid 5602] close(4) = 0 [pid 5602] close(5) = 0 [pid 5602] close(6) = 0 [pid 5602] close(7) = -1 EBADF (Bad file descriptor) [pid 5602] close(8) = -1 EBADF (Bad file descriptor) [pid 5602] close(9) = -1 EBADF (Bad file descriptor) [pid 5602] close(10) = -1 EBADF (Bad file descriptor) [pid 5602] close(11) = -1 EBADF (Bad file descriptor) [pid 5602] close(12) = -1 EBADF (Bad file descriptor) [pid 5602] close(13) = -1 EBADF (Bad file descriptor) [pid 5602] close(14) = -1 EBADF (Bad file descriptor) [pid 5602] close(15) = -1 EBADF (Bad file descriptor) [pid 5602] close(16) = -1 EBADF (Bad file descriptor) [pid 5602] close(17) = -1 EBADF (Bad file descriptor) [pid 5602] close(18) = -1 EBADF (Bad file descriptor) [pid 5602] close(19) = -1 EBADF (Bad file descriptor) [pid 5602] close(20) = -1 EBADF (Bad file descriptor) [pid 5602] close(21) = -1 EBADF (Bad file descriptor) [pid 5602] close(22) = -1 EBADF (Bad file descriptor) [pid 5602] close(23) = -1 EBADF (Bad file descriptor) [pid 5602] close(24) = -1 EBADF (Bad file descriptor) [pid 5602] close(25) = -1 EBADF (Bad file descriptor) [pid 5602] close(26) = -1 EBADF (Bad file descriptor) [ 165.651021][ T5603] memory: usage 8kB, limit 0kB, failcnt 36 [ 165.668731][ T5603] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 165.681287][ T5603] Memory cgroup stats for /syz1: [ 165.686293][ T5603] anon 0 [ 165.686293][ T5603] file 0 [ 165.686293][ T5603] kernel 8192 [ 165.686293][ T5603] kernel_stack 0 [ 165.686293][ T5603] pagetables 0 [ 165.686293][ T5603] sec_pagetables 0 [ 165.686293][ T5603] percpu 0 [ 165.686293][ T5603] sock 0 [ 165.686293][ T5603] vmalloc 0 [ 165.686293][ T5603] shmem 0 [ 165.686293][ T5603] zswap 0 [ 165.686293][ T5603] zswapped 0 [ 165.686293][ T5603] file_mapped 0 [ 165.686293][ T5603] file_dirty 0 [ 165.686293][ T5603] file_writeback 0 [ 165.686293][ T5603] swapcached 0 [ 165.686293][ T5603] anon_thp 0 [ 165.686293][ T5603] file_thp 0 [ 165.686293][ T5603] shmem_thp 0 [ 165.686293][ T5603] inactive_anon 0 [ 165.686293][ T5603] active_anon 0 [ 165.686293][ T5603] inactive_file 0 [ 165.686293][ T5603] active_file 0 [ 165.686293][ T5603] unevictable 0 [ 165.686293][ T5603] slab_reclaimable 6752 [ 165.686293][ T5603] slab_unreclaimable 0 [ 165.686293][ T5603] slab 6752 [ 165.686293][ T5603] workingset_refault_anon 0 [ 165.686293][ T5603] workingset_refault_file 0 [ 165.686293][ T5603] workingset_activate_anon 0 [ 165.686293][ T5603] workingset_activate_file 0 [ 165.686293][ T5603] workingset_restore_anon 0 [ 165.686293][ T5603] workingset_restore_file 0 [ 165.686293][ T5603] workingset_nodereclaim 0 [ 165.686293][ T5603] pgscan 831 [ 165.686293][ T5603] pgsteal 2 [ 165.686293][ T5603] pgscan_kswapd 0 [ 165.686293][ T5603] pgscan_direct 831 [ 165.686293][ T5603] pgscan_khugepaged 0 [ 165.686293][ T5603] pgsteal_kswapd 0 [ 165.686293][ T5603] pgsteal_direct 2 [ 165.686293][ T5603] pgsteal_khugepaged 0 [ 165.686293][ T5603] pgfault 21 [ 165.686293][ T5603] pgmajfault 0 [ 165.686293][ T5603] pgrefill 830 [ 165.686293][ T5603] pgactivate 829 [ 165.686293][ T5603] pgdeactivate 830 [pid 5602] close(27) = -1 EBADF (Bad file descriptor) [pid 5602] close(28) = -1 EBADF (Bad file descriptor) [pid 5602] close(29) = -1 EBADF (Bad file descriptor) [pid 5602] exit_group(0) = ? [pid 5602] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 165.686293][ T5603] pglazyfree 0 [ 165.686293][ T5603] pglazyfreed 0 [ 165.686293][ T5603] zswpin 0 [ 165.686293][ T5603] zswpout 0 [ 165.686293][ T5603] thp_fault_alloc 0 [ 165.686293][ T5603] thp_collapse_alloc 0 [ 165.881231][ T5603] Tasks state (memory values in pages): [ 165.886984][ T5603] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5089] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./24/binderfs") = 0 [pid 5603] <... write resumed>) = 18 [pid 5089] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./24/cgroup") = 0 [pid 5089] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./24/cgroup.net") = 0 [ 165.911678][ T5603] Out of memory and no killable processes... [ 165.917860][ T5604] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 165.928662][ T5604] CPU: 1 PID: 5604 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 165.938628][ T5604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 165.948740][ T5604] Call Trace: [ 165.952057][ T5604] [ 165.955032][ T5604] dump_stack_lvl+0x136/0x150 [ 165.959793][ T5604] dump_header+0x10a/0xd70 [ 165.964273][ T5604] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 165.970426][ T5604] out_of_memory+0xd64/0x1660 [ 165.975199][ T5604] ? oom_killer_disable+0x2b0/0x2b0 [ 165.980465][ T5604] ? find_held_lock+0x2d/0x110 [ 165.985279][ T5604] mem_cgroup_out_of_memory+0x206/0x270 [ 165.990871][ T5604] ? mem_cgroup_margin+0x130/0x130 [ 165.996030][ T5604] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 166.001898][ T5604] memory_max_write+0x2f9/0x3c0 [ 166.006798][ T5604] ? mem_cgroup_force_empty_write+0x160/0x160 [ 166.012944][ T5604] ? lock_sync+0x190/0x190 [ 166.017401][ T5604] cgroup_file_write+0x1e2/0x7b0 [ 166.022410][ T5604] ? mem_cgroup_force_empty_write+0x160/0x160 [ 166.028520][ T5604] ? kill_css+0x3b0/0x3b0 [ 166.032885][ T5604] ? lock_acquire+0x32/0xc0 [ 166.037447][ T5604] ? kill_css+0x3b0/0x3b0 [ 166.041849][ T5604] kernfs_fop_write_iter+0x3f1/0x600 [ 166.047185][ T5604] vfs_write+0x9ed/0xe10 [ 166.051477][ T5604] ? kernel_write+0x670/0x670 [ 166.056203][ T5604] ? find_held_lock+0x2d/0x110 [ 166.061007][ T5604] ? __fget_light+0x20a/0x270 [ 166.065738][ T5604] ksys_write+0x12b/0x250 [ 166.070120][ T5604] ? __ia32_sys_read+0xb0/0xb0 [ 166.074949][ T5604] ? lockdep_hardirqs_on+0x7d/0x100 [ 166.080189][ T5604] ? _raw_spin_unlock_irq+0x2e/0x50 [ 166.085427][ T5604] ? ptrace_notify+0xfe/0x140 [ 166.090148][ T5604] do_syscall_64+0x39/0xb0 [ 166.094632][ T5604] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 166.100559][ T5604] RIP: 0033:0x7faecf034129 [ 166.105002][ T5604] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 166.124634][ T5604] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 166.133082][ T5604] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 166.141080][ T5604] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 166.149073][ T5604] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5089] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5603] close(3 [pid 5089] <... umount2 resumed>) = 0 [pid 5603] <... close resumed>) = 0 [pid 5603] close(4) = 0 [pid 5603] close(5) = 0 [pid 5603] close(6) = 0 [pid 5603] close(7) = -1 EBADF (Bad file descriptor) [pid 5603] close(8) = -1 EBADF (Bad file descriptor) [pid 5603] close(9) = -1 EBADF (Bad file descriptor) [pid 5603] close(10) = -1 EBADF (Bad file descriptor) [pid 5603] close(11) = -1 EBADF (Bad file descriptor) [pid 5603] close(12) = -1 EBADF (Bad file descriptor) [pid 5603] close(13) = -1 EBADF (Bad file descriptor) [pid 5603] close(14) = -1 EBADF (Bad file descriptor) [pid 5603] close(15) = -1 EBADF (Bad file descriptor) [pid 5603] close(16) = -1 EBADF (Bad file descriptor) [pid 5603] close(17) = -1 EBADF (Bad file descriptor) [pid 5603] close(18) = -1 EBADF (Bad file descriptor) [pid 5603] close(19) = -1 EBADF (Bad file descriptor) [pid 5603] close(20) = -1 EBADF (Bad file descriptor) [pid 5603] close(21) = -1 EBADF (Bad file descriptor) [pid 5603] close(22) = -1 EBADF (Bad file descriptor) [pid 5603] close(23) = -1 EBADF (Bad file descriptor) [pid 5603] close(24) = -1 EBADF (Bad file descriptor) [pid 5603] close(25) = -1 EBADF (Bad file descriptor) [pid 5603] close(26) = -1 EBADF (Bad file descriptor) [pid 5603] close(27) = -1 EBADF (Bad file descriptor) [pid 5603] close(28) = -1 EBADF (Bad file descriptor) [pid 5603] close(29) = -1 EBADF (Bad file descriptor) [ 166.157071][ T5604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 166.165081][ T5604] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000015 [ 166.173102][ T5604] [ 166.182596][ T5604] memory: usage 8kB, limit 0kB, failcnt 36 [ 166.188473][ T5604] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 166.205215][ T5604] Memory cgroup stats for /syz1: [ 166.205491][ T5604] anon 0 [ 166.205491][ T5604] file 0 [ 166.205491][ T5604] kernel 8192 [ 166.205491][ T5604] kernel_stack 0 [ 166.205491][ T5604] pagetables 0 [ 166.205491][ T5604] sec_pagetables 0 [ 166.205491][ T5604] percpu 0 [ 166.205491][ T5604] sock 0 [ 166.205491][ T5604] vmalloc 0 [ 166.205491][ T5604] shmem 0 [ 166.205491][ T5604] zswap 0 [ 166.205491][ T5604] zswapped 0 [ 166.205491][ T5604] file_mapped 0 [ 166.205491][ T5604] file_dirty 0 [ 166.205491][ T5604] file_writeback 0 [ 166.205491][ T5604] swapcached 0 [ 166.205491][ T5604] anon_thp 0 [ 166.205491][ T5604] file_thp 0 [ 166.205491][ T5604] shmem_thp 0 [ 166.205491][ T5604] inactive_anon 0 [ 166.205491][ T5604] active_anon 0 [ 166.205491][ T5604] inactive_file 0 [ 166.205491][ T5604] active_file 0 [ 166.205491][ T5604] unevictable 0 [ 166.205491][ T5604] slab_reclaimable 6752 [ 166.205491][ T5604] slab_unreclaimable 0 [ 166.205491][ T5604] slab 6752 [ 166.205491][ T5604] workingset_refault_anon 0 [ 166.205491][ T5604] workingset_refault_file 0 [ 166.205491][ T5604] workingset_activate_anon 0 [ 166.205491][ T5604] workingset_activate_file 0 [ 166.205491][ T5604] workingset_restore_anon 0 [ 166.205491][ T5604] workingset_restore_file 0 [ 166.205491][ T5604] workingset_nodereclaim 0 [ 166.205491][ T5604] pgscan 831 [ 166.205491][ T5604] pgsteal 2 [ 166.205491][ T5604] pgscan_kswapd 0 [ 166.205491][ T5604] pgscan_direct 831 [ 166.205491][ T5604] pgscan_khugepaged 0 [ 166.205491][ T5604] pgsteal_kswapd 0 [ 166.205491][ T5604] pgsteal_direct 2 [ 166.205491][ T5604] pgsteal_khugepaged 0 [ 166.205491][ T5604] pgfault 21 [ 166.205491][ T5604] pgmajfault 0 [pid 5603] exit_group(0) = ? [pid 5089] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5603] +++ exited with 0 +++ [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5089] lstat("./24/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5087] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5089] <... openat resumed>) = 4 [pid 5087] <... openat resumed>) = 3 [pid 5089] fstat(4, [pid 5087] fstat(3, [pid 5089] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 166.205491][ T5604] pgrefill 830 [ 166.205491][ T5604] pgactivate 829 [ 166.205491][ T5604] pgdeactivate 830 [ 166.205491][ T5604] pglazyfree 0 [ 166.205491][ T5604] pglazyfreed 0 [ 166.205491][ T5604] zswpin 0 [ 166.205491][ T5604] zswpout 0 [ 166.205491][ T5604] thp_fault_alloc 0 [ 166.205491][ T5604] thp_collapse_alloc 0 [ 166.408165][ T5604] Tasks state (memory values in pages): [pid 5089] getdents64(4, [pid 5087] getdents64(3, [pid 5089] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] getdents64(4, [pid 5087] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] close(4 [pid 5087] lstat("./23/binderfs", [pid 5089] <... close resumed>) = 0 [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] rmdir("./24/file0" [pid 5087] unlink("./23/binderfs" [pid 5089] <... rmdir resumed>) = 0 [pid 5087] <... unlink resumed>) = 0 [pid 5089] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./24/cgroup.cpu", [pid 5087] lstat("./23/cgroup", [pid 5089] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./24/cgroup.cpu" [pid 5087] unlink("./23/cgroup" [pid 5089] <... unlink resumed>) = 0 [pid 5087] <... unlink resumed>) = 0 [pid 5089] getdents64(3, [pid 5087] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] close(3 [pid 5087] lstat("./23/cgroup.net", [pid 5089] <... close resumed>) = 0 [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] rmdir("./24" [pid 5087] unlink("./23/cgroup.net" [pid 5089] <... rmdir resumed>) = 0 [pid 5087] <... unlink resumed>) = 0 [pid 5089] mkdir("./25", 0777 [pid 5087] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... mkdir resumed>) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5608 attached [pid 5608] chdir("./25" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 27 [pid 5608] <... chdir resumed>) = 0 [pid 5608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5608] setpgid(0, 0) = 0 [pid 5608] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5608] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 5087] <... umount2 resumed>) = 0 [pid 5608] <... symlink resumed>) = 0 [pid 5604] <... write resumed>) = 18 [pid 5087] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5608] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 5604] close(3 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5608] <... symlink resumed>) = 0 [pid 5604] <... close resumed>) = 0 [pid 5087] lstat("./23/file0", [pid 5608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5604] close(4 [pid 5087] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5608] <... openat resumed>) = 3 [pid 5087] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5608] write(3, "1000", 4 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5608] <... write resumed>) = 4 [ 166.414233][ T5604] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 166.433472][ T5604] Out of memory and no killable processes... [ 166.439703][ T5605] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5087] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5608] close(3 [pid 5087] <... openat resumed>) = 4 [pid 5608] <... close resumed>) = 0 [pid 5087] fstat(4, [pid 5608] symlink("/dev/binderfs", "./binderfs" [pid 5087] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5608] <... symlink resumed>) = 0 [pid 5087] getdents64(4, [pid 5608] mkdir("./file0", 000 [pid 5087] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5608] <... mkdir resumed>) = 0 [pid 5087] getdents64(4, [pid 5608] open("./file0", O_RDONLY [pid 5087] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5608] <... open resumed>) = 3 [pid 5087] close(4 [pid 5608] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5087] <... close resumed>) = 0 [pid 5608] <... mount resumed>) = 0 [pid 5087] rmdir("./23/file0" [pid 5608] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5087] <... rmdir resumed>) = 0 [pid 5608] <... openat resumed>) = 4 [pid 5087] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5608] openat(4, "syz1", O_RDWR|O_PATH [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5608] <... openat resumed>) = 5 [pid 5087] lstat("./23/cgroup.cpu", [pid 5608] openat(5, "memory.max", O_RDWR [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5608] <... openat resumed>) = 6 [pid 5087] unlink("./23/cgroup.cpu" [pid 5608] write(6, "0x000000000000040e", 18 [pid 5087] <... unlink resumed>) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./23") = 0 [pid 5087] mkdir("./24", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 26 [pid 5604] <... close resumed>) = 0 [ 166.459450][ T5605] CPU: 1 PID: 5605 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 166.469433][ T5605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 166.479541][ T5605] Call Trace: [ 166.482877][ T5605] [ 166.485861][ T5605] dump_stack_lvl+0x136/0x150 [ 166.490611][ T5605] dump_header+0x10a/0xd70 [ 166.495095][ T5605] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 166.501260][ T5605] out_of_memory+0xd64/0x1660 [ 166.506021][ T5605] ? oom_killer_disable+0x2b0/0x2b0 [pid 5604] close(5) = 0 [pid 5604] close(6) = 0 [pid 5604] close(7) = -1 EBADF (Bad file descriptor) [pid 5604] close(8) = -1 EBADF (Bad file descriptor) [pid 5604] close(9) = -1 EBADF (Bad file descriptor) [pid 5604] close(10) = -1 EBADF (Bad file descriptor) [pid 5604] close(11) = -1 EBADF (Bad file descriptor) [pid 5604] close(12) = -1 EBADF (Bad file descriptor) [pid 5604] close(13) = -1 EBADF (Bad file descriptor) [pid 5604] close(14) = -1 EBADF (Bad file descriptor) [pid 5604] close(15) = -1 EBADF (Bad file descriptor) [pid 5604] close(16) = -1 EBADF (Bad file descriptor) [pid 5604] close(17) = -1 EBADF (Bad file descriptor) [pid 5604] close(18) = -1 EBADF (Bad file descriptor) [pid 5604] close(19) = -1 EBADF (Bad file descriptor) [pid 5604] close(20) = -1 EBADF (Bad file descriptor) [pid 5604] close(21) = -1 EBADF (Bad file descriptor) [pid 5604] close(22) = -1 EBADF (Bad file descriptor) [pid 5604] close(23) = -1 EBADF (Bad file descriptor) [pid 5604] close(24) = -1 EBADF (Bad file descriptor) [pid 5604] close(25) = -1 EBADF (Bad file descriptor) [pid 5604] close(26) = -1 EBADF (Bad file descriptor) [pid 5604] close(27) = -1 EBADF (Bad file descriptor) [pid 5604] close(28) = -1 EBADF (Bad file descriptor) [ 166.511311][ T5605] mem_cgroup_out_of_memory+0x206/0x270 [ 166.516953][ T5605] ? mem_cgroup_margin+0x130/0x130 [ 166.522196][ T5605] memory_max_write+0x2f9/0x3c0 [ 166.527137][ T5605] ? mem_cgroup_force_empty_write+0x160/0x160 [ 166.533304][ T5605] ? lock_sync+0x190/0x190 [ 166.537794][ T5605] cgroup_file_write+0x1e2/0x7b0 [ 166.542817][ T5605] ? mem_cgroup_force_empty_write+0x160/0x160 [ 166.548969][ T5605] ? kill_css+0x3b0/0x3b0 [ 166.553375][ T5605] ? lock_acquire+0x32/0xc0 [ 166.557966][ T5605] ? kill_css+0x3b0/0x3b0 [pid 5604] close(29) = -1 EBADF (Bad file descriptor) [pid 5604] exit_group(0) = ? [pid 5604] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5085] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./21/binderfs") = 0 [pid 5085] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./21/cgroup") = 0 [pid 5085] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./21/cgroup.net") = 0 [pid 5085] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5609 attached [pid 5609] chdir("./24") = 0 [ 166.562376][ T5605] kernfs_fop_write_iter+0x3f1/0x600 [ 166.567751][ T5605] vfs_write+0x9ed/0xe10 [ 166.572080][ T5605] ? kernel_write+0x670/0x670 [ 166.576857][ T5605] ? find_held_lock+0x2d/0x110 [ 166.581703][ T5605] ? __fget_light+0x20a/0x270 [ 166.586468][ T5605] ksys_write+0x12b/0x250 [ 166.590896][ T5605] ? __ia32_sys_read+0xb0/0xb0 [ 166.595764][ T5605] ? lockdep_hardirqs_on+0x7d/0x100 [ 166.601032][ T5605] ? _raw_spin_unlock_irq+0x2e/0x50 [ 166.606309][ T5605] ? ptrace_notify+0xfe/0x140 [pid 5609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5609] setpgid(0, 0) = 0 [pid 5609] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5609] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5609] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5609] write(3, "1000", 4) = 4 [pid 5609] close(3) = 0 [pid 5609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5609] mkdir("./file0", 000) = 0 [pid 5609] open("./file0", O_RDONLY) = 3 [pid 5609] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5609] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5609] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5609] openat(5, "memory.max", O_RDWR) = 6 [ 166.611066][ T5605] do_syscall_64+0x39/0xb0 [ 166.615587][ T5605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 166.621551][ T5605] RIP: 0033:0x7faecf034129 [ 166.626017][ T5605] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 166.645694][ T5605] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 166.654186][ T5605] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5609] write(6, "0x000000000000040e", 18 [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./21/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 166.662239][ T5605] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 166.670267][ T5605] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 166.678294][ T5605] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 166.686320][ T5605] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000016 [ 166.694362][ T5605] [ 166.704194][ T5605] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5085] close(4) = 0 [pid 5085] rmdir("./21/file0") = 0 [pid 5085] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./21/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./21") = 0 [pid 5085] mkdir("./22", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5610 attached [pid 5610] chdir("./22" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 24 [pid 5610] <... chdir resumed>) = 0 [pid 5610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5610] setpgid(0, 0) = 0 [pid 5610] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5610] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5610] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5610] write(3, "1000", 4) = 4 [pid 5610] close(3) = 0 [ 166.724553][ T5605] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 166.731551][ T5605] Memory cgroup stats for /syz1: [ 166.732068][ T5605] anon 0 [ 166.732068][ T5605] file 0 [ 166.732068][ T5605] kernel 8192 [ 166.732068][ T5605] kernel_stack 0 [ 166.732068][ T5605] pagetables 0 [ 166.732068][ T5605] sec_pagetables 0 [ 166.732068][ T5605] percpu 0 [ 166.732068][ T5605] sock 0 [ 166.732068][ T5605] vmalloc 0 [ 166.732068][ T5605] shmem 0 [ 166.732068][ T5605] zswap 0 [ 166.732068][ T5605] zswapped 0 [pid 5610] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5610] mkdir("./file0", 000) = 0 [pid 5610] open("./file0", O_RDONLY) = 3 [pid 5610] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5610] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5610] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5610] openat(5, "memory.max", O_RDWR) = 6 [ 166.732068][ T5605] file_mapped 0 [ 166.732068][ T5605] file_dirty 0 [ 166.732068][ T5605] file_writeback 0 [ 166.732068][ T5605] swapcached 0 [ 166.732068][ T5605] anon_thp 0 [ 166.732068][ T5605] file_thp 0 [ 166.732068][ T5605] shmem_thp 0 [ 166.732068][ T5605] inactive_anon 0 [ 166.732068][ T5605] active_anon 0 [ 166.732068][ T5605] inactive_file 0 [ 166.732068][ T5605] active_file 0 [ 166.732068][ T5605] unevictable 0 [ 166.732068][ T5605] slab_reclaimable 6752 [ 166.732068][ T5605] slab_unreclaimable 0 [ 166.732068][ T5605] slab 6752 [ 166.732068][ T5605] workingset_refault_anon 0 [ 166.732068][ T5605] workingset_refault_file 0 [ 166.732068][ T5605] workingset_activate_anon 0 [ 166.732068][ T5605] workingset_activate_file 0 [ 166.732068][ T5605] workingset_restore_anon 0 [ 166.732068][ T5605] workingset_restore_file 0 [ 166.732068][ T5605] workingset_nodereclaim 0 [ 166.732068][ T5605] pgscan 831 [ 166.732068][ T5605] pgsteal 2 [ 166.732068][ T5605] pgscan_kswapd 0 [ 166.732068][ T5605] pgscan_direct 831 [ 166.732068][ T5605] pgscan_khugepaged 0 [ 166.732068][ T5605] pgsteal_kswapd 0 [ 166.732068][ T5605] pgsteal_direct 2 [ 166.732068][ T5605] pgsteal_khugepaged 0 [ 166.732068][ T5605] pgfault 21 [ 166.732068][ T5605] pgmajfault 0 [ 166.732068][ T5605] pgrefill 830 [ 166.732068][ T5605] pgactivate 829 [ 166.732068][ T5605] pgdeactivate 830 [ 166.732068][ T5605] pglazyfree 0 [ 166.732068][ T5605] pglazyfreed 0 [ 166.732068][ T5605] zswpin 0 [ 166.732068][ T5605] zswpout 0 [ 166.732068][ T5605] thp_fault_alloc 0 [ 166.732068][ T5605] thp_collapse_alloc 0 [pid 5610] write(6, "0x000000000000040e", 18 [pid 5605] <... write resumed>) = 18 [pid 5605] close(3) = 0 [pid 5605] close(4) = 0 [pid 5605] close(5) = 0 [pid 5605] close(6) = 0 [pid 5605] close(7) = -1 EBADF (Bad file descriptor) [pid 5605] close(8) = -1 EBADF (Bad file descriptor) [pid 5605] close(9) = -1 EBADF (Bad file descriptor) [pid 5605] close(10) = -1 EBADF (Bad file descriptor) [pid 5605] close(11) = -1 EBADF (Bad file descriptor) [pid 5605] close(12) = -1 EBADF (Bad file descriptor) [pid 5605] close(13) = -1 EBADF (Bad file descriptor) [pid 5605] close(14) = -1 EBADF (Bad file descriptor) [pid 5605] close(15) = -1 EBADF (Bad file descriptor) [pid 5605] close(16) = -1 EBADF (Bad file descriptor) [ 166.944610][ T5605] Tasks state (memory values in pages): [ 166.950235][ T5605] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 166.959927][ T5605] Out of memory and no killable processes... [ 166.970260][ T5607] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5605] close(17) = -1 EBADF (Bad file descriptor) [pid 5605] close(18) = -1 EBADF (Bad file descriptor) [pid 5605] close(19) = -1 EBADF (Bad file descriptor) [pid 5605] close(20) = -1 EBADF (Bad file descriptor) [pid 5605] close(21) = -1 EBADF (Bad file descriptor) [pid 5605] close(22) = -1 EBADF (Bad file descriptor) [pid 5605] close(23) = -1 EBADF (Bad file descriptor) [pid 5605] close(24) = -1 EBADF (Bad file descriptor) [pid 5605] close(25) = -1 EBADF (Bad file descriptor) [pid 5605] close(26) = -1 EBADF (Bad file descriptor) [pid 5605] close(27) = -1 EBADF (Bad file descriptor) [pid 5605] close(28) = -1 EBADF (Bad file descriptor) [pid 5605] close(29) = -1 EBADF (Bad file descriptor) [pid 5605] exit_group(0) = ? [pid 5605] +++ exited with 0 +++ [ 167.010921][ T5607] CPU: 0 PID: 5607 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 167.020986][ T5607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 167.031110][ T5607] Call Trace: [ 167.034444][ T5607] [ 167.037417][ T5607] dump_stack_lvl+0x136/0x150 [ 167.042158][ T5607] dump_header+0x10a/0xd70 [ 167.046641][ T5607] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 167.052803][ T5607] out_of_memory+0xd64/0x1660 [ 167.057569][ T5607] ? oom_killer_disable+0x2b0/0x2b0 [ 167.062863][ T5607] mem_cgroup_out_of_memory+0x206/0x270 [ 167.068487][ T5607] ? mem_cgroup_margin+0x130/0x130 [ 167.073705][ T5607] memory_max_write+0x2f9/0x3c0 [ 167.078635][ T5607] ? mem_cgroup_force_empty_write+0x160/0x160 [ 167.084774][ T5607] ? lock_sync+0x190/0x190 [ 167.089235][ T5607] cgroup_file_write+0x1e2/0x7b0 [ 167.094226][ T5607] ? mem_cgroup_force_empty_write+0x160/0x160 [ 167.100339][ T5607] ? kill_css+0x3b0/0x3b0 [ 167.104714][ T5607] ? lock_acquire+0x32/0xc0 [ 167.109296][ T5607] ? kill_css+0x3b0/0x3b0 [ 167.113668][ T5607] kernfs_fop_write_iter+0x3f1/0x600 [ 167.119017][ T5607] vfs_write+0x9ed/0xe10 [ 167.123321][ T5607] ? kernel_write+0x670/0x670 [ 167.128053][ T5607] ? find_held_lock+0x2d/0x110 [ 167.132872][ T5607] ? __fget_light+0x20a/0x270 [ 167.137615][ T5607] ksys_write+0x12b/0x250 [ 167.142002][ T5607] ? __ia32_sys_read+0xb0/0xb0 [ 167.146812][ T5607] ? lockdep_hardirqs_on+0x7d/0x100 [ 167.152056][ T5607] ? _raw_spin_unlock_irq+0x2e/0x50 [ 167.157297][ T5607] ? ptrace_notify+0xfe/0x140 [ 167.162015][ T5607] do_syscall_64+0x39/0xb0 [ 167.166479][ T5607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 167.172433][ T5607] RIP: 0033:0x7faecf034129 [ 167.176894][ T5607] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 167.196549][ T5607] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5086] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 167.205000][ T5607] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 167.213003][ T5607] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 167.221001][ T5607] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 167.229002][ T5607] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 167.237000][ T5607] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000019 [ 167.245023][ T5607] [pid 5086] unlink("./22/binderfs") = 0 [pid 5086] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./22/cgroup") = 0 [pid 5086] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./22/cgroup.net") = 0 [ 167.267977][ T5607] memory: usage 8kB, limit 0kB, failcnt 36 [ 167.275734][ T5607] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 167.283327][ T5607] Memory cgroup stats for /syz1: [ 167.283629][ T5607] anon 0 [ 167.283629][ T5607] file 0 [ 167.283629][ T5607] kernel 8192 [ 167.283629][ T5607] kernel_stack 0 [ 167.283629][ T5607] pagetables 0 [ 167.283629][ T5607] sec_pagetables 0 [ 167.283629][ T5607] percpu 0 [ 167.283629][ T5607] sock 0 [ 167.283629][ T5607] vmalloc 0 [ 167.283629][ T5607] shmem 0 [ 167.283629][ T5607] zswap 0 [ 167.283629][ T5607] zswapped 0 [ 167.283629][ T5607] file_mapped 0 [ 167.283629][ T5607] file_dirty 0 [ 167.283629][ T5607] file_writeback 0 [ 167.283629][ T5607] swapcached 0 [ 167.283629][ T5607] anon_thp 0 [ 167.283629][ T5607] file_thp 0 [ 167.283629][ T5607] shmem_thp 0 [ 167.283629][ T5607] inactive_anon 0 [ 167.283629][ T5607] active_anon 0 [ 167.283629][ T5607] inactive_file 0 [ 167.283629][ T5607] active_file 0 [ 167.283629][ T5607] unevictable 0 [ 167.283629][ T5607] slab_reclaimable 6752 [ 167.283629][ T5607] slab_unreclaimable 0 [ 167.283629][ T5607] slab 6752 [ 167.283629][ T5607] workingset_refault_anon 0 [ 167.283629][ T5607] workingset_refault_file 0 [ 167.283629][ T5607] workingset_activate_anon 0 [ 167.283629][ T5607] workingset_activate_file 0 [ 167.283629][ T5607] workingset_restore_anon 0 [ 167.283629][ T5607] workingset_restore_file 0 [ 167.283629][ T5607] workingset_nodereclaim 0 [ 167.283629][ T5607] pgscan 831 [ 167.283629][ T5607] pgsteal 2 [ 167.283629][ T5607] pgscan_kswapd 0 [ 167.283629][ T5607] pgscan_direct 831 [ 167.283629][ T5607] pgscan_khugepaged 0 [ 167.283629][ T5607] pgsteal_kswapd 0 [ 167.283629][ T5607] pgsteal_direct 2 [ 167.283629][ T5607] pgsteal_khugepaged 0 [ 167.283629][ T5607] pgfault 21 [ 167.283629][ T5607] pgmajfault 0 [ 167.283629][ T5607] pgrefill 830 [ 167.283629][ T5607] pgactivate 829 [ 167.283629][ T5607] pgdeactivate 830 [ 167.283629][ T5607] pglazyfree 0 [ 167.283629][ T5607] pglazyfreed 0 [ 167.283629][ T5607] zswpin 0 [ 167.283629][ T5607] zswpout 0 [ 167.283629][ T5607] thp_fault_alloc 0 [pid 5086] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./22/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./22/file0") = 0 [pid 5086] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./22/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./22") = 0 [pid 5086] mkdir("./23", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5612 attached [pid 5612] chdir("./23" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 25 [pid 5612] <... chdir resumed>) = 0 [pid 5612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5612] setpgid(0, 0) = 0 [ 167.283629][ T5607] thp_collapse_alloc 0 [ 167.484370][ T5607] Tasks state (memory values in pages): [ 167.491082][ T5607] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 167.510072][ T5607] Out of memory and no killable processes... [pid 5612] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5612] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5612] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5612] write(3, "1000", 4) = 4 [pid 5612] close(3) = 0 [pid 5607] <... write resumed>) = 18 [pid 5612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5612] mkdir("./file0", 000) = 0 [pid 5612] open("./file0", O_RDONLY) = 3 [pid 5612] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5612] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5612] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5612] openat(5, "memory.max", O_RDWR) = 6 [ 167.517915][ T5608] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 167.529300][ T5608] CPU: 0 PID: 5608 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 167.539275][ T5608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 167.549394][ T5608] Call Trace: [ 167.552724][ T5608] [ 167.555714][ T5608] dump_stack_lvl+0x136/0x150 [ 167.560461][ T5608] dump_header+0x10a/0xd70 [ 167.564938][ T5608] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 167.571098][ T5608] out_of_memory+0xd64/0x1660 [ 167.575855][ T5608] ? oom_killer_disable+0x2b0/0x2b0 [ 167.581137][ T5608] mem_cgroup_out_of_memory+0x206/0x270 [ 167.586759][ T5608] ? mem_cgroup_margin+0x130/0x130 [ 167.591968][ T5608] memory_max_write+0x2f9/0x3c0 [ 167.596901][ T5608] ? mem_cgroup_force_empty_write+0x160/0x160 [ 167.603056][ T5608] ? lock_sync+0x190/0x190 [ 167.607548][ T5608] cgroup_file_write+0x1e2/0x7b0 [ 167.612575][ T5608] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5612] write(6, "0x000000000000040e", 18 [pid 5607] close(3) = 0 [pid 5607] close(4) = 0 [pid 5607] close(5) = 0 [pid 5607] close(6) = 0 [pid 5607] close(7) = -1 EBADF (Bad file descriptor) [pid 5607] close(8) = -1 EBADF (Bad file descriptor) [pid 5607] close(9) = -1 EBADF (Bad file descriptor) [pid 5607] close(10) = -1 EBADF (Bad file descriptor) [pid 5607] close(11) = -1 EBADF (Bad file descriptor) [pid 5607] close(12) = -1 EBADF (Bad file descriptor) [pid 5607] close(13) = -1 EBADF (Bad file descriptor) [pid 5607] close(14) = -1 EBADF (Bad file descriptor) [pid 5607] close(15) = -1 EBADF (Bad file descriptor) [pid 5607] close(16) = -1 EBADF (Bad file descriptor) [pid 5607] close(17) = -1 EBADF (Bad file descriptor) [pid 5607] close(18) = -1 EBADF (Bad file descriptor) [pid 5607] close(19) = -1 EBADF (Bad file descriptor) [ 167.618788][ T5608] ? kill_css+0x3b0/0x3b0 [ 167.623196][ T5608] ? lock_acquire+0x32/0xc0 [ 167.627782][ T5608] ? kill_css+0x3b0/0x3b0 [ 167.632188][ T5608] kernfs_fop_write_iter+0x3f1/0x600 [ 167.637579][ T5608] vfs_write+0x9ed/0xe10 [ 167.641919][ T5608] ? kernel_write+0x670/0x670 [ 167.646690][ T5608] ? find_held_lock+0x2d/0x110 [ 167.651548][ T5608] ? __fget_light+0x20a/0x270 [ 167.656320][ T5608] ksys_write+0x12b/0x250 [ 167.660739][ T5608] ? __ia32_sys_read+0xb0/0xb0 [pid 5607] close(20) = -1 EBADF (Bad file descriptor) [pid 5607] close(21) = -1 EBADF (Bad file descriptor) [pid 5607] close(22) = -1 EBADF (Bad file descriptor) [pid 5607] close(23) = -1 EBADF (Bad file descriptor) [pid 5607] close(24) = -1 EBADF (Bad file descriptor) [pid 5607] close(25) = -1 EBADF (Bad file descriptor) [pid 5607] close(26) = -1 EBADF (Bad file descriptor) [pid 5607] close(27) = -1 EBADF (Bad file descriptor) [pid 5607] close(28) = -1 EBADF (Bad file descriptor) [pid 5607] close(29) = -1 EBADF (Bad file descriptor) [pid 5607] exit_group(0) = ? [pid 5607] +++ exited with 0 +++ [ 167.665579][ T5608] ? lockdep_hardirqs_on+0x7d/0x100 [ 167.670893][ T5608] ? _raw_spin_unlock_irq+0x2e/0x50 [ 167.676170][ T5608] ? ptrace_notify+0xfe/0x140 [ 167.680930][ T5608] do_syscall_64+0x39/0xb0 [ 167.685433][ T5608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 167.691397][ T5608] RIP: 0033:0x7faecf034129 [ 167.695866][ T5608] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./25/binderfs") = 0 [pid 5090] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./25/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./25/cgroup") = 0 [pid 5090] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./25/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./25/cgroup.net") = 0 [pid 5090] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./25/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 167.715536][ T5608] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 167.724019][ T5608] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 167.732046][ T5608] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 167.740070][ T5608] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 167.748099][ T5608] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 167.756130][ T5608] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000019 [ 167.764191][ T5608] [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./25/file0") = 0 [pid 5090] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./25/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./25") = 0 [pid 5090] mkdir("./26", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 28 ./strace-static-x86_64: Process 5613 attached [pid 5613] chdir("./26") = 0 [pid 5613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5613] setpgid(0, 0) = 0 [pid 5613] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5613] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5613] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [ 167.781839][ T5608] memory: usage 8kB, limit 0kB, failcnt 36 [ 167.788763][ T5608] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 167.805407][ T5608] Memory cgroup stats for /syz1: [ 167.805716][ T5608] anon 0 [ 167.805716][ T5608] file 0 [ 167.805716][ T5608] kernel 8192 [ 167.805716][ T5608] kernel_stack 0 [ 167.805716][ T5608] pagetables 0 [ 167.805716][ T5608] sec_pagetables 0 [pid 5613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5613] write(3, "1000", 4) = 4 [pid 5613] close(3) = 0 [pid 5613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5613] mkdir("./file0", 000) = 0 [pid 5613] open("./file0", O_RDONLY) = 3 [pid 5613] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5613] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5613] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5613] openat(5, "memory.max", O_RDWR) = 6 [ 167.805716][ T5608] percpu 0 [ 167.805716][ T5608] sock 0 [ 167.805716][ T5608] vmalloc 0 [ 167.805716][ T5608] shmem 0 [ 167.805716][ T5608] zswap 0 [ 167.805716][ T5608] zswapped 0 [ 167.805716][ T5608] file_mapped 0 [ 167.805716][ T5608] file_dirty 0 [ 167.805716][ T5608] file_writeback 0 [ 167.805716][ T5608] swapcached 0 [ 167.805716][ T5608] anon_thp 0 [ 167.805716][ T5608] file_thp 0 [ 167.805716][ T5608] shmem_thp 0 [ 167.805716][ T5608] inactive_anon 0 [ 167.805716][ T5608] active_anon 0 [ 167.805716][ T5608] inactive_file 0 [ 167.805716][ T5608] active_file 0 [ 167.805716][ T5608] unevictable 0 [ 167.805716][ T5608] slab_reclaimable 6752 [ 167.805716][ T5608] slab_unreclaimable 0 [ 167.805716][ T5608] slab 6752 [ 167.805716][ T5608] workingset_refault_anon 0 [ 167.805716][ T5608] workingset_refault_file 0 [ 167.805716][ T5608] workingset_activate_anon 0 [ 167.805716][ T5608] workingset_activate_file 0 [ 167.805716][ T5608] workingset_restore_anon 0 [ 167.805716][ T5608] workingset_restore_file 0 [ 167.805716][ T5608] workingset_nodereclaim 0 [ 167.805716][ T5608] pgscan 831 [ 167.805716][ T5608] pgsteal 2 [ 167.805716][ T5608] pgscan_kswapd 0 [ 167.805716][ T5608] pgscan_direct 831 [ 167.805716][ T5608] pgscan_khugepaged 0 [ 167.805716][ T5608] pgsteal_kswapd 0 [ 167.805716][ T5608] pgsteal_direct 2 [ 167.805716][ T5608] pgsteal_khugepaged 0 [ 167.805716][ T5608] pgfault 21 [ 167.805716][ T5608] pgmajfault 0 [ 167.805716][ T5608] pgrefill 830 [ 167.805716][ T5608] pgactivate 829 [ 167.805716][ T5608] pgdeactivate 830 [ 167.805716][ T5608] pglazyfree 0 [ 167.805716][ T5608] pglazyfreed 0 [ 167.805716][ T5608] zswpin 0 [ 167.805716][ T5608] zswpout 0 [ 167.805716][ T5608] thp_fault_alloc 0 [ 167.805716][ T5608] thp_collapse_alloc 0 [ 168.007046][ T5608] Tasks state (memory values in pages): [ 168.014545][ T5608] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 168.025566][ T5608] Out of memory and no killable processes... [pid 5613] write(6, "0x000000000000040e", 18 [pid 5608] <... write resumed>) = 18 [ 168.034958][ T5609] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 168.046076][ T5609] CPU: 0 PID: 5609 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 168.056048][ T5609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 168.066155][ T5609] Call Trace: [ 168.069475][ T5609] [ 168.072448][ T5609] dump_stack_lvl+0x136/0x150 [ 168.077200][ T5609] dump_header+0x10a/0xd70 [ 168.081682][ T5609] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 168.087839][ T5609] out_of_memory+0xd64/0x1660 [ 168.092600][ T5609] ? oom_killer_disable+0x2b0/0x2b0 [ 168.097890][ T5609] mem_cgroup_out_of_memory+0x206/0x270 [ 168.103502][ T5609] ? mem_cgroup_margin+0x130/0x130 [ 168.108682][ T5609] memory_max_write+0x2f9/0x3c0 [ 168.113592][ T5609] ? mem_cgroup_force_empty_write+0x160/0x160 [ 168.119712][ T5609] ? lock_sync+0x190/0x190 [ 168.124174][ T5609] cgroup_file_write+0x1e2/0x7b0 [ 168.129164][ T5609] ? mem_cgroup_force_empty_write+0x160/0x160 [ 168.135277][ T5609] ? kill_css+0x3b0/0x3b0 [ 168.139645][ T5609] ? lock_acquire+0x32/0xc0 [ 168.144195][ T5609] ? kill_css+0x3b0/0x3b0 [ 168.148581][ T5609] kernfs_fop_write_iter+0x3f1/0x600 [ 168.153913][ T5609] vfs_write+0x9ed/0xe10 [ 168.158216][ T5609] ? kernel_write+0x670/0x670 [ 168.162960][ T5609] ? find_held_lock+0x2d/0x110 [ 168.167771][ T5609] ? __fget_light+0x20a/0x270 [ 168.172497][ T5609] ksys_write+0x12b/0x250 [ 168.176902][ T5609] ? __ia32_sys_read+0xb0/0xb0 [ 168.181729][ T5609] ? lockdep_hardirqs_on+0x7d/0x100 [ 168.186971][ T5609] ? _raw_spin_unlock_irq+0x2e/0x50 [ 168.192242][ T5609] ? ptrace_notify+0xfe/0x140 [ 168.196961][ T5609] do_syscall_64+0x39/0xb0 [ 168.201427][ T5609] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 168.207420][ T5609] RIP: 0033:0x7faecf034129 [ 168.211866][ T5609] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5608] close(3) = 0 [pid 5608] close(4) = 0 [pid 5608] close(5) = 0 [pid 5608] close(6) = 0 [pid 5608] close(7) = -1 EBADF (Bad file descriptor) [pid 5608] close(8) = -1 EBADF (Bad file descriptor) [pid 5608] close(9) = -1 EBADF (Bad file descriptor) [pid 5608] close(10) = -1 EBADF (Bad file descriptor) [pid 5608] close(11) = -1 EBADF (Bad file descriptor) [pid 5608] close(12) = -1 EBADF (Bad file descriptor) [pid 5608] close(13) = -1 EBADF (Bad file descriptor) [pid 5608] close(14) = -1 EBADF (Bad file descriptor) [pid 5608] close(15) = -1 EBADF (Bad file descriptor) [pid 5608] close(16) = -1 EBADF (Bad file descriptor) [pid 5608] close(17) = -1 EBADF (Bad file descriptor) [pid 5608] close(18) = -1 EBADF (Bad file descriptor) [pid 5608] close(19) = -1 EBADF (Bad file descriptor) [pid 5608] close(20) = -1 EBADF (Bad file descriptor) [pid 5608] close(21) = -1 EBADF (Bad file descriptor) [pid 5608] close(22) = -1 EBADF (Bad file descriptor) [pid 5608] close(23) = -1 EBADF (Bad file descriptor) [pid 5608] close(24) = -1 EBADF (Bad file descriptor) [pid 5608] close(25) = -1 EBADF (Bad file descriptor) [pid 5608] close(26) = -1 EBADF (Bad file descriptor) [pid 5608] close(27) = -1 EBADF (Bad file descriptor) [pid 5608] close(28) = -1 EBADF (Bad file descriptor) [pid 5608] close(29) = -1 EBADF (Bad file descriptor) [pid 5608] exit_group(0) = ? [pid 5608] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 168.231509][ T5609] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 168.239978][ T5609] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 168.247973][ T5609] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 168.255972][ T5609] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 168.263966][ T5609] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 168.271964][ T5609] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000018 [ 168.279987][ T5609] [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./25/binderfs") = 0 [pid 5089] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./25/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./25/cgroup") = 0 [pid 5089] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./25/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./25/cgroup.net") = 0 [ 168.313431][ T5609] memory: usage 8kB, limit 0kB, failcnt 36 [ 168.319723][ T5609] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 168.328141][ T5609] Memory cgroup stats for /syz1: [ 168.328496][ T5609] anon 0 [ 168.328496][ T5609] file 0 [ 168.328496][ T5609] kernel 8192 [ 168.328496][ T5609] kernel_stack 0 [ 168.328496][ T5609] pagetables 0 [ 168.328496][ T5609] sec_pagetables 0 [ 168.328496][ T5609] percpu 0 [ 168.328496][ T5609] sock 0 [ 168.328496][ T5609] vmalloc 0 [ 168.328496][ T5609] shmem 0 [ 168.328496][ T5609] zswap 0 [ 168.328496][ T5609] zswapped 0 [ 168.328496][ T5609] file_mapped 0 [ 168.328496][ T5609] file_dirty 0 [ 168.328496][ T5609] file_writeback 0 [ 168.328496][ T5609] swapcached 0 [ 168.328496][ T5609] anon_thp 0 [ 168.328496][ T5609] file_thp 0 [ 168.328496][ T5609] shmem_thp 0 [ 168.328496][ T5609] inactive_anon 0 [ 168.328496][ T5609] active_anon 0 [ 168.328496][ T5609] inactive_file 0 [ 168.328496][ T5609] active_file 0 [ 168.328496][ T5609] unevictable 0 [ 168.328496][ T5609] slab_reclaimable 6752 [ 168.328496][ T5609] slab_unreclaimable 0 [ 168.328496][ T5609] slab 6752 [ 168.328496][ T5609] workingset_refault_anon 0 [ 168.328496][ T5609] workingset_refault_file 0 [ 168.328496][ T5609] workingset_activate_anon 0 [ 168.328496][ T5609] workingset_activate_file 0 [ 168.328496][ T5609] workingset_restore_anon 0 [ 168.328496][ T5609] workingset_restore_file 0 [ 168.328496][ T5609] workingset_nodereclaim 0 [ 168.328496][ T5609] pgscan 831 [ 168.328496][ T5609] pgsteal 2 [ 168.328496][ T5609] pgscan_kswapd 0 [ 168.328496][ T5609] pgscan_direct 831 [ 168.328496][ T5609] pgscan_khugepaged 0 [ 168.328496][ T5609] pgsteal_kswapd 0 [ 168.328496][ T5609] pgsteal_direct 2 [ 168.328496][ T5609] pgsteal_khugepaged 0 [ 168.328496][ T5609] pgfault 21 [ 168.328496][ T5609] pgmajfault 0 [ 168.328496][ T5609] pgrefill 830 [ 168.328496][ T5609] pgactivate 829 [ 168.328496][ T5609] pgdeactivate 830 [ 168.328496][ T5609] pglazyfree 0 [ 168.328496][ T5609] pglazyfreed 0 [ 168.328496][ T5609] zswpin 0 [ 168.328496][ T5609] zswpout 0 [ 168.328496][ T5609] thp_fault_alloc 0 [ 168.328496][ T5609] thp_collapse_alloc 0 [pid 5089] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./25/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./25/file0") = 0 [pid 5609] <... write resumed>) = 18 [pid 5609] close(3) = 0 [pid 5609] close(4) = 0 [pid 5609] close(5) = 0 [pid 5609] close(6) = 0 [pid 5609] close(7) = -1 EBADF (Bad file descriptor) [pid 5609] close(8) = -1 EBADF (Bad file descriptor) [pid 5609] close(9) = -1 EBADF (Bad file descriptor) [pid 5609] close(10) = -1 EBADF (Bad file descriptor) [pid 5609] close(11) = -1 EBADF (Bad file descriptor) [pid 5609] close(12) = -1 EBADF (Bad file descriptor) [pid 5609] close(13) = -1 EBADF (Bad file descriptor) [pid 5609] close(14) = -1 EBADF (Bad file descriptor) [pid 5609] close(15) = -1 EBADF (Bad file descriptor) [pid 5609] close(16) = -1 EBADF (Bad file descriptor) [pid 5609] close(17) = -1 EBADF (Bad file descriptor) [pid 5609] close(18) = -1 EBADF (Bad file descriptor) [pid 5609] close(19) = -1 EBADF (Bad file descriptor) [pid 5609] close(20) = -1 EBADF (Bad file descriptor) [pid 5089] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./25/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5609] close(21 [pid 5089] rmdir("./25") = 0 [ 168.522237][ T5609] Tasks state (memory values in pages): [ 168.527849][ T5609] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 168.538189][ T5609] Out of memory and no killable processes... [ 168.546222][ T5610] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5089] mkdir("./26", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5614 attached [pid 5614] chdir("./26" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 28 [pid 5614] <... chdir resumed>) = 0 [pid 5614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5614] setpgid(0, 0) = 0 [pid 5614] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5614] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5614] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5614] write(3, "1000", 4) = 4 [pid 5614] close(3) = 0 [pid 5614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5614] mkdir("./file0", 000) = 0 [pid 5614] open("./file0", O_RDONLY) = 3 [pid 5614] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5614] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5614] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5614] openat(5, "memory.max", O_RDWR) = 6 [ 168.567118][ T5610] CPU: 1 PID: 5610 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 168.577105][ T5610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 168.587219][ T5610] Call Trace: [ 168.590553][ T5610] [ 168.593545][ T5610] dump_stack_lvl+0x136/0x150 [ 168.598292][ T5610] dump_header+0x10a/0xd70 [ 168.602784][ T5610] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 168.608950][ T5610] out_of_memory+0xd64/0x1660 [ 168.613716][ T5610] ? oom_killer_disable+0x2b0/0x2b0 [pid 5614] write(6, "0x000000000000040e", 18 [pid 5609] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5609] close(22) = -1 EBADF (Bad file descriptor) [pid 5609] close(23) = -1 EBADF (Bad file descriptor) [pid 5609] close(24) = -1 EBADF (Bad file descriptor) [pid 5609] close(25) = -1 EBADF (Bad file descriptor) [pid 5609] close(26) = -1 EBADF (Bad file descriptor) [pid 5609] close(27) = -1 EBADF (Bad file descriptor) [pid 5609] close(28) = -1 EBADF (Bad file descriptor) [pid 5609] close(29) = -1 EBADF (Bad file descriptor) [pid 5609] exit_group(0) = ? [ 168.619037][ T5610] mem_cgroup_out_of_memory+0x206/0x270 [ 168.624661][ T5610] ? mem_cgroup_margin+0x130/0x130 [ 168.629890][ T5610] memory_max_write+0x2f9/0x3c0 [ 168.634840][ T5610] ? mem_cgroup_force_empty_write+0x160/0x160 [ 168.640997][ T5610] ? lock_sync+0x190/0x190 [ 168.645491][ T5610] cgroup_file_write+0x1e2/0x7b0 [ 168.650531][ T5610] ? mem_cgroup_force_empty_write+0x160/0x160 [ 168.656684][ T5610] ? kill_css+0x3b0/0x3b0 [ 168.661093][ T5610] ? lock_acquire+0x32/0xc0 [ 168.665676][ T5610] ? kill_css+0x3b0/0x3b0 [pid 5609] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5087] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./24/binderfs") = 0 [pid 5087] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./24/cgroup") = 0 [pid 5087] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./24/cgroup.net") = 0 [ 168.670087][ T5610] kernfs_fop_write_iter+0x3f1/0x600 [ 168.675455][ T5610] vfs_write+0x9ed/0xe10 [ 168.679789][ T5610] ? kernel_write+0x670/0x670 [ 168.684575][ T5610] ? find_held_lock+0x2d/0x110 [ 168.689434][ T5610] ? __fget_light+0x20a/0x270 [ 168.694204][ T5610] ksys_write+0x12b/0x250 [ 168.698619][ T5610] ? __ia32_sys_read+0xb0/0xb0 [ 168.703461][ T5610] ? lockdep_hardirqs_on+0x7d/0x100 [ 168.708734][ T5610] ? _raw_spin_unlock_irq+0x2e/0x50 [ 168.714011][ T5610] ? ptrace_notify+0xfe/0x140 [ 168.718762][ T5610] do_syscall_64+0x39/0xb0 [ 168.723262][ T5610] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 168.729227][ T5610] RIP: 0033:0x7faecf034129 [ 168.733691][ T5610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 168.753367][ T5610] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 168.761861][ T5610] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5087] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./24/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 168.769890][ T5610] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 168.777919][ T5610] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 168.785974][ T5610] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 168.793996][ T5610] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000016 [ 168.802052][ T5610] [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./24/file0") = 0 [pid 5087] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./24/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./24") = 0 [pid 5087] mkdir("./25", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 27 ./strace-static-x86_64: Process 5615 attached [pid 5615] chdir("./25") = 0 [pid 5615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5615] setpgid(0, 0) = 0 [pid 5615] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5615] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5615] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [ 168.824374][ T5610] memory: usage 8kB, limit 0kB, failcnt 36 [ 168.830273][ T5610] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 168.846058][ T5610] Memory cgroup stats for /syz1: [ 168.846347][ T5610] anon 0 [ 168.846347][ T5610] file 0 [ 168.846347][ T5610] kernel 8192 [ 168.846347][ T5610] kernel_stack 0 [ 168.846347][ T5610] pagetables 0 [ 168.846347][ T5610] sec_pagetables 0 [ 168.846347][ T5610] percpu 0 [pid 5615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5615] write(3, "1000", 4) = 4 [pid 5615] close(3) = 0 [pid 5615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5615] mkdir("./file0", 000) = 0 [pid 5615] open("./file0", O_RDONLY) = 3 [pid 5615] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5615] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5615] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5615] openat(5, "memory.max", O_RDWR) = 6 [ 168.846347][ T5610] sock 0 [ 168.846347][ T5610] vmalloc 0 [ 168.846347][ T5610] shmem 0 [ 168.846347][ T5610] zswap 0 [ 168.846347][ T5610] zswapped 0 [ 168.846347][ T5610] file_mapped 0 [ 168.846347][ T5610] file_dirty 0 [ 168.846347][ T5610] file_writeback 0 [ 168.846347][ T5610] swapcached 0 [ 168.846347][ T5610] anon_thp 0 [ 168.846347][ T5610] file_thp 0 [ 168.846347][ T5610] shmem_thp 0 [ 168.846347][ T5610] inactive_anon 0 [ 168.846347][ T5610] active_anon 0 [ 168.846347][ T5610] inactive_file 0 [ 168.846347][ T5610] active_file 0 [ 168.846347][ T5610] unevictable 0 [ 168.846347][ T5610] slab_reclaimable 6752 [ 168.846347][ T5610] slab_unreclaimable 0 [ 168.846347][ T5610] slab 6752 [ 168.846347][ T5610] workingset_refault_anon 0 [ 168.846347][ T5610] workingset_refault_file 0 [ 168.846347][ T5610] workingset_activate_anon 0 [ 168.846347][ T5610] workingset_activate_file 0 [ 168.846347][ T5610] workingset_restore_anon 0 [ 168.846347][ T5610] workingset_restore_file 0 [ 168.846347][ T5610] workingset_nodereclaim 0 [ 168.846347][ T5610] pgscan 831 [ 168.846347][ T5610] pgsteal 2 [ 168.846347][ T5610] pgscan_kswapd 0 [ 168.846347][ T5610] pgscan_direct 831 [ 168.846347][ T5610] pgscan_khugepaged 0 [ 168.846347][ T5610] pgsteal_kswapd 0 [ 168.846347][ T5610] pgsteal_direct 2 [ 168.846347][ T5610] pgsteal_khugepaged 0 [ 168.846347][ T5610] pgfault 21 [ 168.846347][ T5610] pgmajfault 0 [ 168.846347][ T5610] pgrefill 830 [ 168.846347][ T5610] pgactivate 829 [ 168.846347][ T5610] pgdeactivate 830 [ 168.846347][ T5610] pglazyfree 0 [ 168.846347][ T5610] pglazyfreed 0 [ 168.846347][ T5610] zswpin 0 [ 168.846347][ T5610] zswpout 0 [pid 5615] write(6, "0x000000000000040e", 18 [pid 5610] <... write resumed>) = 18 [pid 5610] close(3) = 0 [pid 5610] close(4) = 0 [pid 5610] close(5) = 0 [ 168.846347][ T5610] thp_fault_alloc 0 [ 168.846347][ T5610] thp_collapse_alloc 0 [ 169.033764][ T5610] Tasks state (memory values in pages): [ 169.040412][ T5610] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 169.059381][ T5610] Out of memory and no killable processes... [pid 5610] close(6) = 0 [pid 5610] close(7) = -1 EBADF (Bad file descriptor) [pid 5610] close(8) = -1 EBADF (Bad file descriptor) [pid 5610] close(9) = -1 EBADF (Bad file descriptor) [pid 5610] close(10) = -1 EBADF (Bad file descriptor) [pid 5610] close(11) = -1 EBADF (Bad file descriptor) [pid 5610] close(12) = -1 EBADF (Bad file descriptor) [pid 5610] close(13) = -1 EBADF (Bad file descriptor) [pid 5610] close(14) = -1 EBADF (Bad file descriptor) [pid 5610] close(15) = -1 EBADF (Bad file descriptor) [pid 5610] close(16) = -1 EBADF (Bad file descriptor) [pid 5610] close(17) = -1 EBADF (Bad file descriptor) [pid 5610] close(18) = -1 EBADF (Bad file descriptor) [pid 5610] close(19) = -1 EBADF (Bad file descriptor) [pid 5610] close(20) = -1 EBADF (Bad file descriptor) [pid 5610] close(21) = -1 EBADF (Bad file descriptor) [pid 5610] close(22) = -1 EBADF (Bad file descriptor) [pid 5610] close(23) = -1 EBADF (Bad file descriptor) [pid 5610] close(24) = -1 EBADF (Bad file descriptor) [pid 5610] close(25) = -1 EBADF (Bad file descriptor) [pid 5610] close(26) = -1 EBADF (Bad file descriptor) [pid 5610] close(27) = -1 EBADF (Bad file descriptor) [ 169.068986][ T5612] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 169.089629][ T5612] CPU: 1 PID: 5612 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 169.099615][ T5612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 169.109728][ T5612] Call Trace: [ 169.113057][ T5612] [ 169.116043][ T5612] dump_stack_lvl+0x136/0x150 [ 169.120794][ T5612] dump_header+0x10a/0xd70 [pid 5610] close(28) = -1 EBADF (Bad file descriptor) [pid 5610] close(29) = -1 EBADF (Bad file descriptor) [pid 5610] exit_group(0) = ? [pid 5610] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./22/binderfs") = 0 [pid 5085] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./22/cgroup") = 0 [pid 5085] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./22/cgroup.net") = 0 [ 169.125282][ T5612] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 169.131447][ T5612] out_of_memory+0xd64/0x1660 [ 169.136235][ T5612] ? oom_killer_disable+0x2b0/0x2b0 [ 169.141533][ T5612] mem_cgroup_out_of_memory+0x206/0x270 [ 169.147170][ T5612] ? mem_cgroup_margin+0x130/0x130 [ 169.152494][ T5612] memory_max_write+0x2f9/0x3c0 [ 169.157449][ T5612] ? mem_cgroup_force_empty_write+0x160/0x160 [ 169.163617][ T5612] ? lock_sync+0x190/0x190 [ 169.168124][ T5612] cgroup_file_write+0x1e2/0x7b0 [ 169.173154][ T5612] ? mem_cgroup_force_empty_write+0x160/0x160 [ 169.179321][ T5612] ? kill_css+0x3b0/0x3b0 [ 169.183727][ T5612] ? lock_acquire+0x32/0xc0 [ 169.188289][ T5612] ? kill_css+0x3b0/0x3b0 [ 169.192704][ T5612] kernfs_fop_write_iter+0x3f1/0x600 [ 169.198081][ T5612] vfs_write+0x9ed/0xe10 [ 169.202387][ T5612] ? kernel_write+0x670/0x670 [ 169.207170][ T5612] ? find_held_lock+0x2d/0x110 [ 169.211994][ T5612] ? __fget_light+0x20a/0x270 [ 169.216725][ T5612] ksys_write+0x12b/0x250 [ 169.221173][ T5612] ? __ia32_sys_read+0xb0/0xb0 [ 169.226007][ T5612] ? lockdep_hardirqs_on+0x7d/0x100 [ 169.231233][ T5612] ? _raw_spin_unlock_irq+0x2e/0x50 [ 169.236476][ T5612] ? ptrace_notify+0xfe/0x140 [ 169.241225][ T5612] do_syscall_64+0x39/0xb0 [ 169.245714][ T5612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 169.251658][ T5612] RIP: 0033:0x7faecf034129 [ 169.256130][ T5612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 169.275802][ T5612] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 169.284281][ T5612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 169.292309][ T5612] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 169.300365][ T5612] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 169.308394][ T5612] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 169.316421][ T5612] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000017 [ 169.324483][ T5612] [ 169.333944][ T5612] memory: usage 8kB, limit 0kB, failcnt 36 [ 169.342009][ T5612] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 169.348923][ T5612] Memory cgroup stats for /syz1: [ 169.349210][ T5612] anon 0 [ 169.349210][ T5612] file 0 [ 169.349210][ T5612] kernel 8192 [ 169.349210][ T5612] kernel_stack 0 [ 169.349210][ T5612] pagetables 0 [ 169.349210][ T5612] sec_pagetables 0 [ 169.349210][ T5612] percpu 0 [ 169.349210][ T5612] sock 0 [ 169.349210][ T5612] vmalloc 0 [ 169.349210][ T5612] shmem 0 [ 169.349210][ T5612] zswap 0 [ 169.349210][ T5612] zswapped 0 [ 169.349210][ T5612] file_mapped 0 [ 169.349210][ T5612] file_dirty 0 [ 169.349210][ T5612] file_writeback 0 [ 169.349210][ T5612] swapcached 0 [ 169.349210][ T5612] anon_thp 0 [ 169.349210][ T5612] file_thp 0 [ 169.349210][ T5612] shmem_thp 0 [ 169.349210][ T5612] inactive_anon 0 [ 169.349210][ T5612] active_anon 0 [ 169.349210][ T5612] inactive_file 0 [ 169.349210][ T5612] active_file 0 [ 169.349210][ T5612] unevictable 0 [ 169.349210][ T5612] slab_reclaimable 6752 [ 169.349210][ T5612] slab_unreclaimable 0 [ 169.349210][ T5612] slab 6752 [ 169.349210][ T5612] workingset_refault_anon 0 [ 169.349210][ T5612] workingset_refault_file 0 [ 169.349210][ T5612] workingset_activate_anon 0 [ 169.349210][ T5612] workingset_activate_file 0 [ 169.349210][ T5612] workingset_restore_anon 0 [ 169.349210][ T5612] workingset_restore_file 0 [ 169.349210][ T5612] workingset_nodereclaim 0 [ 169.349210][ T5612] pgscan 831 [ 169.349210][ T5612] pgsteal 2 [ 169.349210][ T5612] pgscan_kswapd 0 [ 169.349210][ T5612] pgscan_direct 831 [ 169.349210][ T5612] pgscan_khugepaged 0 [ 169.349210][ T5612] pgsteal_kswapd 0 [ 169.349210][ T5612] pgsteal_direct 2 [ 169.349210][ T5612] pgsteal_khugepaged 0 [ 169.349210][ T5612] pgfault 21 [ 169.349210][ T5612] pgmajfault 0 [ 169.349210][ T5612] pgrefill 830 [ 169.349210][ T5612] pgactivate 829 [ 169.349210][ T5612] pgdeactivate 830 [ 169.349210][ T5612] pglazyfree 0 [ 169.349210][ T5612] pglazyfreed 0 [ 169.349210][ T5612] zswpin 0 [ 169.349210][ T5612] zswpout 0 [pid 5085] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./22/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./22/file0") = 0 [pid 5085] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./22/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./22") = 0 [pid 5085] mkdir("./23", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5616 attached [pid 5616] chdir("./23" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 25 [pid 5616] <... chdir resumed>) = 0 [pid 5616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5616] setpgid(0, 0) = 0 [pid 5616] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5616] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5616] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5616] write(3, "1000", 4) = 4 [pid 5616] close(3) = 0 [pid 5616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5616] mkdir("./file0", 000) = 0 [pid 5616] open("./file0", O_RDONLY) = 3 [pid 5616] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5616] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5616] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5616] openat(5, "memory.max", O_RDWR) = 6 [ 169.349210][ T5612] thp_fault_alloc 0 [ 169.349210][ T5612] thp_collapse_alloc 0 [ 169.579928][ T5612] Tasks state (memory values in pages): [ 169.610107][ T5612] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5616] write(6, "0x000000000000040e", 18 [pid 5612] <... write resumed>) = 18 [pid 5612] close(3) = 0 [pid 5612] close(4) = 0 [pid 5612] close(5) = 0 [ 169.652982][ T5612] Out of memory and no killable processes... [ 169.659112][ T5613] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 169.677434][ T5613] CPU: 1 PID: 5613 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 169.687431][ T5613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 169.697544][ T5613] Call Trace: [ 169.700867][ T5613] [ 169.703839][ T5613] dump_stack_lvl+0x136/0x150 [ 169.708586][ T5613] dump_header+0x10a/0xd70 [ 169.713068][ T5613] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 169.719255][ T5613] out_of_memory+0xd64/0x1660 [ 169.724009][ T5613] ? oom_killer_disable+0x2b0/0x2b0 [ 169.729295][ T5613] mem_cgroup_out_of_memory+0x206/0x270 [ 169.734916][ T5613] ? mem_cgroup_margin+0x130/0x130 [ 169.740134][ T5613] memory_max_write+0x2f9/0x3c0 [ 169.745062][ T5613] ? mem_cgroup_force_empty_write+0x160/0x160 [ 169.751209][ T5613] ? lock_sync+0x190/0x190 [ 169.755741][ T5613] cgroup_file_write+0x1e2/0x7b0 [ 169.760845][ T5613] ? mem_cgroup_force_empty_write+0x160/0x160 [ 169.766988][ T5613] ? kill_css+0x3b0/0x3b0 [ 169.771401][ T5613] ? lock_acquire+0x32/0xc0 [ 169.775982][ T5613] ? kill_css+0x3b0/0x3b0 [ 169.780392][ T5613] kernfs_fop_write_iter+0x3f1/0x600 [ 169.785753][ T5613] vfs_write+0x9ed/0xe10 [ 169.790075][ T5613] ? kernel_write+0x670/0x670 [ 169.794836][ T5613] ? find_held_lock+0x2d/0x110 [ 169.799675][ T5613] ? __fget_light+0x20a/0x270 [ 169.804434][ T5613] ksys_write+0x12b/0x250 [ 169.808872][ T5613] ? __ia32_sys_read+0xb0/0xb0 [ 169.813710][ T5613] ? lockdep_hardirqs_on+0x7d/0x100 [ 169.818973][ T5613] ? _raw_spin_unlock_irq+0x2e/0x50 [ 169.824245][ T5613] ? ptrace_notify+0xfe/0x140 [ 169.829001][ T5613] do_syscall_64+0x39/0xb0 [ 169.833502][ T5613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 169.839462][ T5613] RIP: 0033:0x7faecf034129 [ 169.843922][ T5613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 169.863607][ T5613] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 169.872089][ T5613] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 169.880120][ T5613] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 169.888138][ T5613] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 169.896164][ T5613] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5612] close(6) = 0 [pid 5612] close(7) = -1 EBADF (Bad file descriptor) [pid 5612] close(8) = -1 EBADF (Bad file descriptor) [pid 5612] close(9) = -1 EBADF (Bad file descriptor) [pid 5612] close(10) = -1 EBADF (Bad file descriptor) [pid 5612] close(11) = -1 EBADF (Bad file descriptor) [pid 5612] close(12) = -1 EBADF (Bad file descriptor) [pid 5612] close(13) = -1 EBADF (Bad file descriptor) [pid 5612] close(14) = -1 EBADF (Bad file descriptor) [pid 5612] close(15) = -1 EBADF (Bad file descriptor) [pid 5612] close(16) = -1 EBADF (Bad file descriptor) [pid 5612] close(17) = -1 EBADF (Bad file descriptor) [pid 5612] close(18) = -1 EBADF (Bad file descriptor) [ 169.904199][ T5613] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001a [ 169.912251][ T5613] [pid 5612] close(19) = -1 EBADF (Bad file descriptor) [pid 5612] close(20) = -1 EBADF (Bad file descriptor) [pid 5612] close(21) = -1 EBADF (Bad file descriptor) [pid 5612] close(22) = -1 EBADF (Bad file descriptor) [pid 5612] close(23) = -1 EBADF (Bad file descriptor) [pid 5612] close(24) = -1 EBADF (Bad file descriptor) [pid 5612] close(25) = -1 EBADF (Bad file descriptor) [pid 5612] close(26) = -1 EBADF (Bad file descriptor) [pid 5612] close(27) = -1 EBADF (Bad file descriptor) [pid 5612] close(28) = -1 EBADF (Bad file descriptor) [pid 5612] close(29) = -1 EBADF (Bad file descriptor) [pid 5612] exit_group(0) = ? [pid 5612] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./23/binderfs") = 0 [pid 5086] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./23/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./23/cgroup") = 0 [pid 5086] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./23/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./23/cgroup.net") = 0 [pid 5086] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./23/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 169.950446][ T5613] memory: usage 8kB, limit 0kB, failcnt 36 [ 169.977294][ T5613] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 170.006485][ T5613] Memory cgroup stats for /syz1: [ 170.006774][ T5613] anon 0 [ 170.006774][ T5613] file 0 [ 170.006774][ T5613] kernel 8192 [ 170.006774][ T5613] kernel_stack 0 [ 170.006774][ T5613] pagetables 0 [ 170.006774][ T5613] sec_pagetables 0 [ 170.006774][ T5613] percpu 0 [ 170.006774][ T5613] sock 0 [ 170.006774][ T5613] vmalloc 0 [ 170.006774][ T5613] shmem 0 [ 170.006774][ T5613] zswap 0 [ 170.006774][ T5613] zswapped 0 [ 170.006774][ T5613] file_mapped 0 [ 170.006774][ T5613] file_dirty 0 [pid 5086] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 170.006774][ T5613] file_writeback 0 [ 170.006774][ T5613] swapcached 0 [ 170.006774][ T5613] anon_thp 0 [ 170.006774][ T5613] file_thp 0 [ 170.006774][ T5613] shmem_thp 0 [ 170.006774][ T5613] inactive_anon 0 [ 170.006774][ T5613] active_anon 0 [ 170.006774][ T5613] inactive_file 0 [ 170.006774][ T5613] active_file 0 [ 170.006774][ T5613] unevictable 0 [ 170.006774][ T5613] slab_reclaimable 6752 [ 170.006774][ T5613] slab_unreclaimable 0 [ 170.006774][ T5613] slab 6752 [ 170.006774][ T5613] workingset_refault_anon 0 [ 170.006774][ T5613] workingset_refault_file 0 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./23/file0") = 0 [pid 5086] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./23/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./23/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./23") = 0 [ 170.006774][ T5613] workingset_activate_anon 0 [ 170.006774][ T5613] workingset_activate_file 0 [ 170.006774][ T5613] workingset_restore_anon 0 [ 170.006774][ T5613] workingset_restore_file 0 [ 170.006774][ T5613] workingset_nodereclaim 0 [ 170.006774][ T5613] pgscan 831 [ 170.006774][ T5613] pgsteal 2 [ 170.006774][ T5613] pgscan_kswapd 0 [ 170.006774][ T5613] pgscan_direct 831 [ 170.006774][ T5613] pgscan_khugepaged 0 [ 170.006774][ T5613] pgsteal_kswapd 0 [ 170.006774][ T5613] pgsteal_direct 2 [ 170.006774][ T5613] pgsteal_khugepaged 0 [pid 5086] mkdir("./24", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 26 ./strace-static-x86_64: Process 5629 attached [pid 5629] chdir("./24") = 0 [pid 5629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5629] setpgid(0, 0) = 0 [ 170.006774][ T5613] pgfault 21 [ 170.006774][ T5613] pgmajfault 0 [ 170.006774][ T5613] pgrefill 830 [ 170.006774][ T5613] pgactivate 829 [ 170.006774][ T5613] pgdeactivate 830 [ 170.006774][ T5613] pglazyfree 0 [ 170.006774][ T5613] pglazyfreed 0 [ 170.006774][ T5613] zswpin 0 [ 170.006774][ T5613] zswpout 0 [ 170.006774][ T5613] thp_fault_alloc 0 [ 170.006774][ T5613] thp_collapse_alloc 0 [pid 5629] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5629] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5629] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5613] <... write resumed>) = 18 [pid 5629] <... symlink resumed>) = 0 [pid 5613] close(3 [pid 5629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5613] <... close resumed>) = 0 [pid 5629] <... openat resumed>) = 3 [pid 5613] close(4 [pid 5629] write(3, "1000", 4 [pid 5613] <... close resumed>) = 0 [pid 5629] <... write resumed>) = 4 [pid 5613] close(5 [pid 5629] close(3 [pid 5613] <... close resumed>) = 0 [pid 5629] <... close resumed>) = 0 [ 170.215397][ T5613] Tasks state (memory values in pages): [ 170.221022][ T5613] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 170.240394][ T5613] Out of memory and no killable processes... [ 170.248198][ T5614] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 170.273913][ T5614] CPU: 0 PID: 5614 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 170.283899][ T5614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 170.294008][ T5614] Call Trace: [ 170.297325][ T5614] [ 170.300301][ T5614] dump_stack_lvl+0x136/0x150 [ 170.305067][ T5614] dump_header+0x10a/0xd70 [ 170.309557][ T5614] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 170.315716][ T5614] out_of_memory+0xd64/0x1660 [ 170.320455][ T5614] ? oom_killer_disable+0x2b0/0x2b0 [ 170.325710][ T5614] mem_cgroup_out_of_memory+0x206/0x270 [ 170.331306][ T5614] ? mem_cgroup_margin+0x130/0x130 [ 170.336512][ T5614] memory_max_write+0x2f9/0x3c0 [ 170.341523][ T5614] ? mem_cgroup_force_empty_write+0x160/0x160 [ 170.347654][ T5614] ? lock_sync+0x190/0x190 [ 170.352116][ T5614] cgroup_file_write+0x1e2/0x7b0 [ 170.357105][ T5614] ? mem_cgroup_force_empty_write+0x160/0x160 [ 170.363256][ T5614] ? kill_css+0x3b0/0x3b0 [ 170.367646][ T5614] ? lock_acquire+0x32/0xc0 [ 170.372205][ T5614] ? kill_css+0x3b0/0x3b0 [ 170.376582][ T5614] kernfs_fop_write_iter+0x3f1/0x600 [ 170.381929][ T5614] vfs_write+0x9ed/0xe10 [ 170.386243][ T5614] ? kernel_write+0x670/0x670 [ 170.390986][ T5614] ? find_held_lock+0x2d/0x110 [ 170.395800][ T5614] ? __fget_light+0x20a/0x270 [ 170.400530][ T5614] ksys_write+0x12b/0x250 [ 170.404930][ T5614] ? __ia32_sys_read+0xb0/0xb0 [ 170.409757][ T5614] ? lockdep_hardirqs_on+0x7d/0x100 [ 170.415009][ T5614] ? _raw_spin_unlock_irq+0x2e/0x50 [ 170.420261][ T5614] ? ptrace_notify+0xfe/0x140 [ 170.424993][ T5614] do_syscall_64+0x39/0xb0 [ 170.429466][ T5614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 170.435399][ T5614] RIP: 0033:0x7faecf034129 [ 170.439849][ T5614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 170.459510][ T5614] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5613] close(6 [pid 5629] symlink("/dev/binderfs", "./binderfs" [pid 5613] <... close resumed>) = 0 [pid 5629] <... symlink resumed>) = 0 [pid 5613] close(7 [pid 5629] mkdir("./file0", 000 [pid 5613] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5629] <... mkdir resumed>) = 0 [pid 5613] close(8 [pid 5629] open("./file0", O_RDONLY [pid 5613] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5629] <... open resumed>) = 3 [pid 5613] close(9 [pid 5629] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5613] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5629] <... mount resumed>) = 0 [pid 5613] close(10 [pid 5629] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5613] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5629] <... openat resumed>) = 4 [pid 5613] close(11 [pid 5629] openat(4, "syz1", O_RDWR|O_PATH [pid 5613] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5629] <... openat resumed>) = 5 [pid 5613] close(12 [pid 5629] openat(5, "memory.max", O_RDWR [pid 5613] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5629] <... openat resumed>) = 6 [pid 5613] close(13 [pid 5629] write(6, "0x000000000000040e", 18 [pid 5613] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5613] close(14) = -1 EBADF (Bad file descriptor) [pid 5613] close(15) = -1 EBADF (Bad file descriptor) [pid 5613] close(16) = -1 EBADF (Bad file descriptor) [pid 5613] close(17) = -1 EBADF (Bad file descriptor) [pid 5613] close(18) = -1 EBADF (Bad file descriptor) [pid 5613] close(19) = -1 EBADF (Bad file descriptor) [pid 5613] close(20) = -1 EBADF (Bad file descriptor) [pid 5613] close(21) = -1 EBADF (Bad file descriptor) [ 170.467953][ T5614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 170.475948][ T5614] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 170.483956][ T5614] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 170.491955][ T5614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 170.499957][ T5614] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001a [ 170.507980][ T5614] [pid 5613] close(22) = -1 EBADF (Bad file descriptor) [pid 5613] close(23) = -1 EBADF (Bad file descriptor) [pid 5613] close(24) = -1 EBADF (Bad file descriptor) [pid 5613] close(25) = -1 EBADF (Bad file descriptor) [pid 5613] close(26) = -1 EBADF (Bad file descriptor) [pid 5613] close(27) = -1 EBADF (Bad file descriptor) [pid 5613] close(28) = -1 EBADF (Bad file descriptor) [pid 5613] close(29) = -1 EBADF (Bad file descriptor) [pid 5613] exit_group(0) = ? [pid 5613] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./26/binderfs") = 0 [pid 5090] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./26/cgroup") = 0 [pid 5090] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./26/cgroup.net") = 0 [ 170.587054][ T5614] memory: usage 8kB, limit 0kB, failcnt 36 [ 170.599522][ T5614] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 170.616632][ T5614] Memory cgroup stats for /syz1: [ 170.616991][ T5614] anon 0 [ 170.616991][ T5614] file 0 [ 170.616991][ T5614] kernel 8192 [ 170.616991][ T5614] kernel_stack 0 [ 170.616991][ T5614] pagetables 0 [ 170.616991][ T5614] sec_pagetables 0 [ 170.616991][ T5614] percpu 0 [ 170.616991][ T5614] sock 0 [ 170.616991][ T5614] vmalloc 0 [ 170.616991][ T5614] shmem 0 [ 170.616991][ T5614] zswap 0 [ 170.616991][ T5614] zswapped 0 [ 170.616991][ T5614] file_mapped 0 [ 170.616991][ T5614] file_dirty 0 [ 170.616991][ T5614] file_writeback 0 [ 170.616991][ T5614] swapcached 0 [ 170.616991][ T5614] anon_thp 0 [ 170.616991][ T5614] file_thp 0 [ 170.616991][ T5614] shmem_thp 0 [ 170.616991][ T5614] inactive_anon 0 [ 170.616991][ T5614] active_anon 0 [ 170.616991][ T5614] inactive_file 0 [ 170.616991][ T5614] active_file 0 [ 170.616991][ T5614] unevictable 0 [ 170.616991][ T5614] slab_reclaimable 6752 [ 170.616991][ T5614] slab_unreclaimable 0 [ 170.616991][ T5614] slab 6752 [ 170.616991][ T5614] workingset_refault_anon 0 [ 170.616991][ T5614] workingset_refault_file 0 [ 170.616991][ T5614] workingset_activate_anon 0 [ 170.616991][ T5614] workingset_activate_file 0 [ 170.616991][ T5614] workingset_restore_anon 0 [ 170.616991][ T5614] workingset_restore_file 0 [ 170.616991][ T5614] workingset_nodereclaim 0 [ 170.616991][ T5614] pgscan 831 [ 170.616991][ T5614] pgsteal 2 [ 170.616991][ T5614] pgscan_kswapd 0 [ 170.616991][ T5614] pgscan_direct 831 [ 170.616991][ T5614] pgscan_khugepaged 0 [ 170.616991][ T5614] pgsteal_kswapd 0 [ 170.616991][ T5614] pgsteal_direct 2 [ 170.616991][ T5614] pgsteal_khugepaged 0 [ 170.616991][ T5614] pgfault 21 [ 170.616991][ T5614] pgmajfault 0 [ 170.616991][ T5614] pgrefill 830 [ 170.616991][ T5614] pgactivate 829 [ 170.616991][ T5614] pgdeactivate 830 [ 170.616991][ T5614] pglazyfree 0 [pid 5090] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./26/file0") = 0 [pid 5090] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 170.616991][ T5614] pglazyfreed 0 [ 170.616991][ T5614] zswpin 0 [ 170.616991][ T5614] zswpout 0 [ 170.616991][ T5614] thp_fault_alloc 0 [ 170.616991][ T5614] thp_collapse_alloc 0 [ 170.818753][ T5614] Tasks state (memory values in pages): [ 170.826330][ T5614] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5090] unlink("./26/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3 [pid 5614] <... write resumed>) = 18 [pid 5090] <... close resumed>) = 0 [pid 5090] rmdir("./26" [pid 5614] close(3 [pid 5090] <... rmdir resumed>) = 0 [pid 5614] <... close resumed>) = 0 [pid 5090] mkdir("./27", 0777 [pid 5614] close(4 [pid 5090] <... mkdir resumed>) = 0 [pid 5614] <... close resumed>) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5635 attached [pid 5614] close(5 [pid 5635] chdir("./27" [pid 5614] <... close resumed>) = 0 [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 29 [pid 5635] <... chdir resumed>) = 0 [pid 5614] close(6 [pid 5635] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5614] <... close resumed>) = 0 [ 170.844895][ T5614] Out of memory and no killable processes... [ 170.851004][ T5615] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 170.880224][ T5615] CPU: 0 PID: 5615 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 170.890207][ T5615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 170.900335][ T5615] Call Trace: [ 170.903657][ T5615] [ 170.906631][ T5615] dump_stack_lvl+0x136/0x150 [ 170.911378][ T5615] dump_header+0x10a/0xd70 [ 170.915848][ T5615] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 170.921976][ T5615] out_of_memory+0xd64/0x1660 [ 170.926704][ T5615] ? oom_killer_disable+0x2b0/0x2b0 [ 170.931946][ T5615] ? find_held_lock+0x2d/0x110 [ 170.936749][ T5615] mem_cgroup_out_of_memory+0x206/0x270 [ 170.942351][ T5615] ? mem_cgroup_margin+0x130/0x130 [ 170.947517][ T5615] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 170.953469][ T5615] memory_max_write+0x2f9/0x3c0 [ 170.958373][ T5615] ? mem_cgroup_force_empty_write+0x160/0x160 [ 170.964492][ T5615] ? lock_sync+0x190/0x190 [ 170.968956][ T5615] cgroup_file_write+0x1e2/0x7b0 [ 170.973953][ T5615] ? mem_cgroup_force_empty_write+0x160/0x160 [ 170.980068][ T5615] ? kill_css+0x3b0/0x3b0 [ 170.984448][ T5615] ? lock_acquire+0x32/0xc0 [ 170.989002][ T5615] ? kill_css+0x3b0/0x3b0 [ 170.993380][ T5615] kernfs_fop_write_iter+0x3f1/0x600 [ 170.998719][ T5615] vfs_write+0x9ed/0xe10 [ 171.003020][ T5615] ? kernel_write+0x670/0x670 [ 171.007752][ T5615] ? find_held_lock+0x2d/0x110 [ 171.012561][ T5615] ? __fget_light+0x20a/0x270 [ 171.017293][ T5615] ksys_write+0x12b/0x250 [ 171.021679][ T5615] ? __ia32_sys_read+0xb0/0xb0 [ 171.026490][ T5615] ? lockdep_hardirqs_on+0x7d/0x100 [ 171.031745][ T5615] ? _raw_spin_unlock_irq+0x2e/0x50 [ 171.036985][ T5615] ? ptrace_notify+0xfe/0x140 [ 171.041704][ T5615] do_syscall_64+0x39/0xb0 [ 171.046171][ T5615] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 171.052107][ T5615] RIP: 0033:0x7faecf034129 [ 171.056548][ T5615] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 171.076188][ T5615] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 171.084661][ T5615] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5635] <... prctl resumed>) = 0 [pid 5614] close(7 [pid 5635] setpgid(0, 0 [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... setpgid resumed>) = 0 [pid 5614] close(8 [pid 5635] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... symlink resumed>) = 0 [pid 5614] close(9 [pid 5635] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... symlink resumed>) = 0 [pid 5614] close(10 [pid 5635] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... symlink resumed>) = 0 [pid 5614] close(11 [pid 5635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... openat resumed>) = 3 [pid 5614] close(12 [pid 5635] write(3, "1000", 4 [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... write resumed>) = 4 [pid 5614] close(13 [pid 5635] close(3 [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... close resumed>) = 0 [pid 5614] close(14 [pid 5635] symlink("/dev/binderfs", "./binderfs" [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... symlink resumed>) = 0 [pid 5614] close(15 [pid 5635] mkdir("./file0", 000 [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... mkdir resumed>) = 0 [pid 5614] close(16 [pid 5635] open("./file0", O_RDONLY [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... open resumed>) = 3 [ 171.092671][ T5615] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 171.100675][ T5615] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 171.108680][ T5615] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 171.116679][ T5615] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000019 [ 171.124701][ T5615] [pid 5614] close(17 [pid 5635] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... mount resumed>) = 0 [pid 5614] close(18 [pid 5635] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... openat resumed>) = 4 [pid 5614] close(19 [pid 5635] openat(4, "syz1", O_RDWR|O_PATH [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... openat resumed>) = 5 [pid 5614] close(20 [pid 5635] openat(5, "memory.max", O_RDWR [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5635] <... openat resumed>) = 6 [pid 5614] close(21 [pid 5635] write(6, "0x000000000000040e", 18 [pid 5614] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5614] close(22) = -1 EBADF (Bad file descriptor) [pid 5614] close(23) = -1 EBADF (Bad file descriptor) [pid 5614] close(24) = -1 EBADF (Bad file descriptor) [pid 5614] close(25) = -1 EBADF (Bad file descriptor) [pid 5614] close(26) = -1 EBADF (Bad file descriptor) [pid 5614] close(27) = -1 EBADF (Bad file descriptor) [pid 5614] close(28) = -1 EBADF (Bad file descriptor) [pid 5614] close(29) = -1 EBADF (Bad file descriptor) [pid 5614] exit_group(0) = ? [pid 5614] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./26/binderfs") = 0 [pid 5089] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 171.191978][ T5615] memory: usage 8kB, limit 0kB, failcnt 36 [ 171.220434][ T5615] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 171.253780][ T5615] Memory cgroup stats for /syz1: [ 171.254077][ T5615] anon 0 [ 171.254077][ T5615] file 0 [ 171.254077][ T5615] kernel 8192 [ 171.254077][ T5615] kernel_stack 0 [ 171.254077][ T5615] pagetables 0 [ 171.254077][ T5615] sec_pagetables 0 [ 171.254077][ T5615] percpu 0 [ 171.254077][ T5615] sock 0 [ 171.254077][ T5615] vmalloc 0 [ 171.254077][ T5615] shmem 0 [ 171.254077][ T5615] zswap 0 [ 171.254077][ T5615] zswapped 0 [ 171.254077][ T5615] file_mapped 0 [ 171.254077][ T5615] file_dirty 0 [ 171.254077][ T5615] file_writeback 0 [ 171.254077][ T5615] swapcached 0 [ 171.254077][ T5615] anon_thp 0 [ 171.254077][ T5615] file_thp 0 [ 171.254077][ T5615] shmem_thp 0 [ 171.254077][ T5615] inactive_anon 0 [ 171.254077][ T5615] active_anon 0 [ 171.254077][ T5615] inactive_file 0 [ 171.254077][ T5615] active_file 0 [ 171.254077][ T5615] unevictable 0 [ 171.254077][ T5615] slab_reclaimable 6752 [ 171.254077][ T5615] slab_unreclaimable 0 [ 171.254077][ T5615] slab 6752 [ 171.254077][ T5615] workingset_refault_anon 0 [ 171.254077][ T5615] workingset_refault_file 0 [ 171.254077][ T5615] workingset_activate_anon 0 [ 171.254077][ T5615] workingset_activate_file 0 [ 171.254077][ T5615] workingset_restore_anon 0 [ 171.254077][ T5615] workingset_restore_file 0 [ 171.254077][ T5615] workingset_nodereclaim 0 [ 171.254077][ T5615] pgscan 831 [ 171.254077][ T5615] pgsteal 2 [ 171.254077][ T5615] pgscan_kswapd 0 [ 171.254077][ T5615] pgscan_direct 831 [ 171.254077][ T5615] pgscan_khugepaged 0 [ 171.254077][ T5615] pgsteal_kswapd 0 [ 171.254077][ T5615] pgsteal_direct 2 [ 171.254077][ T5615] pgsteal_khugepaged 0 [pid 5089] unlink("./26/cgroup") = 0 [pid 5089] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./26/cgroup.net") = 0 [pid 5089] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./26/file0") = 0 [pid 5089] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./26/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./26") = 0 [pid 5089] mkdir("./27", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5639 attached [pid 5639] chdir("./27" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 29 [pid 5639] <... chdir resumed>) = 0 [pid 5639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5639] setpgid(0, 0) = 0 [pid 5639] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5639] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 171.254077][ T5615] pgfault 21 [ 171.254077][ T5615] pgmajfault 0 [ 171.254077][ T5615] pgrefill 830 [ 171.254077][ T5615] pgactivate 829 [ 171.254077][ T5615] pgdeactivate 830 [ 171.254077][ T5615] pglazyfree 0 [ 171.254077][ T5615] pglazyfreed 0 [ 171.254077][ T5615] zswpin 0 [ 171.254077][ T5615] zswpout 0 [ 171.254077][ T5615] thp_fault_alloc 0 [ 171.254077][ T5615] thp_collapse_alloc 0 [pid 5639] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5639] write(3, "1000", 4) = 4 [pid 5639] close(3) = 0 [pid 5639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5639] mkdir("./file0", 000) = 0 [pid 5639] open("./file0", O_RDONLY) = 3 [pid 5639] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5639] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5639] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5639] openat(5, "memory.max", O_RDWR) = 6 [pid 5639] write(6, "0x000000000000040e", 18 [pid 5615] <... write resumed>) = 18 [pid 5615] close(3) = 0 [pid 5615] close(4) = 0 [pid 5615] close(5) = 0 [pid 5615] close(6) = 0 [pid 5615] close(7) = -1 EBADF (Bad file descriptor) [pid 5615] close(8) = -1 EBADF (Bad file descriptor) [pid 5615] close(9) = -1 EBADF (Bad file descriptor) [pid 5615] close(10) = -1 EBADF (Bad file descriptor) [pid 5615] close(11) = -1 EBADF (Bad file descriptor) [pid 5615] close(12) = -1 EBADF (Bad file descriptor) [pid 5615] close(13) = -1 EBADF (Bad file descriptor) [pid 5615] close(14) = -1 EBADF (Bad file descriptor) [ 171.523300][ T5615] Tasks state (memory values in pages): [ 171.531389][ T5615] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 171.543942][ T5615] Out of memory and no killable processes... [ 171.558589][ T5616] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5615] close(15) = -1 EBADF (Bad file descriptor) [pid 5615] close(16) = -1 EBADF (Bad file descriptor) [pid 5615] close(17) = -1 EBADF (Bad file descriptor) [pid 5615] close(18) = -1 EBADF (Bad file descriptor) [pid 5615] close(19) = -1 EBADF (Bad file descriptor) [pid 5615] close(20) = -1 EBADF (Bad file descriptor) [pid 5615] close(21) = -1 EBADF (Bad file descriptor) [pid 5615] close(22) = -1 EBADF (Bad file descriptor) [pid 5615] close(23) = -1 EBADF (Bad file descriptor) [pid 5615] close(24) = -1 EBADF (Bad file descriptor) [pid 5615] close(25) = -1 EBADF (Bad file descriptor) [pid 5615] close(26) = -1 EBADF (Bad file descriptor) [pid 5615] close(27) = -1 EBADF (Bad file descriptor) [pid 5615] close(28) = -1 EBADF (Bad file descriptor) [pid 5615] close(29) = -1 EBADF (Bad file descriptor) [pid 5615] exit_group(0) = ? [pid 5615] +++ exited with 0 +++ [ 171.592027][ T5616] CPU: 1 PID: 5616 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 171.602020][ T5616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 171.612131][ T5616] Call Trace: [ 171.615464][ T5616] [ 171.618450][ T5616] dump_stack_lvl+0x136/0x150 [ 171.623204][ T5616] dump_header+0x10a/0xd70 [ 171.627697][ T5616] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 171.633842][ T5616] out_of_memory+0xd64/0x1660 [ 171.638576][ T5616] ? oom_killer_disable+0x2b0/0x2b0 [ 171.643818][ T5616] ? find_held_lock+0x2d/0x110 [ 171.648620][ T5616] mem_cgroup_out_of_memory+0x206/0x270 [ 171.654210][ T5616] ? mem_cgroup_margin+0x130/0x130 [ 171.659377][ T5616] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 171.665241][ T5616] memory_max_write+0x2f9/0x3c0 [ 171.670141][ T5616] ? mem_cgroup_force_empty_write+0x160/0x160 [ 171.676263][ T5616] ? lock_sync+0x190/0x190 [ 171.680722][ T5616] cgroup_file_write+0x1e2/0x7b0 [ 171.685709][ T5616] ? mem_cgroup_force_empty_write+0x160/0x160 [ 171.691830][ T5616] ? kill_css+0x3b0/0x3b0 [ 171.696209][ T5616] ? lock_acquire+0x32/0xc0 [ 171.700760][ T5616] ? kill_css+0x3b0/0x3b0 [ 171.705135][ T5616] kernfs_fop_write_iter+0x3f1/0x600 [ 171.710471][ T5616] vfs_write+0x9ed/0xe10 [ 171.714768][ T5616] ? kernel_write+0x670/0x670 [ 171.719499][ T5616] ? find_held_lock+0x2d/0x110 [ 171.724307][ T5616] ? __fget_light+0x20a/0x270 [ 171.729037][ T5616] ksys_write+0x12b/0x250 [ 171.733419][ T5616] ? __ia32_sys_read+0xb0/0xb0 [ 171.738264][ T5616] ? lockdep_hardirqs_on+0x7d/0x100 [ 171.743509][ T5616] ? _raw_spin_unlock_irq+0x2e/0x50 [ 171.748756][ T5616] ? ptrace_notify+0xfe/0x140 [ 171.753477][ T5616] do_syscall_64+0x39/0xb0 [ 171.757943][ T5616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 171.763875][ T5616] RIP: 0033:0x7faecf034129 [ 171.768320][ T5616] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 171.787958][ T5616] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 171.796408][ T5616] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 171.804412][ T5616] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 171.812439][ T5616] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 171.820447][ T5616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 171.828443][ T5616] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000017 [ 171.836464][ T5616] [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5087] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 171.846354][ T5616] memory: usage 8kB, limit 0kB, failcnt 36 [ 171.852665][ T5616] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 171.859747][ T5616] Memory cgroup stats for /syz1: [ 171.860037][ T5616] anon 0 [ 171.860037][ T5616] file 0 [ 171.860037][ T5616] kernel 8192 [ 171.860037][ T5616] kernel_stack 0 [ 171.860037][ T5616] pagetables 0 [ 171.860037][ T5616] sec_pagetables 0 [ 171.860037][ T5616] percpu 0 [ 171.860037][ T5616] sock 0 [ 171.860037][ T5616] vmalloc 0 [ 171.860037][ T5616] shmem 0 [ 171.860037][ T5616] zswap 0 [ 171.860037][ T5616] zswapped 0 [ 171.860037][ T5616] file_mapped 0 [ 171.860037][ T5616] file_dirty 0 [ 171.860037][ T5616] file_writeback 0 [ 171.860037][ T5616] swapcached 0 [ 171.860037][ T5616] anon_thp 0 [ 171.860037][ T5616] file_thp 0 [ 171.860037][ T5616] shmem_thp 0 [ 171.860037][ T5616] inactive_anon 0 [ 171.860037][ T5616] active_anon 0 [ 171.860037][ T5616] inactive_file 0 [ 171.860037][ T5616] active_file 0 [ 171.860037][ T5616] unevictable 0 [ 171.860037][ T5616] slab_reclaimable 6752 [pid 5087] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./25/binderfs") = 0 [pid 5087] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./25/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./25/cgroup") = 0 [pid 5087] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 171.860037][ T5616] slab_unreclaimable 0 [ 171.860037][ T5616] slab 6752 [ 171.860037][ T5616] workingset_refault_anon 0 [ 171.860037][ T5616] workingset_refault_file 0 [ 171.860037][ T5616] workingset_activate_anon 0 [ 171.860037][ T5616] workingset_activate_file 0 [ 171.860037][ T5616] workingset_restore_anon 0 [ 171.860037][ T5616] workingset_restore_file 0 [ 171.860037][ T5616] workingset_nodereclaim 0 [ 171.860037][ T5616] pgscan 831 [ 171.860037][ T5616] pgsteal 2 [ 171.860037][ T5616] pgscan_kswapd 0 [ 171.860037][ T5616] pgscan_direct 831 [ 171.860037][ T5616] pgscan_khugepaged 0 [ 171.860037][ T5616] pgsteal_kswapd 0 [ 171.860037][ T5616] pgsteal_direct 2 [ 171.860037][ T5616] pgsteal_khugepaged 0 [ 171.860037][ T5616] pgfault 21 [ 171.860037][ T5616] pgmajfault 0 [ 171.860037][ T5616] pgrefill 830 [ 171.860037][ T5616] pgactivate 829 [ 171.860037][ T5616] pgdeactivate 830 [ 171.860037][ T5616] pglazyfree 0 [ 171.860037][ T5616] pglazyfreed 0 [ 171.860037][ T5616] zswpin 0 [ 171.860037][ T5616] zswpout 0 [ 171.860037][ T5616] thp_fault_alloc 0 [ 171.860037][ T5616] thp_collapse_alloc 0 [pid 5087] lstat("./25/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./25/cgroup.net") = 0 [pid 5087] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./25/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, [pid 5616] <... write resumed>) = 18 [pid 5087] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./25/file0") = 0 [pid 5087] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./25/cgroup.cpu") = 0 [ 172.056700][ T5616] Tasks state (memory values in pages): [ 172.063023][ T5616] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 172.073181][ T5616] Out of memory and no killable processes... [ 172.079447][ T5629] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 172.091019][ T5629] CPU: 1 PID: 5629 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./25") = 0 [pid 5087] mkdir("./26", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 28 [pid 5616] close(3) = 0 [pid 5616] close(4) = 0 [pid 5616] close(5) = 0 [pid 5616] close(6) = 0 [pid 5616] close(7) = -1 EBADF (Bad file descriptor) [pid 5616] close(8) = -1 EBADF (Bad file descriptor) [pid 5616] close(9) = -1 EBADF (Bad file descriptor) [pid 5616] close(10) = -1 EBADF (Bad file descriptor) [pid 5616] close(11) = -1 EBADF (Bad file descriptor) [pid 5616] close(12) = -1 EBADF (Bad file descriptor) [pid 5616] close(13) = -1 EBADF (Bad file descriptor) [pid 5616] close(14) = -1 EBADF (Bad file descriptor) [pid 5616] close(15) = -1 EBADF (Bad file descriptor) [pid 5616] close(16) = -1 EBADF (Bad file descriptor) [pid 5616] close(17) = -1 EBADF (Bad file descriptor) [pid 5616] close(18) = -1 EBADF (Bad file descriptor) [pid 5616] close(19) = -1 EBADF (Bad file descriptor) [pid 5616] close(20) = -1 EBADF (Bad file descriptor) [ 172.100980][ T5629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 172.111079][ T5629] Call Trace: [ 172.114407][ T5629] [ 172.117387][ T5629] dump_stack_lvl+0x136/0x150 [ 172.122133][ T5629] dump_header+0x10a/0xd70 [ 172.126639][ T5629] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 172.132799][ T5629] out_of_memory+0xd64/0x1660 [ 172.137581][ T5629] ? oom_killer_disable+0x2b0/0x2b0 [ 172.142892][ T5629] mem_cgroup_out_of_memory+0x206/0x270 [ 172.148504][ T5629] ? mem_cgroup_margin+0x130/0x130 [pid 5616] close(21) = -1 EBADF (Bad file descriptor) [pid 5616] close(22) = -1 EBADF (Bad file descriptor) [pid 5616] close(23) = -1 EBADF (Bad file descriptor) [pid 5616] close(24) = -1 EBADF (Bad file descriptor) [pid 5616] close(25) = -1 EBADF (Bad file descriptor) [pid 5616] close(26) = -1 EBADF (Bad file descriptor) [pid 5616] close(27) = -1 EBADF (Bad file descriptor) [pid 5616] close(28) = -1 EBADF (Bad file descriptor) [pid 5616] close(29) = -1 EBADF (Bad file descriptor) [pid 5616] exit_group(0) = ? [pid 5616] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5085] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 172.153728][ T5629] memory_max_write+0x2f9/0x3c0 [ 172.158680][ T5629] ? mem_cgroup_force_empty_write+0x160/0x160 [ 172.164843][ T5629] ? lock_sync+0x190/0x190 [ 172.169339][ T5629] cgroup_file_write+0x1e2/0x7b0 [ 172.174366][ T5629] ? mem_cgroup_force_empty_write+0x160/0x160 [ 172.180519][ T5629] ? kill_css+0x3b0/0x3b0 [ 172.184934][ T5629] ? lock_acquire+0x32/0xc0 [ 172.189522][ T5629] ? kill_css+0x3b0/0x3b0 [ 172.193926][ T5629] kernfs_fop_write_iter+0x3f1/0x600 [ 172.199267][ T5629] vfs_write+0x9ed/0xe10 [ 172.203567][ T5629] ? kernel_write+0x670/0x670 [ 172.208301][ T5629] ? find_held_lock+0x2d/0x110 [ 172.213113][ T5629] ? __fget_light+0x20a/0x270 [ 172.217853][ T5629] ksys_write+0x12b/0x250 [ 172.222246][ T5629] ? __ia32_sys_read+0xb0/0xb0 [ 172.227058][ T5629] ? lockdep_hardirqs_on+0x7d/0x100 [ 172.232295][ T5629] ? _raw_spin_unlock_irq+0x2e/0x50 [ 172.237537][ T5629] ? ptrace_notify+0xfe/0x140 [ 172.242259][ T5629] do_syscall_64+0x39/0xb0 [ 172.246726][ T5629] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 172.252663][ T5629] RIP: 0033:0x7faecf034129 [ 172.257105][ T5629] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 172.276746][ T5629] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 172.285200][ T5629] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 172.293203][ T5629] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5085] lstat("./23/binderfs", ./strace-static-x86_64: Process 5641 attached {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5641] chdir("./26" [pid 5085] unlink("./23/binderfs" [pid 5641] <... chdir resumed>) = 0 [pid 5641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5641] setpgid(0, 0) = 0 [pid 5641] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5641] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5085] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5641] <... symlink resumed>) = 0 [pid 5641] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5641] <... symlink resumed>) = 0 [pid 5641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5085] lstat("./23/cgroup", [pid 5641] <... openat resumed>) = 3 [pid 5641] write(3, "1000", 4 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5641] <... write resumed>) = 4 [pid 5641] close(3 [pid 5085] unlink("./23/cgroup" [pid 5641] <... close resumed>) = 0 [pid 5641] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] <... unlink resumed>) = 0 [ 172.301203][ T5629] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 172.309203][ T5629] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 172.317198][ T5629] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000018 [ 172.325219][ T5629] [pid 5641] mkdir("./file0", 000 [pid 5085] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5641] <... mkdir resumed>) = 0 [pid 5641] open("./file0", O_RDONLY [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5641] <... open resumed>) = 3 [pid 5085] lstat("./23/cgroup.net", [pid 5641] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./23/cgroup.net" [pid 5641] <... mount resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5641] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5085] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5641] <... openat resumed>) = 4 [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5641] openat(4, "syz1", O_RDWR|O_PATH [pid 5085] lstat("./23/file0", [pid 5641] <... openat resumed>) = 5 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5641] openat(5, "memory.max", O_RDWR [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5641] <... openat resumed>) = 6 [pid 5085] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5641] write(6, "0x000000000000040e", 18 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./23/file0") = 0 [pid 5085] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./23/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 172.357747][ T5629] memory: usage 8kB, limit 0kB, failcnt 36 [ 172.368527][ T5629] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 172.378963][ T5629] Memory cgroup stats for /syz1: [ 172.393226][ T5629] anon 0 [ 172.393226][ T5629] file 0 [ 172.393226][ T5629] kernel 8192 [ 172.393226][ T5629] kernel_stack 0 [ 172.393226][ T5629] pagetables 0 [ 172.393226][ T5629] sec_pagetables 0 [ 172.393226][ T5629] percpu 0 [ 172.393226][ T5629] sock 0 [ 172.393226][ T5629] vmalloc 0 [ 172.393226][ T5629] shmem 0 [ 172.393226][ T5629] zswap 0 [ 172.393226][ T5629] zswapped 0 [ 172.393226][ T5629] file_mapped 0 [ 172.393226][ T5629] file_dirty 0 [ 172.393226][ T5629] file_writeback 0 [ 172.393226][ T5629] swapcached 0 [ 172.393226][ T5629] anon_thp 0 [ 172.393226][ T5629] file_thp 0 [ 172.393226][ T5629] shmem_thp 0 [ 172.393226][ T5629] inactive_anon 0 [ 172.393226][ T5629] active_anon 0 [ 172.393226][ T5629] inactive_file 0 [ 172.393226][ T5629] active_file 0 [ 172.393226][ T5629] unevictable 0 [ 172.393226][ T5629] slab_reclaimable 6752 [ 172.393226][ T5629] slab_unreclaimable 0 [ 172.393226][ T5629] slab 6752 [ 172.393226][ T5629] workingset_refault_anon 0 [ 172.393226][ T5629] workingset_refault_file 0 [ 172.393226][ T5629] workingset_activate_anon 0 [ 172.393226][ T5629] workingset_activate_file 0 [ 172.393226][ T5629] workingset_restore_anon 0 [ 172.393226][ T5629] workingset_restore_file 0 [ 172.393226][ T5629] workingset_nodereclaim 0 [ 172.393226][ T5629] pgscan 831 [ 172.393226][ T5629] pgsteal 2 [ 172.393226][ T5629] pgscan_kswapd 0 [ 172.393226][ T5629] pgscan_direct 831 [ 172.393226][ T5629] pgscan_khugepaged 0 [ 172.393226][ T5629] pgsteal_kswapd 0 [ 172.393226][ T5629] pgsteal_direct 2 [ 172.393226][ T5629] pgsteal_khugepaged 0 [ 172.393226][ T5629] pgfault 21 [ 172.393226][ T5629] pgmajfault 0 [ 172.393226][ T5629] pgrefill 830 [ 172.393226][ T5629] pgactivate 829 [pid 5085] unlink("./23/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./23") = 0 [pid 5085] mkdir("./24", 0777) = 0 [ 172.393226][ T5629] pgdeactivate 830 [ 172.393226][ T5629] pglazyfree 0 [ 172.393226][ T5629] pglazyfreed 0 [ 172.393226][ T5629] zswpin 0 [ 172.393226][ T5629] zswpout 0 [ 172.393226][ T5629] thp_fault_alloc 0 [ 172.393226][ T5629] thp_collapse_alloc 0 [ 172.587904][ T5629] Tasks state (memory values in pages): [ 172.594253][ T5629] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5642 attached [pid 5642] chdir("./24" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 26 [pid 5642] <... chdir resumed>) = 0 [pid 5642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5642] setpgid(0, 0) = 0 [pid 5642] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5642] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5642] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5629] <... write resumed>) = 18 [pid 5642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5642] write(3, "1000", 4) = 4 [pid 5642] close(3) = 0 [pid 5642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5642] mkdir("./file0", 000) = 0 [pid 5642] open("./file0", O_RDONLY) = 3 [pid 5642] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5642] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5642] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5642] openat(5, "memory.max", O_RDWR) = 6 [ 172.604329][ T5629] Out of memory and no killable processes... [ 172.619666][ T5635] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 172.630771][ T5635] CPU: 1 PID: 5635 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 172.640759][ T5635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 172.650885][ T5635] Call Trace: [ 172.654223][ T5635] [pid 5642] write(6, "0x000000000000040e", 18 [pid 5629] close(3) = 0 [pid 5629] close(4) = 0 [pid 5629] close(5) = 0 [pid 5629] close(6) = 0 [pid 5629] close(7) = -1 EBADF (Bad file descriptor) [pid 5629] close(8) = -1 EBADF (Bad file descriptor) [pid 5629] close(9) = -1 EBADF (Bad file descriptor) [ 172.657207][ T5635] dump_stack_lvl+0x136/0x150 [ 172.661962][ T5635] dump_header+0x10a/0xd70 [ 172.666445][ T5635] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 172.672606][ T5635] out_of_memory+0xd64/0x1660 [ 172.677364][ T5635] ? oom_killer_disable+0x2b0/0x2b0 [ 172.682640][ T5635] ? find_held_lock+0x2d/0x110 [ 172.687475][ T5635] mem_cgroup_out_of_memory+0x206/0x270 [ 172.693100][ T5635] ? mem_cgroup_margin+0x130/0x130 [ 172.698300][ T5635] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 172.704196][ T5635] memory_max_write+0x2f9/0x3c0 [pid 5629] close(10) = -1 EBADF (Bad file descriptor) [pid 5629] close(11) = -1 EBADF (Bad file descriptor) [pid 5629] close(12) = -1 EBADF (Bad file descriptor) [pid 5629] close(13) = -1 EBADF (Bad file descriptor) [pid 5629] close(14) = -1 EBADF (Bad file descriptor) [pid 5629] close(15) = -1 EBADF (Bad file descriptor) [pid 5629] close(16) = -1 EBADF (Bad file descriptor) [pid 5629] close(17) = -1 EBADF (Bad file descriptor) [pid 5629] close(18) = -1 EBADF (Bad file descriptor) [pid 5629] close(19) = -1 EBADF (Bad file descriptor) [pid 5629] close(20) = -1 EBADF (Bad file descriptor) [pid 5629] close(21) = -1 EBADF (Bad file descriptor) [pid 5629] close(22) = -1 EBADF (Bad file descriptor) [pid 5629] close(23) = -1 EBADF (Bad file descriptor) [pid 5629] close(24) = -1 EBADF (Bad file descriptor) [pid 5629] close(25) = -1 EBADF (Bad file descriptor) [pid 5629] close(26) = -1 EBADF (Bad file descriptor) [pid 5629] close(27) = -1 EBADF (Bad file descriptor) [pid 5629] close(28) = -1 EBADF (Bad file descriptor) [pid 5629] close(29) = -1 EBADF (Bad file descriptor) [pid 5629] exit_group(0) = ? [pid 5629] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 172.709130][ T5635] ? mem_cgroup_force_empty_write+0x160/0x160 [ 172.715306][ T5635] ? lock_sync+0x190/0x190 [ 172.719804][ T5635] cgroup_file_write+0x1e2/0x7b0 [ 172.724826][ T5635] ? mem_cgroup_force_empty_write+0x160/0x160 [ 172.730975][ T5635] ? kill_css+0x3b0/0x3b0 [ 172.735383][ T5635] ? lock_acquire+0x32/0xc0 [ 172.739966][ T5635] ? kill_css+0x3b0/0x3b0 [ 172.744381][ T5635] kernfs_fop_write_iter+0x3f1/0x600 [ 172.749758][ T5635] vfs_write+0x9ed/0xe10 [ 172.754101][ T5635] ? kernel_write+0x670/0x670 [pid 5086] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./24/binderfs") = 0 [pid 5086] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./24/cgroup") = 0 [pid 5086] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./24/cgroup.net") = 0 [ 172.758867][ T5635] ? find_held_lock+0x2d/0x110 [ 172.763714][ T5635] ? __fget_light+0x20a/0x270 [ 172.768494][ T5635] ksys_write+0x12b/0x250 [ 172.772907][ T5635] ? __ia32_sys_read+0xb0/0xb0 [ 172.777753][ T5635] ? lockdep_hardirqs_on+0x7d/0x100 [ 172.783023][ T5635] ? _raw_spin_unlock_irq+0x2e/0x50 [ 172.788299][ T5635] ? ptrace_notify+0xfe/0x140 [ 172.793053][ T5635] do_syscall_64+0x39/0xb0 [ 172.797551][ T5635] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 172.803517][ T5635] RIP: 0033:0x7faecf034129 [ 172.807979][ T5635] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 172.827636][ T5635] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 172.836074][ T5635] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 172.844077][ T5635] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 172.852103][ T5635] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5086] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./24/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [ 172.860128][ T5635] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 172.868147][ T5635] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001b [ 172.876197][ T5635] [ 172.897874][ T5635] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./24/file0") = 0 [pid 5086] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./24/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./24") = 0 [pid 5086] mkdir("./25", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5644 attached [pid 5644] chdir("./25" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 27 [pid 5644] <... chdir resumed>) = 0 [pid 5644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5644] setpgid(0, 0) = 0 [pid 5644] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 172.911675][ T5635] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 172.918605][ T5635] Memory cgroup stats for /syz1: [ 172.918876][ T5635] anon 0 [ 172.918876][ T5635] file 0 [ 172.918876][ T5635] kernel 8192 [ 172.918876][ T5635] kernel_stack 0 [ 172.918876][ T5635] pagetables 0 [ 172.918876][ T5635] sec_pagetables 0 [ 172.918876][ T5635] percpu 0 [ 172.918876][ T5635] sock 0 [ 172.918876][ T5635] vmalloc 0 [ 172.918876][ T5635] shmem 0 [ 172.918876][ T5635] zswap 0 [ 172.918876][ T5635] zswapped 0 [pid 5644] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5644] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5644] write(3, "1000", 4) = 4 [pid 5644] close(3) = 0 [pid 5644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5644] mkdir("./file0", 000) = 0 [pid 5644] open("./file0", O_RDONLY) = 3 [pid 5644] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5644] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5644] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5644] openat(5, "memory.max", O_RDWR) = 6 [ 172.918876][ T5635] file_mapped 0 [ 172.918876][ T5635] file_dirty 0 [ 172.918876][ T5635] file_writeback 0 [ 172.918876][ T5635] swapcached 0 [ 172.918876][ T5635] anon_thp 0 [ 172.918876][ T5635] file_thp 0 [ 172.918876][ T5635] shmem_thp 0 [ 172.918876][ T5635] inactive_anon 0 [ 172.918876][ T5635] active_anon 0 [ 172.918876][ T5635] inactive_file 0 [ 172.918876][ T5635] active_file 0 [ 172.918876][ T5635] unevictable 0 [ 172.918876][ T5635] slab_reclaimable 6752 [ 172.918876][ T5635] slab_unreclaimable 0 [ 172.918876][ T5635] slab 6752 [ 172.918876][ T5635] workingset_refault_anon 0 [ 172.918876][ T5635] workingset_refault_file 0 [ 172.918876][ T5635] workingset_activate_anon 0 [ 172.918876][ T5635] workingset_activate_file 0 [ 172.918876][ T5635] workingset_restore_anon 0 [ 172.918876][ T5635] workingset_restore_file 0 [ 172.918876][ T5635] workingset_nodereclaim 0 [ 172.918876][ T5635] pgscan 831 [ 172.918876][ T5635] pgsteal 2 [ 172.918876][ T5635] pgscan_kswapd 0 [ 172.918876][ T5635] pgscan_direct 831 [ 172.918876][ T5635] pgscan_khugepaged 0 [ 172.918876][ T5635] pgsteal_kswapd 0 [ 172.918876][ T5635] pgsteal_direct 2 [ 172.918876][ T5635] pgsteal_khugepaged 0 [ 172.918876][ T5635] pgfault 21 [ 172.918876][ T5635] pgmajfault 0 [ 172.918876][ T5635] pgrefill 830 [ 172.918876][ T5635] pgactivate 829 [ 172.918876][ T5635] pgdeactivate 830 [ 172.918876][ T5635] pglazyfree 0 [ 172.918876][ T5635] pglazyfreed 0 [ 172.918876][ T5635] zswpin 0 [ 172.918876][ T5635] zswpout 0 [ 172.918876][ T5635] thp_fault_alloc 0 [ 172.918876][ T5635] thp_collapse_alloc 0 [pid 5644] write(6, "0x000000000000040e", 18 [pid 5635] <... write resumed>) = 18 [pid 5635] close(3) = 0 [pid 5635] close(4) = 0 [pid 5635] close(5) = 0 [pid 5635] close(6) = 0 [pid 5635] close(7) = -1 EBADF (Bad file descriptor) [pid 5635] close(8) = -1 EBADF (Bad file descriptor) [pid 5635] close(9) = -1 EBADF (Bad file descriptor) [pid 5635] close(10) = -1 EBADF (Bad file descriptor) [pid 5635] close(11) = -1 EBADF (Bad file descriptor) [pid 5635] close(12) = -1 EBADF (Bad file descriptor) [pid 5635] close(13) = -1 EBADF (Bad file descriptor) [pid 5635] close(14) = -1 EBADF (Bad file descriptor) [pid 5635] close(15) = -1 EBADF (Bad file descriptor) [ 173.107886][ T5635] Tasks state (memory values in pages): [ 173.121719][ T5635] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 173.131493][ T5635] Out of memory and no killable processes... [ 173.140017][ T5639] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5635] close(16) = -1 EBADF (Bad file descriptor) [pid 5635] close(17) = -1 EBADF (Bad file descriptor) [pid 5635] close(18) = -1 EBADF (Bad file descriptor) [pid 5635] close(19) = -1 EBADF (Bad file descriptor) [pid 5635] close(20) = -1 EBADF (Bad file descriptor) [pid 5635] close(21) = -1 EBADF (Bad file descriptor) [pid 5635] close(22) = -1 EBADF (Bad file descriptor) [pid 5635] close(23) = -1 EBADF (Bad file descriptor) [pid 5635] close(24) = -1 EBADF (Bad file descriptor) [pid 5635] close(25) = -1 EBADF (Bad file descriptor) [pid 5635] close(26) = -1 EBADF (Bad file descriptor) [pid 5635] close(27) = -1 EBADF (Bad file descriptor) [pid 5635] close(28) = -1 EBADF (Bad file descriptor) [pid 5635] close(29) = -1 EBADF (Bad file descriptor) [pid 5635] exit_group(0) = ? [pid 5635] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5090] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./27/binderfs") = 0 [pid 5090] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 173.155165][ T5639] CPU: 0 PID: 5639 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 173.165148][ T5639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 173.175272][ T5639] Call Trace: [ 173.178601][ T5639] [ 173.181580][ T5639] dump_stack_lvl+0x136/0x150 [ 173.186332][ T5639] dump_header+0x10a/0xd70 [ 173.190822][ T5639] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 173.196983][ T5639] out_of_memory+0xd64/0x1660 [ 173.201750][ T5639] ? oom_killer_disable+0x2b0/0x2b0 [ 173.207013][ T5639] ? find_held_lock+0x2d/0x110 [pid 5090] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./27/cgroup") = 0 [pid 5090] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./27/cgroup.net") = 0 [ 173.211839][ T5639] mem_cgroup_out_of_memory+0x206/0x270 [ 173.217462][ T5639] ? mem_cgroup_margin+0x130/0x130 [ 173.222677][ T5639] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 173.228650][ T5639] memory_max_write+0x2f9/0x3c0 [ 173.233559][ T5639] ? mem_cgroup_force_empty_write+0x160/0x160 [ 173.239709][ T5639] ? lock_sync+0x190/0x190 [ 173.244176][ T5639] cgroup_file_write+0x1e2/0x7b0 [ 173.249214][ T5639] ? mem_cgroup_force_empty_write+0x160/0x160 [ 173.255362][ T5639] ? kill_css+0x3b0/0x3b0 [ 173.259758][ T5639] ? lock_acquire+0x32/0xc0 [ 173.264325][ T5639] ? kill_css+0x3b0/0x3b0 [ 173.268732][ T5639] kernfs_fop_write_iter+0x3f1/0x600 [ 173.274103][ T5639] vfs_write+0x9ed/0xe10 [ 173.278433][ T5639] ? kernel_write+0x670/0x670 [ 173.283208][ T5639] ? find_held_lock+0x2d/0x110 [ 173.288052][ T5639] ? __fget_light+0x20a/0x270 [ 173.292798][ T5639] ksys_write+0x12b/0x250 [ 173.297189][ T5639] ? __ia32_sys_read+0xb0/0xb0 [ 173.302035][ T5639] ? lockdep_hardirqs_on+0x7d/0x100 [ 173.307287][ T5639] ? _raw_spin_unlock_irq+0x2e/0x50 [ 173.312524][ T5639] ? ptrace_notify+0xfe/0x140 [ 173.317253][ T5639] do_syscall_64+0x39/0xb0 [ 173.321751][ T5639] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 173.327714][ T5639] RIP: 0033:0x7faecf034129 [ 173.332197][ T5639] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 173.351874][ T5639] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5090] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 173.360353][ T5639] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 173.368372][ T5639] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 173.376384][ T5639] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 173.384395][ T5639] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 173.392430][ T5639] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001b [ 173.400485][ T5639] [pid 5090] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./27/file0") = 0 [pid 5090] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./27/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./27") = 0 [pid 5090] mkdir("./28", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5645 attached [pid 5645] chdir("./28" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 30 [pid 5645] <... chdir resumed>) = 0 [pid 5645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5645] setpgid(0, 0) = 0 [pid 5645] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [ 173.416813][ T5639] memory: usage 8kB, limit 0kB, failcnt 36 [ 173.444393][ T5639] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 173.455775][ T5639] Memory cgroup stats for /syz1: [ 173.456061][ T5639] anon 0 [pid 5645] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5645] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5645] write(3, "1000", 4) = 4 [pid 5645] close(3) = 0 [pid 5645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5645] mkdir("./file0", 000) = 0 [pid 5645] open("./file0", O_RDONLY) = 3 [pid 5645] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5645] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5645] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5645] openat(5, "memory.max", O_RDWR) = 6 [ 173.456061][ T5639] file 0 [ 173.456061][ T5639] kernel 8192 [ 173.456061][ T5639] kernel_stack 0 [ 173.456061][ T5639] pagetables 0 [ 173.456061][ T5639] sec_pagetables 0 [ 173.456061][ T5639] percpu 0 [ 173.456061][ T5639] sock 0 [ 173.456061][ T5639] vmalloc 0 [ 173.456061][ T5639] shmem 0 [ 173.456061][ T5639] zswap 0 [ 173.456061][ T5639] zswapped 0 [ 173.456061][ T5639] file_mapped 0 [ 173.456061][ T5639] file_dirty 0 [ 173.456061][ T5639] file_writeback 0 [ 173.456061][ T5639] swapcached 0 [ 173.456061][ T5639] anon_thp 0 [ 173.456061][ T5639] file_thp 0 [ 173.456061][ T5639] shmem_thp 0 [ 173.456061][ T5639] inactive_anon 0 [ 173.456061][ T5639] active_anon 0 [ 173.456061][ T5639] inactive_file 0 [ 173.456061][ T5639] active_file 0 [ 173.456061][ T5639] unevictable 0 [ 173.456061][ T5639] slab_reclaimable 6752 [ 173.456061][ T5639] slab_unreclaimable 0 [ 173.456061][ T5639] slab 6752 [ 173.456061][ T5639] workingset_refault_anon 0 [ 173.456061][ T5639] workingset_refault_file 0 [ 173.456061][ T5639] workingset_activate_anon 0 [ 173.456061][ T5639] workingset_activate_file 0 [ 173.456061][ T5639] workingset_restore_anon 0 [ 173.456061][ T5639] workingset_restore_file 0 [ 173.456061][ T5639] workingset_nodereclaim 0 [ 173.456061][ T5639] pgscan 831 [ 173.456061][ T5639] pgsteal 2 [ 173.456061][ T5639] pgscan_kswapd 0 [ 173.456061][ T5639] pgscan_direct 831 [ 173.456061][ T5639] pgscan_khugepaged 0 [ 173.456061][ T5639] pgsteal_kswapd 0 [ 173.456061][ T5639] pgsteal_direct 2 [ 173.456061][ T5639] pgsteal_khugepaged 0 [ 173.456061][ T5639] pgfault 21 [ 173.456061][ T5639] pgmajfault 0 [ 173.456061][ T5639] pgrefill 830 [ 173.456061][ T5639] pgactivate 829 [ 173.456061][ T5639] pgdeactivate 830 [ 173.456061][ T5639] pglazyfree 0 [ 173.456061][ T5639] pglazyfreed 0 [ 173.456061][ T5639] zswpin 0 [ 173.456061][ T5639] zswpout 0 [ 173.456061][ T5639] thp_fault_alloc 0 [ 173.456061][ T5639] thp_collapse_alloc 0 [ 173.649273][ T5639] Tasks state (memory values in pages): [ 173.656189][ T5639] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5645] write(6, "0x000000000000040e", 18 [pid 5639] <... write resumed>) = 18 [pid 5639] close(3) = 0 [pid 5639] close(4) = 0 [pid 5639] close(5) = 0 [pid 5639] close(6) = 0 [pid 5639] close(7) = -1 EBADF (Bad file descriptor) [ 173.666080][ T5639] Out of memory and no killable processes... [ 173.672448][ T5641] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 173.683009][ T5641] CPU: 0 PID: 5641 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 173.692970][ T5641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 173.703080][ T5641] Call Trace: [ 173.706401][ T5641] [ 173.709374][ T5641] dump_stack_lvl+0x136/0x150 [ 173.714124][ T5641] dump_header+0x10a/0xd70 [pid 5639] close(8) = -1 EBADF (Bad file descriptor) [pid 5639] close(9) = -1 EBADF (Bad file descriptor) [pid 5639] close(10) = -1 EBADF (Bad file descriptor) [pid 5639] close(11) = -1 EBADF (Bad file descriptor) [pid 5639] close(12) = -1 EBADF (Bad file descriptor) [pid 5639] close(13) = -1 EBADF (Bad file descriptor) [pid 5639] close(14) = -1 EBADF (Bad file descriptor) [pid 5639] close(15) = -1 EBADF (Bad file descriptor) [pid 5639] close(16) = -1 EBADF (Bad file descriptor) [pid 5639] close(17) = -1 EBADF (Bad file descriptor) [pid 5639] close(18) = -1 EBADF (Bad file descriptor) [pid 5639] close(19) = -1 EBADF (Bad file descriptor) [pid 5639] close(20) = -1 EBADF (Bad file descriptor) [pid 5639] close(21) = -1 EBADF (Bad file descriptor) [pid 5639] close(22) = -1 EBADF (Bad file descriptor) [pid 5639] close(23) = -1 EBADF (Bad file descriptor) [pid 5639] close(24) = -1 EBADF (Bad file descriptor) [ 173.718620][ T5641] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 173.724780][ T5641] out_of_memory+0xd64/0x1660 [ 173.729539][ T5641] ? oom_killer_disable+0x2b0/0x2b0 [ 173.734813][ T5641] ? find_held_lock+0x2d/0x110 [ 173.739646][ T5641] mem_cgroup_out_of_memory+0x206/0x270 [ 173.745272][ T5641] ? mem_cgroup_margin+0x130/0x130 [ 173.750481][ T5641] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 173.756380][ T5641] memory_max_write+0x2f9/0x3c0 [ 173.761316][ T5641] ? mem_cgroup_force_empty_write+0x160/0x160 [ 173.767477][ T5641] ? lock_sync+0x190/0x190 [ 173.771970][ T5641] cgroup_file_write+0x1e2/0x7b0 [ 173.776985][ T5641] ? mem_cgroup_force_empty_write+0x160/0x160 [ 173.783133][ T5641] ? kill_css+0x3b0/0x3b0 [ 173.787550][ T5641] ? lock_acquire+0x32/0xc0 [ 173.792141][ T5641] ? kill_css+0x3b0/0x3b0 [ 173.796556][ T5641] kernfs_fop_write_iter+0x3f1/0x600 [ 173.801928][ T5641] vfs_write+0x9ed/0xe10 [ 173.806248][ T5641] ? kernel_write+0x670/0x670 [ 173.811005][ T5641] ? find_held_lock+0x2d/0x110 [ 173.815940][ T5641] ? __fget_light+0x20a/0x270 [ 173.820682][ T5641] ksys_write+0x12b/0x250 [ 173.825068][ T5641] ? __ia32_sys_read+0xb0/0xb0 [ 173.829929][ T5641] ? lockdep_hardirqs_on+0x7d/0x100 [ 173.835196][ T5641] ? _raw_spin_unlock_irq+0x2e/0x50 [ 173.840463][ T5641] ? ptrace_notify+0xfe/0x140 [ 173.845238][ T5641] do_syscall_64+0x39/0xb0 [ 173.849723][ T5641] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 173.855661][ T5641] RIP: 0033:0x7faecf034129 [ 173.860165][ T5641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 173.879837][ T5641] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 173.888321][ T5641] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 173.896350][ T5641] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 173.904383][ T5641] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5639] close(25) = -1 EBADF (Bad file descriptor) [pid 5639] close(26) = -1 EBADF (Bad file descriptor) [pid 5639] close(27) = -1 EBADF (Bad file descriptor) [pid 5639] close(28) = -1 EBADF (Bad file descriptor) [pid 5639] close(29) = -1 EBADF (Bad file descriptor) [pid 5639] exit_group(0) = ? [pid 5639] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./27/binderfs") = 0 [pid 5089] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./27/cgroup") = 0 [pid 5089] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./27/cgroup.net") = 0 [pid 5089] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./27/file0") = 0 [pid 5089] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./27/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 173.912411][ T5641] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 173.920438][ T5641] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001a [ 173.928495][ T5641] [ 173.953748][ T5641] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5089] close(3) = 0 [pid 5089] rmdir("./27") = 0 [pid 5089] mkdir("./28", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 30 [ 173.971428][ T5641] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 173.979331][ T5641] Memory cgroup stats for /syz1: [ 173.979647][ T5641] anon 0 [ 173.979647][ T5641] file 0 [ 173.979647][ T5641] kernel 8192 [ 173.979647][ T5641] kernel_stack 0 [ 173.979647][ T5641] pagetables 0 [ 173.979647][ T5641] sec_pagetables 0 [ 173.979647][ T5641] percpu 0 [ 173.979647][ T5641] sock 0 [ 173.979647][ T5641] vmalloc 0 [ 173.979647][ T5641] shmem 0 [ 173.979647][ T5641] zswap 0 [ 173.979647][ T5641] zswapped 0 ./strace-static-x86_64: Process 5647 attached [pid 5647] chdir("./28") = 0 [pid 5647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5647] setpgid(0, 0) = 0 [pid 5647] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [ 173.979647][ T5641] file_mapped 0 [ 173.979647][ T5641] file_dirty 0 [ 173.979647][ T5641] file_writeback 0 [ 173.979647][ T5641] swapcached 0 [ 173.979647][ T5641] anon_thp 0 [ 173.979647][ T5641] file_thp 0 [ 173.979647][ T5641] shmem_thp 0 [ 173.979647][ T5641] inactive_anon 0 [ 173.979647][ T5641] active_anon 0 [ 173.979647][ T5641] inactive_file 0 [ 173.979647][ T5641] active_file 0 [ 173.979647][ T5641] unevictable 0 [ 173.979647][ T5641] slab_reclaimable 6752 [ 173.979647][ T5641] slab_unreclaimable 0 [ 173.979647][ T5641] slab 6752 [ 173.979647][ T5641] workingset_refault_anon 0 [ 173.979647][ T5641] workingset_refault_file 0 [ 173.979647][ T5641] workingset_activate_anon 0 [ 173.979647][ T5641] workingset_activate_file 0 [ 173.979647][ T5641] workingset_restore_anon 0 [ 173.979647][ T5641] workingset_restore_file 0 [ 173.979647][ T5641] workingset_nodereclaim 0 [ 173.979647][ T5641] pgscan 831 [ 173.979647][ T5641] pgsteal 2 [ 173.979647][ T5641] pgscan_kswapd 0 [ 173.979647][ T5641] pgscan_direct 831 [ 173.979647][ T5641] pgscan_khugepaged 0 [ 173.979647][ T5641] pgsteal_kswapd 0 [pid 5647] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5647] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5647] write(3, "1000", 4) = 4 [pid 5647] close(3) = 0 [pid 5647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5647] mkdir("./file0", 000) = 0 [pid 5647] open("./file0", O_RDONLY) = 3 [ 173.979647][ T5641] pgsteal_direct 2 [ 173.979647][ T5641] pgsteal_khugepaged 0 [ 173.979647][ T5641] pgfault 21 [ 173.979647][ T5641] pgmajfault 0 [ 173.979647][ T5641] pgrefill 830 [ 173.979647][ T5641] pgactivate 829 [ 173.979647][ T5641] pgdeactivate 830 [ 173.979647][ T5641] pglazyfree 0 [ 173.979647][ T5641] pglazyfreed 0 [ 173.979647][ T5641] zswpin 0 [ 173.979647][ T5641] zswpout 0 [ 173.979647][ T5641] thp_fault_alloc 0 [ 173.979647][ T5641] thp_collapse_alloc 0 [pid 5647] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5647] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5647] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5647] openat(5, "memory.max", O_RDWR) = 6 [pid 5647] write(6, "0x000000000000040e", 18 [pid 5641] <... write resumed>) = 18 [ 174.269468][ T5641] Tasks state (memory values in pages): [ 174.280430][ T5641] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 174.307449][ T5641] Out of memory and no killable processes... [ 174.318394][ T5642] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 174.329939][ T5642] CPU: 0 PID: 5642 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 174.339915][ T5642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 174.350023][ T5642] Call Trace: [ 174.353372][ T5642] [ 174.356344][ T5642] dump_stack_lvl+0x136/0x150 [ 174.361095][ T5642] dump_header+0x10a/0xd70 [ 174.365577][ T5642] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 174.371736][ T5642] out_of_memory+0xd64/0x1660 [ 174.376480][ T5642] ? oom_killer_disable+0x2b0/0x2b0 [ 174.381760][ T5642] mem_cgroup_out_of_memory+0x206/0x270 [ 174.387362][ T5642] ? mem_cgroup_margin+0x130/0x130 [ 174.392537][ T5642] memory_max_write+0x2f9/0x3c0 [ 174.397438][ T5642] ? mem_cgroup_force_empty_write+0x160/0x160 [ 174.403555][ T5642] ? lock_sync+0x190/0x190 [ 174.408011][ T5642] cgroup_file_write+0x1e2/0x7b0 [ 174.412995][ T5642] ? mem_cgroup_force_empty_write+0x160/0x160 [ 174.419107][ T5642] ? kill_css+0x3b0/0x3b0 [ 174.423484][ T5642] ? lock_acquire+0x32/0xc0 [ 174.428036][ T5642] ? kill_css+0x3b0/0x3b0 [ 174.432406][ T5642] kernfs_fop_write_iter+0x3f1/0x600 [ 174.437741][ T5642] vfs_write+0x9ed/0xe10 [ 174.442034][ T5642] ? kernel_write+0x670/0x670 [ 174.446760][ T5642] ? find_held_lock+0x2d/0x110 [ 174.451572][ T5642] ? __fget_light+0x20a/0x270 [ 174.456313][ T5642] ksys_write+0x12b/0x250 [ 174.460689][ T5642] ? __ia32_sys_read+0xb0/0xb0 [ 174.465494][ T5642] ? lockdep_hardirqs_on+0x7d/0x100 [ 174.470729][ T5642] ? _raw_spin_unlock_irq+0x2e/0x50 [ 174.475972][ T5642] ? ptrace_notify+0xfe/0x140 [ 174.480692][ T5642] do_syscall_64+0x39/0xb0 [ 174.485158][ T5642] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 174.491089][ T5642] RIP: 0033:0x7faecf034129 [ 174.495538][ T5642] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5641] close(3) = 0 [ 174.515179][ T5642] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 174.523625][ T5642] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 174.531635][ T5642] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 174.539636][ T5642] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 174.547639][ T5642] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 174.555638][ T5642] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000018 [ 174.563668][ T5642] [pid 5641] close(4) = 0 [pid 5641] close(5) = 0 [pid 5641] close(6) = 0 [pid 5641] close(7) = -1 EBADF (Bad file descriptor) [pid 5641] close(8) = -1 EBADF (Bad file descriptor) [pid 5641] close(9) = -1 EBADF (Bad file descriptor) [pid 5641] close(10) = -1 EBADF (Bad file descriptor) [pid 5641] close(11) = -1 EBADF (Bad file descriptor) [pid 5641] close(12) = -1 EBADF (Bad file descriptor) [pid 5641] close(13) = -1 EBADF (Bad file descriptor) [pid 5641] close(14) = -1 EBADF (Bad file descriptor) [pid 5641] close(15) = -1 EBADF (Bad file descriptor) [pid 5641] close(16) = -1 EBADF (Bad file descriptor) [pid 5641] close(17) = -1 EBADF (Bad file descriptor) [pid 5641] close(18) = -1 EBADF (Bad file descriptor) [pid 5641] close(19) = -1 EBADF (Bad file descriptor) [pid 5641] close(20) = -1 EBADF (Bad file descriptor) [pid 5641] close(21) = -1 EBADF (Bad file descriptor) [pid 5641] close(22) = -1 EBADF (Bad file descriptor) [pid 5641] close(23) = -1 EBADF (Bad file descriptor) [pid 5641] close(24) = -1 EBADF (Bad file descriptor) [pid 5641] close(25) = -1 EBADF (Bad file descriptor) [pid 5641] close(26) = -1 EBADF (Bad file descriptor) [pid 5641] close(27) = -1 EBADF (Bad file descriptor) [pid 5641] close(28) = -1 EBADF (Bad file descriptor) [pid 5641] close(29) = -1 EBADF (Bad file descriptor) [pid 5641] exit_group(0) = ? [ 174.572271][ T5642] memory: usage 8kB, limit 0kB, failcnt 36 [ 174.578164][ T5642] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 174.634690][ T5642] Memory cgroup stats for /syz1: [ 174.634978][ T5642] anon 0 [ 174.634978][ T5642] file 0 [ 174.634978][ T5642] kernel 8192 [ 174.634978][ T5642] kernel_stack 0 [ 174.634978][ T5642] pagetables 0 [ 174.634978][ T5642] sec_pagetables 0 [ 174.634978][ T5642] percpu 0 [ 174.634978][ T5642] sock 0 [ 174.634978][ T5642] vmalloc 0 [ 174.634978][ T5642] shmem 0 [ 174.634978][ T5642] zswap 0 [ 174.634978][ T5642] zswapped 0 [ 174.634978][ T5642] file_mapped 0 [ 174.634978][ T5642] file_dirty 0 [pid 5641] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 174.634978][ T5642] file_writeback 0 [ 174.634978][ T5642] swapcached 0 [ 174.634978][ T5642] anon_thp 0 [ 174.634978][ T5642] file_thp 0 [ 174.634978][ T5642] shmem_thp 0 [ 174.634978][ T5642] inactive_anon 0 [ 174.634978][ T5642] active_anon 0 [ 174.634978][ T5642] inactive_file 0 [ 174.634978][ T5642] active_file 0 [ 174.634978][ T5642] unevictable 0 [ 174.634978][ T5642] slab_reclaimable 6752 [ 174.634978][ T5642] slab_unreclaimable 0 [ 174.634978][ T5642] slab 6752 [ 174.634978][ T5642] workingset_refault_anon 0 [ 174.634978][ T5642] workingset_refault_file 0 [pid 5087] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./26/binderfs") = 0 [pid 5087] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./26/cgroup") = 0 [pid 5087] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./26/cgroup.net") = 0 [ 174.634978][ T5642] workingset_activate_anon 0 [ 174.634978][ T5642] workingset_activate_file 0 [ 174.634978][ T5642] workingset_restore_anon 0 [ 174.634978][ T5642] workingset_restore_file 0 [ 174.634978][ T5642] workingset_nodereclaim 0 [ 174.634978][ T5642] pgscan 831 [ 174.634978][ T5642] pgsteal 2 [ 174.634978][ T5642] pgscan_kswapd 0 [ 174.634978][ T5642] pgscan_direct 831 [ 174.634978][ T5642] pgscan_khugepaged 0 [ 174.634978][ T5642] pgsteal_kswapd 0 [ 174.634978][ T5642] pgsteal_direct 2 [ 174.634978][ T5642] pgsteal_khugepaged 0 [pid 5087] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./26/file0") = 0 [pid 5087] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 174.634978][ T5642] pgfault 21 [ 174.634978][ T5642] pgmajfault 0 [ 174.634978][ T5642] pgrefill 830 [ 174.634978][ T5642] pgactivate 829 [ 174.634978][ T5642] pgdeactivate 830 [ 174.634978][ T5642] pglazyfree 0 [ 174.634978][ T5642] pglazyfreed 0 [ 174.634978][ T5642] zswpin 0 [ 174.634978][ T5642] zswpout 0 [ 174.634978][ T5642] thp_fault_alloc 0 [ 174.634978][ T5642] thp_collapse_alloc 0 [pid 5087] unlink("./26/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./26") = 0 [pid 5087] mkdir("./27", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 29 ./strace-static-x86_64: Process 5656 attached [pid 5656] chdir("./27") = 0 [ 174.846926][ T5642] Tasks state (memory values in pages): [ 174.864178][ T5642] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 174.875879][ T5642] Out of memory and no killable processes... [ 174.883220][ T5644] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5642] <... write resumed>) = 18 [pid 5656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5642] close(3 [pid 5656] setpgid(0, 0) = 0 [pid 5642] <... close resumed>) = 0 [pid 5656] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5642] close(4 [pid 5656] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5642] <... close resumed>) = 0 [pid 5656] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5642] close(5 [pid 5656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5642] <... close resumed>) = 0 [pid 5656] write(3, "1000", 4) = 4 [pid 5642] close(6 [pid 5656] close(3 [pid 5642] <... close resumed>) = 0 [pid 5656] <... close resumed>) = 0 [pid 5642] close(7 [pid 5656] symlink("/dev/binderfs", "./binderfs" [pid 5642] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5656] <... symlink resumed>) = 0 [pid 5642] close(8 [pid 5656] mkdir("./file0", 000 [pid 5642] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5656] <... mkdir resumed>) = 0 [pid 5642] close(9 [pid 5656] open("./file0", O_RDONLY [pid 5642] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5656] <... open resumed>) = 3 [pid 5642] close(10 [pid 5656] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5642] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5656] <... mount resumed>) = 0 [pid 5642] close(11 [pid 5656] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5642] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5656] <... openat resumed>) = 4 [pid 5642] close(12 [pid 5656] openat(4, "syz1", O_RDWR|O_PATH [pid 5642] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5656] <... openat resumed>) = 5 [pid 5642] close(13 [pid 5656] openat(5, "memory.max", O_RDWR [pid 5642] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5656] <... openat resumed>) = 6 [pid 5642] close(14 [pid 5656] write(6, "0x000000000000040e", 18 [pid 5642] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5642] close(15) = -1 EBADF (Bad file descriptor) [pid 5642] close(16) = -1 EBADF (Bad file descriptor) [ 174.899739][ T5644] CPU: 1 PID: 5644 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 174.909736][ T5644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 174.919856][ T5644] Call Trace: [ 174.923189][ T5644] [ 174.926196][ T5644] dump_stack_lvl+0x136/0x150 [ 174.930959][ T5644] dump_header+0x10a/0xd70 [ 174.935447][ T5644] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 174.941606][ T5644] out_of_memory+0xd64/0x1660 [pid 5642] close(17) = -1 EBADF (Bad file descriptor) [pid 5642] close(18) = -1 EBADF (Bad file descriptor) [pid 5642] close(19) = -1 EBADF (Bad file descriptor) [pid 5642] close(20) = -1 EBADF (Bad file descriptor) [pid 5642] close(21) = -1 EBADF (Bad file descriptor) [pid 5642] close(22) = -1 EBADF (Bad file descriptor) [pid 5642] close(23) = -1 EBADF (Bad file descriptor) [pid 5642] close(24) = -1 EBADF (Bad file descriptor) [pid 5642] close(25) = -1 EBADF (Bad file descriptor) [pid 5642] close(26) = -1 EBADF (Bad file descriptor) [pid 5642] close(27) = -1 EBADF (Bad file descriptor) [pid 5642] close(28) = -1 EBADF (Bad file descriptor) [pid 5642] close(29) = -1 EBADF (Bad file descriptor) [pid 5642] exit_group(0) = ? [pid 5642] +++ exited with 0 +++ [ 174.946366][ T5644] ? oom_killer_disable+0x2b0/0x2b0 [ 174.951652][ T5644] mem_cgroup_out_of_memory+0x206/0x270 [ 174.957278][ T5644] ? mem_cgroup_margin+0x130/0x130 [ 174.962512][ T5644] memory_max_write+0x2f9/0x3c0 [ 174.967451][ T5644] ? mem_cgroup_force_empty_write+0x160/0x160 [ 174.973620][ T5644] ? lock_sync+0x190/0x190 [ 174.978125][ T5644] cgroup_file_write+0x1e2/0x7b0 [ 174.983171][ T5644] ? mem_cgroup_force_empty_write+0x160/0x160 [ 174.989335][ T5644] ? kill_css+0x3b0/0x3b0 [ 174.993749][ T5644] ? lock_acquire+0x32/0xc0 [ 174.998332][ T5644] ? kill_css+0x3b0/0x3b0 [ 175.002742][ T5644] kernfs_fop_write_iter+0x3f1/0x600 [ 175.008115][ T5644] vfs_write+0x9ed/0xe10 [ 175.012460][ T5644] ? kernel_write+0x670/0x670 [ 175.017235][ T5644] ? find_held_lock+0x2d/0x110 [ 175.022092][ T5644] ? __fget_light+0x20a/0x270 [ 175.026922][ T5644] ksys_write+0x12b/0x250 [ 175.031339][ T5644] ? __ia32_sys_read+0xb0/0xb0 [ 175.036181][ T5644] ? lockdep_hardirqs_on+0x7d/0x100 [ 175.041459][ T5644] ? _raw_spin_unlock_irq+0x2e/0x50 [ 175.046734][ T5644] ? ptrace_notify+0xfe/0x140 [ 175.051486][ T5644] do_syscall_64+0x39/0xb0 [ 175.055983][ T5644] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 175.061959][ T5644] RIP: 0033:0x7faecf034129 [ 175.066434][ T5644] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 175.086106][ T5644] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5085] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 175.094585][ T5644] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 175.102656][ T5644] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 175.110701][ T5644] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 175.118728][ T5644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 175.126758][ T5644] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000019 [ 175.134819][ T5644] [pid 5085] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 175.164552][ T5644] memory: usage 8kB, limit 0kB, failcnt 36 [ 175.170515][ T5644] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 175.186669][ T5644] Memory cgroup stats for /syz1: [ 175.186960][ T5644] anon 0 [ 175.186960][ T5644] file 0 [ 175.186960][ T5644] kernel 8192 [ 175.186960][ T5644] kernel_stack 0 [ 175.186960][ T5644] pagetables 0 [ 175.186960][ T5644] sec_pagetables 0 [ 175.186960][ T5644] percpu 0 [ 175.186960][ T5644] sock 0 [ 175.186960][ T5644] vmalloc 0 [ 175.186960][ T5644] shmem 0 [ 175.186960][ T5644] zswap 0 [ 175.186960][ T5644] zswapped 0 [ 175.186960][ T5644] file_mapped 0 [ 175.186960][ T5644] file_dirty 0 [ 175.186960][ T5644] file_writeback 0 [ 175.186960][ T5644] swapcached 0 [ 175.186960][ T5644] anon_thp 0 [ 175.186960][ T5644] file_thp 0 [ 175.186960][ T5644] shmem_thp 0 [ 175.186960][ T5644] inactive_anon 0 [ 175.186960][ T5644] active_anon 0 [ 175.186960][ T5644] inactive_file 0 [ 175.186960][ T5644] active_file 0 [ 175.186960][ T5644] unevictable 0 [ 175.186960][ T5644] slab_reclaimable 6752 [ 175.186960][ T5644] slab_unreclaimable 0 [ 175.186960][ T5644] slab 6752 [ 175.186960][ T5644] workingset_refault_anon 0 [ 175.186960][ T5644] workingset_refault_file 0 [ 175.186960][ T5644] workingset_activate_anon 0 [ 175.186960][ T5644] workingset_activate_file 0 [ 175.186960][ T5644] workingset_restore_anon 0 [ 175.186960][ T5644] workingset_restore_file 0 [ 175.186960][ T5644] workingset_nodereclaim 0 [ 175.186960][ T5644] pgscan 831 [ 175.186960][ T5644] pgsteal 2 [ 175.186960][ T5644] pgscan_kswapd 0 [ 175.186960][ T5644] pgscan_direct 831 [ 175.186960][ T5644] pgscan_khugepaged 0 [ 175.186960][ T5644] pgsteal_kswapd 0 [ 175.186960][ T5644] pgsteal_direct 2 [ 175.186960][ T5644] pgsteal_khugepaged 0 [ 175.186960][ T5644] pgfault 21 [ 175.186960][ T5644] pgmajfault 0 [ 175.186960][ T5644] pgrefill 830 [ 175.186960][ T5644] pgactivate 829 [ 175.186960][ T5644] pgdeactivate 830 [ 175.186960][ T5644] pglazyfree 0 [ 175.186960][ T5644] pglazyfreed 0 [ 175.186960][ T5644] zswpin 0 [ 175.186960][ T5644] zswpout 0 [pid 5085] unlink("./24/binderfs") = 0 [pid 5085] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./24/cgroup") = 0 [pid 5085] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./24/cgroup.net") = 0 [pid 5085] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./24/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 175.186960][ T5644] thp_fault_alloc 0 [ 175.186960][ T5644] thp_collapse_alloc 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./24/file0") = 0 [pid 5085] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./24/cgroup.cpu" [pid 5644] <... write resumed>) = 18 [ 175.426839][ T5644] Tasks state (memory values in pages): [ 175.436709][ T5644] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 175.455643][ T5644] Out of memory and no killable processes... [ 175.466579][ T5645] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5644] close(3 [pid 5085] <... unlink resumed>) = 0 [ 175.491496][ T5645] CPU: 1 PID: 5645 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 175.501483][ T5645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 175.511609][ T5645] Call Trace: [ 175.514934][ T5645] [ 175.517930][ T5645] dump_stack_lvl+0x136/0x150 [ 175.522680][ T5645] dump_header+0x10a/0xd70 [ 175.527165][ T5645] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 175.533333][ T5645] out_of_memory+0xd64/0x1660 [ 175.538090][ T5645] ? oom_killer_disable+0x2b0/0x2b0 [ 175.543382][ T5645] mem_cgroup_out_of_memory+0x206/0x270 [ 175.549006][ T5645] ? mem_cgroup_margin+0x130/0x130 [ 175.554231][ T5645] memory_max_write+0x2f9/0x3c0 [ 175.559173][ T5645] ? mem_cgroup_force_empty_write+0x160/0x160 [ 175.565324][ T5645] ? lock_sync+0x190/0x190 [ 175.569817][ T5645] cgroup_file_write+0x1e2/0x7b0 [ 175.574836][ T5645] ? mem_cgroup_force_empty_write+0x160/0x160 [ 175.580985][ T5645] ? kill_css+0x3b0/0x3b0 [ 175.585397][ T5645] ? lock_acquire+0x32/0xc0 [ 175.589985][ T5645] ? kill_css+0x3b0/0x3b0 [ 175.594387][ T5645] kernfs_fop_write_iter+0x3f1/0x600 [ 175.599727][ T5645] vfs_write+0x9ed/0xe10 [ 175.604022][ T5645] ? kernel_write+0x670/0x670 [ 175.608753][ T5645] ? find_held_lock+0x2d/0x110 [ 175.613562][ T5645] ? __fget_light+0x20a/0x270 [ 175.618308][ T5645] ksys_write+0x12b/0x250 [ 175.622687][ T5645] ? __ia32_sys_read+0xb0/0xb0 [ 175.627497][ T5645] ? lockdep_hardirqs_on+0x7d/0x100 [ 175.632731][ T5645] ? _raw_spin_unlock_irq+0x2e/0x50 [ 175.637976][ T5645] ? ptrace_notify+0xfe/0x140 [ 175.642696][ T5645] do_syscall_64+0x39/0xb0 [ 175.647171][ T5645] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 175.653114][ T5645] RIP: 0033:0x7faecf034129 [ 175.657570][ T5645] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 175.677209][ T5645] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 175.685658][ T5645] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 175.693656][ T5645] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 175.701652][ T5645] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 175.709648][ T5645] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 175.717644][ T5645] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001c [ 175.725667][ T5645] [ 175.732548][ T5645] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5644] <... close resumed>) = 0 [pid 5085] getdents64(3, [pid 5644] close(4 [pid 5085] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5644] <... close resumed>) = 0 [pid 5085] close(3 [pid 5644] close(5 [pid 5085] <... close resumed>) = 0 [pid 5644] <... close resumed>) = 0 [pid 5085] rmdir("./24" [pid 5644] close(6 [pid 5085] <... rmdir resumed>) = 0 [pid 5644] <... close resumed>) = 0 [pid 5644] close(7 [pid 5085] mkdir("./25", 0777 [pid 5644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] <... mkdir resumed>) = 0 [pid 5644] close(8) = -1 EBADF (Bad file descriptor) [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5662 attached [pid 5644] close(9) = -1 EBADF (Bad file descriptor) [pid 5644] close(10 [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 27 [pid 5662] chdir("./25" [pid 5644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5644] close(11 [pid 5662] <... chdir resumed>) = 0 [pid 5644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5662] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5644] close(12) = -1 EBADF (Bad file descriptor) [pid 5662] <... prctl resumed>) = 0 [pid 5644] close(13) = -1 EBADF (Bad file descriptor) [pid 5644] close(14 [pid 5662] setpgid(0, 0 [pid 5644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5644] close(15) = -1 EBADF (Bad file descriptor) [pid 5644] close(16) = -1 EBADF (Bad file descriptor) [pid 5662] <... setpgid resumed>) = 0 [pid 5644] close(17) = -1 EBADF (Bad file descriptor) [pid 5644] close(18 [pid 5662] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5644] close(19) = -1 EBADF (Bad file descriptor) [pid 5662] <... symlink resumed>) = 0 [pid 5644] close(20 [pid 5662] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5644] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 175.738423][ T5645] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5662] <... symlink resumed>) = 0 [pid 5644] close(21) = -1 EBADF (Bad file descriptor) [pid 5644] close(22) = -1 EBADF (Bad file descriptor) [pid 5644] close(23) = -1 EBADF (Bad file descriptor) [pid 5644] close(24) = -1 EBADF (Bad file descriptor) [pid 5644] close(25) = -1 EBADF (Bad file descriptor) [pid 5644] close(26) = -1 EBADF (Bad file descriptor) [pid 5644] close(27) = -1 EBADF (Bad file descriptor) [pid 5644] close(28) = -1 EBADF (Bad file descriptor) [pid 5644] close(29) = -1 EBADF (Bad file descriptor) [pid 5644] exit_group(0) = ? [pid 5644] +++ exited with 0 +++ [ 175.774393][ T5645] Memory cgroup stats for /syz1: [ 175.774703][ T5645] anon 0 [ 175.774703][ T5645] file 0 [ 175.774703][ T5645] kernel 8192 [ 175.774703][ T5645] kernel_stack 0 [ 175.774703][ T5645] pagetables 0 [ 175.774703][ T5645] sec_pagetables 0 [ 175.774703][ T5645] percpu 0 [ 175.774703][ T5645] sock 0 [ 175.774703][ T5645] vmalloc 0 [ 175.774703][ T5645] shmem 0 [ 175.774703][ T5645] zswap 0 [ 175.774703][ T5645] zswapped 0 [ 175.774703][ T5645] file_mapped 0 [ 175.774703][ T5645] file_dirty 0 [ 175.774703][ T5645] file_writeback 0 [ 175.774703][ T5645] swapcached 0 [ 175.774703][ T5645] anon_thp 0 [ 175.774703][ T5645] file_thp 0 [ 175.774703][ T5645] shmem_thp 0 [ 175.774703][ T5645] inactive_anon 0 [ 175.774703][ T5645] active_anon 0 [ 175.774703][ T5645] inactive_file 0 [ 175.774703][ T5645] active_file 0 [ 175.774703][ T5645] unevictable 0 [ 175.774703][ T5645] slab_reclaimable 6752 [ 175.774703][ T5645] slab_unreclaimable 0 [ 175.774703][ T5645] slab 6752 [ 175.774703][ T5645] workingset_refault_anon 0 [ 175.774703][ T5645] workingset_refault_file 0 [ 175.774703][ T5645] workingset_activate_anon 0 [ 175.774703][ T5645] workingset_activate_file 0 [ 175.774703][ T5645] workingset_restore_anon 0 [ 175.774703][ T5645] workingset_restore_file 0 [ 175.774703][ T5645] workingset_nodereclaim 0 [ 175.774703][ T5645] pgscan 831 [ 175.774703][ T5645] pgsteal 2 [ 175.774703][ T5645] pgscan_kswapd 0 [ 175.774703][ T5645] pgscan_direct 831 [ 175.774703][ T5645] pgscan_khugepaged 0 [ 175.774703][ T5645] pgsteal_kswapd 0 [ 175.774703][ T5645] pgsteal_direct 2 [ 175.774703][ T5645] pgsteal_khugepaged 0 [pid 5662] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 175.774703][ T5645] pgfault 21 [ 175.774703][ T5645] pgmajfault 0 [ 175.774703][ T5645] pgrefill 830 [ 175.774703][ T5645] pgactivate 829 [ 175.774703][ T5645] pgdeactivate 830 [ 175.774703][ T5645] pglazyfree 0 [ 175.774703][ T5645] pglazyfreed 0 [ 175.774703][ T5645] zswpin 0 [ 175.774703][ T5645] zswpout 0 [ 175.774703][ T5645] thp_fault_alloc 0 [ 175.774703][ T5645] thp_collapse_alloc 0 [ 175.962495][ T5645] Tasks state (memory values in pages): [pid 5662] <... symlink resumed>) = 0 [pid 5086] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5662] <... openat resumed>) = 3 [pid 5086] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5662] write(3, "1000", 4 [pid 5086] <... openat resumed>) = 3 [pid 5662] <... write resumed>) = 4 [pid 5086] fstat(3, [pid 5662] close(3) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5662] symlink("/dev/binderfs", "./binderfs" [ 175.968099][ T5645] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5086] getdents64(3, [pid 5662] <... symlink resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5662] mkdir("./file0", 000 [pid 5086] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5662] <... mkdir resumed>) = 0 [pid 5645] <... write resumed>) = 18 [ 176.003438][ T5645] Out of memory and no killable processes... [ 176.010217][ T5647] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 176.023092][ T5647] CPU: 0 PID: 5647 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 176.033071][ T5647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 176.043186][ T5647] Call Trace: [ 176.046508][ T5647] [ 176.049484][ T5647] dump_stack_lvl+0x136/0x150 [ 176.054234][ T5647] dump_header+0x10a/0xd70 [ 176.058718][ T5647] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 176.064880][ T5647] out_of_memory+0xd64/0x1660 [ 176.069641][ T5647] ? oom_killer_disable+0x2b0/0x2b0 [ 176.074936][ T5647] mem_cgroup_out_of_memory+0x206/0x270 [ 176.080570][ T5647] ? mem_cgroup_margin+0x130/0x130 [ 176.085786][ T5647] memory_max_write+0x2f9/0x3c0 [ 176.090723][ T5647] ? mem_cgroup_force_empty_write+0x160/0x160 [ 176.096880][ T5647] ? lock_sync+0x190/0x190 [ 176.101365][ T5647] cgroup_file_write+0x1e2/0x7b0 [ 176.106387][ T5647] ? mem_cgroup_force_empty_write+0x160/0x160 [ 176.112542][ T5647] ? kill_css+0x3b0/0x3b0 [ 176.116954][ T5647] ? lock_acquire+0x32/0xc0 [ 176.121535][ T5647] ? kill_css+0x3b0/0x3b0 [ 176.125961][ T5647] kernfs_fop_write_iter+0x3f1/0x600 [ 176.131320][ T5647] vfs_write+0x9ed/0xe10 [ 176.135619][ T5647] ? kernel_write+0x670/0x670 [ 176.140348][ T5647] ? find_held_lock+0x2d/0x110 [ 176.145174][ T5647] ? __fget_light+0x20a/0x270 [ 176.149926][ T5647] ksys_write+0x12b/0x250 [ 176.154315][ T5647] ? __ia32_sys_read+0xb0/0xb0 [ 176.159139][ T5647] ? lockdep_hardirqs_on+0x7d/0x100 [ 176.164389][ T5647] ? _raw_spin_unlock_irq+0x2e/0x50 [ 176.169633][ T5647] ? ptrace_notify+0xfe/0x140 [ 176.174353][ T5647] do_syscall_64+0x39/0xb0 [ 176.178814][ T5647] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 176.184742][ T5647] RIP: 0033:0x7faecf034129 [ 176.189183][ T5647] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 176.208824][ T5647] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 176.217268][ T5647] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 176.225284][ T5647] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 176.233287][ T5647] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 176.241284][ T5647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5086] lstat("./25/binderfs", [pid 5662] open("./file0", O_RDONLY [pid 5645] close(3 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5662] <... open resumed>) = 3 [pid 5645] <... close resumed>) = 0 [pid 5662] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5086] unlink("./25/binderfs" [pid 5662] <... mount resumed>) = 0 [pid 5645] close(4 [pid 5662] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5086] <... unlink resumed>) = 0 [pid 5645] <... close resumed>) = 0 [pid 5662] <... openat resumed>) = 4 [pid 5086] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5645] close(5 [pid 5662] openat(4, "syz1", O_RDWR|O_PATH [pid 5645] <... close resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5662] <... openat resumed>) = 5 [ 176.249298][ T5647] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001c [ 176.257319][ T5647] [ 176.277321][ T5647] memory: usage 8kB, limit 0kB, failcnt 36 [ 176.284309][ T5647] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 176.292762][ T5647] Memory cgroup stats for /syz1: [ 176.293339][ T5647] anon 0 [ 176.293339][ T5647] file 0 [pid 5645] close(6) = 0 [pid 5645] close(7) = -1 EBADF (Bad file descriptor) [pid 5645] close(8) = -1 EBADF (Bad file descriptor) [pid 5645] close(9) = -1 EBADF (Bad file descriptor) [pid 5645] close(10) = -1 EBADF (Bad file descriptor) [pid 5645] close(11) = -1 EBADF (Bad file descriptor) [pid 5645] close(12) = -1 EBADF (Bad file descriptor) [pid 5645] close(13) = -1 EBADF (Bad file descriptor) [ 176.293339][ T5647] kernel 8192 [ 176.293339][ T5647] kernel_stack 0 [ 176.293339][ T5647] pagetables 0 [ 176.293339][ T5647] sec_pagetables 0 [ 176.293339][ T5647] percpu 0 [ 176.293339][ T5647] sock 0 [ 176.293339][ T5647] vmalloc 0 [ 176.293339][ T5647] shmem 0 [ 176.293339][ T5647] zswap 0 [ 176.293339][ T5647] zswapped 0 [ 176.293339][ T5647] file_mapped 0 [ 176.293339][ T5647] file_dirty 0 [ 176.293339][ T5647] file_writeback 0 [ 176.293339][ T5647] swapcached 0 [ 176.293339][ T5647] anon_thp 0 [ 176.293339][ T5647] file_thp 0 [pid 5645] close(14) = -1 EBADF (Bad file descriptor) [pid 5645] close(15) = -1 EBADF (Bad file descriptor) [pid 5645] close(16) = -1 EBADF (Bad file descriptor) [pid 5645] close(17) = -1 EBADF (Bad file descriptor) [pid 5645] close(18) = -1 EBADF (Bad file descriptor) [pid 5645] close(19) = -1 EBADF (Bad file descriptor) [pid 5645] close(20) = -1 EBADF (Bad file descriptor) [pid 5645] close(21) = -1 EBADF (Bad file descriptor) [pid 5645] close(22) = -1 EBADF (Bad file descriptor) [ 176.293339][ T5647] shmem_thp 0 [ 176.293339][ T5647] inactive_anon 0 [ 176.293339][ T5647] active_anon 0 [ 176.293339][ T5647] inactive_file 0 [ 176.293339][ T5647] active_file 0 [ 176.293339][ T5647] unevictable 0 [ 176.293339][ T5647] slab_reclaimable 6752 [ 176.293339][ T5647] slab_unreclaimable 0 [ 176.293339][ T5647] slab 6752 [ 176.293339][ T5647] workingset_refault_anon 0 [ 176.293339][ T5647] workingset_refault_file 0 [ 176.293339][ T5647] workingset_activate_anon 0 [ 176.293339][ T5647] workingset_activate_file 0 [ 176.293339][ T5647] workingset_restore_anon 0 [ 176.293339][ T5647] workingset_restore_file 0 [ 176.293339][ T5647] workingset_nodereclaim 0 [ 176.293339][ T5647] pgscan 831 [ 176.293339][ T5647] pgsteal 2 [ 176.293339][ T5647] pgscan_kswapd 0 [ 176.293339][ T5647] pgscan_direct 831 [ 176.293339][ T5647] pgscan_khugepaged 0 [ 176.293339][ T5647] pgsteal_kswapd 0 [ 176.293339][ T5647] pgsteal_direct 2 [ 176.293339][ T5647] pgsteal_khugepaged 0 [ 176.293339][ T5647] pgfault 21 [ 176.293339][ T5647] pgmajfault 0 [ 176.293339][ T5647] pgrefill 830 [pid 5645] close(23) = -1 EBADF (Bad file descriptor) [pid 5645] close(24) = -1 EBADF (Bad file descriptor) [pid 5645] close(25) = -1 EBADF (Bad file descriptor) [pid 5645] close(26) = -1 EBADF (Bad file descriptor) [pid 5645] close(27) = -1 EBADF (Bad file descriptor) [pid 5645] close(28) = -1 EBADF (Bad file descriptor) [pid 5645] close(29) = -1 EBADF (Bad file descriptor) [pid 5645] exit_group(0) = ? [pid 5645] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5090] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./28/binderfs") = 0 [pid 5090] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./28/cgroup") = 0 [pid 5090] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./28/cgroup.net") = 0 [pid 5090] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5662] openat(5, "memory.max", O_RDWR [pid 5090] <... umount2 resumed>) = 0 [pid 5086] lstat("./25/cgroup", [pid 5090] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5662] <... openat resumed>) = 6 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5662] write(6, "0x000000000000040e", 18 [pid 5090] lstat("./28/file0", [pid 5086] unlink("./25/cgroup" [pid 5090] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5090] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] <... openat resumed>) = 4 [pid 5090] fstat(4, [pid 5086] lstat("./25/cgroup.net", [pid 5090] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] getdents64(4, [pid 5086] unlink("./25/cgroup.net" [pid 5090] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, [pid 5086] <... unlink resumed>) = 0 [pid 5090] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] close(4) = 0 [ 176.293339][ T5647] pgactivate 829 [ 176.293339][ T5647] pgdeactivate 830 [ 176.293339][ T5647] pglazyfree 0 [ 176.293339][ T5647] pglazyfreed 0 [ 176.293339][ T5647] zswpin 0 [ 176.293339][ T5647] zswpout 0 [ 176.293339][ T5647] thp_fault_alloc 0 [ 176.293339][ T5647] thp_collapse_alloc 0 [pid 5090] rmdir("./28/file0") = 0 [pid 5090] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./28/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./28") = 0 [pid 5090] mkdir("./29", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5667 attached [pid 5667] chdir("./29" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 31 [pid 5667] <... chdir resumed>) = 0 [pid 5667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5667] setpgid(0, 0) = 0 [pid 5667] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5667] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5667] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5086] <... umount2 resumed>) = 0 [pid 5667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5667] <... openat resumed>) = 3 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5667] write(3, "1000", 4 [pid 5086] lstat("./25/file0", [pid 5667] <... write resumed>) = 4 [pid 5667] close(3 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5667] <... close resumed>) = 0 [pid 5086] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5667] symlink("/dev/binderfs", "./binderfs" [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5667] <... symlink resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5667] mkdir("./file0", 000) = 0 [pid 5086] <... openat resumed>) = 4 [pid 5667] open("./file0", O_RDONLY [pid 5086] fstat(4, [pid 5667] <... open resumed>) = 3 [pid 5667] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5667] <... mount resumed>) = 0 [pid 5086] getdents64(4, [pid 5667] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5086] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5667] <... openat resumed>) = 4 [pid 5667] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5667] openat(5, "memory.max", O_RDWR) = 6 [pid 5086] getdents64(4, [pid 5667] write(6, "0x000000000000040e", 18 [pid 5086] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./25/file0") = 0 [pid 5086] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./25/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./25") = 0 [pid 5086] mkdir("./26", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5647] <... write resumed>) = 18 [ 176.579864][ T5647] Tasks state (memory values in pages): [ 176.590293][ T5647] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 176.616389][ T5647] Out of memory and no killable processes... [pid 5647] close(3) = 0 [pid 5647] close(4) = 0 [pid 5647] close(5) = 0 [pid 5647] close(6) = 0 [pid 5647] close(7) = -1 EBADF (Bad file descriptor) [pid 5647] close(8) = -1 EBADF (Bad file descriptor) [pid 5647] close(9./strace-static-x86_64: Process 5670 attached ) = -1 EBADF (Bad file descriptor) [pid 5670] chdir("./26" [pid 5647] close(10 [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 28 [pid 5670] <... chdir resumed>) = 0 [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5647] close(11 [pid 5670] <... prctl resumed>) = 0 [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] setpgid(0, 0 [pid 5647] close(12 [pid 5670] <... setpgid resumed>) = 0 [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5647] close(13 [pid 5670] <... symlink resumed>) = 0 [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5647] close(14) = -1 EBADF (Bad file descriptor) [pid 5670] <... symlink resumed>) = 0 [pid 5647] close(15 [pid 5670] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] <... symlink resumed>) = 0 [pid 5647] close(16 [pid 5670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] <... openat resumed>) = 3 [pid 5647] close(17 [pid 5670] write(3, "1000", 4 [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] <... write resumed>) = 4 [pid 5647] close(18 [pid 5670] close(3 [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5647] close(19) = -1 EBADF (Bad file descriptor) [pid 5647] close(20) = -1 EBADF (Bad file descriptor) [pid 5647] close(21) = -1 EBADF (Bad file descriptor) [pid 5647] close(22) = -1 EBADF (Bad file descriptor) [pid 5647] close(23) = -1 EBADF (Bad file descriptor) [pid 5647] close(24) = -1 EBADF (Bad file descriptor) [ 176.629547][ T5656] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 176.669846][ T5656] CPU: 0 PID: 5656 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5647] close(25) = -1 EBADF (Bad file descriptor) [pid 5670] <... close resumed>) = 0 [pid 5647] close(26 [pid 5670] symlink("/dev/binderfs", "./binderfs" [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] <... symlink resumed>) = 0 [pid 5647] close(27 [pid 5670] mkdir("./file0", 000 [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] <... mkdir resumed>) = 0 [pid 5647] close(28 [pid 5670] open("./file0", O_RDONLY [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] <... open resumed>) = 3 [pid 5647] close(29 [pid 5670] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5647] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5670] <... mount resumed>) = 0 [pid 5647] exit_group(0 [pid 5670] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5647] <... exit_group resumed>) = ? [pid 5670] <... openat resumed>) = 4 [pid 5647] +++ exited with 0 +++ [ 176.679955][ T5656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 176.690078][ T5656] Call Trace: [ 176.693410][ T5656] [ 176.696393][ T5656] dump_stack_lvl+0x136/0x150 [ 176.701136][ T5656] dump_header+0x10a/0xd70 [ 176.705616][ T5656] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 176.711778][ T5656] out_of_memory+0xd64/0x1660 [ 176.716535][ T5656] ? oom_killer_disable+0x2b0/0x2b0 [ 176.721815][ T5656] mem_cgroup_out_of_memory+0x206/0x270 [pid 5670] openat(4, "syz1", O_RDWR|O_PATH [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5670] <... openat resumed>) = 5 [pid 5670] openat(5, "memory.max", O_RDWR) = 6 [pid 5089] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5670] write(6, "0x000000000000040e", 18 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 176.727413][ T5656] ? mem_cgroup_margin+0x130/0x130 [ 176.732589][ T5656] memory_max_write+0x2f9/0x3c0 [ 176.737495][ T5656] ? mem_cgroup_force_empty_write+0x160/0x160 [ 176.743619][ T5656] ? lock_sync+0x190/0x190 [ 176.748081][ T5656] cgroup_file_write+0x1e2/0x7b0 [ 176.753069][ T5656] ? mem_cgroup_force_empty_write+0x160/0x160 [ 176.759186][ T5656] ? kill_css+0x3b0/0x3b0 [ 176.763562][ T5656] ? lock_acquire+0x32/0xc0 [ 176.768117][ T5656] ? kill_css+0x3b0/0x3b0 [ 176.772490][ T5656] kernfs_fop_write_iter+0x3f1/0x600 [ 176.777828][ T5656] vfs_write+0x9ed/0xe10 [ 176.782130][ T5656] ? kernel_write+0x670/0x670 [ 176.786878][ T5656] ? find_held_lock+0x2d/0x110 [ 176.791692][ T5656] ? __fget_light+0x20a/0x270 [ 176.796425][ T5656] ksys_write+0x12b/0x250 [ 176.800802][ T5656] ? __ia32_sys_read+0xb0/0xb0 [ 176.805627][ T5656] ? lockdep_hardirqs_on+0x7d/0x100 [ 176.810865][ T5656] ? _raw_spin_unlock_irq+0x2e/0x50 [ 176.816113][ T5656] ? ptrace_notify+0xfe/0x140 [ 176.820832][ T5656] do_syscall_64+0x39/0xb0 [ 176.825314][ T5656] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 176.831253][ T5656] RIP: 0033:0x7faecf034129 [ 176.835696][ T5656] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 176.855346][ T5656] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 176.863791][ T5656] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 176.871790][ T5656] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5089] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./28/binderfs") = 0 [pid 5089] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./28/cgroup") = 0 [pid 5089] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./28/cgroup.net") = 0 [pid 5089] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 176.879785][ T5656] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 176.887783][ T5656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 176.895783][ T5656] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001b [ 176.903802][ T5656] [pid 5089] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./28/file0") = 0 [pid 5089] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./28/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./28") = 0 [pid 5089] mkdir("./29", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5671 attached [pid 5671] chdir("./29" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 31 [pid 5671] <... chdir resumed>) = 0 [pid 5671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5671] setpgid(0, 0) = 0 [pid 5671] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5671] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5671] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5671] write(3, "1000", 4) = 4 [pid 5671] close(3) = 0 [pid 5671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5671] mkdir("./file0", 000) = 0 [pid 5671] open("./file0", O_RDONLY) = 3 [pid 5671] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5671] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5671] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5671] openat(5, "memory.max", O_RDWR) = 6 [ 177.031217][ T5656] memory: usage 8kB, limit 0kB, failcnt 36 [ 177.039751][ T5656] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 177.049251][ T5656] Memory cgroup stats for /syz1: [ 177.049522][ T5656] anon 0 [ 177.049522][ T5656] file 0 [ 177.049522][ T5656] kernel 8192 [ 177.049522][ T5656] kernel_stack 0 [ 177.049522][ T5656] pagetables 0 [ 177.049522][ T5656] sec_pagetables 0 [ 177.049522][ T5656] percpu 0 [ 177.049522][ T5656] sock 0 [ 177.049522][ T5656] vmalloc 0 [ 177.049522][ T5656] shmem 0 [ 177.049522][ T5656] zswap 0 [ 177.049522][ T5656] zswapped 0 [ 177.049522][ T5656] file_mapped 0 [ 177.049522][ T5656] file_dirty 0 [ 177.049522][ T5656] file_writeback 0 [ 177.049522][ T5656] swapcached 0 [ 177.049522][ T5656] anon_thp 0 [ 177.049522][ T5656] file_thp 0 [ 177.049522][ T5656] shmem_thp 0 [ 177.049522][ T5656] inactive_anon 0 [ 177.049522][ T5656] active_anon 0 [ 177.049522][ T5656] inactive_file 0 [ 177.049522][ T5656] active_file 0 [ 177.049522][ T5656] unevictable 0 [ 177.049522][ T5656] slab_reclaimable 6752 [ 177.049522][ T5656] slab_unreclaimable 0 [ 177.049522][ T5656] slab 6752 [ 177.049522][ T5656] workingset_refault_anon 0 [ 177.049522][ T5656] workingset_refault_file 0 [ 177.049522][ T5656] workingset_activate_anon 0 [ 177.049522][ T5656] workingset_activate_file 0 [ 177.049522][ T5656] workingset_restore_anon 0 [ 177.049522][ T5656] workingset_restore_file 0 [ 177.049522][ T5656] workingset_nodereclaim 0 [ 177.049522][ T5656] pgscan 831 [ 177.049522][ T5656] pgsteal 2 [ 177.049522][ T5656] pgscan_kswapd 0 [ 177.049522][ T5656] pgscan_direct 831 [ 177.049522][ T5656] pgscan_khugepaged 0 [ 177.049522][ T5656] pgsteal_kswapd 0 [ 177.049522][ T5656] pgsteal_direct 2 [ 177.049522][ T5656] pgsteal_khugepaged 0 [ 177.049522][ T5656] pgfault 21 [ 177.049522][ T5656] pgmajfault 0 [ 177.049522][ T5656] pgrefill 830 [ 177.049522][ T5656] pgactivate 829 [ 177.049522][ T5656] pgdeactivate 830 [ 177.049522][ T5656] pglazyfree 0 [ 177.049522][ T5656] pglazyfreed 0 [ 177.049522][ T5656] zswpin 0 [ 177.049522][ T5656] zswpout 0 [ 177.049522][ T5656] thp_fault_alloc 0 [pid 5671] write(6, "0x000000000000040e", 18 [pid 5656] <... write resumed>) = 18 [pid 5656] close(3) = 0 [pid 5656] close(4) = 0 [pid 5656] close(5) = 0 [pid 5656] close(6) = 0 [pid 5656] close(7) = -1 EBADF (Bad file descriptor) [pid 5656] close(8) = -1 EBADF (Bad file descriptor) [pid 5656] close(9) = -1 EBADF (Bad file descriptor) [pid 5656] close(10) = -1 EBADF (Bad file descriptor) [ 177.049522][ T5656] thp_collapse_alloc 0 [ 177.240744][ T5656] Tasks state (memory values in pages): [ 177.246459][ T5656] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 177.256261][ T5656] Out of memory and no killable processes... [ 177.263784][ T5662] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5656] close(11) = -1 EBADF (Bad file descriptor) [pid 5656] close(12) = -1 EBADF (Bad file descriptor) [pid 5656] close(13) = -1 EBADF (Bad file descriptor) [pid 5656] close(14) = -1 EBADF (Bad file descriptor) [pid 5656] close(15) = -1 EBADF (Bad file descriptor) [pid 5656] close(16) = -1 EBADF (Bad file descriptor) [pid 5656] close(17) = -1 EBADF (Bad file descriptor) [pid 5656] close(18) = -1 EBADF (Bad file descriptor) [ 177.286863][ T5662] CPU: 0 PID: 5662 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 177.296849][ T5662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 177.306958][ T5662] Call Trace: [ 177.310281][ T5662] [ 177.313261][ T5662] dump_stack_lvl+0x136/0x150 [ 177.318008][ T5662] dump_header+0x10a/0xd70 [ 177.322495][ T5662] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 177.328659][ T5662] out_of_memory+0xd64/0x1660 [pid 5656] close(19) = -1 EBADF (Bad file descriptor) [pid 5656] close(20) = -1 EBADF (Bad file descriptor) [pid 5656] close(21) = -1 EBADF (Bad file descriptor) [pid 5656] close(22) = -1 EBADF (Bad file descriptor) [pid 5656] close(23) = -1 EBADF (Bad file descriptor) [pid 5656] close(24) = -1 EBADF (Bad file descriptor) [pid 5656] close(25) = -1 EBADF (Bad file descriptor) [pid 5656] close(26) = -1 EBADF (Bad file descriptor) [pid 5656] close(27) = -1 EBADF (Bad file descriptor) [pid 5656] close(28) = -1 EBADF (Bad file descriptor) [ 177.333416][ T5662] ? oom_killer_disable+0x2b0/0x2b0 [ 177.338711][ T5662] mem_cgroup_out_of_memory+0x206/0x270 [ 177.344341][ T5662] ? mem_cgroup_margin+0x130/0x130 [ 177.349564][ T5662] memory_max_write+0x2f9/0x3c0 [ 177.354513][ T5662] ? mem_cgroup_force_empty_write+0x160/0x160 [ 177.360679][ T5662] ? lock_sync+0x190/0x190 [ 177.365165][ T5662] cgroup_file_write+0x1e2/0x7b0 [ 177.370160][ T5662] ? mem_cgroup_force_empty_write+0x160/0x160 [ 177.376273][ T5662] ? kill_css+0x3b0/0x3b0 [ 177.380644][ T5662] ? lock_acquire+0x32/0xc0 [ 177.385194][ T5662] ? kill_css+0x3b0/0x3b0 [ 177.389565][ T5662] kernfs_fop_write_iter+0x3f1/0x600 [ 177.394901][ T5662] vfs_write+0x9ed/0xe10 [ 177.399199][ T5662] ? kernel_write+0x670/0x670 [ 177.403928][ T5662] ? find_held_lock+0x2d/0x110 [ 177.408740][ T5662] ? __fget_light+0x20a/0x270 [ 177.413465][ T5662] ksys_write+0x12b/0x250 [ 177.417847][ T5662] ? __ia32_sys_read+0xb0/0xb0 [ 177.422658][ T5662] ? lockdep_hardirqs_on+0x7d/0x100 [ 177.427916][ T5662] ? _raw_spin_unlock_irq+0x2e/0x50 [ 177.433167][ T5662] ? ptrace_notify+0xfe/0x140 [ 177.437885][ T5662] do_syscall_64+0x39/0xb0 [ 177.442355][ T5662] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 177.448296][ T5662] RIP: 0033:0x7faecf034129 [ 177.452750][ T5662] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 177.472386][ T5662] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5656] close(29) = -1 EBADF (Bad file descriptor) [pid 5656] exit_group(0) = ? [pid 5656] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./27/binderfs") = 0 [pid 5087] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./27/cgroup") = 0 [ 177.480848][ T5662] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 177.488848][ T5662] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 177.496845][ T5662] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 177.504844][ T5662] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 177.512845][ T5662] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000019 [ 177.520880][ T5662] [pid 5087] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./27/cgroup.net") = 0 [pid 5087] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./27/file0") = 0 [pid 5087] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./27/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./27") = 0 [ 177.560380][ T5662] memory: usage 8kB, limit 0kB, failcnt 36 [ 177.572137][ T5662] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 177.596976][ T5662] Memory cgroup stats for /syz1: [ 177.597258][ T5662] anon 0 [ 177.597258][ T5662] file 0 [ 177.597258][ T5662] kernel 8192 [ 177.597258][ T5662] kernel_stack 0 [ 177.597258][ T5662] pagetables 0 [ 177.597258][ T5662] sec_pagetables 0 [ 177.597258][ T5662] percpu 0 [ 177.597258][ T5662] sock 0 [ 177.597258][ T5662] vmalloc 0 [ 177.597258][ T5662] shmem 0 [ 177.597258][ T5662] zswap 0 [ 177.597258][ T5662] zswapped 0 [ 177.597258][ T5662] file_mapped 0 [ 177.597258][ T5662] file_dirty 0 [ 177.597258][ T5662] file_writeback 0 [ 177.597258][ T5662] swapcached 0 [ 177.597258][ T5662] anon_thp 0 [ 177.597258][ T5662] file_thp 0 [ 177.597258][ T5662] shmem_thp 0 [ 177.597258][ T5662] inactive_anon 0 [ 177.597258][ T5662] active_anon 0 [ 177.597258][ T5662] inactive_file 0 [ 177.597258][ T5662] active_file 0 [ 177.597258][ T5662] unevictable 0 [ 177.597258][ T5662] slab_reclaimable 6752 [ 177.597258][ T5662] slab_unreclaimable 0 [ 177.597258][ T5662] slab 6752 [ 177.597258][ T5662] workingset_refault_anon 0 [ 177.597258][ T5662] workingset_refault_file 0 [ 177.597258][ T5662] workingset_activate_anon 0 [ 177.597258][ T5662] workingset_activate_file 0 [ 177.597258][ T5662] workingset_restore_anon 0 [ 177.597258][ T5662] workingset_restore_file 0 [ 177.597258][ T5662] workingset_nodereclaim 0 [ 177.597258][ T5662] pgscan 831 [ 177.597258][ T5662] pgsteal 2 [ 177.597258][ T5662] pgscan_kswapd 0 [ 177.597258][ T5662] pgscan_direct 831 [ 177.597258][ T5662] pgscan_khugepaged 0 [ 177.597258][ T5662] pgsteal_kswapd 0 [ 177.597258][ T5662] pgsteal_direct 2 [ 177.597258][ T5662] pgsteal_khugepaged 0 [ 177.597258][ T5662] pgfault 21 [ 177.597258][ T5662] pgmajfault 0 [ 177.597258][ T5662] pgrefill 830 [ 177.597258][ T5662] pgactivate 829 [pid 5087] mkdir("./28", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5674 attached [pid 5674] chdir("./28" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 30 [pid 5674] <... chdir resumed>) = 0 [pid 5674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5674] setpgid(0, 0) = 0 [pid 5674] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5674] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5674] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5674] write(3, "1000", 4) = 4 [pid 5674] close(3) = 0 [pid 5674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5674] mkdir("./file0", 000) = 0 [pid 5674] open("./file0", O_RDONLY) = 3 [pid 5674] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5674] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5674] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5674] openat(5, "memory.max", O_RDWR) = 6 [ 177.597258][ T5662] pgdeactivate 830 [ 177.597258][ T5662] pglazyfree 0 [ 177.597258][ T5662] pglazyfreed 0 [ 177.597258][ T5662] zswpin 0 [ 177.597258][ T5662] zswpout 0 [ 177.597258][ T5662] thp_fault_alloc 0 [ 177.597258][ T5662] thp_collapse_alloc 0 [ 177.792191][ T5662] Tasks state (memory values in pages): [ 177.798114][ T5662] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5674] write(6, "0x000000000000040e", 18 [pid 5662] <... write resumed>) = 18 [pid 5662] close(3) = 0 [pid 5662] close(4) = 0 [pid 5662] close(5) = 0 [pid 5662] close(6) = 0 [pid 5662] close(7) = -1 EBADF (Bad file descriptor) [pid 5662] close(8) = -1 EBADF (Bad file descriptor) [pid 5662] close(9) = -1 EBADF (Bad file descriptor) [pid 5662] close(10) = -1 EBADF (Bad file descriptor) [pid 5662] close(11) = -1 EBADF (Bad file descriptor) [pid 5662] close(12) = -1 EBADF (Bad file descriptor) [pid 5662] close(13) = -1 EBADF (Bad file descriptor) [pid 5662] close(14) = -1 EBADF (Bad file descriptor) [pid 5662] close(15) = -1 EBADF (Bad file descriptor) [ 177.808292][ T5662] Out of memory and no killable processes... [ 177.815237][ T5667] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 177.828009][ T5667] CPU: 1 PID: 5667 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 177.837952][ T5667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 177.848074][ T5667] Call Trace: [ 177.851405][ T5667] [ 177.854391][ T5667] dump_stack_lvl+0x136/0x150 [pid 5662] close(16) = -1 EBADF (Bad file descriptor) [pid 5662] close(17) = -1 EBADF (Bad file descriptor) [pid 5662] close(18) = -1 EBADF (Bad file descriptor) [pid 5662] close(19) = -1 EBADF (Bad file descriptor) [pid 5662] close(20) = -1 EBADF (Bad file descriptor) [pid 5662] close(21) = -1 EBADF (Bad file descriptor) [pid 5662] close(22) = -1 EBADF (Bad file descriptor) [pid 5662] close(23) = -1 EBADF (Bad file descriptor) [pid 5662] close(24) = -1 EBADF (Bad file descriptor) [pid 5662] close(25) = -1 EBADF (Bad file descriptor) [pid 5662] close(26) = -1 EBADF (Bad file descriptor) [pid 5662] close(27) = -1 EBADF (Bad file descriptor) [pid 5662] close(28) = -1 EBADF (Bad file descriptor) [pid 5662] close(29) = -1 EBADF (Bad file descriptor) [pid 5662] exit_group(0) = ? [pid 5662] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5085] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 177.859167][ T5667] dump_header+0x10a/0xd70 [ 177.863684][ T5667] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 177.869848][ T5667] out_of_memory+0xd64/0x1660 [ 177.874617][ T5667] ? oom_killer_disable+0x2b0/0x2b0 [ 177.879900][ T5667] ? find_held_lock+0x2d/0x110 [ 177.884752][ T5667] mem_cgroup_out_of_memory+0x206/0x270 [ 177.890378][ T5667] ? mem_cgroup_margin+0x130/0x130 [ 177.895588][ T5667] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 177.901489][ T5667] memory_max_write+0x2f9/0x3c0 [pid 5085] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./25/binderfs") = 0 [pid 5085] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./25/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./25/cgroup") = 0 [pid 5085] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./25/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./25/cgroup.net") = 0 [ 177.906430][ T5667] ? mem_cgroup_force_empty_write+0x160/0x160 [ 177.912608][ T5667] ? lock_sync+0x190/0x190 [ 177.917109][ T5667] cgroup_file_write+0x1e2/0x7b0 [ 177.922138][ T5667] ? mem_cgroup_force_empty_write+0x160/0x160 [ 177.928311][ T5667] ? kill_css+0x3b0/0x3b0 [ 177.932742][ T5667] ? lock_acquire+0x32/0xc0 [ 177.937343][ T5667] ? kill_css+0x3b0/0x3b0 [ 177.941775][ T5667] kernfs_fop_write_iter+0x3f1/0x600 [ 177.947151][ T5667] vfs_write+0x9ed/0xe10 [ 177.951475][ T5667] ? kernel_write+0x670/0x670 [ 177.956211][ T5667] ? find_held_lock+0x2d/0x110 [ 177.961056][ T5667] ? __fget_light+0x20a/0x270 [ 177.965822][ T5667] ksys_write+0x12b/0x250 [ 177.970204][ T5667] ? __ia32_sys_read+0xb0/0xb0 [ 177.975057][ T5667] ? lockdep_hardirqs_on+0x7d/0x100 [ 177.980319][ T5667] ? _raw_spin_unlock_irq+0x2e/0x50 [ 177.985598][ T5667] ? ptrace_notify+0xfe/0x140 [ 177.990348][ T5667] do_syscall_64+0x39/0xb0 [ 177.994855][ T5667] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 178.000823][ T5667] RIP: 0033:0x7faecf034129 [ 178.005282][ T5667] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 178.024916][ T5667] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.033376][ T5667] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 178.041412][ T5667] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 178.049440][ T5667] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5085] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./25/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./25/file0") = 0 [pid 5085] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./25/cgroup.cpu") = 0 [ 178.057571][ T5667] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 178.065615][ T5667] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001d [ 178.073820][ T5667] [ 178.094072][ T5667] memory: usage 8kB, limit 0kB, failcnt 36 [ 178.099970][ T5667] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./25") = 0 [pid 5085] mkdir("./26", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5675 attached [pid 5675] chdir("./26" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 28 [pid 5675] <... chdir resumed>) = 0 [pid 5675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5675] setpgid(0, 0) = 0 [pid 5675] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5675] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5675] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5675] write(3, "1000", 4) = 4 [pid 5675] close(3) = 0 [pid 5675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5675] mkdir("./file0", 000) = 0 [pid 5675] open("./file0", O_RDONLY) = 3 [ 178.115908][ T5667] Memory cgroup stats for /syz1: [ 178.116213][ T5667] anon 0 [ 178.116213][ T5667] file 0 [ 178.116213][ T5667] kernel 8192 [ 178.116213][ T5667] kernel_stack 0 [ 178.116213][ T5667] pagetables 0 [ 178.116213][ T5667] sec_pagetables 0 [ 178.116213][ T5667] percpu 0 [ 178.116213][ T5667] sock 0 [ 178.116213][ T5667] vmalloc 0 [ 178.116213][ T5667] shmem 0 [ 178.116213][ T5667] zswap 0 [ 178.116213][ T5667] zswapped 0 [ 178.116213][ T5667] file_mapped 0 [ 178.116213][ T5667] file_dirty 0 [pid 5675] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5675] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5675] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5675] openat(5, "memory.max", O_RDWR) = 6 [ 178.116213][ T5667] file_writeback 0 [ 178.116213][ T5667] swapcached 0 [ 178.116213][ T5667] anon_thp 0 [ 178.116213][ T5667] file_thp 0 [ 178.116213][ T5667] shmem_thp 0 [ 178.116213][ T5667] inactive_anon 0 [ 178.116213][ T5667] active_anon 0 [ 178.116213][ T5667] inactive_file 0 [ 178.116213][ T5667] active_file 0 [ 178.116213][ T5667] unevictable 0 [ 178.116213][ T5667] slab_reclaimable 6752 [ 178.116213][ T5667] slab_unreclaimable 0 [ 178.116213][ T5667] slab 6752 [ 178.116213][ T5667] workingset_refault_anon 0 [ 178.116213][ T5667] workingset_refault_file 0 [ 178.116213][ T5667] workingset_activate_anon 0 [ 178.116213][ T5667] workingset_activate_file 0 [ 178.116213][ T5667] workingset_restore_anon 0 [ 178.116213][ T5667] workingset_restore_file 0 [ 178.116213][ T5667] workingset_nodereclaim 0 [ 178.116213][ T5667] pgscan 831 [ 178.116213][ T5667] pgsteal 2 [ 178.116213][ T5667] pgscan_kswapd 0 [ 178.116213][ T5667] pgscan_direct 831 [ 178.116213][ T5667] pgscan_khugepaged 0 [ 178.116213][ T5667] pgsteal_kswapd 0 [ 178.116213][ T5667] pgsteal_direct 2 [ 178.116213][ T5667] pgsteal_khugepaged 0 [ 178.116213][ T5667] pgfault 21 [ 178.116213][ T5667] pgmajfault 0 [ 178.116213][ T5667] pgrefill 830 [ 178.116213][ T5667] pgactivate 829 [ 178.116213][ T5667] pgdeactivate 830 [ 178.116213][ T5667] pglazyfree 0 [ 178.116213][ T5667] pglazyfreed 0 [ 178.116213][ T5667] zswpin 0 [ 178.116213][ T5667] zswpout 0 [ 178.116213][ T5667] thp_fault_alloc 0 [ 178.116213][ T5667] thp_collapse_alloc 0 [ 178.303166][ T5667] Tasks state (memory values in pages): [pid 5675] write(6, "0x000000000000040e", 18 [pid 5667] <... write resumed>) = 18 [pid 5667] close(3) = 0 [pid 5667] close(4) = 0 [pid 5667] close(5) = 0 [pid 5667] close(6) = 0 [pid 5667] close(7) = -1 EBADF (Bad file descriptor) [pid 5667] close(8) = -1 EBADF (Bad file descriptor) [pid 5667] close(9) = -1 EBADF (Bad file descriptor) [pid 5667] close(10) = -1 EBADF (Bad file descriptor) [pid 5667] close(11) = -1 EBADF (Bad file descriptor) [pid 5667] close(12) = -1 EBADF (Bad file descriptor) [pid 5667] close(13) = -1 EBADF (Bad file descriptor) [pid 5667] close(14) = -1 EBADF (Bad file descriptor) [pid 5667] close(15) = -1 EBADF (Bad file descriptor) [pid 5667] close(16) = -1 EBADF (Bad file descriptor) [pid 5667] close(17) = -1 EBADF (Bad file descriptor) [pid 5667] close(18) = -1 EBADF (Bad file descriptor) [pid 5667] close(19) = -1 EBADF (Bad file descriptor) [pid 5667] close(20) = -1 EBADF (Bad file descriptor) [pid 5667] close(21) = -1 EBADF (Bad file descriptor) [pid 5667] close(22) = -1 EBADF (Bad file descriptor) [pid 5667] close(23) = -1 EBADF (Bad file descriptor) [pid 5667] close(24) = -1 EBADF (Bad file descriptor) [pid 5667] close(25) = -1 EBADF (Bad file descriptor) [pid 5667] close(26) = -1 EBADF (Bad file descriptor) [pid 5667] close(27) = -1 EBADF (Bad file descriptor) [pid 5667] close(28) = -1 EBADF (Bad file descriptor) [pid 5667] close(29) = -1 EBADF (Bad file descriptor) [ 178.308769][ T5667] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 178.319100][ T5667] Out of memory and no killable processes... [ 178.325500][ T5670] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 178.337220][ T5670] CPU: 0 PID: 5670 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 178.347179][ T5670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 178.357289][ T5670] Call Trace: [ 178.360612][ T5670] [pid 5667] exit_group(0) = ? [pid 5667] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 178.363589][ T5670] dump_stack_lvl+0x136/0x150 [ 178.368346][ T5670] dump_header+0x10a/0xd70 [ 178.372838][ T5670] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 178.379005][ T5670] out_of_memory+0xd64/0x1660 [ 178.383765][ T5670] ? oom_killer_disable+0x2b0/0x2b0 [ 178.389047][ T5670] ? find_held_lock+0x2d/0x110 [ 178.393882][ T5670] mem_cgroup_out_of_memory+0x206/0x270 [ 178.399510][ T5670] ? mem_cgroup_margin+0x130/0x130 [ 178.404710][ T5670] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 178.410602][ T5670] memory_max_write+0x2f9/0x3c0 [pid 5090] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./29/binderfs") = 0 [pid 5090] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./29/cgroup") = 0 [pid 5090] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./29/cgroup.net") = 0 [ 178.415535][ T5670] ? mem_cgroup_force_empty_write+0x160/0x160 [ 178.421692][ T5670] ? lock_sync+0x190/0x190 [ 178.426183][ T5670] cgroup_file_write+0x1e2/0x7b0 [ 178.431199][ T5670] ? mem_cgroup_force_empty_write+0x160/0x160 [ 178.437356][ T5670] ? kill_css+0x3b0/0x3b0 [ 178.441738][ T5670] ? lock_acquire+0x32/0xc0 [ 178.446293][ T5670] ? kill_css+0x3b0/0x3b0 [ 178.450666][ T5670] kernfs_fop_write_iter+0x3f1/0x600 [ 178.456001][ T5670] vfs_write+0x9ed/0xe10 [ 178.460295][ T5670] ? kernel_write+0x670/0x670 [ 178.465035][ T5670] ? find_held_lock+0x2d/0x110 [ 178.469845][ T5670] ? __fget_light+0x20a/0x270 [ 178.474571][ T5670] ksys_write+0x12b/0x250 [ 178.478995][ T5670] ? __ia32_sys_read+0xb0/0xb0 [ 178.483808][ T5670] ? lockdep_hardirqs_on+0x7d/0x100 [ 178.489045][ T5670] ? _raw_spin_unlock_irq+0x2e/0x50 [ 178.494285][ T5670] ? ptrace_notify+0xfe/0x140 [ 178.499007][ T5670] do_syscall_64+0x39/0xb0 [ 178.503470][ T5670] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 178.509419][ T5670] RIP: 0033:0x7faecf034129 [ 178.513866][ T5670] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 178.533506][ T5670] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.541954][ T5670] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 178.549957][ T5670] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 178.557964][ T5670] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5090] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./29/file0") = 0 [pid 5090] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./29/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./29") = 0 [pid 5090] mkdir("./30", 0777) = 0 [ 178.565967][ T5670] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 178.573963][ T5670] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001a [ 178.581986][ T5670] [ 178.607038][ T5670] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 32 ./strace-static-x86_64: Process 5676 attached [ 178.617659][ T5670] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 178.627339][ T5670] Memory cgroup stats for /syz1: [ 178.627618][ T5670] anon 0 [ 178.627618][ T5670] file 0 [ 178.627618][ T5670] kernel 8192 [ 178.627618][ T5670] kernel_stack 0 [ 178.627618][ T5670] pagetables 0 [ 178.627618][ T5670] sec_pagetables 0 [ 178.627618][ T5670] percpu 0 [ 178.627618][ T5670] sock 0 [ 178.627618][ T5670] vmalloc 0 [ 178.627618][ T5670] shmem 0 [ 178.627618][ T5670] zswap 0 [ 178.627618][ T5670] zswapped 0 [ 178.627618][ T5670] file_mapped 0 [ 178.627618][ T5670] file_dirty 0 [ 178.627618][ T5670] file_writeback 0 [ 178.627618][ T5670] swapcached 0 [ 178.627618][ T5670] anon_thp 0 [ 178.627618][ T5670] file_thp 0 [ 178.627618][ T5670] shmem_thp 0 [ 178.627618][ T5670] inactive_anon 0 [ 178.627618][ T5670] active_anon 0 [ 178.627618][ T5670] inactive_file 0 [ 178.627618][ T5670] active_file 0 [ 178.627618][ T5670] unevictable 0 [ 178.627618][ T5670] slab_reclaimable 6752 [ 178.627618][ T5670] slab_unreclaimable 0 [ 178.627618][ T5670] slab 6752 [pid 5676] chdir("./30") = 0 [pid 5676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5676] setpgid(0, 0) = 0 [pid 5676] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5676] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5676] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5676] write(3, "1000", 4) = 4 [pid 5676] close(3) = 0 [pid 5676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5676] mkdir("./file0", 000) = 0 [pid 5676] open("./file0", O_RDONLY) = 3 [pid 5676] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5676] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5676] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5676] openat(5, "memory.max", O_RDWR) = 6 [ 178.627618][ T5670] workingset_refault_anon 0 [ 178.627618][ T5670] workingset_refault_file 0 [ 178.627618][ T5670] workingset_activate_anon 0 [ 178.627618][ T5670] workingset_activate_file 0 [ 178.627618][ T5670] workingset_restore_anon 0 [ 178.627618][ T5670] workingset_restore_file 0 [ 178.627618][ T5670] workingset_nodereclaim 0 [ 178.627618][ T5670] pgscan 831 [ 178.627618][ T5670] pgsteal 2 [ 178.627618][ T5670] pgscan_kswapd 0 [ 178.627618][ T5670] pgscan_direct 831 [ 178.627618][ T5670] pgscan_khugepaged 0 [ 178.627618][ T5670] pgsteal_kswapd 0 [ 178.627618][ T5670] pgsteal_direct 2 [ 178.627618][ T5670] pgsteal_khugepaged 0 [ 178.627618][ T5670] pgfault 21 [ 178.627618][ T5670] pgmajfault 0 [ 178.627618][ T5670] pgrefill 830 [ 178.627618][ T5670] pgactivate 829 [ 178.627618][ T5670] pgdeactivate 830 [ 178.627618][ T5670] pglazyfree 0 [ 178.627618][ T5670] pglazyfreed 0 [ 178.627618][ T5670] zswpin 0 [ 178.627618][ T5670] zswpout 0 [ 178.627618][ T5670] thp_fault_alloc 0 [ 178.627618][ T5670] thp_collapse_alloc 0 [pid 5676] write(6, "0x000000000000040e", 18 [pid 5670] <... write resumed>) = 18 [pid 5670] close(3) = 0 [pid 5670] close(4) = 0 [pid 5670] close(5) = 0 [pid 5670] close(6) = 0 [pid 5670] close(7) = -1 EBADF (Bad file descriptor) [pid 5670] close(8) = -1 EBADF (Bad file descriptor) [pid 5670] close(9) = -1 EBADF (Bad file descriptor) [pid 5670] close(10) = -1 EBADF (Bad file descriptor) [pid 5670] close(11) = -1 EBADF (Bad file descriptor) [ 178.814956][ T5670] Tasks state (memory values in pages): [ 178.820714][ T5670] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 178.830731][ T5670] Out of memory and no killable processes... [ 178.836988][ T5671] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 178.847425][ T5671] CPU: 1 PID: 5671 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 178.857380][ T5671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5670] close(12) = -1 EBADF (Bad file descriptor) [pid 5670] close(13) = -1 EBADF (Bad file descriptor) [pid 5670] close(14) = -1 EBADF (Bad file descriptor) [pid 5670] close(15) = -1 EBADF (Bad file descriptor) [pid 5670] close(16) = -1 EBADF (Bad file descriptor) [pid 5670] close(17) = -1 EBADF (Bad file descriptor) [pid 5670] close(18) = -1 EBADF (Bad file descriptor) [pid 5670] close(19) = -1 EBADF (Bad file descriptor) [pid 5670] close(20) = -1 EBADF (Bad file descriptor) [pid 5670] close(21) = -1 EBADF (Bad file descriptor) [pid 5670] close(22) = -1 EBADF (Bad file descriptor) [pid 5670] close(23) = -1 EBADF (Bad file descriptor) [pid 5670] close(24) = -1 EBADF (Bad file descriptor) [pid 5670] close(25) = -1 EBADF (Bad file descriptor) [pid 5670] close(26) = -1 EBADF (Bad file descriptor) [pid 5670] close(27) = -1 EBADF (Bad file descriptor) [pid 5670] close(28) = -1 EBADF (Bad file descriptor) [pid 5670] close(29) = -1 EBADF (Bad file descriptor) [pid 5670] exit_group(0) = ? [ 178.867491][ T5671] Call Trace: [ 178.870826][ T5671] [ 178.873815][ T5671] dump_stack_lvl+0x136/0x150 [ 178.878569][ T5671] dump_header+0x10a/0xd70 [ 178.883053][ T5671] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 178.889217][ T5671] out_of_memory+0xd64/0x1660 [ 178.893984][ T5671] ? oom_killer_disable+0x2b0/0x2b0 [ 178.899265][ T5671] ? find_held_lock+0x2d/0x110 [ 178.904102][ T5671] mem_cgroup_out_of_memory+0x206/0x270 [ 178.909719][ T5671] ? mem_cgroup_margin+0x130/0x130 [pid 5670] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./26/binderfs") = 0 [pid 5086] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./26/cgroup") = 0 [pid 5086] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./26/cgroup.net") = 0 [ 178.914921][ T5671] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 178.920822][ T5671] memory_max_write+0x2f9/0x3c0 [ 178.925802][ T5671] ? mem_cgroup_force_empty_write+0x160/0x160 [ 178.931965][ T5671] ? lock_sync+0x190/0x190 [ 178.936462][ T5671] cgroup_file_write+0x1e2/0x7b0 [ 178.941495][ T5671] ? mem_cgroup_force_empty_write+0x160/0x160 [ 178.947648][ T5671] ? kill_css+0x3b0/0x3b0 [ 178.952062][ T5671] ? lock_acquire+0x32/0xc0 [ 178.956649][ T5671] ? kill_css+0x3b0/0x3b0 [ 178.961056][ T5671] kernfs_fop_write_iter+0x3f1/0x600 [ 178.966434][ T5671] vfs_write+0x9ed/0xe10 [ 178.970777][ T5671] ? kernel_write+0x670/0x670 [ 178.975532][ T5671] ? find_held_lock+0x2d/0x110 [ 178.980350][ T5671] ? __fget_light+0x20a/0x270 [ 178.985086][ T5671] ksys_write+0x12b/0x250 [ 178.989496][ T5671] ? __ia32_sys_read+0xb0/0xb0 [ 178.994335][ T5671] ? lockdep_hardirqs_on+0x7d/0x100 [ 178.999597][ T5671] ? _raw_spin_unlock_irq+0x2e/0x50 [ 179.004871][ T5671] ? ptrace_notify+0xfe/0x140 [ 179.009620][ T5671] do_syscall_64+0x39/0xb0 [ 179.014110][ T5671] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 179.020072][ T5671] RIP: 0033:0x7faecf034129 [ 179.024539][ T5671] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 179.044206][ T5671] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 179.052785][ T5671] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 179.060802][ T5671] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5086] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 179.068817][ T5671] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 179.076827][ T5671] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 179.084843][ T5671] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001d [ 179.092897][ T5671] [ 179.099235][ T5671] memory: usage 8kB, limit 0kB, failcnt 36 [ 179.106756][ T5671] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./26/file0") = 0 [pid 5086] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./26/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./26") = 0 [pid 5086] mkdir("./27", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5677 attached [pid 5677] chdir("./27" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 29 [pid 5677] <... chdir resumed>) = 0 [pid 5677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5677] setpgid(0, 0) = 0 [pid 5677] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5677] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5677] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [ 179.127333][ T5671] Memory cgroup stats for /syz1: [ 179.127663][ T5671] anon 0 [ 179.127663][ T5671] file 0 [ 179.127663][ T5671] kernel 8192 [ 179.127663][ T5671] kernel_stack 0 [ 179.127663][ T5671] pagetables 0 [ 179.127663][ T5671] sec_pagetables 0 [ 179.127663][ T5671] percpu 0 [ 179.127663][ T5671] sock 0 [ 179.127663][ T5671] vmalloc 0 [ 179.127663][ T5671] shmem 0 [ 179.127663][ T5671] zswap 0 [ 179.127663][ T5671] zswapped 0 [ 179.127663][ T5671] file_mapped 0 [ 179.127663][ T5671] file_dirty 0 [pid 5677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5677] write(3, "1000", 4) = 4 [pid 5677] close(3) = 0 [pid 5677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5677] mkdir("./file0", 000) = 0 [pid 5677] open("./file0", O_RDONLY) = 3 [pid 5677] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5677] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5677] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5677] openat(5, "memory.max", O_RDWR) = 6 [ 179.127663][ T5671] file_writeback 0 [ 179.127663][ T5671] swapcached 0 [ 179.127663][ T5671] anon_thp 0 [ 179.127663][ T5671] file_thp 0 [ 179.127663][ T5671] shmem_thp 0 [ 179.127663][ T5671] inactive_anon 0 [ 179.127663][ T5671] active_anon 0 [ 179.127663][ T5671] inactive_file 0 [ 179.127663][ T5671] active_file 0 [ 179.127663][ T5671] unevictable 0 [ 179.127663][ T5671] slab_reclaimable 6752 [ 179.127663][ T5671] slab_unreclaimable 0 [ 179.127663][ T5671] slab 6752 [ 179.127663][ T5671] workingset_refault_anon 0 [ 179.127663][ T5671] workingset_refault_file 0 [ 179.127663][ T5671] workingset_activate_anon 0 [ 179.127663][ T5671] workingset_activate_file 0 [ 179.127663][ T5671] workingset_restore_anon 0 [ 179.127663][ T5671] workingset_restore_file 0 [ 179.127663][ T5671] workingset_nodereclaim 0 [ 179.127663][ T5671] pgscan 831 [ 179.127663][ T5671] pgsteal 2 [ 179.127663][ T5671] pgscan_kswapd 0 [ 179.127663][ T5671] pgscan_direct 831 [ 179.127663][ T5671] pgscan_khugepaged 0 [ 179.127663][ T5671] pgsteal_kswapd 0 [ 179.127663][ T5671] pgsteal_direct 2 [ 179.127663][ T5671] pgsteal_khugepaged 0 [ 179.127663][ T5671] pgfault 21 [ 179.127663][ T5671] pgmajfault 0 [ 179.127663][ T5671] pgrefill 830 [ 179.127663][ T5671] pgactivate 829 [ 179.127663][ T5671] pgdeactivate 830 [ 179.127663][ T5671] pglazyfree 0 [ 179.127663][ T5671] pglazyfreed 0 [ 179.127663][ T5671] zswpin 0 [ 179.127663][ T5671] zswpout 0 [ 179.127663][ T5671] thp_fault_alloc 0 [ 179.127663][ T5671] thp_collapse_alloc 0 [ 179.319187][ T5671] Tasks state (memory values in pages): [pid 5677] write(6, "0x000000000000040e", 18 [pid 5671] <... write resumed>) = 18 [pid 5671] close(3) = 0 [pid 5671] close(4) = 0 [pid 5671] close(5) = 0 [pid 5671] close(6) = 0 [pid 5671] close(7) = -1 EBADF (Bad file descriptor) [pid 5671] close(8) = -1 EBADF (Bad file descriptor) [pid 5671] close(9) = -1 EBADF (Bad file descriptor) [pid 5671] close(10) = -1 EBADF (Bad file descriptor) [pid 5671] close(11) = -1 EBADF (Bad file descriptor) [pid 5671] close(12) = -1 EBADF (Bad file descriptor) [pid 5671] close(13) = -1 EBADF (Bad file descriptor) [ 179.325014][ T5671] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 179.334584][ T5671] Out of memory and no killable processes... [ 179.340630][ T5674] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 179.351134][ T5674] CPU: 1 PID: 5674 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 179.361090][ T5674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 179.371203][ T5674] Call Trace: [ 179.374530][ T5674] [pid 5671] close(14) = -1 EBADF (Bad file descriptor) [pid 5671] close(15) = -1 EBADF (Bad file descriptor) [pid 5671] close(16) = -1 EBADF (Bad file descriptor) [pid 5671] close(17) = -1 EBADF (Bad file descriptor) [pid 5671] close(18) = -1 EBADF (Bad file descriptor) [pid 5671] close(19) = -1 EBADF (Bad file descriptor) [pid 5671] close(20) = -1 EBADF (Bad file descriptor) [pid 5671] close(21) = -1 EBADF (Bad file descriptor) [pid 5671] close(22) = -1 EBADF (Bad file descriptor) [pid 5671] close(23) = -1 EBADF (Bad file descriptor) [pid 5671] close(24) = -1 EBADF (Bad file descriptor) [pid 5671] close(25) = -1 EBADF (Bad file descriptor) [pid 5671] close(26) = -1 EBADF (Bad file descriptor) [pid 5671] close(27) = -1 EBADF (Bad file descriptor) [pid 5671] close(28) = -1 EBADF (Bad file descriptor) [pid 5671] close(29) = -1 EBADF (Bad file descriptor) [pid 5671] exit_group(0) = ? [pid 5671] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 179.377509][ T5674] dump_stack_lvl+0x136/0x150 [ 179.382259][ T5674] dump_header+0x10a/0xd70 [ 179.386754][ T5674] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 179.392919][ T5674] out_of_memory+0xd64/0x1660 [ 179.397687][ T5674] ? oom_killer_disable+0x2b0/0x2b0 [ 179.402974][ T5674] ? find_held_lock+0x2d/0x110 [ 179.407816][ T5674] mem_cgroup_out_of_memory+0x206/0x270 [ 179.413433][ T5674] ? mem_cgroup_margin+0x130/0x130 [ 179.418632][ T5674] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 179.424532][ T5674] memory_max_write+0x2f9/0x3c0 [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./29/binderfs") = 0 [pid 5089] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 179.429477][ T5674] ? mem_cgroup_force_empty_write+0x160/0x160 [ 179.435724][ T5674] ? lock_sync+0x190/0x190 [ 179.440254][ T5674] cgroup_file_write+0x1e2/0x7b0 [ 179.445283][ T5674] ? mem_cgroup_force_empty_write+0x160/0x160 [ 179.451448][ T5674] ? kill_css+0x3b0/0x3b0 [ 179.455852][ T5674] ? lock_acquire+0x32/0xc0 [ 179.460432][ T5674] ? kill_css+0x3b0/0x3b0 [ 179.464807][ T5674] kernfs_fop_write_iter+0x3f1/0x600 [ 179.470145][ T5674] vfs_write+0x9ed/0xe10 [ 179.474437][ T5674] ? kernel_write+0x670/0x670 [ 179.479164][ T5674] ? find_held_lock+0x2d/0x110 [ 179.483975][ T5674] ? __fget_light+0x20a/0x270 [ 179.488709][ T5674] ksys_write+0x12b/0x250 [ 179.493090][ T5674] ? __ia32_sys_read+0xb0/0xb0 [ 179.497904][ T5674] ? lockdep_hardirqs_on+0x7d/0x100 [ 179.503144][ T5674] ? _raw_spin_unlock_irq+0x2e/0x50 [ 179.508388][ T5674] ? ptrace_notify+0xfe/0x140 [ 179.513110][ T5674] do_syscall_64+0x39/0xb0 [ 179.517577][ T5674] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 179.523511][ T5674] RIP: 0033:0x7faecf034129 [ 179.527956][ T5674] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 179.547599][ T5674] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 179.556055][ T5674] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 179.564057][ T5674] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 179.572055][ T5674] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5089] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 179.580069][ T5674] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 179.588063][ T5674] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001c [ 179.596084][ T5674] [ 179.601414][ T5674] memory: usage 8kB, limit 0kB, failcnt 36 [ 179.613544][ T5674] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 179.622870][ T5674] Memory cgroup stats for /syz1: [pid 5089] unlink("./29/cgroup") = 0 [pid 5089] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./29/cgroup.net") = 0 [ 179.623160][ T5674] anon 0 [ 179.623160][ T5674] file 0 [ 179.623160][ T5674] kernel 8192 [ 179.623160][ T5674] kernel_stack 0 [ 179.623160][ T5674] pagetables 0 [ 179.623160][ T5674] sec_pagetables 0 [ 179.623160][ T5674] percpu 0 [ 179.623160][ T5674] sock 0 [ 179.623160][ T5674] vmalloc 0 [ 179.623160][ T5674] shmem 0 [ 179.623160][ T5674] zswap 0 [ 179.623160][ T5674] zswapped 0 [ 179.623160][ T5674] file_mapped 0 [ 179.623160][ T5674] file_dirty 0 [ 179.623160][ T5674] file_writeback 0 [ 179.623160][ T5674] swapcached 0 [ 179.623160][ T5674] anon_thp 0 [ 179.623160][ T5674] file_thp 0 [ 179.623160][ T5674] shmem_thp 0 [ 179.623160][ T5674] inactive_anon 0 [ 179.623160][ T5674] active_anon 0 [ 179.623160][ T5674] inactive_file 0 [ 179.623160][ T5674] active_file 0 [ 179.623160][ T5674] unevictable 0 [ 179.623160][ T5674] slab_reclaimable 6752 [ 179.623160][ T5674] slab_unreclaimable 0 [ 179.623160][ T5674] slab 6752 [ 179.623160][ T5674] workingset_refault_anon 0 [ 179.623160][ T5674] workingset_refault_file 0 [ 179.623160][ T5674] workingset_activate_anon 0 [ 179.623160][ T5674] workingset_activate_file 0 [ 179.623160][ T5674] workingset_restore_anon 0 [ 179.623160][ T5674] workingset_restore_file 0 [ 179.623160][ T5674] workingset_nodereclaim 0 [ 179.623160][ T5674] pgscan 831 [ 179.623160][ T5674] pgsteal 2 [ 179.623160][ T5674] pgscan_kswapd 0 [ 179.623160][ T5674] pgscan_direct 831 [ 179.623160][ T5674] pgscan_khugepaged 0 [ 179.623160][ T5674] pgsteal_kswapd 0 [ 179.623160][ T5674] pgsteal_direct 2 [ 179.623160][ T5674] pgsteal_khugepaged 0 [ 179.623160][ T5674] pgfault 21 [ 179.623160][ T5674] pgmajfault 0 [pid 5089] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 179.623160][ T5674] pgrefill 830 [ 179.623160][ T5674] pgactivate 829 [ 179.623160][ T5674] pgdeactivate 830 [ 179.623160][ T5674] pglazyfree 0 [ 179.623160][ T5674] pglazyfreed 0 [ 179.623160][ T5674] zswpin 0 [ 179.623160][ T5674] zswpout 0 [ 179.623160][ T5674] thp_fault_alloc 0 [ 179.623160][ T5674] thp_collapse_alloc 0 [ 179.818923][ T5674] Tasks state (memory values in pages): [pid 5089] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./29/file0") = 0 [pid 5089] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./29/cgroup.cpu" [pid 5674] <... write resumed>) = 18 [pid 5089] <... unlink resumed>) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./29") = 0 [pid 5089] mkdir("./30", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5678 attached [pid 5678] chdir("./30" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 32 [ 179.824976][ T5674] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 179.836305][ T5674] Out of memory and no killable processes... [ 179.843767][ T5675] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 179.856056][ T5675] CPU: 0 PID: 5675 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 179.866022][ T5675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 179.876136][ T5675] Call Trace: [pid 5678] <... chdir resumed>) = 0 [pid 5678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5678] setpgid(0, 0) = 0 [pid 5678] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5678] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5678] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5678] write(3, "1000", 4) = 4 [pid 5678] close(3) = 0 [pid 5678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5678] mkdir("./file0", 000) = 0 [pid 5678] open("./file0", O_RDONLY) = 3 [pid 5678] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5678] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5678] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5678] openat(5, "memory.max", O_RDWR) = 6 [ 179.879460][ T5675] [ 179.882440][ T5675] dump_stack_lvl+0x136/0x150 [ 179.887207][ T5675] dump_header+0x10a/0xd70 [ 179.891688][ T5675] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 179.897857][ T5675] out_of_memory+0xd64/0x1660 [ 179.902618][ T5675] ? oom_killer_disable+0x2b0/0x2b0 [ 179.907898][ T5675] ? find_held_lock+0x2d/0x110 [ 179.912741][ T5675] mem_cgroup_out_of_memory+0x206/0x270 [ 179.918364][ T5675] ? mem_cgroup_margin+0x130/0x130 [ 179.923548][ T5675] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 179.929437][ T5675] memory_max_write+0x2f9/0x3c0 [ 179.934376][ T5675] ? mem_cgroup_force_empty_write+0x160/0x160 [ 179.940532][ T5675] ? lock_sync+0x190/0x190 [ 179.945019][ T5675] cgroup_file_write+0x1e2/0x7b0 [ 179.950036][ T5675] ? mem_cgroup_force_empty_write+0x160/0x160 [ 179.956246][ T5675] ? kill_css+0x3b0/0x3b0 [ 179.960651][ T5675] ? lock_acquire+0x32/0xc0 [ 179.965276][ T5675] ? kill_css+0x3b0/0x3b0 [ 179.969694][ T5675] kernfs_fop_write_iter+0x3f1/0x600 [ 179.975060][ T5675] vfs_write+0x9ed/0xe10 [ 179.979376][ T5675] ? kernel_write+0x670/0x670 [ 179.984105][ T5675] ? find_held_lock+0x2d/0x110 [ 179.988919][ T5675] ? __fget_light+0x20a/0x270 [ 179.993683][ T5675] ksys_write+0x12b/0x250 [ 179.998062][ T5675] ? __ia32_sys_read+0xb0/0xb0 [ 180.002872][ T5675] ? lockdep_hardirqs_on+0x7d/0x100 [ 180.008109][ T5675] ? _raw_spin_unlock_irq+0x2e/0x50 [ 180.013351][ T5675] ? ptrace_notify+0xfe/0x140 [ 180.018093][ T5675] do_syscall_64+0x39/0xb0 [ 180.022557][ T5675] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 180.028491][ T5675] RIP: 0033:0x7faecf034129 [ 180.032937][ T5675] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 180.052579][ T5675] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 180.061029][ T5675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 180.069027][ T5675] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5678] write(6, "0x000000000000040e", 18 [pid 5674] close(3) = 0 [pid 5674] close(4) = 0 [pid 5674] close(5) = 0 [pid 5674] close(6) = 0 [pid 5674] close(7) = -1 EBADF (Bad file descriptor) [pid 5674] close(8) = -1 EBADF (Bad file descriptor) [pid 5674] close(9) = -1 EBADF (Bad file descriptor) [pid 5674] close(10) = -1 EBADF (Bad file descriptor) [pid 5674] close(11) = -1 EBADF (Bad file descriptor) [pid 5674] close(12) = -1 EBADF (Bad file descriptor) [pid 5674] close(13) = -1 EBADF (Bad file descriptor) [pid 5674] close(14) = -1 EBADF (Bad file descriptor) [pid 5674] close(15) = -1 EBADF (Bad file descriptor) [pid 5674] close(16) = -1 EBADF (Bad file descriptor) [pid 5674] close(17) = -1 EBADF (Bad file descriptor) [pid 5674] close(18) = -1 EBADF (Bad file descriptor) [pid 5674] close(19) = -1 EBADF (Bad file descriptor) [pid 5674] close(20) = -1 EBADF (Bad file descriptor) [pid 5674] close(21) = -1 EBADF (Bad file descriptor) [pid 5674] close(22) = -1 EBADF (Bad file descriptor) [pid 5674] close(23) = -1 EBADF (Bad file descriptor) [pid 5674] close(24) = -1 EBADF (Bad file descriptor) [ 180.077020][ T5675] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 180.085019][ T5675] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 180.093019][ T5675] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001a [ 180.101044][ T5675] [ 180.114189][ T5675] memory: usage 8kB, limit 0kB, failcnt 36 [ 180.122304][ T5675] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5674] close(25) = -1 EBADF (Bad file descriptor) [pid 5674] close(26) = -1 EBADF (Bad file descriptor) [pid 5674] close(27) = -1 EBADF (Bad file descriptor) [pid 5674] close(28) = -1 EBADF (Bad file descriptor) [pid 5674] close(29) = -1 EBADF (Bad file descriptor) [pid 5674] exit_group(0) = ? [pid 5674] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5087] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./28/binderfs") = 0 [pid 5087] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./28/cgroup") = 0 [pid 5087] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./28/cgroup.net") = 0 [ 180.157498][ T5675] Memory cgroup stats for /syz1: [ 180.157890][ T5675] anon 0 [ 180.157890][ T5675] file 0 [ 180.157890][ T5675] kernel 8192 [ 180.157890][ T5675] kernel_stack 0 [ 180.157890][ T5675] pagetables 0 [ 180.157890][ T5675] sec_pagetables 0 [ 180.157890][ T5675] percpu 0 [ 180.157890][ T5675] sock 0 [ 180.157890][ T5675] vmalloc 0 [ 180.157890][ T5675] shmem 0 [ 180.157890][ T5675] zswap 0 [ 180.157890][ T5675] zswapped 0 [ 180.157890][ T5675] file_mapped 0 [ 180.157890][ T5675] file_dirty 0 [ 180.157890][ T5675] file_writeback 0 [ 180.157890][ T5675] swapcached 0 [ 180.157890][ T5675] anon_thp 0 [ 180.157890][ T5675] file_thp 0 [ 180.157890][ T5675] shmem_thp 0 [ 180.157890][ T5675] inactive_anon 0 [ 180.157890][ T5675] active_anon 0 [ 180.157890][ T5675] inactive_file 0 [ 180.157890][ T5675] active_file 0 [ 180.157890][ T5675] unevictable 0 [ 180.157890][ T5675] slab_reclaimable 6752 [ 180.157890][ T5675] slab_unreclaimable 0 [ 180.157890][ T5675] slab 6752 [ 180.157890][ T5675] workingset_refault_anon 0 [ 180.157890][ T5675] workingset_refault_file 0 [ 180.157890][ T5675] workingset_activate_anon 0 [ 180.157890][ T5675] workingset_activate_file 0 [ 180.157890][ T5675] workingset_restore_anon 0 [ 180.157890][ T5675] workingset_restore_file 0 [ 180.157890][ T5675] workingset_nodereclaim 0 [ 180.157890][ T5675] pgscan 831 [ 180.157890][ T5675] pgsteal 2 [ 180.157890][ T5675] pgscan_kswapd 0 [ 180.157890][ T5675] pgscan_direct 831 [ 180.157890][ T5675] pgscan_khugepaged 0 [ 180.157890][ T5675] pgsteal_kswapd 0 [ 180.157890][ T5675] pgsteal_direct 2 [ 180.157890][ T5675] pgsteal_khugepaged 0 [pid 5087] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 180.157890][ T5675] pgfault 21 [ 180.157890][ T5675] pgmajfault 0 [ 180.157890][ T5675] pgrefill 830 [ 180.157890][ T5675] pgactivate 829 [ 180.157890][ T5675] pgdeactivate 830 [ 180.157890][ T5675] pglazyfree 0 [ 180.157890][ T5675] pglazyfreed 0 [ 180.157890][ T5675] zswpin 0 [ 180.157890][ T5675] zswpout 0 [ 180.157890][ T5675] thp_fault_alloc 0 [ 180.157890][ T5675] thp_collapse_alloc 0 [ 180.348149][ T5675] Tasks state (memory values in pages): [pid 5087] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5675] <... write resumed>) = 18 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./28/file0") = 0 [pid 5087] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./28/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./28") = 0 [pid 5087] mkdir("./29", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5679 attached [ 180.353928][ T5675] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 180.363505][ T5675] Out of memory and no killable processes... [ 180.369582][ T5676] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 180.381281][ T5676] CPU: 0 PID: 5676 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 180.391254][ T5676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 180.401385][ T5676] Call Trace: [ 180.404708][ T5676] [pid 5679] chdir("./29" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 31 [pid 5679] <... chdir resumed>) = 0 [pid 5679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5679] setpgid(0, 0) = 0 [pid 5679] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5679] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5679] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5679] write(3, "1000", 4) = 4 [pid 5679] close(3) = 0 [pid 5679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5679] mkdir("./file0", 000) = 0 [pid 5679] open("./file0", O_RDONLY) = 3 [pid 5679] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5679] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5679] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5679] openat(5, "memory.max", O_RDWR) = 6 [ 180.407696][ T5676] dump_stack_lvl+0x136/0x150 [ 180.412449][ T5676] dump_header+0x10a/0xd70 [ 180.416944][ T5676] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 180.423113][ T5676] out_of_memory+0xd64/0x1660 [ 180.427885][ T5676] ? oom_killer_disable+0x2b0/0x2b0 [ 180.433203][ T5676] mem_cgroup_out_of_memory+0x206/0x270 [ 180.438835][ T5676] ? mem_cgroup_margin+0x130/0x130 [ 180.444055][ T5676] memory_max_write+0x2f9/0x3c0 [ 180.448997][ T5676] ? mem_cgroup_force_empty_write+0x160/0x160 [ 180.455154][ T5676] ? lock_sync+0x190/0x190 [pid 5679] write(6, "0x000000000000040e", 18 [pid 5675] close(3) = 0 [pid 5675] close(4) = 0 [ 180.459647][ T5676] cgroup_file_write+0x1e2/0x7b0 [ 180.464671][ T5676] ? mem_cgroup_force_empty_write+0x160/0x160 [ 180.470824][ T5676] ? kill_css+0x3b0/0x3b0 [ 180.475231][ T5676] ? lock_acquire+0x32/0xc0 [ 180.479829][ T5676] ? kill_css+0x3b0/0x3b0 [ 180.484250][ T5676] kernfs_fop_write_iter+0x3f1/0x600 [ 180.489621][ T5676] vfs_write+0x9ed/0xe10 [ 180.493965][ T5676] ? kernel_write+0x670/0x670 [ 180.498723][ T5676] ? find_held_lock+0x2d/0x110 [ 180.503575][ T5676] ? __fget_light+0x20a/0x270 [pid 5675] close(5) = 0 [pid 5675] close(6) = 0 [pid 5675] close(7) = -1 EBADF (Bad file descriptor) [pid 5675] close(8) = -1 EBADF (Bad file descriptor) [pid 5675] close(9) = -1 EBADF (Bad file descriptor) [pid 5675] close(10) = -1 EBADF (Bad file descriptor) [pid 5675] close(11) = -1 EBADF (Bad file descriptor) [pid 5675] close(12) = -1 EBADF (Bad file descriptor) [pid 5675] close(13) = -1 EBADF (Bad file descriptor) [ 180.508336][ T5676] ksys_write+0x12b/0x250 [ 180.512754][ T5676] ? __ia32_sys_read+0xb0/0xb0 [ 180.517610][ T5676] ? lockdep_hardirqs_on+0x7d/0x100 [ 180.522883][ T5676] ? _raw_spin_unlock_irq+0x2e/0x50 [ 180.528158][ T5676] ? ptrace_notify+0xfe/0x140 [ 180.532909][ T5676] do_syscall_64+0x39/0xb0 [ 180.537411][ T5676] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 180.543381][ T5676] RIP: 0033:0x7faecf034129 [ 180.547852][ T5676] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 180.567536][ T5676] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 180.576026][ T5676] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 180.584065][ T5676] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 180.592100][ T5676] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 180.600127][ T5676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5675] close(14) = -1 EBADF (Bad file descriptor) [pid 5675] close(15) = -1 EBADF (Bad file descriptor) [pid 5675] close(16) = -1 EBADF (Bad file descriptor) [pid 5675] close(17) = -1 EBADF (Bad file descriptor) [pid 5675] close(18) = -1 EBADF (Bad file descriptor) [pid 5675] close(19) = -1 EBADF (Bad file descriptor) [pid 5675] close(20) = -1 EBADF (Bad file descriptor) [pid 5675] close(21) = -1 EBADF (Bad file descriptor) [pid 5675] close(22) = -1 EBADF (Bad file descriptor) [pid 5675] close(23) = -1 EBADF (Bad file descriptor) [pid 5675] close(24) = -1 EBADF (Bad file descriptor) [pid 5675] close(25) = -1 EBADF (Bad file descriptor) [pid 5675] close(26) = -1 EBADF (Bad file descriptor) [pid 5675] close(27) = -1 EBADF (Bad file descriptor) [pid 5675] close(28) = -1 EBADF (Bad file descriptor) [pid 5675] close(29) = -1 EBADF (Bad file descriptor) [pid 5675] exit_group(0) = ? [pid 5675] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./26/binderfs") = 0 [pid 5085] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./26/cgroup") = 0 [pid 5085] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./26/cgroup.net") = 0 [pid 5085] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./26/file0") = 0 [ 180.608161][ T5676] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001e [ 180.616226][ T5676] [ 180.630566][ T5676] memory: usage 8kB, limit 0kB, failcnt 36 [ 180.636763][ T5676] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 180.645277][ T5676] Memory cgroup stats for /syz1: [ 180.645563][ T5676] anon 0 [ 180.645563][ T5676] file 0 [ 180.645563][ T5676] kernel 8192 [pid 5085] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./26/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./26") = 0 [pid 5085] mkdir("./27", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 29 [ 180.645563][ T5676] kernel_stack 0 [ 180.645563][ T5676] pagetables 0 [ 180.645563][ T5676] sec_pagetables 0 [ 180.645563][ T5676] percpu 0 [ 180.645563][ T5676] sock 0 [ 180.645563][ T5676] vmalloc 0 [ 180.645563][ T5676] shmem 0 [ 180.645563][ T5676] zswap 0 [ 180.645563][ T5676] zswapped 0 [ 180.645563][ T5676] file_mapped 0 [ 180.645563][ T5676] file_dirty 0 [ 180.645563][ T5676] file_writeback 0 [ 180.645563][ T5676] swapcached 0 [ 180.645563][ T5676] anon_thp 0 [ 180.645563][ T5676] file_thp 0 [ 180.645563][ T5676] shmem_thp 0 ./strace-static-x86_64: Process 5680 attached [pid 5680] chdir("./27") = 0 [pid 5680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5680] setpgid(0, 0) = 0 [pid 5680] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5680] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5680] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5680] write(3, "1000", 4) = 4 [pid 5680] close(3) = 0 [pid 5680] symlink("/dev/binderfs", "./binderfs") = 0 [ 180.645563][ T5676] inactive_anon 0 [ 180.645563][ T5676] active_anon 0 [ 180.645563][ T5676] inactive_file 0 [ 180.645563][ T5676] active_file 0 [ 180.645563][ T5676] unevictable 0 [ 180.645563][ T5676] slab_reclaimable 6752 [ 180.645563][ T5676] slab_unreclaimable 0 [ 180.645563][ T5676] slab 6752 [ 180.645563][ T5676] workingset_refault_anon 0 [ 180.645563][ T5676] workingset_refault_file 0 [ 180.645563][ T5676] workingset_activate_anon 0 [ 180.645563][ T5676] workingset_activate_file 0 [ 180.645563][ T5676] workingset_restore_anon 0 [pid 5680] mkdir("./file0", 000) = 0 [pid 5680] open("./file0", O_RDONLY) = 3 [pid 5680] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5680] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5680] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5680] openat(5, "memory.max", O_RDWR) = 6 [ 180.645563][ T5676] workingset_restore_file 0 [ 180.645563][ T5676] workingset_nodereclaim 0 [ 180.645563][ T5676] pgscan 831 [ 180.645563][ T5676] pgsteal 2 [ 180.645563][ T5676] pgscan_kswapd 0 [ 180.645563][ T5676] pgscan_direct 831 [ 180.645563][ T5676] pgscan_khugepaged 0 [ 180.645563][ T5676] pgsteal_kswapd 0 [ 180.645563][ T5676] pgsteal_direct 2 [ 180.645563][ T5676] pgsteal_khugepaged 0 [ 180.645563][ T5676] pgfault 21 [ 180.645563][ T5676] pgmajfault 0 [ 180.645563][ T5676] pgrefill 830 [ 180.645563][ T5676] pgactivate 829 [pid 5680] write(6, "0x000000000000040e", 18 [pid 5676] <... write resumed>) = 18 [pid 5676] close(3) = 0 [ 180.645563][ T5676] pgdeactivate 830 [ 180.645563][ T5676] pglazyfree 0 [ 180.645563][ T5676] pglazyfreed 0 [ 180.645563][ T5676] zswpin 0 [ 180.645563][ T5676] zswpout 0 [ 180.645563][ T5676] thp_fault_alloc 0 [ 180.645563][ T5676] thp_collapse_alloc 0 [ 180.833757][ T5676] Tasks state (memory values in pages): [ 180.839699][ T5676] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 180.850032][ T5676] Out of memory and no killable processes... [pid 5676] close(4) = 0 [pid 5676] close(5) = 0 [pid 5676] close(6) = 0 [pid 5676] close(7) = -1 EBADF (Bad file descriptor) [pid 5676] close(8) = -1 EBADF (Bad file descriptor) [pid 5676] close(9) = -1 EBADF (Bad file descriptor) [pid 5676] close(10) = -1 EBADF (Bad file descriptor) [pid 5676] close(11) = -1 EBADF (Bad file descriptor) [pid 5676] close(12) = -1 EBADF (Bad file descriptor) [pid 5676] close(13) = -1 EBADF (Bad file descriptor) [pid 5676] close(14) = -1 EBADF (Bad file descriptor) [pid 5676] close(15) = -1 EBADF (Bad file descriptor) [pid 5676] close(16) = -1 EBADF (Bad file descriptor) [pid 5676] close(17) = -1 EBADF (Bad file descriptor) [pid 5676] close(18) = -1 EBADF (Bad file descriptor) [pid 5676] close(19) = -1 EBADF (Bad file descriptor) [ 180.856286][ T5677] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 180.867925][ T5677] CPU: 0 PID: 5677 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 180.877890][ T5677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 180.888000][ T5677] Call Trace: [ 180.891315][ T5677] [ 180.894293][ T5677] dump_stack_lvl+0x136/0x150 [ 180.899047][ T5677] dump_header+0x10a/0xd70 [ 180.903553][ T5677] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5676] close(20) = -1 EBADF (Bad file descriptor) [pid 5676] close(21) = -1 EBADF (Bad file descriptor) [pid 5676] close(22) = -1 EBADF (Bad file descriptor) [pid 5676] close(23) = -1 EBADF (Bad file descriptor) [pid 5676] close(24) = -1 EBADF (Bad file descriptor) [pid 5676] close(25) = -1 EBADF (Bad file descriptor) [pid 5676] close(26) = -1 EBADF (Bad file descriptor) [pid 5676] close(27) = -1 EBADF (Bad file descriptor) [pid 5676] close(28) = -1 EBADF (Bad file descriptor) [pid 5676] close(29) = -1 EBADF (Bad file descriptor) [pid 5676] exit_group(0) = ? [pid 5676] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5090] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 180.909717][ T5677] out_of_memory+0xd64/0x1660 [ 180.914503][ T5677] ? oom_killer_disable+0x2b0/0x2b0 [ 180.919807][ T5677] mem_cgroup_out_of_memory+0x206/0x270 [ 180.925428][ T5677] ? mem_cgroup_margin+0x130/0x130 [ 180.930640][ T5677] memory_max_write+0x2f9/0x3c0 [ 180.935583][ T5677] ? mem_cgroup_force_empty_write+0x160/0x160 [ 180.941745][ T5677] ? lock_sync+0x190/0x190 [ 180.946241][ T5677] cgroup_file_write+0x1e2/0x7b0 [ 180.951274][ T5677] ? mem_cgroup_force_empty_write+0x160/0x160 [ 180.957414][ T5677] ? kill_css+0x3b0/0x3b0 [pid 5090] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./30/binderfs") = 0 [pid 5090] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./30/cgroup") = 0 [pid 5090] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./30/cgroup.net") = 0 [ 180.961821][ T5677] ? lock_acquire+0x32/0xc0 [ 180.966409][ T5677] ? kill_css+0x3b0/0x3b0 [ 180.970817][ T5677] kernfs_fop_write_iter+0x3f1/0x600 [ 180.976196][ T5677] vfs_write+0x9ed/0xe10 [ 180.980529][ T5677] ? kernel_write+0x670/0x670 [ 180.985294][ T5677] ? find_held_lock+0x2d/0x110 [ 180.990138][ T5677] ? __fget_light+0x20a/0x270 [ 180.994900][ T5677] ksys_write+0x12b/0x250 [ 180.999307][ T5677] ? __ia32_sys_read+0xb0/0xb0 [ 181.004146][ T5677] ? lockdep_hardirqs_on+0x7d/0x100 [ 181.009411][ T5677] ? _raw_spin_unlock_irq+0x2e/0x50 [ 181.014672][ T5677] ? ptrace_notify+0xfe/0x140 [ 181.019399][ T5677] do_syscall_64+0x39/0xb0 [ 181.023882][ T5677] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 181.029845][ T5677] RIP: 0033:0x7faecf034129 [ 181.034317][ T5677] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 181.053979][ T5677] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 181.062455][ T5677] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 181.070493][ T5677] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 181.078511][ T5677] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 181.086531][ T5677] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 181.094553][ T5677] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001b [ 181.102621][ T5677] [pid 5090] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./30/file0") = 0 [pid 5090] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./30/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [ 181.109775][ T5677] memory: usage 8kB, limit 0kB, failcnt 36 [ 181.115814][ T5677] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 181.124983][ T5677] Memory cgroup stats for /syz1: [ 181.125263][ T5677] anon 0 [ 181.125263][ T5677] file 0 [ 181.125263][ T5677] kernel 8192 [ 181.125263][ T5677] kernel_stack 0 [ 181.125263][ T5677] pagetables 0 [ 181.125263][ T5677] sec_pagetables 0 [ 181.125263][ T5677] percpu 0 [ 181.125263][ T5677] sock 0 [ 181.125263][ T5677] vmalloc 0 [ 181.125263][ T5677] shmem 0 [pid 5090] rmdir("./30") = 0 [pid 5090] mkdir("./31", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 33 [ 181.125263][ T5677] zswap 0 [ 181.125263][ T5677] zswapped 0 [ 181.125263][ T5677] file_mapped 0 [ 181.125263][ T5677] file_dirty 0 [ 181.125263][ T5677] file_writeback 0 [ 181.125263][ T5677] swapcached 0 [ 181.125263][ T5677] anon_thp 0 [ 181.125263][ T5677] file_thp 0 [ 181.125263][ T5677] shmem_thp 0 [ 181.125263][ T5677] inactive_anon 0 [ 181.125263][ T5677] active_anon 0 [ 181.125263][ T5677] inactive_file 0 [ 181.125263][ T5677] active_file 0 [ 181.125263][ T5677] unevictable 0 [ 181.125263][ T5677] slab_reclaimable 6752 [ 181.125263][ T5677] slab_unreclaimable 0 [ 181.125263][ T5677] slab 6752 [ 181.125263][ T5677] workingset_refault_anon 0 [ 181.125263][ T5677] workingset_refault_file 0 [ 181.125263][ T5677] workingset_activate_anon 0 [ 181.125263][ T5677] workingset_activate_file 0 [ 181.125263][ T5677] workingset_restore_anon 0 [ 181.125263][ T5677] workingset_restore_file 0 [ 181.125263][ T5677] workingset_nodereclaim 0 [ 181.125263][ T5677] pgscan 831 [ 181.125263][ T5677] pgsteal 2 [ 181.125263][ T5677] pgscan_kswapd 0 [ 181.125263][ T5677] pgscan_direct 831 ./strace-static-x86_64: Process 5681 attached [ 181.125263][ T5677] pgscan_khugepaged 0 [ 181.125263][ T5677] pgsteal_kswapd 0 [ 181.125263][ T5677] pgsteal_direct 2 [ 181.125263][ T5677] pgsteal_khugepaged 0 [ 181.125263][ T5677] pgfault 21 [ 181.125263][ T5677] pgmajfault 0 [ 181.125263][ T5677] pgrefill 830 [ 181.125263][ T5677] pgactivate 829 [ 181.125263][ T5677] pgdeactivate 830 [ 181.125263][ T5677] pglazyfree 0 [ 181.125263][ T5677] pglazyfreed 0 [ 181.125263][ T5677] zswpin 0 [ 181.125263][ T5677] zswpout 0 [ 181.125263][ T5677] thp_fault_alloc 0 [ 181.125263][ T5677] thp_collapse_alloc 0 [pid 5681] chdir("./31") = 0 [pid 5681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5681] setpgid(0, 0) = 0 [pid 5681] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5681] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5681] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5681] write(3, "1000", 4) = 4 [pid 5681] close(3) = 0 [pid 5681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5681] mkdir("./file0", 000) = 0 [pid 5681] open("./file0", O_RDONLY) = 3 [pid 5681] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5677] <... write resumed>) = 18 [pid 5677] close(3) = 0 [pid 5677] close(4) = 0 [pid 5677] close(5) = 0 [pid 5677] close(6) = 0 [pid 5677] close(7) = -1 EBADF (Bad file descriptor) [pid 5677] close(8) = -1 EBADF (Bad file descriptor) [pid 5677] close(9) = -1 EBADF (Bad file descriptor) [pid 5677] close(10) = -1 EBADF (Bad file descriptor) [pid 5677] close(11) = -1 EBADF (Bad file descriptor) [pid 5677] close(12) = -1 EBADF (Bad file descriptor) [pid 5677] close(13) = -1 EBADF (Bad file descriptor) [pid 5677] close(14) = -1 EBADF (Bad file descriptor) [pid 5677] close(15) = -1 EBADF (Bad file descriptor) [pid 5677] close(16) = -1 EBADF (Bad file descriptor) [pid 5677] close(17) = -1 EBADF (Bad file descriptor) [pid 5677] close(18) = -1 EBADF (Bad file descriptor) [pid 5677] close(19) = -1 EBADF (Bad file descriptor) [pid 5677] close(20) = -1 EBADF (Bad file descriptor) [pid 5677] close(21) = -1 EBADF (Bad file descriptor) [ 181.321683][ T5677] Tasks state (memory values in pages): [ 181.343492][ T5677] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 181.353511][ T5677] Out of memory and no killable processes... [ 181.360610][ T5678] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5677] close(22 [pid 5681] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5677] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5677] close(23) = -1 EBADF (Bad file descriptor) [pid 5677] close(24) = -1 EBADF (Bad file descriptor) [pid 5677] close(25) = -1 EBADF (Bad file descriptor) [pid 5677] close(26) = -1 EBADF (Bad file descriptor) [pid 5677] close(27) = -1 EBADF (Bad file descriptor) [pid 5677] close(28) = -1 EBADF (Bad file descriptor) [pid 5677] close(29) = -1 EBADF (Bad file descriptor) [pid 5677] exit_group(0) = ? [pid 5677] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./27/binderfs") = 0 [pid 5086] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./27/cgroup") = 0 [pid 5086] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./27/cgroup.net") = 0 [pid 5086] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5681] <... openat resumed>) = 4 [pid 5681] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5681] openat(5, "memory.max", O_RDWR) = 6 [ 181.382053][ T5678] CPU: 1 PID: 5678 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 181.392045][ T5678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 181.402157][ T5678] Call Trace: [ 181.405486][ T5678] [ 181.408465][ T5678] dump_stack_lvl+0x136/0x150 [ 181.413223][ T5678] dump_header+0x10a/0xd70 [ 181.417712][ T5678] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 181.423883][ T5678] out_of_memory+0xd64/0x1660 [ 181.428646][ T5678] ? oom_killer_disable+0x2b0/0x2b0 [ 181.433934][ T5678] mem_cgroup_out_of_memory+0x206/0x270 [ 181.439556][ T5678] ? mem_cgroup_margin+0x130/0x130 [ 181.444770][ T5678] memory_max_write+0x2f9/0x3c0 [ 181.449708][ T5678] ? mem_cgroup_force_empty_write+0x160/0x160 [ 181.455876][ T5678] ? lock_sync+0x190/0x190 [ 181.460363][ T5678] cgroup_file_write+0x1e2/0x7b0 [ 181.465386][ T5678] ? mem_cgroup_force_empty_write+0x160/0x160 [ 181.471533][ T5678] ? kill_css+0x3b0/0x3b0 [ 181.475941][ T5678] ? lock_acquire+0x32/0xc0 [ 181.480521][ T5678] ? kill_css+0x3b0/0x3b0 [ 181.484917][ T5678] kernfs_fop_write_iter+0x3f1/0x600 [ 181.490262][ T5678] vfs_write+0x9ed/0xe10 [ 181.494579][ T5678] ? kernel_write+0x670/0x670 [ 181.499343][ T5678] ? find_held_lock+0x2d/0x110 [ 181.504198][ T5678] ? __fget_light+0x20a/0x270 [ 181.508964][ T5678] ksys_write+0x12b/0x250 [ 181.513378][ T5678] ? __ia32_sys_read+0xb0/0xb0 [ 181.518212][ T5678] ? lockdep_hardirqs_on+0x7d/0x100 [ 181.523484][ T5678] ? _raw_spin_unlock_irq+0x2e/0x50 [ 181.528762][ T5678] ? ptrace_notify+0xfe/0x140 [ 181.533528][ T5678] do_syscall_64+0x39/0xb0 [ 181.538033][ T5678] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 181.544014][ T5678] RIP: 0033:0x7faecf034129 [ 181.548479][ T5678] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 181.568147][ T5678] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5681] write(6, "0x000000000000040e", 18 [pid 5086] <... umount2 resumed>) = 0 [pid 5086] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 181.576635][ T5678] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 181.584751][ T5678] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 181.592777][ T5678] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 181.600793][ T5678] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 181.608803][ T5678] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001e [ 181.617128][ T5678] [pid 5086] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./27/file0") = 0 [pid 5086] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./27/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./27") = 0 [pid 5086] mkdir("./28", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5682 attached [pid 5682] chdir("./28" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 30 [pid 5682] <... chdir resumed>) = 0 [pid 5682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5682] setpgid(0, 0) = 0 [ 181.635917][ T5678] memory: usage 8kB, limit 0kB, failcnt 36 [ 181.646197][ T5678] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 181.656984][ T5678] Memory cgroup stats for /syz1: [ 181.657279][ T5678] anon 0 [ 181.657279][ T5678] file 0 [ 181.657279][ T5678] kernel 8192 [ 181.657279][ T5678] kernel_stack 0 [ 181.657279][ T5678] pagetables 0 [ 181.657279][ T5678] sec_pagetables 0 [ 181.657279][ T5678] percpu 0 [pid 5682] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5682] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5682] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5682] write(3, "1000", 4) = 4 [pid 5682] close(3) = 0 [pid 5682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5682] mkdir("./file0", 000) = 0 [pid 5682] open("./file0", O_RDONLY) = 3 [pid 5682] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5682] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5682] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5682] openat(5, "memory.max", O_RDWR) = 6 [ 181.657279][ T5678] sock 0 [ 181.657279][ T5678] vmalloc 0 [ 181.657279][ T5678] shmem 0 [ 181.657279][ T5678] zswap 0 [ 181.657279][ T5678] zswapped 0 [ 181.657279][ T5678] file_mapped 0 [ 181.657279][ T5678] file_dirty 0 [ 181.657279][ T5678] file_writeback 0 [ 181.657279][ T5678] swapcached 0 [ 181.657279][ T5678] anon_thp 0 [ 181.657279][ T5678] file_thp 0 [ 181.657279][ T5678] shmem_thp 0 [ 181.657279][ T5678] inactive_anon 0 [ 181.657279][ T5678] active_anon 0 [ 181.657279][ T5678] inactive_file 0 [ 181.657279][ T5678] active_file 0 [ 181.657279][ T5678] unevictable 0 [ 181.657279][ T5678] slab_reclaimable 6752 [ 181.657279][ T5678] slab_unreclaimable 0 [ 181.657279][ T5678] slab 6752 [ 181.657279][ T5678] workingset_refault_anon 0 [ 181.657279][ T5678] workingset_refault_file 0 [ 181.657279][ T5678] workingset_activate_anon 0 [ 181.657279][ T5678] workingset_activate_file 0 [ 181.657279][ T5678] workingset_restore_anon 0 [ 181.657279][ T5678] workingset_restore_file 0 [ 181.657279][ T5678] workingset_nodereclaim 0 [ 181.657279][ T5678] pgscan 831 [ 181.657279][ T5678] pgsteal 2 [ 181.657279][ T5678] pgscan_kswapd 0 [ 181.657279][ T5678] pgscan_direct 831 [ 181.657279][ T5678] pgscan_khugepaged 0 [ 181.657279][ T5678] pgsteal_kswapd 0 [ 181.657279][ T5678] pgsteal_direct 2 [ 181.657279][ T5678] pgsteal_khugepaged 0 [ 181.657279][ T5678] pgfault 21 [ 181.657279][ T5678] pgmajfault 0 [ 181.657279][ T5678] pgrefill 830 [ 181.657279][ T5678] pgactivate 829 [ 181.657279][ T5678] pgdeactivate 830 [ 181.657279][ T5678] pglazyfree 0 [ 181.657279][ T5678] pglazyfreed 0 [ 181.657279][ T5678] zswpin 0 [ 181.657279][ T5678] zswpout 0 [pid 5682] write(6, "0x000000000000040e", 18 [pid 5678] <... write resumed>) = 18 [pid 5678] close(3) = 0 [pid 5678] close(4) = 0 [pid 5678] close(5) = 0 [pid 5678] close(6) = 0 [ 181.657279][ T5678] thp_fault_alloc 0 [ 181.657279][ T5678] thp_collapse_alloc 0 [ 181.849141][ T5678] Tasks state (memory values in pages): [ 181.854937][ T5678] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 181.864546][ T5678] Out of memory and no killable processes... [ 181.870668][ T5679] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5678] close(7) = -1 EBADF (Bad file descriptor) [pid 5678] close(8) = -1 EBADF (Bad file descriptor) [pid 5678] close(9) = -1 EBADF (Bad file descriptor) [pid 5678] close(10) = -1 EBADF (Bad file descriptor) [pid 5678] close(11) = -1 EBADF (Bad file descriptor) [pid 5678] close(12) = -1 EBADF (Bad file descriptor) [pid 5678] close(13) = -1 EBADF (Bad file descriptor) [pid 5678] close(14) = -1 EBADF (Bad file descriptor) [pid 5678] close(15) = -1 EBADF (Bad file descriptor) [pid 5678] close(16) = -1 EBADF (Bad file descriptor) [pid 5678] close(17) = -1 EBADF (Bad file descriptor) [pid 5678] close(18) = -1 EBADF (Bad file descriptor) [pid 5678] close(19) = -1 EBADF (Bad file descriptor) [pid 5678] close(20) = -1 EBADF (Bad file descriptor) [pid 5678] close(21) = -1 EBADF (Bad file descriptor) [pid 5678] close(22) = -1 EBADF (Bad file descriptor) [pid 5678] close(23) = -1 EBADF (Bad file descriptor) [pid 5678] close(24) = -1 EBADF (Bad file descriptor) [ 181.881763][ T5679] CPU: 1 PID: 5679 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 181.891771][ T5679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 181.901887][ T5679] Call Trace: [ 181.905215][ T5679] [ 181.908196][ T5679] dump_stack_lvl+0x136/0x150 [ 181.912959][ T5679] dump_header+0x10a/0xd70 [ 181.917540][ T5679] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 181.923706][ T5679] out_of_memory+0xd64/0x1660 [ 181.928472][ T5679] ? oom_killer_disable+0x2b0/0x2b0 [pid 5678] close(25) = -1 EBADF (Bad file descriptor) [pid 5678] close(26) = -1 EBADF (Bad file descriptor) [pid 5678] close(27) = -1 EBADF (Bad file descriptor) [pid 5678] close(28) = -1 EBADF (Bad file descriptor) [pid 5678] close(29) = -1 EBADF (Bad file descriptor) [pid 5678] exit_group(0) = ? [pid 5678] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./30/binderfs") = 0 [pid 5089] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 181.933863][ T5679] mem_cgroup_out_of_memory+0x206/0x270 [ 181.939485][ T5679] ? mem_cgroup_margin+0x130/0x130 [ 181.944705][ T5679] memory_max_write+0x2f9/0x3c0 [ 181.949661][ T5679] ? mem_cgroup_force_empty_write+0x160/0x160 [ 181.955821][ T5679] ? lock_sync+0x190/0x190 [ 181.960311][ T5679] cgroup_file_write+0x1e2/0x7b0 [ 181.965336][ T5679] ? mem_cgroup_force_empty_write+0x160/0x160 [ 181.971485][ T5679] ? kill_css+0x3b0/0x3b0 [ 181.975905][ T5679] ? lock_acquire+0x32/0xc0 [ 181.980587][ T5679] ? kill_css+0x3b0/0x3b0 [pid 5089] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 181.984996][ T5679] kernfs_fop_write_iter+0x3f1/0x600 [ 181.990378][ T5679] vfs_write+0x9ed/0xe10 [ 181.994705][ T5679] ? kernel_write+0x670/0x670 [ 181.999437][ T5679] ? find_held_lock+0x2d/0x110 [ 182.004243][ T5679] ? __fget_light+0x20a/0x270 [ 182.008981][ T5679] ksys_write+0x12b/0x250 [ 182.013359][ T5679] ? __ia32_sys_read+0xb0/0xb0 [ 182.018167][ T5679] ? lockdep_hardirqs_on+0x7d/0x100 [ 182.023400][ T5679] ? _raw_spin_unlock_irq+0x2e/0x50 [ 182.028654][ T5679] ? ptrace_notify+0xfe/0x140 [ 182.033392][ T5679] do_syscall_64+0x39/0xb0 [ 182.037877][ T5679] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 182.043810][ T5679] RIP: 0033:0x7faecf034129 [ 182.048252][ T5679] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 182.067885][ T5679] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 182.076333][ T5679] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5089] unlink("./30/cgroup") = 0 [pid 5089] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./30/cgroup.net") = 0 [pid 5089] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./30/file0") = 0 [pid 5089] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./30/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./30") = 0 [ 182.084343][ T5679] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 182.092332][ T5679] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 182.100343][ T5679] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 182.108335][ T5679] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001d [ 182.116353][ T5679] [pid 5089] mkdir("./31", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5683 attached [pid 5683] chdir("./31" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 33 [pid 5683] <... chdir resumed>) = 0 [pid 5683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5683] setpgid(0, 0) = 0 [pid 5683] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5683] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5683] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5683] write(3, "1000", 4) = 4 [pid 5683] close(3) = 0 [pid 5683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5683] mkdir("./file0", 000) = 0 [pid 5683] open("./file0", O_RDONLY) = 3 [pid 5683] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5683] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5683] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5683] openat(5, "memory.max", O_RDWR) = 6 [ 182.186307][ T5679] memory: usage 8kB, limit 0kB, failcnt 36 [ 182.195359][ T5679] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 182.202975][ T5679] Memory cgroup stats for /syz1: [ 182.203275][ T5679] anon 0 [ 182.203275][ T5679] file 0 [ 182.203275][ T5679] kernel 8192 [ 182.203275][ T5679] kernel_stack 0 [ 182.203275][ T5679] pagetables 0 [ 182.203275][ T5679] sec_pagetables 0 [ 182.203275][ T5679] percpu 0 [ 182.203275][ T5679] sock 0 [ 182.203275][ T5679] vmalloc 0 [ 182.203275][ T5679] shmem 0 [ 182.203275][ T5679] zswap 0 [ 182.203275][ T5679] zswapped 0 [ 182.203275][ T5679] file_mapped 0 [ 182.203275][ T5679] file_dirty 0 [ 182.203275][ T5679] file_writeback 0 [ 182.203275][ T5679] swapcached 0 [ 182.203275][ T5679] anon_thp 0 [ 182.203275][ T5679] file_thp 0 [ 182.203275][ T5679] shmem_thp 0 [ 182.203275][ T5679] inactive_anon 0 [ 182.203275][ T5679] active_anon 0 [ 182.203275][ T5679] inactive_file 0 [ 182.203275][ T5679] active_file 0 [ 182.203275][ T5679] unevictable 0 [ 182.203275][ T5679] slab_reclaimable 6752 [ 182.203275][ T5679] slab_unreclaimable 0 [ 182.203275][ T5679] slab 6752 [ 182.203275][ T5679] workingset_refault_anon 0 [ 182.203275][ T5679] workingset_refault_file 0 [ 182.203275][ T5679] workingset_activate_anon 0 [ 182.203275][ T5679] workingset_activate_file 0 [ 182.203275][ T5679] workingset_restore_anon 0 [ 182.203275][ T5679] workingset_restore_file 0 [ 182.203275][ T5679] workingset_nodereclaim 0 [ 182.203275][ T5679] pgscan 831 [ 182.203275][ T5679] pgsteal 2 [ 182.203275][ T5679] pgscan_kswapd 0 [ 182.203275][ T5679] pgscan_direct 831 [ 182.203275][ T5679] pgscan_khugepaged 0 [ 182.203275][ T5679] pgsteal_kswapd 0 [ 182.203275][ T5679] pgsteal_direct 2 [ 182.203275][ T5679] pgsteal_khugepaged 0 [ 182.203275][ T5679] pgfault 21 [ 182.203275][ T5679] pgmajfault 0 [ 182.203275][ T5679] pgrefill 830 [ 182.203275][ T5679] pgactivate 829 [ 182.203275][ T5679] pgdeactivate 830 [ 182.203275][ T5679] pglazyfree 0 [ 182.203275][ T5679] pglazyfreed 0 [ 182.203275][ T5679] zswpin 0 [ 182.203275][ T5679] zswpout 0 [ 182.203275][ T5679] thp_fault_alloc 0 [ 182.203275][ T5679] thp_collapse_alloc 0 [ 182.400003][ T5679] Tasks state (memory values in pages): [ 182.407293][ T5679] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 182.419315][ T5679] Out of memory and no killable processes... [pid 5683] write(6, "0x000000000000040e", 18 [pid 5679] <... write resumed>) = 18 [pid 5679] close(3) = 0 [pid 5679] close(4) = 0 [pid 5679] close(5) = 0 [pid 5679] close(6) = 0 [pid 5679] close(7) = -1 EBADF (Bad file descriptor) [pid 5679] close(8) = -1 EBADF (Bad file descriptor) [pid 5679] close(9) = -1 EBADF (Bad file descriptor) [pid 5679] close(10) = -1 EBADF (Bad file descriptor) [pid 5679] close(11) = -1 EBADF (Bad file descriptor) [pid 5679] close(12) = -1 EBADF (Bad file descriptor) [pid 5679] close(13) = -1 EBADF (Bad file descriptor) [pid 5679] close(14) = -1 EBADF (Bad file descriptor) [ 182.429289][ T5680] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 182.448508][ T5680] CPU: 1 PID: 5680 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 182.458512][ T5680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 182.468634][ T5680] Call Trace: [ 182.471962][ T5680] [ 182.474946][ T5680] dump_stack_lvl+0x136/0x150 [ 182.479697][ T5680] dump_header+0x10a/0xd70 [pid 5679] close(15) = -1 EBADF (Bad file descriptor) [pid 5679] close(16) = -1 EBADF (Bad file descriptor) [pid 5679] close(17) = -1 EBADF (Bad file descriptor) [pid 5679] close(18) = -1 EBADF (Bad file descriptor) [pid 5679] close(19) = -1 EBADF (Bad file descriptor) [pid 5679] close(20) = -1 EBADF (Bad file descriptor) [pid 5679] close(21) = -1 EBADF (Bad file descriptor) [pid 5679] close(22) = -1 EBADF (Bad file descriptor) [pid 5679] close(23) = -1 EBADF (Bad file descriptor) [pid 5679] close(24) = -1 EBADF (Bad file descriptor) [pid 5679] close(25) = -1 EBADF (Bad file descriptor) [pid 5679] close(26) = -1 EBADF (Bad file descriptor) [pid 5679] close(27) = -1 EBADF (Bad file descriptor) [pid 5679] close(28) = -1 EBADF (Bad file descriptor) [pid 5679] close(29) = -1 EBADF (Bad file descriptor) [pid 5679] exit_group(0) = ? [pid 5679] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5087] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 182.484183][ T5680] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 182.490348][ T5680] out_of_memory+0xd64/0x1660 [ 182.495125][ T5680] ? oom_killer_disable+0x2b0/0x2b0 [ 182.500407][ T5680] ? find_held_lock+0x2d/0x110 [ 182.505243][ T5680] mem_cgroup_out_of_memory+0x206/0x270 [ 182.510871][ T5680] ? mem_cgroup_margin+0x130/0x130 [ 182.516081][ T5680] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 182.521981][ T5680] memory_max_write+0x2f9/0x3c0 [ 182.526927][ T5680] ? mem_cgroup_force_empty_write+0x160/0x160 [ 182.533095][ T5680] ? lock_sync+0x190/0x190 [pid 5087] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./29/binderfs") = 0 [pid 5087] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./29/cgroup") = 0 [pid 5087] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./29/cgroup.net") = 0 [ 182.537600][ T5680] cgroup_file_write+0x1e2/0x7b0 [ 182.542627][ T5680] ? mem_cgroup_force_empty_write+0x160/0x160 [ 182.548785][ T5680] ? kill_css+0x3b0/0x3b0 [ 182.553194][ T5680] ? lock_acquire+0x32/0xc0 [ 182.557780][ T5680] ? kill_css+0x3b0/0x3b0 [ 182.562188][ T5680] kernfs_fop_write_iter+0x3f1/0x600 [ 182.567582][ T5680] vfs_write+0x9ed/0xe10 [ 182.571917][ T5680] ? kernel_write+0x670/0x670 [ 182.576689][ T5680] ? find_held_lock+0x2d/0x110 [ 182.581553][ T5680] ? __fget_light+0x20a/0x270 [ 182.586316][ T5680] ksys_write+0x12b/0x250 [ 182.590731][ T5680] ? __ia32_sys_read+0xb0/0xb0 [ 182.595585][ T5680] ? lockdep_hardirqs_on+0x7d/0x100 [ 182.600853][ T5680] ? _raw_spin_unlock_irq+0x2e/0x50 [ 182.606126][ T5680] ? ptrace_notify+0xfe/0x140 [ 182.610880][ T5680] do_syscall_64+0x39/0xb0 [ 182.615347][ T5680] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 182.621309][ T5680] RIP: 0033:0x7faecf034129 [ 182.625777][ T5680] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 182.645444][ T5680] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 182.653946][ T5680] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 182.661970][ T5680] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 182.669995][ T5680] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 182.678104][ T5680] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5087] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./29/file0") = 0 [pid 5087] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 182.686096][ T5680] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001b [ 182.694129][ T5680] [ 182.712763][ T5680] memory: usage 8kB, limit 0kB, failcnt 36 [ 182.718652][ T5680] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 182.726991][ T5680] Memory cgroup stats for /syz1: [ 182.727280][ T5680] anon 0 [ 182.727280][ T5680] file 0 [pid 5087] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./29/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./29") = 0 [pid 5087] mkdir("./30", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 32 ./strace-static-x86_64: Process 5684 attached [pid 5684] chdir("./30") = 0 [pid 5684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5684] setpgid(0, 0) = 0 [pid 5684] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5684] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [ 182.727280][ T5680] kernel 8192 [ 182.727280][ T5680] kernel_stack 0 [ 182.727280][ T5680] pagetables 0 [ 182.727280][ T5680] sec_pagetables 0 [ 182.727280][ T5680] percpu 0 [ 182.727280][ T5680] sock 0 [ 182.727280][ T5680] vmalloc 0 [ 182.727280][ T5680] shmem 0 [ 182.727280][ T5680] zswap 0 [ 182.727280][ T5680] zswapped 0 [ 182.727280][ T5680] file_mapped 0 [ 182.727280][ T5680] file_dirty 0 [ 182.727280][ T5680] file_writeback 0 [ 182.727280][ T5680] swapcached 0 [ 182.727280][ T5680] anon_thp 0 [ 182.727280][ T5680] file_thp 0 [pid 5684] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5684] write(3, "1000", 4) = 4 [pid 5684] close(3) = 0 [pid 5684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5684] mkdir("./file0", 000) = 0 [pid 5684] open("./file0", O_RDONLY) = 3 [pid 5684] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5684] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5684] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5684] openat(5, "memory.max", O_RDWR) = 6 [ 182.727280][ T5680] shmem_thp 0 [ 182.727280][ T5680] inactive_anon 0 [ 182.727280][ T5680] active_anon 0 [ 182.727280][ T5680] inactive_file 0 [ 182.727280][ T5680] active_file 0 [ 182.727280][ T5680] unevictable 0 [ 182.727280][ T5680] slab_reclaimable 6752 [ 182.727280][ T5680] slab_unreclaimable 0 [ 182.727280][ T5680] slab 6752 [ 182.727280][ T5680] workingset_refault_anon 0 [ 182.727280][ T5680] workingset_refault_file 0 [ 182.727280][ T5680] workingset_activate_anon 0 [ 182.727280][ T5680] workingset_activate_file 0 [ 182.727280][ T5680] workingset_restore_anon 0 [ 182.727280][ T5680] workingset_restore_file 0 [ 182.727280][ T5680] workingset_nodereclaim 0 [ 182.727280][ T5680] pgscan 831 [ 182.727280][ T5680] pgsteal 2 [ 182.727280][ T5680] pgscan_kswapd 0 [ 182.727280][ T5680] pgscan_direct 831 [ 182.727280][ T5680] pgscan_khugepaged 0 [ 182.727280][ T5680] pgsteal_kswapd 0 [ 182.727280][ T5680] pgsteal_direct 2 [ 182.727280][ T5680] pgsteal_khugepaged 0 [ 182.727280][ T5680] pgfault 21 [ 182.727280][ T5680] pgmajfault 0 [ 182.727280][ T5680] pgrefill 830 [ 182.727280][ T5680] pgactivate 829 [ 182.727280][ T5680] pgdeactivate 830 [ 182.727280][ T5680] pglazyfree 0 [ 182.727280][ T5680] pglazyfreed 0 [ 182.727280][ T5680] zswpin 0 [ 182.727280][ T5680] zswpout 0 [ 182.727280][ T5680] thp_fault_alloc 0 [ 182.727280][ T5680] thp_collapse_alloc 0 [ 182.922979][ T5680] Tasks state (memory values in pages): [ 182.928845][ T5680] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5684] write(6, "0x000000000000040e", 18 [pid 5680] <... write resumed>) = 18 [pid 5680] close(3) = 0 [pid 5680] close(4) = 0 [pid 5680] close(5) = 0 [pid 5680] close(6) = 0 [pid 5680] close(7) = -1 EBADF (Bad file descriptor) [pid 5680] close(8) = -1 EBADF (Bad file descriptor) [pid 5680] close(9) = -1 EBADF (Bad file descriptor) [ 182.948252][ T5680] Out of memory and no killable processes... [ 182.954607][ T5681] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 182.971673][ T5681] CPU: 0 PID: 5681 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 182.981643][ T5681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 182.991859][ T5681] Call Trace: [ 182.995197][ T5681] [pid 5680] close(10) = -1 EBADF (Bad file descriptor) [pid 5680] close(11) = -1 EBADF (Bad file descriptor) [pid 5680] close(12) = -1 EBADF (Bad file descriptor) [pid 5680] close(13) = -1 EBADF (Bad file descriptor) [pid 5680] close(14) = -1 EBADF (Bad file descriptor) [pid 5680] close(15) = -1 EBADF (Bad file descriptor) [pid 5680] close(16) = -1 EBADF (Bad file descriptor) [pid 5680] close(17) = -1 EBADF (Bad file descriptor) [pid 5680] close(18) = -1 EBADF (Bad file descriptor) [pid 5680] close(19) = -1 EBADF (Bad file descriptor) [pid 5680] close(20) = -1 EBADF (Bad file descriptor) [pid 5680] close(21) = -1 EBADF (Bad file descriptor) [pid 5680] close(22) = -1 EBADF (Bad file descriptor) [ 182.998176][ T5681] dump_stack_lvl+0x136/0x150 [ 183.002925][ T5681] dump_header+0x10a/0xd70 [ 183.007410][ T5681] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 183.013574][ T5681] out_of_memory+0xd64/0x1660 [ 183.018337][ T5681] ? oom_killer_disable+0x2b0/0x2b0 [ 183.023630][ T5681] mem_cgroup_out_of_memory+0x206/0x270 [ 183.029254][ T5681] ? mem_cgroup_margin+0x130/0x130 [ 183.034471][ T5681] memory_max_write+0x2f9/0x3c0 [ 183.039403][ T5681] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5680] close(23) = -1 EBADF (Bad file descriptor) [pid 5680] close(24) = -1 EBADF (Bad file descriptor) [pid 5680] close(25) = -1 EBADF (Bad file descriptor) [pid 5680] close(26) = -1 EBADF (Bad file descriptor) [pid 5680] close(27) = -1 EBADF (Bad file descriptor) [pid 5680] close(28) = -1 EBADF (Bad file descriptor) [pid 5680] close(29) = -1 EBADF (Bad file descriptor) [pid 5680] exit_group(0) = ? [pid 5680] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 183.045557][ T5681] ? lock_sync+0x190/0x190 [ 183.050051][ T5681] cgroup_file_write+0x1e2/0x7b0 [ 183.055086][ T5681] ? mem_cgroup_force_empty_write+0x160/0x160 [ 183.061238][ T5681] ? kill_css+0x3b0/0x3b0 [ 183.065653][ T5681] ? lock_acquire+0x32/0xc0 [ 183.070240][ T5681] ? kill_css+0x3b0/0x3b0 [ 183.074650][ T5681] kernfs_fop_write_iter+0x3f1/0x600 [ 183.080019][ T5681] vfs_write+0x9ed/0xe10 [ 183.084359][ T5681] ? kernel_write+0x670/0x670 [ 183.089140][ T5681] ? asm_common_interrupt+0x26/0x40 [ 183.094418][ T5681] ? asm_common_interrupt+0x26/0x40 [ 183.099676][ T5681] ? __fget_light+0x20a/0x270 [ 183.104418][ T5681] ksys_write+0x12b/0x250 [ 183.108833][ T5681] ? __ia32_sys_read+0xb0/0xb0 [ 183.113792][ T5681] ? _raw_spin_unlock_irq+0x2e/0x50 [ 183.119090][ T5681] ? ptrace_notify+0xfe/0x140 [ 183.123827][ T5681] do_syscall_64+0x39/0xb0 [ 183.128310][ T5681] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 183.134274][ T5681] RIP: 0033:0x7faecf034129 [ 183.138730][ T5681] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 183.158404][ T5681] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 183.166882][ T5681] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 183.174894][ T5681] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 183.182919][ T5681] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 183.190940][ T5681] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5085] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./27/binderfs") = 0 [pid 5085] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./27/cgroup") = 0 [pid 5085] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./27/cgroup.net") = 0 [pid 5085] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [ 183.198971][ T5681] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001f [ 183.207029][ T5681] [ 183.216791][ T5681] memory: usage 8kB, limit 0kB, failcnt 36 [ 183.222950][ T5681] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 183.229847][ T5681] Memory cgroup stats for /syz1: [ 183.230121][ T5681] anon 0 [ 183.230121][ T5681] file 0 [ 183.230121][ T5681] kernel 8192 [ 183.230121][ T5681] kernel_stack 0 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./27/file0") = 0 [pid 5085] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./27/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./27") = 0 [pid 5085] mkdir("./28", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 30 [ 183.230121][ T5681] pagetables 0 [ 183.230121][ T5681] sec_pagetables 0 [ 183.230121][ T5681] percpu 0 [ 183.230121][ T5681] sock 0 [ 183.230121][ T5681] vmalloc 0 [ 183.230121][ T5681] shmem 0 [ 183.230121][ T5681] zswap 0 [ 183.230121][ T5681] zswapped 0 [ 183.230121][ T5681] file_mapped 0 [ 183.230121][ T5681] file_dirty 0 [ 183.230121][ T5681] file_writeback 0 [ 183.230121][ T5681] swapcached 0 [ 183.230121][ T5681] anon_thp 0 [ 183.230121][ T5681] file_thp 0 [ 183.230121][ T5681] shmem_thp 0 [ 183.230121][ T5681] inactive_anon 0 ./strace-static-x86_64: Process 5685 attached [pid 5685] chdir("./28") = 0 [pid 5685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5685] setpgid(0, 0) = 0 [pid 5685] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5685] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5685] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5685] write(3, "1000", 4) = 4 [pid 5685] close(3) = 0 [pid 5685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5685] mkdir("./file0", 000) = 0 [pid 5685] open("./file0", O_RDONLY) = 3 [pid 5685] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5685] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5685] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 183.230121][ T5681] active_anon 0 [ 183.230121][ T5681] inactive_file 0 [ 183.230121][ T5681] active_file 0 [ 183.230121][ T5681] unevictable 0 [ 183.230121][ T5681] slab_reclaimable 6752 [ 183.230121][ T5681] slab_unreclaimable 0 [ 183.230121][ T5681] slab 6752 [ 183.230121][ T5681] workingset_refault_anon 0 [ 183.230121][ T5681] workingset_refault_file 0 [ 183.230121][ T5681] workingset_activate_anon 0 [ 183.230121][ T5681] workingset_activate_file 0 [ 183.230121][ T5681] workingset_restore_anon 0 [ 183.230121][ T5681] workingset_restore_file 0 [pid 5685] openat(5, "memory.max", O_RDWR) = 6 [ 183.230121][ T5681] workingset_nodereclaim 0 [ 183.230121][ T5681] pgscan 831 [ 183.230121][ T5681] pgsteal 2 [ 183.230121][ T5681] pgscan_kswapd 0 [ 183.230121][ T5681] pgscan_direct 831 [ 183.230121][ T5681] pgscan_khugepaged 0 [ 183.230121][ T5681] pgsteal_kswapd 0 [ 183.230121][ T5681] pgsteal_direct 2 [ 183.230121][ T5681] pgsteal_khugepaged 0 [ 183.230121][ T5681] pgfault 21 [ 183.230121][ T5681] pgmajfault 0 [ 183.230121][ T5681] pgrefill 830 [ 183.230121][ T5681] pgactivate 829 [ 183.230121][ T5681] pgdeactivate 830 [ 183.230121][ T5681] pglazyfree 0 [ 183.230121][ T5681] pglazyfreed 0 [ 183.230121][ T5681] zswpin 0 [ 183.230121][ T5681] zswpout 0 [ 183.230121][ T5681] thp_fault_alloc 0 [ 183.230121][ T5681] thp_collapse_alloc 0 [ 183.424071][ T5681] Tasks state (memory values in pages): [ 183.430248][ T5681] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 183.443187][ T5681] Out of memory and no killable processes... [pid 5685] write(6, "0x000000000000040e", 18 [pid 5681] <... write resumed>) = 18 [pid 5681] close(3) = 0 [pid 5681] close(4) = 0 [pid 5681] close(5) = 0 [pid 5681] close(6) = 0 [pid 5681] close(7) = -1 EBADF (Bad file descriptor) [pid 5681] close(8) = -1 EBADF (Bad file descriptor) [pid 5681] close(9) = -1 EBADF (Bad file descriptor) [pid 5681] close(10) = -1 EBADF (Bad file descriptor) [pid 5681] close(11) = -1 EBADF (Bad file descriptor) [pid 5681] close(12) = -1 EBADF (Bad file descriptor) [pid 5681] close(13) = -1 EBADF (Bad file descriptor) [pid 5681] close(14) = -1 EBADF (Bad file descriptor) [pid 5681] close(15) = -1 EBADF (Bad file descriptor) [pid 5681] close(16) = -1 EBADF (Bad file descriptor) [pid 5681] close(17) = -1 EBADF (Bad file descriptor) [pid 5681] close(18) = -1 EBADF (Bad file descriptor) [pid 5681] close(19) = -1 EBADF (Bad file descriptor) [pid 5681] close(20) = -1 EBADF (Bad file descriptor) [pid 5681] close(21) = -1 EBADF (Bad file descriptor) [ 183.451430][ T5682] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 183.471300][ T5682] CPU: 0 PID: 5682 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 183.481282][ T5682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 183.491402][ T5682] Call Trace: [ 183.494734][ T5682] [pid 5681] close(22) = -1 EBADF (Bad file descriptor) [pid 5681] close(23) = -1 EBADF (Bad file descriptor) [pid 5681] close(24) = -1 EBADF (Bad file descriptor) [pid 5681] close(25) = -1 EBADF (Bad file descriptor) [pid 5681] close(26) = -1 EBADF (Bad file descriptor) [pid 5681] close(27) = -1 EBADF (Bad file descriptor) [pid 5681] close(28) = -1 EBADF (Bad file descriptor) [pid 5681] close(29) = -1 EBADF (Bad file descriptor) [pid 5681] exit_group(0) = ? [pid 5681] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./31/binderfs") = 0 [pid 5090] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./31/cgroup") = 0 [pid 5090] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 183.497718][ T5682] dump_stack_lvl+0x136/0x150 [ 183.502475][ T5682] dump_header+0x10a/0xd70 [ 183.507055][ T5682] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 183.513231][ T5682] out_of_memory+0xd64/0x1660 [ 183.518017][ T5682] ? oom_killer_disable+0x2b0/0x2b0 [ 183.523307][ T5682] ? find_held_lock+0x2d/0x110 [ 183.528160][ T5682] mem_cgroup_out_of_memory+0x206/0x270 [ 183.533791][ T5682] ? mem_cgroup_margin+0x130/0x130 [ 183.539000][ T5682] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 183.544907][ T5682] memory_max_write+0x2f9/0x3c0 [pid 5090] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./31/cgroup.net") = 0 [ 183.549848][ T5682] ? mem_cgroup_force_empty_write+0x160/0x160 [ 183.556009][ T5682] ? lock_sync+0x190/0x190 [ 183.560503][ T5682] cgroup_file_write+0x1e2/0x7b0 [ 183.565498][ T5682] ? mem_cgroup_force_empty_write+0x160/0x160 [ 183.571618][ T5682] ? kill_css+0x3b0/0x3b0 [ 183.576011][ T5682] ? lock_acquire+0x32/0xc0 [ 183.580561][ T5682] ? kill_css+0x3b0/0x3b0 [ 183.584936][ T5682] kernfs_fop_write_iter+0x3f1/0x600 [ 183.590273][ T5682] vfs_write+0x9ed/0xe10 [ 183.594572][ T5682] ? kernel_write+0x670/0x670 [ 183.599296][ T5682] ? find_held_lock+0x2d/0x110 [ 183.604105][ T5682] ? __fget_light+0x20a/0x270 [ 183.608836][ T5682] ksys_write+0x12b/0x250 [ 183.613211][ T5682] ? __ia32_sys_read+0xb0/0xb0 [ 183.618024][ T5682] ? lockdep_hardirqs_on+0x7d/0x100 [ 183.623282][ T5682] ? _raw_spin_unlock_irq+0x2e/0x50 [ 183.628533][ T5682] ? ptrace_notify+0xfe/0x140 [ 183.633249][ T5682] do_syscall_64+0x39/0xb0 [ 183.637721][ T5682] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 183.643655][ T5682] RIP: 0033:0x7faecf034129 [ 183.648099][ T5682] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 183.667736][ T5682] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 183.676185][ T5682] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 183.684180][ T5682] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 183.692226][ T5682] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 183.700222][ T5682] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 183.708217][ T5682] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001c [ 183.716239][ T5682] [ 183.723997][ T5682] memory: usage 8kB, limit 0kB, failcnt 36 [ 183.729865][ T5682] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 183.736959][ T5682] Memory cgroup stats for /syz1: [ 183.737245][ T5682] anon 0 [ 183.737245][ T5682] file 0 [ 183.737245][ T5682] kernel 8192 [ 183.737245][ T5682] kernel_stack 0 [ 183.737245][ T5682] pagetables 0 [ 183.737245][ T5682] sec_pagetables 0 [ 183.737245][ T5682] percpu 0 [ 183.737245][ T5682] sock 0 [ 183.737245][ T5682] vmalloc 0 [ 183.737245][ T5682] shmem 0 [ 183.737245][ T5682] zswap 0 [ 183.737245][ T5682] zswapped 0 [ 183.737245][ T5682] file_mapped 0 [ 183.737245][ T5682] file_dirty 0 [ 183.737245][ T5682] file_writeback 0 [ 183.737245][ T5682] swapcached 0 [ 183.737245][ T5682] anon_thp 0 [ 183.737245][ T5682] file_thp 0 [ 183.737245][ T5682] shmem_thp 0 [ 183.737245][ T5682] inactive_anon 0 [ 183.737245][ T5682] active_anon 0 [ 183.737245][ T5682] inactive_file 0 [ 183.737245][ T5682] active_file 0 [ 183.737245][ T5682] unevictable 0 [ 183.737245][ T5682] slab_reclaimable 6752 [ 183.737245][ T5682] slab_unreclaimable 0 [ 183.737245][ T5682] slab 6752 [ 183.737245][ T5682] workingset_refault_anon 0 [ 183.737245][ T5682] workingset_refault_file 0 [ 183.737245][ T5682] workingset_activate_anon 0 [ 183.737245][ T5682] workingset_activate_file 0 [ 183.737245][ T5682] workingset_restore_anon 0 [ 183.737245][ T5682] workingset_restore_file 0 [ 183.737245][ T5682] workingset_nodereclaim 0 [ 183.737245][ T5682] pgscan 831 [ 183.737245][ T5682] pgsteal 2 [ 183.737245][ T5682] pgscan_kswapd 0 [ 183.737245][ T5682] pgscan_direct 831 [ 183.737245][ T5682] pgscan_khugepaged 0 [ 183.737245][ T5682] pgsteal_kswapd 0 [ 183.737245][ T5682] pgsteal_direct 2 [ 183.737245][ T5682] pgsteal_khugepaged 0 [ 183.737245][ T5682] pgfault 21 [ 183.737245][ T5682] pgmajfault 0 [ 183.737245][ T5682] pgrefill 830 [ 183.737245][ T5682] pgactivate 829 [ 183.737245][ T5682] pgdeactivate 830 [pid 5090] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./31/file0") = 0 [pid 5090] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./31/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./31") = 0 [ 183.737245][ T5682] pglazyfree 0 [ 183.737245][ T5682] pglazyfreed 0 [ 183.737245][ T5682] zswpin 0 [ 183.737245][ T5682] zswpout 0 [ 183.737245][ T5682] thp_fault_alloc 0 [ 183.737245][ T5682] thp_collapse_alloc 0 [ 183.929174][ T5682] Tasks state (memory values in pages): [ 183.935160][ T5682] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 183.945065][ T5682] Out of memory and no killable processes... [pid 5090] mkdir("./32", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 34 ./strace-static-x86_64: Process 5686 attached [pid 5682] <... write resumed>) = 18 [pid 5686] chdir("./32") = 0 [pid 5686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5686] setpgid(0, 0) = 0 [pid 5686] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5686] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5686] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5686] write(3, "1000", 4) = 4 [ 183.951374][ T5683] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 183.962245][ T5683] CPU: 1 PID: 5683 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 183.972219][ T5683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 183.982327][ T5683] Call Trace: [ 183.985650][ T5683] [ 183.988628][ T5683] dump_stack_lvl+0x136/0x150 [ 183.993398][ T5683] dump_header+0x10a/0xd70 [ 183.997912][ T5683] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5686] close(3) = 0 [pid 5686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5686] mkdir("./file0", 000) = 0 [pid 5686] open("./file0", O_RDONLY) = 3 [pid 5682] close(3 [pid 5686] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5682] <... close resumed>) = 0 [pid 5686] <... mount resumed>) = 0 [pid 5682] close(4 [pid 5686] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5682] <... close resumed>) = 0 [pid 5686] <... openat resumed>) = 4 [pid 5682] close(5 [pid 5686] openat(4, "syz1", O_RDWR|O_PATH [pid 5682] <... close resumed>) = 0 [pid 5686] <... openat resumed>) = 5 [pid 5682] close(6 [pid 5686] openat(5, "memory.max", O_RDWR [pid 5682] <... close resumed>) = 0 [pid 5686] <... openat resumed>) = 6 [pid 5682] close(7 [pid 5686] write(6, "0x000000000000040e", 18 [pid 5682] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5682] close(8) = -1 EBADF (Bad file descriptor) [pid 5682] close(9) = -1 EBADF (Bad file descriptor) [ 184.004076][ T5683] out_of_memory+0xd64/0x1660 [ 184.008841][ T5683] ? oom_killer_disable+0x2b0/0x2b0 [ 184.014122][ T5683] mem_cgroup_out_of_memory+0x206/0x270 [ 184.019710][ T5683] ? mem_cgroup_margin+0x130/0x130 [ 184.024902][ T5683] memory_max_write+0x2f9/0x3c0 [ 184.029854][ T5683] ? mem_cgroup_force_empty_write+0x160/0x160 [ 184.036019][ T5683] ? lock_sync+0x190/0x190 [ 184.040520][ T5683] cgroup_file_write+0x1e2/0x7b0 [ 184.045534][ T5683] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5682] close(10) = -1 EBADF (Bad file descriptor) [pid 5682] close(11) = -1 EBADF (Bad file descriptor) [pid 5682] close(12) = -1 EBADF (Bad file descriptor) [pid 5682] close(13) = -1 EBADF (Bad file descriptor) [pid 5682] close(14) = -1 EBADF (Bad file descriptor) [pid 5682] close(15) = -1 EBADF (Bad file descriptor) [pid 5682] close(16) = -1 EBADF (Bad file descriptor) [pid 5682] close(17) = -1 EBADF (Bad file descriptor) [pid 5682] close(18) = -1 EBADF (Bad file descriptor) [pid 5682] close(19) = -1 EBADF (Bad file descriptor) [pid 5682] close(20) = -1 EBADF (Bad file descriptor) [pid 5682] close(21) = -1 EBADF (Bad file descriptor) [pid 5682] close(22) = -1 EBADF (Bad file descriptor) [pid 5682] close(23) = -1 EBADF (Bad file descriptor) [pid 5682] close(24) = -1 EBADF (Bad file descriptor) [ 184.051691][ T5683] ? kill_css+0x3b0/0x3b0 [ 184.056113][ T5683] ? lock_acquire+0x32/0xc0 [ 184.060705][ T5683] ? kill_css+0x3b0/0x3b0 [ 184.065123][ T5683] kernfs_fop_write_iter+0x3f1/0x600 [ 184.070504][ T5683] vfs_write+0x9ed/0xe10 [ 184.074858][ T5683] ? kernel_write+0x670/0x670 [ 184.079621][ T5683] ? find_held_lock+0x2d/0x110 [ 184.084465][ T5683] ? __fget_light+0x20a/0x270 [ 184.089228][ T5683] ksys_write+0x12b/0x250 [ 184.093641][ T5683] ? __ia32_sys_read+0xb0/0xb0 [ 184.098482][ T5683] ? lockdep_hardirqs_on+0x7d/0x100 [pid 5682] close(25) = -1 EBADF (Bad file descriptor) [pid 5682] close(26) = -1 EBADF (Bad file descriptor) [pid 5682] close(27) = -1 EBADF (Bad file descriptor) [pid 5682] close(28) = -1 EBADF (Bad file descriptor) [pid 5682] close(29) = -1 EBADF (Bad file descriptor) [pid 5682] exit_group(0) = ? [pid 5682] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./28/binderfs") = 0 [pid 5086] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 184.103746][ T5683] ? _raw_spin_unlock_irq+0x2e/0x50 [ 184.109026][ T5683] ? ptrace_notify+0xfe/0x140 [ 184.113782][ T5683] do_syscall_64+0x39/0xb0 [ 184.118282][ T5683] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 184.124247][ T5683] RIP: 0033:0x7faecf034129 [ 184.128706][ T5683] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5086] unlink("./28/cgroup") = 0 [pid 5086] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./28/cgroup.net") = 0 [pid 5086] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 184.148375][ T5683] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 184.156864][ T5683] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 184.164896][ T5683] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 184.172939][ T5683] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 184.180959][ T5683] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 184.188986][ T5683] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001f [ 184.197021][ T5683] [pid 5086] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./28/file0") = 0 [pid 5086] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./28/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [ 184.210245][ T5683] memory: usage 8kB, limit 0kB, failcnt 36 [ 184.216372][ T5683] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 184.224815][ T5683] Memory cgroup stats for /syz1: [ 184.225100][ T5683] anon 0 [ 184.225100][ T5683] file 0 [ 184.225100][ T5683] kernel 8192 [ 184.225100][ T5683] kernel_stack 0 [ 184.225100][ T5683] pagetables 0 [ 184.225100][ T5683] sec_pagetables 0 [ 184.225100][ T5683] percpu 0 [ 184.225100][ T5683] sock 0 [ 184.225100][ T5683] vmalloc 0 [ 184.225100][ T5683] shmem 0 [pid 5086] rmdir("./28") = 0 [pid 5086] mkdir("./29", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 31 ./strace-static-x86_64: Process 5687 attached [pid 5687] chdir("./29") = 0 [pid 5687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5687] setpgid(0, 0) = 0 [ 184.225100][ T5683] zswap 0 [ 184.225100][ T5683] zswapped 0 [ 184.225100][ T5683] file_mapped 0 [ 184.225100][ T5683] file_dirty 0 [ 184.225100][ T5683] file_writeback 0 [ 184.225100][ T5683] swapcached 0 [ 184.225100][ T5683] anon_thp 0 [ 184.225100][ T5683] file_thp 0 [ 184.225100][ T5683] shmem_thp 0 [ 184.225100][ T5683] inactive_anon 0 [ 184.225100][ T5683] active_anon 0 [ 184.225100][ T5683] inactive_file 0 [ 184.225100][ T5683] active_file 0 [ 184.225100][ T5683] unevictable 0 [ 184.225100][ T5683] slab_reclaimable 6752 [pid 5687] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5687] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5687] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5687] write(3, "1000", 4) = 4 [pid 5687] close(3) = 0 [pid 5687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5687] mkdir("./file0", 000) = 0 [pid 5687] open("./file0", O_RDONLY) = 3 [pid 5687] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5687] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5687] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5687] openat(5, "memory.max", O_RDWR) = 6 [ 184.225100][ T5683] slab_unreclaimable 0 [ 184.225100][ T5683] slab 6752 [ 184.225100][ T5683] workingset_refault_anon 0 [ 184.225100][ T5683] workingset_refault_file 0 [ 184.225100][ T5683] workingset_activate_anon 0 [ 184.225100][ T5683] workingset_activate_file 0 [ 184.225100][ T5683] workingset_restore_anon 0 [ 184.225100][ T5683] workingset_restore_file 0 [ 184.225100][ T5683] workingset_nodereclaim 0 [ 184.225100][ T5683] pgscan 831 [ 184.225100][ T5683] pgsteal 2 [ 184.225100][ T5683] pgscan_kswapd 0 [ 184.225100][ T5683] pgscan_direct 831 [ 184.225100][ T5683] pgscan_khugepaged 0 [ 184.225100][ T5683] pgsteal_kswapd 0 [ 184.225100][ T5683] pgsteal_direct 2 [ 184.225100][ T5683] pgsteal_khugepaged 0 [ 184.225100][ T5683] pgfault 21 [ 184.225100][ T5683] pgmajfault 0 [ 184.225100][ T5683] pgrefill 830 [ 184.225100][ T5683] pgactivate 829 [ 184.225100][ T5683] pgdeactivate 830 [ 184.225100][ T5683] pglazyfree 0 [ 184.225100][ T5683] pglazyfreed 0 [ 184.225100][ T5683] zswpin 0 [ 184.225100][ T5683] zswpout 0 [ 184.225100][ T5683] thp_fault_alloc 0 [ 184.225100][ T5683] thp_collapse_alloc 0 [pid 5687] write(6, "0x000000000000040e", 18 [pid 5683] <... write resumed>) = 18 [pid 5683] close(3) = 0 [pid 5683] close(4) = 0 [pid 5683] close(5) = 0 [pid 5683] close(6) = 0 [pid 5683] close(7) = -1 EBADF (Bad file descriptor) [pid 5683] close(8) = -1 EBADF (Bad file descriptor) [pid 5683] close(9) = -1 EBADF (Bad file descriptor) [pid 5683] close(10) = -1 EBADF (Bad file descriptor) [pid 5683] close(11) = -1 EBADF (Bad file descriptor) [ 184.412404][ T5683] Tasks state (memory values in pages): [ 184.418333][ T5683] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 184.430174][ T5683] Out of memory and no killable processes... [ 184.438525][ T5684] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5683] close(12) = -1 EBADF (Bad file descriptor) [pid 5683] close(13) = -1 EBADF (Bad file descriptor) [pid 5683] close(14) = -1 EBADF (Bad file descriptor) [pid 5683] close(15) = -1 EBADF (Bad file descriptor) [pid 5683] close(16) = -1 EBADF (Bad file descriptor) [pid 5683] close(17) = -1 EBADF (Bad file descriptor) [pid 5683] close(18) = -1 EBADF (Bad file descriptor) [pid 5683] close(19) = -1 EBADF (Bad file descriptor) [pid 5683] close(20) = -1 EBADF (Bad file descriptor) [pid 5683] close(21) = -1 EBADF (Bad file descriptor) [pid 5683] close(22) = -1 EBADF (Bad file descriptor) [pid 5683] close(23) = -1 EBADF (Bad file descriptor) [pid 5683] close(24) = -1 EBADF (Bad file descriptor) [pid 5683] close(25) = -1 EBADF (Bad file descriptor) [pid 5683] close(26) = -1 EBADF (Bad file descriptor) [pid 5683] close(27) = -1 EBADF (Bad file descriptor) [pid 5683] close(28) = -1 EBADF (Bad file descriptor) [pid 5683] close(29) = -1 EBADF (Bad file descriptor) [pid 5683] exit_group(0) = ? [pid 5683] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [ 184.456869][ T5684] CPU: 1 PID: 5684 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 184.466846][ T5684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 184.476960][ T5684] Call Trace: [ 184.480290][ T5684] [ 184.483267][ T5684] dump_stack_lvl+0x136/0x150 [ 184.488019][ T5684] dump_header+0x10a/0xd70 [ 184.492508][ T5684] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 184.498678][ T5684] out_of_memory+0xd64/0x1660 [ 184.503454][ T5684] ? oom_killer_disable+0x2b0/0x2b0 [pid 5089] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./31/binderfs") = 0 [pid 5089] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./31/cgroup") = 0 [pid 5089] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./31/cgroup.net") = 0 [ 184.508732][ T5684] ? find_held_lock+0x2d/0x110 [ 184.513585][ T5684] mem_cgroup_out_of_memory+0x206/0x270 [ 184.519199][ T5684] ? mem_cgroup_margin+0x130/0x130 [ 184.524387][ T5684] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 184.530277][ T5684] memory_max_write+0x2f9/0x3c0 [ 184.535215][ T5684] ? mem_cgroup_force_empty_write+0x160/0x160 [ 184.541369][ T5684] ? lock_sync+0x190/0x190 [ 184.545859][ T5684] cgroup_file_write+0x1e2/0x7b0 [ 184.550876][ T5684] ? mem_cgroup_force_empty_write+0x160/0x160 [ 184.557022][ T5684] ? kill_css+0x3b0/0x3b0 [ 184.561419][ T5684] ? lock_acquire+0x32/0xc0 [ 184.565982][ T5684] ? kill_css+0x3b0/0x3b0 [ 184.570386][ T5684] kernfs_fop_write_iter+0x3f1/0x600 [ 184.575756][ T5684] vfs_write+0x9ed/0xe10 [ 184.580085][ T5684] ? kernel_write+0x670/0x670 [ 184.584828][ T5684] ? find_held_lock+0x2d/0x110 [ 184.589649][ T5684] ? __fget_light+0x20a/0x270 [ 184.594411][ T5684] ksys_write+0x12b/0x250 [ 184.598803][ T5684] ? __ia32_sys_read+0xb0/0xb0 [ 184.603618][ T5684] ? lockdep_hardirqs_on+0x7d/0x100 [ 184.608885][ T5684] ? _raw_spin_unlock_irq+0x2e/0x50 [ 184.614169][ T5684] ? ptrace_notify+0xfe/0x140 [ 184.618913][ T5684] do_syscall_64+0x39/0xb0 [ 184.623406][ T5684] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 184.629374][ T5684] RIP: 0033:0x7faecf034129 [ 184.633836][ T5684] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 184.653512][ T5684] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5089] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [ 184.662004][ T5684] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 184.670035][ T5684] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 184.678043][ T5684] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 184.686080][ T5684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 184.694126][ T5684] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001e [ 184.702208][ T5684] [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./31/file0") = 0 [pid 5089] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./31/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./31") = 0 [pid 5089] mkdir("./32", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 34 [ 184.725076][ T5684] memory: usage 8kB, limit 0kB, failcnt 36 [ 184.730973][ T5684] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 184.738607][ T5684] Memory cgroup stats for /syz1: [ 184.738920][ T5684] anon 0 [ 184.738920][ T5684] file 0 [ 184.738920][ T5684] kernel 8192 [ 184.738920][ T5684] kernel_stack 0 [ 184.738920][ T5684] pagetables 0 [ 184.738920][ T5684] sec_pagetables 0 [ 184.738920][ T5684] percpu 0 [ 184.738920][ T5684] sock 0 [ 184.738920][ T5684] vmalloc 0 [ 184.738920][ T5684] shmem 0 ./strace-static-x86_64: Process 5688 attached [pid 5688] chdir("./32") = 0 [pid 5688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5688] setpgid(0, 0) = 0 [pid 5688] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [ 184.738920][ T5684] zswap 0 [ 184.738920][ T5684] zswapped 0 [ 184.738920][ T5684] file_mapped 0 [ 184.738920][ T5684] file_dirty 0 [ 184.738920][ T5684] file_writeback 0 [ 184.738920][ T5684] swapcached 0 [ 184.738920][ T5684] anon_thp 0 [ 184.738920][ T5684] file_thp 0 [ 184.738920][ T5684] shmem_thp 0 [ 184.738920][ T5684] inactive_anon 0 [ 184.738920][ T5684] active_anon 0 [ 184.738920][ T5684] inactive_file 0 [ 184.738920][ T5684] active_file 0 [ 184.738920][ T5684] unevictable 0 [ 184.738920][ T5684] slab_reclaimable 6752 [pid 5688] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5688] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5688] write(3, "1000", 4) = 4 [pid 5688] close(3) = 0 [pid 5688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5688] mkdir("./file0", 000) = 0 [pid 5688] open("./file0", O_RDONLY) = 3 [pid 5688] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5688] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 184.738920][ T5684] slab_unreclaimable 0 [ 184.738920][ T5684] slab 6752 [ 184.738920][ T5684] workingset_refault_anon 0 [ 184.738920][ T5684] workingset_refault_file 0 [ 184.738920][ T5684] workingset_activate_anon 0 [ 184.738920][ T5684] workingset_activate_file 0 [ 184.738920][ T5684] workingset_restore_anon 0 [ 184.738920][ T5684] workingset_restore_file 0 [ 184.738920][ T5684] workingset_nodereclaim 0 [ 184.738920][ T5684] pgscan 831 [ 184.738920][ T5684] pgsteal 2 [ 184.738920][ T5684] pgscan_kswapd 0 [ 184.738920][ T5684] pgscan_direct 831 [pid 5688] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5688] openat(5, "memory.max", O_RDWR) = 6 [ 184.738920][ T5684] pgscan_khugepaged 0 [ 184.738920][ T5684] pgsteal_kswapd 0 [ 184.738920][ T5684] pgsteal_direct 2 [ 184.738920][ T5684] pgsteal_khugepaged 0 [ 184.738920][ T5684] pgfault 21 [ 184.738920][ T5684] pgmajfault 0 [ 184.738920][ T5684] pgrefill 830 [ 184.738920][ T5684] pgactivate 829 [ 184.738920][ T5684] pgdeactivate 830 [ 184.738920][ T5684] pglazyfree 0 [ 184.738920][ T5684] pglazyfreed 0 [ 184.738920][ T5684] zswpin 0 [ 184.738920][ T5684] zswpout 0 [ 184.738920][ T5684] thp_fault_alloc 0 [ 184.738920][ T5684] thp_collapse_alloc 0 [pid 5688] write(6, "0x000000000000040e", 18 [pid 5684] <... write resumed>) = 18 [pid 5684] close(3) = 0 [pid 5684] close(4) = 0 [pid 5684] close(5) = 0 [pid 5684] close(6) = 0 [pid 5684] close(7) = -1 EBADF (Bad file descriptor) [ 184.947274][ T5684] Tasks state (memory values in pages): [ 184.954862][ T5684] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 184.967134][ T5684] Out of memory and no killable processes... [ 184.973760][ T5685] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5684] close(8) = -1 EBADF (Bad file descriptor) [pid 5684] close(9) = -1 EBADF (Bad file descriptor) [pid 5684] close(10) = -1 EBADF (Bad file descriptor) [pid 5684] close(11) = -1 EBADF (Bad file descriptor) [pid 5684] close(12) = -1 EBADF (Bad file descriptor) [pid 5684] close(13) = -1 EBADF (Bad file descriptor) [pid 5684] close(14) = -1 EBADF (Bad file descriptor) [pid 5684] close(15) = -1 EBADF (Bad file descriptor) [pid 5684] close(16) = -1 EBADF (Bad file descriptor) [pid 5684] close(17) = -1 EBADF (Bad file descriptor) [pid 5684] close(18) = -1 EBADF (Bad file descriptor) [pid 5684] close(19) = -1 EBADF (Bad file descriptor) [pid 5684] close(20) = -1 EBADF (Bad file descriptor) [pid 5684] close(21) = -1 EBADF (Bad file descriptor) [pid 5684] close(22) = -1 EBADF (Bad file descriptor) [pid 5684] close(23) = -1 EBADF (Bad file descriptor) [pid 5684] close(24) = -1 EBADF (Bad file descriptor) [pid 5684] close(25) = -1 EBADF (Bad file descriptor) [pid 5684] close(26) = -1 EBADF (Bad file descriptor) [pid 5684] close(27) = -1 EBADF (Bad file descriptor) [pid 5684] close(28) = -1 EBADF (Bad file descriptor) [ 184.991495][ T5685] CPU: 1 PID: 5685 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 185.001489][ T5685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 185.011612][ T5685] Call Trace: [ 185.014952][ T5685] [ 185.017934][ T5685] dump_stack_lvl+0x136/0x150 [ 185.022695][ T5685] dump_header+0x10a/0xd70 [ 185.027193][ T5685] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 185.033366][ T5685] out_of_memory+0xd64/0x1660 [ 185.038154][ T5685] ? oom_killer_disable+0x2b0/0x2b0 [pid 5684] close(29) = -1 EBADF (Bad file descriptor) [pid 5684] exit_group(0) = ? [pid 5684] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./30/binderfs") = 0 [pid 5087] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./30/cgroup") = 0 [pid 5087] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./30/cgroup.net") = 0 [ 185.043449][ T5685] ? find_held_lock+0x2d/0x110 [ 185.048299][ T5685] mem_cgroup_out_of_memory+0x206/0x270 [ 185.053948][ T5685] ? mem_cgroup_margin+0x130/0x130 [ 185.059172][ T5685] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 185.065092][ T5685] memory_max_write+0x2f9/0x3c0 [ 185.070037][ T5685] ? mem_cgroup_force_empty_write+0x160/0x160 [ 185.076199][ T5685] ? lock_sync+0x190/0x190 [ 185.080692][ T5685] cgroup_file_write+0x1e2/0x7b0 [ 185.085718][ T5685] ? mem_cgroup_force_empty_write+0x160/0x160 [ 185.091873][ T5685] ? kill_css+0x3b0/0x3b0 [ 185.096271][ T5685] ? lock_acquire+0x32/0xc0 [ 185.100827][ T5685] ? kill_css+0x3b0/0x3b0 [ 185.105207][ T5685] kernfs_fop_write_iter+0x3f1/0x600 [ 185.110554][ T5685] vfs_write+0x9ed/0xe10 [ 185.114847][ T5685] ? kernel_write+0x670/0x670 [ 185.119584][ T5685] ? find_held_lock+0x2d/0x110 [ 185.124391][ T5685] ? __fget_light+0x20a/0x270 [ 185.129118][ T5685] ksys_write+0x12b/0x250 [ 185.133500][ T5685] ? __ia32_sys_read+0xb0/0xb0 [ 185.138317][ T5685] ? lockdep_hardirqs_on+0x7d/0x100 [ 185.143556][ T5685] ? _raw_spin_unlock_irq+0x2e/0x50 [ 185.148790][ T5685] ? ptrace_notify+0xfe/0x140 [ 185.153508][ T5685] do_syscall_64+0x39/0xb0 [ 185.157976][ T5685] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 185.163928][ T5685] RIP: 0033:0x7faecf034129 [ 185.168371][ T5685] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 185.188010][ T5685] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 185.196461][ T5685] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 185.204458][ T5685] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 185.212458][ T5685] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 185.220455][ T5685] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 185.228475][ T5685] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001c [ 185.236523][ T5685] [ 185.241244][ T5685] memory: usage 8kB, limit 0kB, failcnt 36 [ 185.247262][ T5685] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 185.254879][ T5685] Memory cgroup stats for /syz1: [ 185.255165][ T5685] anon 0 [ 185.255165][ T5685] file 0 [ 185.255165][ T5685] kernel 8192 [ 185.255165][ T5685] kernel_stack 0 [ 185.255165][ T5685] pagetables 0 [ 185.255165][ T5685] sec_pagetables 0 [ 185.255165][ T5685] percpu 0 [ 185.255165][ T5685] sock 0 [ 185.255165][ T5685] vmalloc 0 [ 185.255165][ T5685] shmem 0 [ 185.255165][ T5685] zswap 0 [ 185.255165][ T5685] zswapped 0 [ 185.255165][ T5685] file_mapped 0 [ 185.255165][ T5685] file_dirty 0 [ 185.255165][ T5685] file_writeback 0 [ 185.255165][ T5685] swapcached 0 [ 185.255165][ T5685] anon_thp 0 [ 185.255165][ T5685] file_thp 0 [ 185.255165][ T5685] shmem_thp 0 [ 185.255165][ T5685] inactive_anon 0 [ 185.255165][ T5685] active_anon 0 [ 185.255165][ T5685] inactive_file 0 [ 185.255165][ T5685] active_file 0 [ 185.255165][ T5685] unevictable 0 [ 185.255165][ T5685] slab_reclaimable 6752 [ 185.255165][ T5685] slab_unreclaimable 0 [ 185.255165][ T5685] slab 6752 [ 185.255165][ T5685] workingset_refault_anon 0 [ 185.255165][ T5685] workingset_refault_file 0 [ 185.255165][ T5685] workingset_activate_anon 0 [ 185.255165][ T5685] workingset_activate_file 0 [ 185.255165][ T5685] workingset_restore_anon 0 [ 185.255165][ T5685] workingset_restore_file 0 [ 185.255165][ T5685] workingset_nodereclaim 0 [ 185.255165][ T5685] pgscan 831 [ 185.255165][ T5685] pgsteal 2 [ 185.255165][ T5685] pgscan_kswapd 0 [ 185.255165][ T5685] pgscan_direct 831 [ 185.255165][ T5685] pgscan_khugepaged 0 [ 185.255165][ T5685] pgsteal_kswapd 0 [pid 5087] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 185.255165][ T5685] pgsteal_direct 2 [ 185.255165][ T5685] pgsteal_khugepaged 0 [ 185.255165][ T5685] pgfault 21 [ 185.255165][ T5685] pgmajfault 0 [ 185.255165][ T5685] pgrefill 830 [ 185.255165][ T5685] pgactivate 829 [ 185.255165][ T5685] pgdeactivate 830 [ 185.255165][ T5685] pglazyfree 0 [ 185.255165][ T5685] pglazyfreed 0 [ 185.255165][ T5685] zswpin 0 [ 185.255165][ T5685] zswpout 0 [ 185.255165][ T5685] thp_fault_alloc 0 [ 185.255165][ T5685] thp_collapse_alloc 0 [ 185.444163][ T5685] Tasks state (memory values in pages): [pid 5087] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./30/file0") = 0 [pid 5087] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./30/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./30") = 0 [pid 5087] mkdir("./31", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 33 ./strace-static-x86_64: Process 5689 attached [pid 5689] chdir("./31" [pid 5685] <... write resumed>) = 18 [ 185.452827][ T5685] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 185.463587][ T5685] Out of memory and no killable processes... [ 185.470525][ T5686] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 185.482605][ T5686] CPU: 0 PID: 5686 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 185.492579][ T5686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 185.502694][ T5686] Call Trace: [ 185.506017][ T5686] [ 185.508988][ T5686] dump_stack_lvl+0x136/0x150 [ 185.513738][ T5686] dump_header+0x10a/0xd70 [ 185.518219][ T5686] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 185.524370][ T5686] out_of_memory+0xd64/0x1660 [ 185.529124][ T5686] ? oom_killer_disable+0x2b0/0x2b0 [ 185.534407][ T5686] mem_cgroup_out_of_memory+0x206/0x270 [ 185.540036][ T5686] ? mem_cgroup_margin+0x130/0x130 [ 185.545251][ T5686] memory_max_write+0x2f9/0x3c0 [pid 5689] <... chdir resumed>) = 0 [pid 5689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5689] setpgid(0, 0) = 0 [pid 5689] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5689] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5689] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 185.550207][ T5686] ? mem_cgroup_force_empty_write+0x160/0x160 [ 185.556366][ T5686] ? lock_sync+0x190/0x190 [ 185.560860][ T5686] cgroup_file_write+0x1e2/0x7b0 [ 185.565879][ T5686] ? mem_cgroup_force_empty_write+0x160/0x160 [ 185.572032][ T5686] ? kill_css+0x3b0/0x3b0 [ 185.576439][ T5686] ? lock_acquire+0x32/0xc0 [ 185.581029][ T5686] ? kill_css+0x3b0/0x3b0 [ 185.585441][ T5686] kernfs_fop_write_iter+0x3f1/0x600 [ 185.590820][ T5686] vfs_write+0x9ed/0xe10 [ 185.595155][ T5686] ? kernel_write+0x670/0x670 [pid 5689] write(3, "1000", 4) = 4 [pid 5689] close(3) = 0 [pid 5689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5689] mkdir("./file0", 000) = 0 [pid 5689] open("./file0", O_RDONLY) = 3 [pid 5689] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5689] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5689] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5689] openat(5, "memory.max", O_RDWR) = 6 [ 185.599928][ T5686] ? find_held_lock+0x2d/0x110 [ 185.604778][ T5686] ? __fget_light+0x20a/0x270 [ 185.609544][ T5686] ksys_write+0x12b/0x250 [ 185.613962][ T5686] ? __ia32_sys_read+0xb0/0xb0 [ 185.618819][ T5686] ? lockdep_hardirqs_on+0x7d/0x100 [ 185.624094][ T5686] ? _raw_spin_unlock_irq+0x2e/0x50 [ 185.629380][ T5686] ? ptrace_notify+0xfe/0x140 [ 185.634131][ T5686] do_syscall_64+0x39/0xb0 [ 185.638625][ T5686] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 185.644588][ T5686] RIP: 0033:0x7faecf034129 [ 185.649155][ T5686] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 185.668833][ T5686] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 185.677313][ T5686] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 185.685339][ T5686] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 185.693365][ T5686] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5689] write(6, "0x000000000000040e", 18 [pid 5685] close(3) = 0 [pid 5685] close(4) = 0 [pid 5685] close(5) = 0 [pid 5685] close(6) = 0 [pid 5685] close(7) = -1 EBADF (Bad file descriptor) [pid 5685] close(8) = -1 EBADF (Bad file descriptor) [pid 5685] close(9) = -1 EBADF (Bad file descriptor) [pid 5685] close(10) = -1 EBADF (Bad file descriptor) [pid 5685] close(11) = -1 EBADF (Bad file descriptor) [pid 5685] close(12) = -1 EBADF (Bad file descriptor) [pid 5685] close(13) = -1 EBADF (Bad file descriptor) [pid 5685] close(14) = -1 EBADF (Bad file descriptor) [ 185.701391][ T5686] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 185.709416][ T5686] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000020 [ 185.717473][ T5686] [ 185.743472][ T5686] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5685] close(15) = -1 EBADF (Bad file descriptor) [pid 5685] close(16) = -1 EBADF (Bad file descriptor) [pid 5685] close(17) = -1 EBADF (Bad file descriptor) [pid 5685] close(18) = -1 EBADF (Bad file descriptor) [pid 5685] close(19) = -1 EBADF (Bad file descriptor) [pid 5685] close(20) = -1 EBADF (Bad file descriptor) [pid 5685] close(21) = -1 EBADF (Bad file descriptor) [pid 5685] close(22) = -1 EBADF (Bad file descriptor) [pid 5685] close(23) = -1 EBADF (Bad file descriptor) [pid 5685] close(24) = -1 EBADF (Bad file descriptor) [pid 5685] close(25) = -1 EBADF (Bad file descriptor) [pid 5685] close(26) = -1 EBADF (Bad file descriptor) [pid 5685] close(27) = -1 EBADF (Bad file descriptor) [pid 5685] close(28) = -1 EBADF (Bad file descriptor) [pid 5685] close(29) = -1 EBADF (Bad file descriptor) [pid 5685] exit_group(0) = ? [pid 5685] +++ exited with 0 +++ [ 185.749360][ T5686] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 185.757354][ T5686] Memory cgroup stats for /syz1: [ 185.757643][ T5686] anon 0 [ 185.757643][ T5686] file 0 [ 185.757643][ T5686] kernel 8192 [ 185.757643][ T5686] kernel_stack 0 [ 185.757643][ T5686] pagetables 0 [ 185.757643][ T5686] sec_pagetables 0 [ 185.757643][ T5686] percpu 0 [ 185.757643][ T5686] sock 0 [ 185.757643][ T5686] vmalloc 0 [ 185.757643][ T5686] shmem 0 [ 185.757643][ T5686] zswap 0 [ 185.757643][ T5686] zswapped 0 [ 185.757643][ T5686] file_mapped 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5085] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./28/binderfs") = 0 [pid 5085] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./28/cgroup") = 0 [pid 5085] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./28/cgroup.net") = 0 [ 185.757643][ T5686] file_dirty 0 [ 185.757643][ T5686] file_writeback 0 [ 185.757643][ T5686] swapcached 0 [ 185.757643][ T5686] anon_thp 0 [ 185.757643][ T5686] file_thp 0 [ 185.757643][ T5686] shmem_thp 0 [ 185.757643][ T5686] inactive_anon 0 [ 185.757643][ T5686] active_anon 0 [ 185.757643][ T5686] inactive_file 0 [ 185.757643][ T5686] active_file 0 [ 185.757643][ T5686] unevictable 0 [ 185.757643][ T5686] slab_reclaimable 6752 [ 185.757643][ T5686] slab_unreclaimable 0 [ 185.757643][ T5686] slab 6752 [ 185.757643][ T5686] workingset_refault_anon 0 [ 185.757643][ T5686] workingset_refault_file 0 [ 185.757643][ T5686] workingset_activate_anon 0 [ 185.757643][ T5686] workingset_activate_file 0 [ 185.757643][ T5686] workingset_restore_anon 0 [ 185.757643][ T5686] workingset_restore_file 0 [ 185.757643][ T5686] workingset_nodereclaim 0 [ 185.757643][ T5686] pgscan 831 [ 185.757643][ T5686] pgsteal 2 [ 185.757643][ T5686] pgscan_kswapd 0 [ 185.757643][ T5686] pgscan_direct 831 [ 185.757643][ T5686] pgscan_khugepaged 0 [ 185.757643][ T5686] pgsteal_kswapd 0 [ 185.757643][ T5686] pgsteal_direct 2 [pid 5085] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 185.757643][ T5686] pgsteal_khugepaged 0 [ 185.757643][ T5686] pgfault 21 [ 185.757643][ T5686] pgmajfault 0 [ 185.757643][ T5686] pgrefill 830 [ 185.757643][ T5686] pgactivate 829 [ 185.757643][ T5686] pgdeactivate 830 [ 185.757643][ T5686] pglazyfree 0 [ 185.757643][ T5686] pglazyfreed 0 [ 185.757643][ T5686] zswpin 0 [ 185.757643][ T5686] zswpout 0 [ 185.757643][ T5686] thp_fault_alloc 0 [ 185.757643][ T5686] thp_collapse_alloc 0 [pid 5085] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./28/file0") = 0 [pid 5085] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./28/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./28" [pid 5686] <... write resumed>) = 18 [pid 5085] <... rmdir resumed>) = 0 [pid 5085] mkdir("./29", 0777) = 0 [pid 5686] close(3 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5690 attached [pid 5690] chdir("./29" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 31 [ 185.950781][ T5686] Tasks state (memory values in pages): [ 185.957143][ T5686] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 185.967919][ T5686] Out of memory and no killable processes... [ 185.974932][ T5687] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5690] <... chdir resumed>) = 0 [pid 5690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5690] setpgid(0, 0) = 0 [pid 5690] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5690] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5690] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5690] write(3, "1000", 4) = 4 [pid 5690] close(3) = 0 [pid 5690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5690] mkdir("./file0", 000) = 0 [pid 5690] open("./file0", O_RDONLY) = 3 [pid 5690] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5690] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5690] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5690] openat(5, "memory.max", O_RDWR) = 6 [pid 5690] write(6, "0x000000000000040e", 18 [pid 5686] <... close resumed>) = 0 [pid 5686] close(4) = 0 [ 185.996434][ T5687] CPU: 0 PID: 5687 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 186.006432][ T5687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 186.016552][ T5687] Call Trace: [ 186.019879][ T5687] [ 186.022947][ T5687] dump_stack_lvl+0x136/0x150 [ 186.027704][ T5687] dump_header+0x10a/0xd70 [ 186.032195][ T5687] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 186.038389][ T5687] out_of_memory+0xd64/0x1660 [ 186.043154][ T5687] ? oom_killer_disable+0x2b0/0x2b0 [ 186.048438][ T5687] mem_cgroup_out_of_memory+0x206/0x270 [pid 5686] close(5) = 0 [pid 5686] close(6) = 0 [pid 5686] close(7) = -1 EBADF (Bad file descriptor) [pid 5686] close(8) = -1 EBADF (Bad file descriptor) [pid 5686] close(9) = -1 EBADF (Bad file descriptor) [pid 5686] close(10) = -1 EBADF (Bad file descriptor) [pid 5686] close(11) = -1 EBADF (Bad file descriptor) [pid 5686] close(12) = -1 EBADF (Bad file descriptor) [pid 5686] close(13) = -1 EBADF (Bad file descriptor) [pid 5686] close(14) = -1 EBADF (Bad file descriptor) [pid 5686] close(15) = -1 EBADF (Bad file descriptor) [pid 5686] close(16) = -1 EBADF (Bad file descriptor) [pid 5686] close(17) = -1 EBADF (Bad file descriptor) [pid 5686] close(18) = -1 EBADF (Bad file descriptor) [pid 5686] close(19) = -1 EBADF (Bad file descriptor) [pid 5686] close(20) = -1 EBADF (Bad file descriptor) [ 186.054069][ T5687] ? mem_cgroup_margin+0x130/0x130 [ 186.059312][ T5687] memory_max_write+0x2f9/0x3c0 [ 186.064290][ T5687] ? mem_cgroup_force_empty_write+0x160/0x160 [ 186.070459][ T5687] ? lock_sync+0x190/0x190 [ 186.074959][ T5687] cgroup_file_write+0x1e2/0x7b0 [ 186.080005][ T5687] ? mem_cgroup_force_empty_write+0x160/0x160 [ 186.086169][ T5687] ? kill_css+0x3b0/0x3b0 [ 186.090661][ T5687] ? lock_acquire+0x32/0xc0 [ 186.095254][ T5687] ? kill_css+0x3b0/0x3b0 [ 186.099682][ T5687] kernfs_fop_write_iter+0x3f1/0x600 [pid 5686] close(21) = -1 EBADF (Bad file descriptor) [pid 5686] close(22) = -1 EBADF (Bad file descriptor) [pid 5686] close(23) = -1 EBADF (Bad file descriptor) [pid 5686] close(24) = -1 EBADF (Bad file descriptor) [pid 5686] close(25) = -1 EBADF (Bad file descriptor) [pid 5686] close(26) = -1 EBADF (Bad file descriptor) [pid 5686] close(27) = -1 EBADF (Bad file descriptor) [pid 5686] close(28) = -1 EBADF (Bad file descriptor) [pid 5686] close(29) = -1 EBADF (Bad file descriptor) [ 186.105060][ T5687] vfs_write+0x9ed/0xe10 [ 186.109424][ T5687] ? kernel_write+0x670/0x670 [ 186.114202][ T5687] ? find_held_lock+0x2d/0x110 [ 186.119092][ T5687] ? __fget_light+0x20a/0x270 [ 186.123862][ T5687] ksys_write+0x12b/0x250 [ 186.128276][ T5687] ? __ia32_sys_read+0xb0/0xb0 [ 186.133122][ T5687] ? lockdep_hardirqs_on+0x7d/0x100 [ 186.138385][ T5687] ? _raw_spin_unlock_irq+0x2e/0x50 [ 186.143633][ T5687] ? ptrace_notify+0xfe/0x140 [ 186.148382][ T5687] do_syscall_64+0x39/0xb0 [ 186.152857][ T5687] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 186.158797][ T5687] RIP: 0033:0x7faecf034129 [ 186.163264][ T5687] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 186.182902][ T5687] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 186.191390][ T5687] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5686] exit_group(0) = ? [pid 5686] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5090] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./32/binderfs") = 0 [pid 5090] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./32/cgroup") = 0 [pid 5090] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./32/cgroup.net") = 0 [pid 5090] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 186.199428][ T5687] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 186.207431][ T5687] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 186.215542][ T5687] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 186.223535][ T5687] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001d [ 186.231569][ T5687] [ 186.246019][ T5687] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5090] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./32/file0") = 0 [pid 5090] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./32/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./32") = 0 [pid 5090] mkdir("./33", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5691 attached [pid 5691] chdir("./33" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 35 [pid 5691] <... chdir resumed>) = 0 [pid 5691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5691] setpgid(0, 0) = 0 [ 186.254866][ T5687] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 186.263394][ T5687] Memory cgroup stats for /syz1: [ 186.263852][ T5687] anon 0 [ 186.263852][ T5687] file 0 [ 186.263852][ T5687] kernel 8192 [ 186.263852][ T5687] kernel_stack 0 [ 186.263852][ T5687] pagetables 0 [ 186.263852][ T5687] sec_pagetables 0 [ 186.263852][ T5687] percpu 0 [ 186.263852][ T5687] sock 0 [ 186.263852][ T5687] vmalloc 0 [ 186.263852][ T5687] shmem 0 [ 186.263852][ T5687] zswap 0 [ 186.263852][ T5687] zswapped 0 [pid 5691] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5691] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5691] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5691] write(3, "1000", 4) = 4 [pid 5691] close(3) = 0 [pid 5691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5691] mkdir("./file0", 000) = 0 [pid 5691] open("./file0", O_RDONLY) = 3 [pid 5691] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5691] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5691] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5691] openat(5, "memory.max", O_RDWR) = 6 [ 186.263852][ T5687] file_mapped 0 [ 186.263852][ T5687] file_dirty 0 [ 186.263852][ T5687] file_writeback 0 [ 186.263852][ T5687] swapcached 0 [ 186.263852][ T5687] anon_thp 0 [ 186.263852][ T5687] file_thp 0 [ 186.263852][ T5687] shmem_thp 0 [ 186.263852][ T5687] inactive_anon 0 [ 186.263852][ T5687] active_anon 0 [ 186.263852][ T5687] inactive_file 0 [ 186.263852][ T5687] active_file 0 [ 186.263852][ T5687] unevictable 0 [ 186.263852][ T5687] slab_reclaimable 6752 [ 186.263852][ T5687] slab_unreclaimable 0 [ 186.263852][ T5687] slab 6752 [ 186.263852][ T5687] workingset_refault_anon 0 [ 186.263852][ T5687] workingset_refault_file 0 [ 186.263852][ T5687] workingset_activate_anon 0 [ 186.263852][ T5687] workingset_activate_file 0 [ 186.263852][ T5687] workingset_restore_anon 0 [ 186.263852][ T5687] workingset_restore_file 0 [ 186.263852][ T5687] workingset_nodereclaim 0 [ 186.263852][ T5687] pgscan 831 [ 186.263852][ T5687] pgsteal 2 [ 186.263852][ T5687] pgscan_kswapd 0 [ 186.263852][ T5687] pgscan_direct 831 [ 186.263852][ T5687] pgscan_khugepaged 0 [ 186.263852][ T5687] pgsteal_kswapd 0 [ 186.263852][ T5687] pgsteal_direct 2 [ 186.263852][ T5687] pgsteal_khugepaged 0 [ 186.263852][ T5687] pgfault 21 [ 186.263852][ T5687] pgmajfault 0 [ 186.263852][ T5687] pgrefill 830 [ 186.263852][ T5687] pgactivate 829 [ 186.263852][ T5687] pgdeactivate 830 [ 186.263852][ T5687] pglazyfree 0 [ 186.263852][ T5687] pglazyfreed 0 [ 186.263852][ T5687] zswpin 0 [ 186.263852][ T5687] zswpout 0 [ 186.263852][ T5687] thp_fault_alloc 0 [ 186.263852][ T5687] thp_collapse_alloc 0 [pid 5691] write(6, "0x000000000000040e", 18 [pid 5687] <... write resumed>) = 18 [pid 5687] close(3) = 0 [pid 5687] close(4) = 0 [pid 5687] close(5) = 0 [pid 5687] close(6) = 0 [pid 5687] close(7) = -1 EBADF (Bad file descriptor) [pid 5687] close(8) = -1 EBADF (Bad file descriptor) [pid 5687] close(9) = -1 EBADF (Bad file descriptor) [pid 5687] close(10) = -1 EBADF (Bad file descriptor) [pid 5687] close(11) = -1 EBADF (Bad file descriptor) [pid 5687] close(12) = -1 EBADF (Bad file descriptor) [ 186.458692][ T5687] Tasks state (memory values in pages): [ 186.464902][ T5687] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 186.474486][ T5687] Out of memory and no killable processes... [ 186.480571][ T5688] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 186.491940][ T5688] CPU: 0 PID: 5688 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5687] close(13) = -1 EBADF (Bad file descriptor) [pid 5687] close(14) = -1 EBADF (Bad file descriptor) [pid 5687] close(15) = -1 EBADF (Bad file descriptor) [pid 5687] close(16) = -1 EBADF (Bad file descriptor) [pid 5687] close(17) = -1 EBADF (Bad file descriptor) [pid 5687] close(18) = -1 EBADF (Bad file descriptor) [pid 5687] close(19) = -1 EBADF (Bad file descriptor) [pid 5687] close(20) = -1 EBADF (Bad file descriptor) [pid 5687] close(21) = -1 EBADF (Bad file descriptor) [pid 5687] close(22) = -1 EBADF (Bad file descriptor) [pid 5687] close(23) = -1 EBADF (Bad file descriptor) [pid 5687] close(24) = -1 EBADF (Bad file descriptor) [pid 5687] close(25) = -1 EBADF (Bad file descriptor) [pid 5687] close(26) = -1 EBADF (Bad file descriptor) [pid 5687] close(27) = -1 EBADF (Bad file descriptor) [pid 5687] close(28) = -1 EBADF (Bad file descriptor) [pid 5687] close(29) = -1 EBADF (Bad file descriptor) [pid 5687] exit_group(0) = ? [pid 5687] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 186.501934][ T5688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 186.512057][ T5688] Call Trace: [ 186.515388][ T5688] [ 186.518385][ T5688] dump_stack_lvl+0x136/0x150 [ 186.523146][ T5688] dump_header+0x10a/0xd70 [ 186.527637][ T5688] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 186.533809][ T5688] out_of_memory+0xd64/0x1660 [ 186.538579][ T5688] ? oom_killer_disable+0x2b0/0x2b0 [ 186.543881][ T5688] mem_cgroup_out_of_memory+0x206/0x270 [ 186.549517][ T5688] ? mem_cgroup_margin+0x130/0x130 [pid 5086] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./29/binderfs") = 0 [pid 5086] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./29/cgroup") = 0 [ 186.554738][ T5688] memory_max_write+0x2f9/0x3c0 [ 186.559675][ T5688] ? mem_cgroup_force_empty_write+0x160/0x160 [ 186.565837][ T5688] ? lock_sync+0x190/0x190 [ 186.570346][ T5688] cgroup_file_write+0x1e2/0x7b0 [ 186.575373][ T5688] ? mem_cgroup_force_empty_write+0x160/0x160 [ 186.581530][ T5688] ? kill_css+0x3b0/0x3b0 [ 186.585967][ T5688] ? lock_acquire+0x32/0xc0 [ 186.590559][ T5688] ? kill_css+0x3b0/0x3b0 [ 186.594986][ T5688] kernfs_fop_write_iter+0x3f1/0x600 [ 186.600364][ T5688] vfs_write+0x9ed/0xe10 [ 186.604695][ T5688] ? kernel_write+0x670/0x670 [pid 5086] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./29/cgroup.net") = 0 [ 186.609463][ T5688] ? find_held_lock+0x2d/0x110 [ 186.614315][ T5688] ? __fget_light+0x20a/0x270 [ 186.619076][ T5688] ksys_write+0x12b/0x250 [ 186.623487][ T5688] ? __ia32_sys_read+0xb0/0xb0 [ 186.628331][ T5688] ? lockdep_hardirqs_on+0x7d/0x100 [ 186.633590][ T5688] ? _raw_spin_unlock_irq+0x2e/0x50 [ 186.638858][ T5688] ? ptrace_notify+0xfe/0x140 [ 186.643607][ T5688] do_syscall_64+0x39/0xb0 [ 186.648099][ T5688] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 186.654064][ T5688] RIP: 0033:0x7faecf034129 [ 186.658526][ T5688] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 186.678179][ T5688] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 186.686640][ T5688] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 186.694694][ T5688] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5086] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./29/file0") = 0 [pid 5086] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 186.702746][ T5688] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 186.710802][ T5688] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 186.718836][ T5688] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000020 [ 186.726886][ T5688] [ 186.741547][ T5688] memory: usage 8kB, limit 0kB, failcnt 36 [ 186.750101][ T5688] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5086] unlink("./29/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./29") = 0 [pid 5086] mkdir("./30", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 32 ./strace-static-x86_64: Process 5692 attached [pid 5692] chdir("./30") = 0 [pid 5692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5692] setpgid(0, 0) = 0 [pid 5692] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5692] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5692] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5692] write(3, "1000", 4) = 4 [pid 5692] close(3) = 0 [ 186.765373][ T5688] Memory cgroup stats for /syz1: [ 186.765654][ T5688] anon 0 [ 186.765654][ T5688] file 0 [ 186.765654][ T5688] kernel 8192 [ 186.765654][ T5688] kernel_stack 0 [ 186.765654][ T5688] pagetables 0 [ 186.765654][ T5688] sec_pagetables 0 [ 186.765654][ T5688] percpu 0 [ 186.765654][ T5688] sock 0 [ 186.765654][ T5688] vmalloc 0 [ 186.765654][ T5688] shmem 0 [ 186.765654][ T5688] zswap 0 [ 186.765654][ T5688] zswapped 0 [ 186.765654][ T5688] file_mapped 0 [ 186.765654][ T5688] file_dirty 0 [pid 5692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5692] mkdir("./file0", 000) = 0 [pid 5692] open("./file0", O_RDONLY) = 3 [pid 5692] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5692] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5692] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5692] openat(5, "memory.max", O_RDWR) = 6 [ 186.765654][ T5688] file_writeback 0 [ 186.765654][ T5688] swapcached 0 [ 186.765654][ T5688] anon_thp 0 [ 186.765654][ T5688] file_thp 0 [ 186.765654][ T5688] shmem_thp 0 [ 186.765654][ T5688] inactive_anon 0 [ 186.765654][ T5688] active_anon 0 [ 186.765654][ T5688] inactive_file 0 [ 186.765654][ T5688] active_file 0 [ 186.765654][ T5688] unevictable 0 [ 186.765654][ T5688] slab_reclaimable 6752 [ 186.765654][ T5688] slab_unreclaimable 0 [ 186.765654][ T5688] slab 6752 [ 186.765654][ T5688] workingset_refault_anon 0 [ 186.765654][ T5688] workingset_refault_file 0 [ 186.765654][ T5688] workingset_activate_anon 0 [ 186.765654][ T5688] workingset_activate_file 0 [ 186.765654][ T5688] workingset_restore_anon 0 [ 186.765654][ T5688] workingset_restore_file 0 [ 186.765654][ T5688] workingset_nodereclaim 0 [ 186.765654][ T5688] pgscan 831 [ 186.765654][ T5688] pgsteal 2 [ 186.765654][ T5688] pgscan_kswapd 0 [ 186.765654][ T5688] pgscan_direct 831 [ 186.765654][ T5688] pgscan_khugepaged 0 [ 186.765654][ T5688] pgsteal_kswapd 0 [ 186.765654][ T5688] pgsteal_direct 2 [ 186.765654][ T5688] pgsteal_khugepaged 0 [ 186.765654][ T5688] pgfault 21 [ 186.765654][ T5688] pgmajfault 0 [ 186.765654][ T5688] pgrefill 830 [ 186.765654][ T5688] pgactivate 829 [ 186.765654][ T5688] pgdeactivate 830 [ 186.765654][ T5688] pglazyfree 0 [ 186.765654][ T5688] pglazyfreed 0 [ 186.765654][ T5688] zswpin 0 [ 186.765654][ T5688] zswpout 0 [ 186.765654][ T5688] thp_fault_alloc 0 [ 186.765654][ T5688] thp_collapse_alloc 0 [pid 5692] write(6, "0x000000000000040e", 18 [pid 5688] <... write resumed>) = 18 [pid 5688] close(3) = 0 [pid 5688] close(4) = 0 [pid 5688] close(5) = 0 [pid 5688] close(6) = 0 [pid 5688] close(7) = -1 EBADF (Bad file descriptor) [pid 5688] close(8) = -1 EBADF (Bad file descriptor) [pid 5688] close(9) = -1 EBADF (Bad file descriptor) [pid 5688] close(10) = -1 EBADF (Bad file descriptor) [pid 5688] close(11) = -1 EBADF (Bad file descriptor) [pid 5688] close(12) = -1 EBADF (Bad file descriptor) [pid 5688] close(13) = -1 EBADF (Bad file descriptor) [pid 5688] close(14) = -1 EBADF (Bad file descriptor) [pid 5688] close(15) = -1 EBADF (Bad file descriptor) [pid 5688] close(16) = -1 EBADF (Bad file descriptor) [ 186.969277][ T5688] Tasks state (memory values in pages): [ 186.975662][ T5688] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 186.987949][ T5688] Out of memory and no killable processes... [ 186.996215][ T5689] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5688] close(17) = -1 EBADF (Bad file descriptor) [pid 5688] close(18) = -1 EBADF (Bad file descriptor) [pid 5688] close(19) = -1 EBADF (Bad file descriptor) [pid 5688] close(20) = -1 EBADF (Bad file descriptor) [pid 5688] close(21) = -1 EBADF (Bad file descriptor) [pid 5688] close(22) = -1 EBADF (Bad file descriptor) [pid 5688] close(23) = -1 EBADF (Bad file descriptor) [pid 5688] close(24) = -1 EBADF (Bad file descriptor) [pid 5688] close(25) = -1 EBADF (Bad file descriptor) [pid 5688] close(26) = -1 EBADF (Bad file descriptor) [pid 5688] close(27) = -1 EBADF (Bad file descriptor) [pid 5688] close(28) = -1 EBADF (Bad file descriptor) [pid 5688] close(29) = -1 EBADF (Bad file descriptor) [pid 5688] exit_group(0) = ? [pid 5688] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./32/binderfs") = 0 [pid 5089] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./32/cgroup") = 0 [pid 5089] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./32/cgroup.net") = 0 [ 187.017474][ T5689] CPU: 1 PID: 5689 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 187.027483][ T5689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 187.037597][ T5689] Call Trace: [ 187.040926][ T5689] [ 187.043908][ T5689] dump_stack_lvl+0x136/0x150 [ 187.048642][ T5689] dump_header+0x10a/0xd70 [ 187.053126][ T5689] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 187.059296][ T5689] out_of_memory+0xd64/0x1660 [ 187.064052][ T5689] ? oom_killer_disable+0x2b0/0x2b0 [ 187.069320][ T5689] mem_cgroup_out_of_memory+0x206/0x270 [ 187.074921][ T5689] ? mem_cgroup_margin+0x130/0x130 [ 187.080135][ T5689] memory_max_write+0x2f9/0x3c0 [ 187.085063][ T5689] ? mem_cgroup_force_empty_write+0x160/0x160 [ 187.091204][ T5689] ? lock_sync+0x190/0x190 [ 187.095709][ T5689] cgroup_file_write+0x1e2/0x7b0 [ 187.100718][ T5689] ? mem_cgroup_force_empty_write+0x160/0x160 [ 187.106853][ T5689] ? kill_css+0x3b0/0x3b0 [ 187.111245][ T5689] ? lock_acquire+0x32/0xc0 [ 187.115830][ T5689] ? kill_css+0x3b0/0x3b0 [ 187.120246][ T5689] kernfs_fop_write_iter+0x3f1/0x600 [ 187.125609][ T5689] vfs_write+0x9ed/0xe10 [ 187.129923][ T5689] ? kernel_write+0x670/0x670 [ 187.134664][ T5689] ? find_held_lock+0x2d/0x110 [ 187.139477][ T5689] ? __fget_light+0x20a/0x270 [ 187.144231][ T5689] ksys_write+0x12b/0x250 [ 187.148708][ T5689] ? __ia32_sys_read+0xb0/0xb0 [ 187.153537][ T5689] ? lockdep_hardirqs_on+0x7d/0x100 [ 187.158768][ T5689] ? _raw_spin_unlock_irq+0x2e/0x50 [ 187.163999][ T5689] ? ptrace_notify+0xfe/0x140 [ 187.168739][ T5689] do_syscall_64+0x39/0xb0 [ 187.173235][ T5689] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 187.179200][ T5689] RIP: 0033:0x7faecf034129 [ 187.183667][ T5689] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 187.203334][ T5689] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 187.211799][ T5689] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5089] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./32/file0") = 0 [pid 5089] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 187.219794][ T5689] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 187.227800][ T5689] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 187.235822][ T5689] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 187.243844][ T5689] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001f [ 187.251898][ T5689] [pid 5089] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./32/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./32") = 0 [pid 5089] mkdir("./33", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5693 attached [pid 5693] chdir("./33" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 35 [pid 5693] <... chdir resumed>) = 0 [pid 5693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5693] setpgid(0, 0) = 0 [pid 5693] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5693] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5693] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5693] write(3, "1000", 4) = 4 [pid 5693] close(3) = 0 [pid 5693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5693] mkdir("./file0", 000) = 0 [ 187.281626][ T5689] memory: usage 8kB, limit 0kB, failcnt 36 [ 187.287515][ T5689] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 187.301642][ T5689] Memory cgroup stats for /syz1: [ 187.301929][ T5689] anon 0 [ 187.301929][ T5689] file 0 [ 187.301929][ T5689] kernel 8192 [ 187.301929][ T5689] kernel_stack 0 [ 187.301929][ T5689] pagetables 0 [ 187.301929][ T5689] sec_pagetables 0 [ 187.301929][ T5689] percpu 0 [ 187.301929][ T5689] sock 0 [pid 5693] open("./file0", O_RDONLY) = 3 [pid 5693] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5693] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5693] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5693] openat(5, "memory.max", O_RDWR) = 6 [ 187.301929][ T5689] vmalloc 0 [ 187.301929][ T5689] shmem 0 [ 187.301929][ T5689] zswap 0 [ 187.301929][ T5689] zswapped 0 [ 187.301929][ T5689] file_mapped 0 [ 187.301929][ T5689] file_dirty 0 [ 187.301929][ T5689] file_writeback 0 [ 187.301929][ T5689] swapcached 0 [ 187.301929][ T5689] anon_thp 0 [ 187.301929][ T5689] file_thp 0 [ 187.301929][ T5689] shmem_thp 0 [ 187.301929][ T5689] inactive_anon 0 [ 187.301929][ T5689] active_anon 0 [ 187.301929][ T5689] inactive_file 0 [ 187.301929][ T5689] active_file 0 [ 187.301929][ T5689] unevictable 0 [ 187.301929][ T5689] slab_reclaimable 6752 [ 187.301929][ T5689] slab_unreclaimable 0 [ 187.301929][ T5689] slab 6752 [ 187.301929][ T5689] workingset_refault_anon 0 [ 187.301929][ T5689] workingset_refault_file 0 [ 187.301929][ T5689] workingset_activate_anon 0 [ 187.301929][ T5689] workingset_activate_file 0 [ 187.301929][ T5689] workingset_restore_anon 0 [ 187.301929][ T5689] workingset_restore_file 0 [ 187.301929][ T5689] workingset_nodereclaim 0 [ 187.301929][ T5689] pgscan 831 [ 187.301929][ T5689] pgsteal 2 [ 187.301929][ T5689] pgscan_kswapd 0 [ 187.301929][ T5689] pgscan_direct 831 [ 187.301929][ T5689] pgscan_khugepaged 0 [ 187.301929][ T5689] pgsteal_kswapd 0 [ 187.301929][ T5689] pgsteal_direct 2 [ 187.301929][ T5689] pgsteal_khugepaged 0 [ 187.301929][ T5689] pgfault 21 [ 187.301929][ T5689] pgmajfault 0 [ 187.301929][ T5689] pgrefill 830 [ 187.301929][ T5689] pgactivate 829 [ 187.301929][ T5689] pgdeactivate 830 [ 187.301929][ T5689] pglazyfree 0 [ 187.301929][ T5689] pglazyfreed 0 [ 187.301929][ T5689] zswpin 0 [ 187.301929][ T5689] zswpout 0 [pid 5693] write(6, "0x000000000000040e", 18 [pid 5689] <... write resumed>) = 18 [pid 5689] close(3) = 0 [pid 5689] close(4) = 0 [pid 5689] close(5) = 0 [pid 5689] close(6) = 0 [ 187.301929][ T5689] thp_fault_alloc 0 [ 187.301929][ T5689] thp_collapse_alloc 0 [ 187.490281][ T5689] Tasks state (memory values in pages): [ 187.497769][ T5689] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 187.510316][ T5689] Out of memory and no killable processes... [ 187.518715][ T5690] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5689] close(7) = -1 EBADF (Bad file descriptor) [pid 5689] close(8) = -1 EBADF (Bad file descriptor) [pid 5689] close(9) = -1 EBADF (Bad file descriptor) [pid 5689] close(10) = -1 EBADF (Bad file descriptor) [pid 5689] close(11) = -1 EBADF (Bad file descriptor) [pid 5689] close(12) = -1 EBADF (Bad file descriptor) [pid 5689] close(13) = -1 EBADF (Bad file descriptor) [pid 5689] close(14) = -1 EBADF (Bad file descriptor) [pid 5689] close(15) = -1 EBADF (Bad file descriptor) [pid 5689] close(16) = -1 EBADF (Bad file descriptor) [pid 5689] close(17) = -1 EBADF (Bad file descriptor) [pid 5689] close(18) = -1 EBADF (Bad file descriptor) [pid 5689] close(19) = -1 EBADF (Bad file descriptor) [pid 5689] close(20) = -1 EBADF (Bad file descriptor) [pid 5689] close(21) = -1 EBADF (Bad file descriptor) [pid 5689] close(22) = -1 EBADF (Bad file descriptor) [pid 5689] close(23) = -1 EBADF (Bad file descriptor) [pid 5689] close(24) = -1 EBADF (Bad file descriptor) [pid 5689] close(25) = -1 EBADF (Bad file descriptor) [pid 5689] close(26) = -1 EBADF (Bad file descriptor) [pid 5689] close(27) = -1 EBADF (Bad file descriptor) [pid 5689] close(28) = -1 EBADF (Bad file descriptor) [pid 5689] close(29) = -1 EBADF (Bad file descriptor) [pid 5689] exit_group(0) = ? [pid 5689] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 187.536740][ T5690] CPU: 1 PID: 5690 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 187.546740][ T5690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 187.556866][ T5690] Call Trace: [ 187.560198][ T5690] [ 187.563176][ T5690] dump_stack_lvl+0x136/0x150 [ 187.567930][ T5690] dump_header+0x10a/0xd70 [ 187.572413][ T5690] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 187.578572][ T5690] out_of_memory+0xd64/0x1660 [pid 5087] unlink("./31/binderfs") = 0 [pid 5087] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./31/cgroup") = 0 [pid 5087] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./31/cgroup.net") = 0 [ 187.583346][ T5690] ? oom_killer_disable+0x2b0/0x2b0 [ 187.588623][ T5690] ? find_held_lock+0x2d/0x110 [ 187.593461][ T5690] mem_cgroup_out_of_memory+0x206/0x270 [ 187.599087][ T5690] ? mem_cgroup_margin+0x130/0x130 [ 187.604291][ T5690] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 187.610189][ T5690] memory_max_write+0x2f9/0x3c0 [ 187.615138][ T5690] ? mem_cgroup_force_empty_write+0x160/0x160 [ 187.621269][ T5690] ? lock_sync+0x190/0x190 [ 187.625751][ T5690] cgroup_file_write+0x1e2/0x7b0 [ 187.630759][ T5690] ? mem_cgroup_force_empty_write+0x160/0x160 [ 187.636895][ T5690] ? kill_css+0x3b0/0x3b0 [ 187.641272][ T5690] ? lock_acquire+0x32/0xc0 [ 187.645854][ T5690] ? kill_css+0x3b0/0x3b0 [ 187.650348][ T5690] kernfs_fop_write_iter+0x3f1/0x600 [ 187.655699][ T5690] vfs_write+0x9ed/0xe10 [ 187.660005][ T5690] ? kernel_write+0x670/0x670 [ 187.664764][ T5690] ? find_held_lock+0x2d/0x110 [ 187.669583][ T5690] ? __fget_light+0x20a/0x270 [ 187.674331][ T5690] ksys_write+0x12b/0x250 [ 187.678727][ T5690] ? __ia32_sys_read+0xb0/0xb0 [ 187.683570][ T5690] ? lockdep_hardirqs_on+0x7d/0x100 [ 187.688821][ T5690] ? _raw_spin_unlock_irq+0x2e/0x50 [ 187.694062][ T5690] ? ptrace_notify+0xfe/0x140 [ 187.698806][ T5690] do_syscall_64+0x39/0xb0 [ 187.703302][ T5690] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 187.709265][ T5690] RIP: 0033:0x7faecf034129 [ 187.713723][ T5690] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5087] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [ 187.733358][ T5690] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 187.741811][ T5690] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 187.749832][ T5690] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 187.757857][ T5690] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 187.765878][ T5690] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 187.773898][ T5690] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001d [ 187.781952][ T5690] [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./31/file0") = 0 [pid 5087] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./31/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./31") = 0 [pid 5087] mkdir("./32", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5694 attached [pid 5694] chdir("./32" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 34 [pid 5694] <... chdir resumed>) = 0 [pid 5694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5694] setpgid(0, 0) = 0 [pid 5694] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5694] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5694] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [ 187.806574][ T5690] memory: usage 8kB, limit 0kB, failcnt 36 [ 187.822010][ T5690] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 187.829314][ T5690] Memory cgroup stats for /syz1: [ 187.829592][ T5690] anon 0 [ 187.829592][ T5690] file 0 [ 187.829592][ T5690] kernel 8192 [ 187.829592][ T5690] kernel_stack 0 [ 187.829592][ T5690] pagetables 0 [ 187.829592][ T5690] sec_pagetables 0 [ 187.829592][ T5690] percpu 0 [pid 5694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5694] write(3, "1000", 4) = 4 [pid 5694] close(3) = 0 [pid 5694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5694] mkdir("./file0", 000) = 0 [pid 5694] open("./file0", O_RDONLY) = 3 [pid 5694] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5694] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5694] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5694] openat(5, "memory.max", O_RDWR) = 6 [ 187.829592][ T5690] sock 0 [ 187.829592][ T5690] vmalloc 0 [ 187.829592][ T5690] shmem 0 [ 187.829592][ T5690] zswap 0 [ 187.829592][ T5690] zswapped 0 [ 187.829592][ T5690] file_mapped 0 [ 187.829592][ T5690] file_dirty 0 [ 187.829592][ T5690] file_writeback 0 [ 187.829592][ T5690] swapcached 0 [ 187.829592][ T5690] anon_thp 0 [ 187.829592][ T5690] file_thp 0 [ 187.829592][ T5690] shmem_thp 0 [ 187.829592][ T5690] inactive_anon 0 [ 187.829592][ T5690] active_anon 0 [ 187.829592][ T5690] inactive_file 0 [ 187.829592][ T5690] active_file 0 [ 187.829592][ T5690] unevictable 0 [ 187.829592][ T5690] slab_reclaimable 6752 [ 187.829592][ T5690] slab_unreclaimable 0 [ 187.829592][ T5690] slab 6752 [ 187.829592][ T5690] workingset_refault_anon 0 [ 187.829592][ T5690] workingset_refault_file 0 [ 187.829592][ T5690] workingset_activate_anon 0 [ 187.829592][ T5690] workingset_activate_file 0 [ 187.829592][ T5690] workingset_restore_anon 0 [ 187.829592][ T5690] workingset_restore_file 0 [ 187.829592][ T5690] workingset_nodereclaim 0 [ 187.829592][ T5690] pgscan 831 [ 187.829592][ T5690] pgsteal 2 [ 187.829592][ T5690] pgscan_kswapd 0 [ 187.829592][ T5690] pgscan_direct 831 [ 187.829592][ T5690] pgscan_khugepaged 0 [ 187.829592][ T5690] pgsteal_kswapd 0 [ 187.829592][ T5690] pgsteal_direct 2 [ 187.829592][ T5690] pgsteal_khugepaged 0 [ 187.829592][ T5690] pgfault 21 [ 187.829592][ T5690] pgmajfault 0 [ 187.829592][ T5690] pgrefill 830 [ 187.829592][ T5690] pgactivate 829 [ 187.829592][ T5690] pgdeactivate 830 [ 187.829592][ T5690] pglazyfree 0 [ 187.829592][ T5690] pglazyfreed 0 [ 187.829592][ T5690] zswpin 0 [ 187.829592][ T5690] zswpout 0 [ 187.829592][ T5690] thp_fault_alloc 0 [ 187.829592][ T5690] thp_collapse_alloc 0 [ 188.039375][ T5690] Tasks state (memory values in pages): [ 188.045369][ T5690] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5694] write(6, "0x000000000000040e", 18 [pid 5690] <... write resumed>) = 18 [pid 5690] close(3) = 0 [pid 5690] close(4) = 0 [pid 5690] close(5) = 0 [pid 5690] close(6) = 0 [pid 5690] close(7) = -1 EBADF (Bad file descriptor) [pid 5690] close(8) = -1 EBADF (Bad file descriptor) [pid 5690] close(9) = -1 EBADF (Bad file descriptor) [pid 5690] close(10) = -1 EBADF (Bad file descriptor) [pid 5690] close(11) = -1 EBADF (Bad file descriptor) [pid 5690] close(12) = -1 EBADF (Bad file descriptor) [pid 5690] close(13) = -1 EBADF (Bad file descriptor) [pid 5690] close(14) = -1 EBADF (Bad file descriptor) [pid 5690] close(15) = -1 EBADF (Bad file descriptor) [pid 5690] close(16) = -1 EBADF (Bad file descriptor) [pid 5690] close(17) = -1 EBADF (Bad file descriptor) [pid 5690] close(18) = -1 EBADF (Bad file descriptor) [pid 5690] close(19) = -1 EBADF (Bad file descriptor) [pid 5690] close(20) = -1 EBADF (Bad file descriptor) [pid 5690] close(21) = -1 EBADF (Bad file descriptor) [pid 5690] close(22) = -1 EBADF (Bad file descriptor) [pid 5690] close(23) = -1 EBADF (Bad file descriptor) [pid 5690] close(24) = -1 EBADF (Bad file descriptor) [pid 5690] close(25) = -1 EBADF (Bad file descriptor) [ 188.055087][ T5690] Out of memory and no killable processes... [ 188.061167][ T5691] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 188.072606][ T5691] CPU: 1 PID: 5691 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 188.082593][ T5691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 188.092714][ T5691] Call Trace: [ 188.096048][ T5691] [ 188.099035][ T5691] dump_stack_lvl+0x136/0x150 [pid 5690] close(26) = -1 EBADF (Bad file descriptor) [pid 5690] close(27) = -1 EBADF (Bad file descriptor) [pid 5690] close(28) = -1 EBADF (Bad file descriptor) [pid 5690] close(29) = -1 EBADF (Bad file descriptor) [pid 5690] exit_group(0) = ? [pid 5690] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./29/binderfs") = 0 [pid 5085] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./29/cgroup") = 0 [pid 5085] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./29/cgroup.net") = 0 [ 188.103796][ T5691] dump_header+0x10a/0xd70 [ 188.108381][ T5691] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 188.114554][ T5691] out_of_memory+0xd64/0x1660 [ 188.119331][ T5691] ? oom_killer_disable+0x2b0/0x2b0 [ 188.124632][ T5691] mem_cgroup_out_of_memory+0x206/0x270 [ 188.130254][ T5691] ? mem_cgroup_margin+0x130/0x130 [ 188.135472][ T5691] memory_max_write+0x2f9/0x3c0 [ 188.140418][ T5691] ? mem_cgroup_force_empty_write+0x160/0x160 [ 188.146568][ T5691] ? lock_sync+0x190/0x190 [ 188.151041][ T5691] cgroup_file_write+0x1e2/0x7b0 [ 188.156061][ T5691] ? mem_cgroup_force_empty_write+0x160/0x160 [ 188.162215][ T5691] ? kill_css+0x3b0/0x3b0 [ 188.166625][ T5691] ? lock_acquire+0x32/0xc0 [ 188.171210][ T5691] ? kill_css+0x3b0/0x3b0 [ 188.175591][ T5691] kernfs_fop_write_iter+0x3f1/0x600 [ 188.180935][ T5691] vfs_write+0x9ed/0xe10 [ 188.185234][ T5691] ? kernel_write+0x670/0x670 [ 188.189966][ T5691] ? find_held_lock+0x2d/0x110 [ 188.194776][ T5691] ? __fget_light+0x20a/0x270 [ 188.199511][ T5691] ksys_write+0x12b/0x250 [ 188.203890][ T5691] ? __ia32_sys_read+0xb0/0xb0 [ 188.208707][ T5691] ? lockdep_hardirqs_on+0x7d/0x100 [ 188.213948][ T5691] ? _raw_spin_unlock_irq+0x2e/0x50 [ 188.219197][ T5691] ? ptrace_notify+0xfe/0x140 [ 188.223920][ T5691] do_syscall_64+0x39/0xb0 [ 188.228408][ T5691] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 188.234346][ T5691] RIP: 0033:0x7faecf034129 [ 188.238789][ T5691] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 188.258435][ T5691] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 188.266900][ T5691] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 188.274920][ T5691] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 188.282931][ T5691] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 188.290925][ T5691] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 188.298918][ T5691] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000021 [pid 5085] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./29/file0") = 0 [ 188.306939][ T5691] [pid 5085] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./29/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./29") = 0 [pid 5085] mkdir("./30", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5695 attached [pid 5695] chdir("./30" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 32 [pid 5695] <... chdir resumed>) = 0 [pid 5695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5695] setpgid(0, 0) = 0 [pid 5695] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5695] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5695] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5695] write(3, "1000", 4) = 4 [pid 5695] close(3) = 0 [pid 5695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5695] mkdir("./file0", 000) = 0 [pid 5695] open("./file0", O_RDONLY) = 3 [pid 5695] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5695] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5695] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5695] openat(5, "memory.max", O_RDWR) = 6 [ 188.329941][ T5691] memory: usage 8kB, limit 0kB, failcnt 36 [ 188.343655][ T5691] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 188.350790][ T5691] Memory cgroup stats for /syz1: [ 188.351085][ T5691] anon 0 [ 188.351085][ T5691] file 0 [ 188.351085][ T5691] kernel 8192 [ 188.351085][ T5691] kernel_stack 0 [ 188.351085][ T5691] pagetables 0 [ 188.351085][ T5691] sec_pagetables 0 [ 188.351085][ T5691] percpu 0 [ 188.351085][ T5691] sock 0 [ 188.351085][ T5691] vmalloc 0 [ 188.351085][ T5691] shmem 0 [ 188.351085][ T5691] zswap 0 [ 188.351085][ T5691] zswapped 0 [ 188.351085][ T5691] file_mapped 0 [ 188.351085][ T5691] file_dirty 0 [ 188.351085][ T5691] file_writeback 0 [ 188.351085][ T5691] swapcached 0 [ 188.351085][ T5691] anon_thp 0 [ 188.351085][ T5691] file_thp 0 [ 188.351085][ T5691] shmem_thp 0 [ 188.351085][ T5691] inactive_anon 0 [ 188.351085][ T5691] active_anon 0 [ 188.351085][ T5691] inactive_file 0 [ 188.351085][ T5691] active_file 0 [ 188.351085][ T5691] unevictable 0 [ 188.351085][ T5691] slab_reclaimable 6752 [ 188.351085][ T5691] slab_unreclaimable 0 [ 188.351085][ T5691] slab 6752 [ 188.351085][ T5691] workingset_refault_anon 0 [ 188.351085][ T5691] workingset_refault_file 0 [ 188.351085][ T5691] workingset_activate_anon 0 [ 188.351085][ T5691] workingset_activate_file 0 [ 188.351085][ T5691] workingset_restore_anon 0 [ 188.351085][ T5691] workingset_restore_file 0 [ 188.351085][ T5691] workingset_nodereclaim 0 [ 188.351085][ T5691] pgscan 831 [ 188.351085][ T5691] pgsteal 2 [ 188.351085][ T5691] pgscan_kswapd 0 [ 188.351085][ T5691] pgscan_direct 831 [ 188.351085][ T5691] pgscan_khugepaged 0 [ 188.351085][ T5691] pgsteal_kswapd 0 [ 188.351085][ T5691] pgsteal_direct 2 [ 188.351085][ T5691] pgsteal_khugepaged 0 [ 188.351085][ T5691] pgfault 21 [ 188.351085][ T5691] pgmajfault 0 [ 188.351085][ T5691] pgrefill 830 [ 188.351085][ T5691] pgactivate 829 [ 188.351085][ T5691] pgdeactivate 830 [ 188.351085][ T5691] pglazyfree 0 [ 188.351085][ T5691] pglazyfreed 0 [ 188.351085][ T5691] zswpin 0 [ 188.351085][ T5691] zswpout 0 [pid 5695] write(6, "0x000000000000040e", 18 [pid 5691] <... write resumed>) = 18 [ 188.351085][ T5691] thp_fault_alloc 0 [ 188.351085][ T5691] thp_collapse_alloc 0 [ 188.543859][ T5691] Tasks state (memory values in pages): [ 188.549607][ T5691] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 188.559573][ T5691] Out of memory and no killable processes... [ 188.565891][ T5692] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5691] close(3) = 0 [pid 5691] close(4) = 0 [pid 5691] close(5) = 0 [pid 5691] close(6) = 0 [pid 5691] close(7) = -1 EBADF (Bad file descriptor) [pid 5691] close(8) = -1 EBADF (Bad file descriptor) [pid 5691] close(9) = -1 EBADF (Bad file descriptor) [pid 5691] close(10) = -1 EBADF (Bad file descriptor) [pid 5691] close(11) = -1 EBADF (Bad file descriptor) [pid 5691] close(12) = -1 EBADF (Bad file descriptor) [pid 5691] close(13) = -1 EBADF (Bad file descriptor) [pid 5691] close(14) = -1 EBADF (Bad file descriptor) [pid 5691] close(15) = -1 EBADF (Bad file descriptor) [pid 5691] close(16) = -1 EBADF (Bad file descriptor) [pid 5691] close(17) = -1 EBADF (Bad file descriptor) [pid 5691] close(18) = -1 EBADF (Bad file descriptor) [pid 5691] close(19) = -1 EBADF (Bad file descriptor) [pid 5691] close(20) = -1 EBADF (Bad file descriptor) [pid 5691] close(21) = -1 EBADF (Bad file descriptor) [pid 5691] close(22) = -1 EBADF (Bad file descriptor) [pid 5691] close(23) = -1 EBADF (Bad file descriptor) [pid 5691] close(24) = -1 EBADF (Bad file descriptor) [pid 5691] close(25) = -1 EBADF (Bad file descriptor) [pid 5691] close(26) = -1 EBADF (Bad file descriptor) [pid 5691] close(27) = -1 EBADF (Bad file descriptor) [ 188.576505][ T5692] CPU: 1 PID: 5692 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 188.586470][ T5692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 188.596586][ T5692] Call Trace: [ 188.599919][ T5692] [ 188.602903][ T5692] dump_stack_lvl+0x136/0x150 [ 188.607660][ T5692] dump_header+0x10a/0xd70 [ 188.612144][ T5692] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 188.618338][ T5692] out_of_memory+0xd64/0x1660 [ 188.623123][ T5692] ? oom_killer_disable+0x2b0/0x2b0 [pid 5691] close(28) = -1 EBADF (Bad file descriptor) [pid 5691] close(29) = -1 EBADF (Bad file descriptor) [pid 5691] exit_group(0) = ? [pid 5691] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5090] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./33/binderfs") = 0 [pid 5090] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./33/cgroup") = 0 [pid 5090] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./33/cgroup.net") = 0 [ 188.628415][ T5692] ? find_held_lock+0x2d/0x110 [ 188.633256][ T5692] mem_cgroup_out_of_memory+0x206/0x270 [ 188.638962][ T5692] ? mem_cgroup_margin+0x130/0x130 [ 188.644159][ T5692] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 188.650078][ T5692] memory_max_write+0x2f9/0x3c0 [ 188.655019][ T5692] ? mem_cgroup_force_empty_write+0x160/0x160 [ 188.661184][ T5692] ? lock_sync+0x190/0x190 [ 188.665685][ T5692] cgroup_file_write+0x1e2/0x7b0 [ 188.670709][ T5692] ? mem_cgroup_force_empty_write+0x160/0x160 [ 188.676865][ T5692] ? kill_css+0x3b0/0x3b0 [ 188.681291][ T5692] ? lock_acquire+0x32/0xc0 [ 188.685880][ T5692] ? kill_css+0x3b0/0x3b0 [ 188.690299][ T5692] kernfs_fop_write_iter+0x3f1/0x600 [ 188.695666][ T5692] vfs_write+0x9ed/0xe10 [ 188.699998][ T5692] ? kernel_write+0x670/0x670 [ 188.704768][ T5692] ? find_held_lock+0x2d/0x110 [ 188.709615][ T5692] ? __fget_light+0x20a/0x270 [ 188.714384][ T5692] ksys_write+0x12b/0x250 [ 188.718782][ T5692] ? __ia32_sys_read+0xb0/0xb0 [ 188.723596][ T5692] ? lockdep_hardirqs_on+0x7d/0x100 [ 188.728850][ T5692] ? _raw_spin_unlock_irq+0x2e/0x50 [ 188.734098][ T5692] ? ptrace_notify+0xfe/0x140 [ 188.738843][ T5692] do_syscall_64+0x39/0xb0 [ 188.743338][ T5692] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 188.749313][ T5692] RIP: 0033:0x7faecf034129 [ 188.753770][ T5692] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 188.773420][ T5692] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 188.781877][ T5692] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 188.789897][ T5692] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 188.797924][ T5692] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 188.805951][ T5692] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 188.813977][ T5692] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001e [ 188.822130][ T5692] [pid 5090] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./33/file0") = 0 [pid 5090] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./33/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./33") = 0 [pid 5090] mkdir("./34", 0777) = 0 [ 188.830110][ T5692] memory: usage 8kB, limit 0kB, failcnt 36 [ 188.836347][ T5692] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 188.844069][ T5692] Memory cgroup stats for /syz1: [ 188.844353][ T5692] anon 0 [ 188.844353][ T5692] file 0 [ 188.844353][ T5692] kernel 8192 [ 188.844353][ T5692] kernel_stack 0 [ 188.844353][ T5692] pagetables 0 [ 188.844353][ T5692] sec_pagetables 0 [ 188.844353][ T5692] percpu 0 [ 188.844353][ T5692] sock 0 [ 188.844353][ T5692] vmalloc 0 [ 188.844353][ T5692] shmem 0 [ 188.844353][ T5692] zswap 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 36 ./strace-static-x86_64: Process 5696 attached [pid 5696] chdir("./34") = 0 [pid 5696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5696] setpgid(0, 0) = 0 [pid 5696] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5696] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5696] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5696] write(3, "1000", 4) = 4 [pid 5696] close(3) = 0 [pid 5696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5696] mkdir("./file0", 000) = 0 [pid 5696] open("./file0", O_RDONLY) = 3 [pid 5696] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 188.844353][ T5692] zswapped 0 [ 188.844353][ T5692] file_mapped 0 [ 188.844353][ T5692] file_dirty 0 [ 188.844353][ T5692] file_writeback 0 [ 188.844353][ T5692] swapcached 0 [ 188.844353][ T5692] anon_thp 0 [ 188.844353][ T5692] file_thp 0 [ 188.844353][ T5692] shmem_thp 0 [ 188.844353][ T5692] inactive_anon 0 [ 188.844353][ T5692] active_anon 0 [ 188.844353][ T5692] inactive_file 0 [ 188.844353][ T5692] active_file 0 [ 188.844353][ T5692] unevictable 0 [ 188.844353][ T5692] slab_reclaimable 6752 [ 188.844353][ T5692] slab_unreclaimable 0 [pid 5696] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5696] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5696] openat(5, "memory.max", O_RDWR) = 6 [ 188.844353][ T5692] slab 6752 [ 188.844353][ T5692] workingset_refault_anon 0 [ 188.844353][ T5692] workingset_refault_file 0 [ 188.844353][ T5692] workingset_activate_anon 0 [ 188.844353][ T5692] workingset_activate_file 0 [ 188.844353][ T5692] workingset_restore_anon 0 [ 188.844353][ T5692] workingset_restore_file 0 [ 188.844353][ T5692] workingset_nodereclaim 0 [ 188.844353][ T5692] pgscan 831 [ 188.844353][ T5692] pgsteal 2 [ 188.844353][ T5692] pgscan_kswapd 0 [ 188.844353][ T5692] pgscan_direct 831 [ 188.844353][ T5692] pgscan_khugepaged 0 [ 188.844353][ T5692] pgsteal_kswapd 0 [ 188.844353][ T5692] pgsteal_direct 2 [ 188.844353][ T5692] pgsteal_khugepaged 0 [ 188.844353][ T5692] pgfault 21 [ 188.844353][ T5692] pgmajfault 0 [ 188.844353][ T5692] pgrefill 830 [ 188.844353][ T5692] pgactivate 829 [ 188.844353][ T5692] pgdeactivate 830 [ 188.844353][ T5692] pglazyfree 0 [ 188.844353][ T5692] pglazyfreed 0 [ 188.844353][ T5692] zswpin 0 [ 188.844353][ T5692] zswpout 0 [ 188.844353][ T5692] thp_fault_alloc 0 [ 188.844353][ T5692] thp_collapse_alloc 0 [pid 5696] write(6, "0x000000000000040e", 18 [pid 5692] <... write resumed>) = 18 [pid 5692] close(3) = 0 [pid 5692] close(4) = 0 [pid 5692] close(5) = 0 [pid 5692] close(6) = 0 [pid 5692] close(7) = -1 EBADF (Bad file descriptor) [pid 5692] close(8) = -1 EBADF (Bad file descriptor) [pid 5692] close(9) = -1 EBADF (Bad file descriptor) [pid 5692] close(10) = -1 EBADF (Bad file descriptor) [pid 5692] close(11) = -1 EBADF (Bad file descriptor) [pid 5692] close(12) = -1 EBADF (Bad file descriptor) [pid 5692] close(13) = -1 EBADF (Bad file descriptor) [pid 5692] close(14) = -1 EBADF (Bad file descriptor) [pid 5692] close(15) = -1 EBADF (Bad file descriptor) [pid 5692] close(16) = -1 EBADF (Bad file descriptor) [pid 5692] close(17) = -1 EBADF (Bad file descriptor) [pid 5692] close(18) = -1 EBADF (Bad file descriptor) [pid 5692] close(19) = -1 EBADF (Bad file descriptor) [pid 5692] close(20) = -1 EBADF (Bad file descriptor) [pid 5692] close(21) = -1 EBADF (Bad file descriptor) [pid 5692] close(22) = -1 EBADF (Bad file descriptor) [pid 5692] close(23) = -1 EBADF (Bad file descriptor) [pid 5692] close(24) = -1 EBADF (Bad file descriptor) [pid 5692] close(25) = -1 EBADF (Bad file descriptor) [pid 5692] close(26) = -1 EBADF (Bad file descriptor) [pid 5692] close(27) = -1 EBADF (Bad file descriptor) [pid 5692] close(28) = -1 EBADF (Bad file descriptor) [pid 5692] close(29) = -1 EBADF (Bad file descriptor) [pid 5692] exit_group(0) = ? [pid 5692] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 189.037379][ T5692] Tasks state (memory values in pages): [ 189.044401][ T5692] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 189.055525][ T5692] Out of memory and no killable processes... [ 189.062735][ T5693] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 189.075463][ T5693] CPU: 0 PID: 5693 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5086] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./30/binderfs") = 0 [pid 5086] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 189.085429][ T5693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 189.095534][ T5693] Call Trace: [ 189.098831][ T5693] [ 189.101782][ T5693] dump_stack_lvl+0x136/0x150 [ 189.106494][ T5693] dump_header+0x10a/0xd70 [ 189.110943][ T5693] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 189.117064][ T5693] out_of_memory+0xd64/0x1660 [ 189.121786][ T5693] ? oom_killer_disable+0x2b0/0x2b0 [ 189.127027][ T5693] mem_cgroup_out_of_memory+0x206/0x270 [ 189.133856][ T5693] ? mem_cgroup_margin+0x130/0x130 [ 189.139138][ T5693] memory_max_write+0x2f9/0x3c0 [ 189.144054][ T5693] ? mem_cgroup_force_empty_write+0x160/0x160 [ 189.150185][ T5693] ? lock_sync+0x190/0x190 [ 189.154643][ T5693] cgroup_file_write+0x1e2/0x7b0 [ 189.159628][ T5693] ? mem_cgroup_force_empty_write+0x160/0x160 [ 189.165741][ T5693] ? kill_css+0x3b0/0x3b0 [ 189.170123][ T5693] ? lock_acquire+0x32/0xc0 [ 189.174688][ T5693] ? kill_css+0x3b0/0x3b0 [ 189.179086][ T5693] kernfs_fop_write_iter+0x3f1/0x600 [ 189.184420][ T5693] vfs_write+0x9ed/0xe10 [ 189.188711][ T5693] ? kernel_write+0x670/0x670 [ 189.193440][ T5693] ? find_held_lock+0x2d/0x110 [ 189.198243][ T5693] ? __fget_light+0x20a/0x270 [ 189.202974][ T5693] ksys_write+0x12b/0x250 [ 189.207351][ T5693] ? __ia32_sys_read+0xb0/0xb0 [ 189.212161][ T5693] ? lockdep_hardirqs_on+0x7d/0x100 [ 189.217429][ T5693] ? _raw_spin_unlock_irq+0x2e/0x50 [ 189.222669][ T5693] ? ptrace_notify+0xfe/0x140 [ 189.227391][ T5693] do_syscall_64+0x39/0xb0 [ 189.231867][ T5693] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 189.237798][ T5693] RIP: 0033:0x7faecf034129 [ 189.242242][ T5693] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 189.261906][ T5693] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 189.270353][ T5693] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 189.278365][ T5693] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5086] unlink("./30/cgroup") = 0 [ 189.286359][ T5693] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 189.294364][ T5693] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 189.302360][ T5693] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000021 [ 189.310379][ T5693] [ 189.318195][ T5693] memory: usage 8kB, limit 0kB, failcnt 36 [ 189.324192][ T5693] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 189.332047][ T5693] Memory cgroup stats for /syz1: [pid 5086] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 189.332540][ T5693] anon 0 [ 189.332540][ T5693] file 0 [ 189.332540][ T5693] kernel 8192 [ 189.332540][ T5693] kernel_stack 0 [ 189.332540][ T5693] pagetables 0 [ 189.332540][ T5693] sec_pagetables 0 [ 189.332540][ T5693] percpu 0 [ 189.332540][ T5693] sock 0 [ 189.332540][ T5693] vmalloc 0 [ 189.332540][ T5693] shmem 0 [ 189.332540][ T5693] zswap 0 [ 189.332540][ T5693] zswapped 0 [ 189.332540][ T5693] file_mapped 0 [ 189.332540][ T5693] file_dirty 0 [ 189.332540][ T5693] file_writeback 0 [ 189.332540][ T5693] swapcached 0 [pid 5086] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./30/cgroup.net") = 0 [ 189.332540][ T5693] anon_thp 0 [ 189.332540][ T5693] file_thp 0 [ 189.332540][ T5693] shmem_thp 0 [ 189.332540][ T5693] inactive_anon 0 [ 189.332540][ T5693] active_anon 0 [ 189.332540][ T5693] inactive_file 0 [ 189.332540][ T5693] active_file 0 [ 189.332540][ T5693] unevictable 0 [ 189.332540][ T5693] slab_reclaimable 6752 [ 189.332540][ T5693] slab_unreclaimable 0 [ 189.332540][ T5693] slab 6752 [ 189.332540][ T5693] workingset_refault_anon 0 [ 189.332540][ T5693] workingset_refault_file 0 [ 189.332540][ T5693] workingset_activate_anon 0 [ 189.332540][ T5693] workingset_activate_file 0 [ 189.332540][ T5693] workingset_restore_anon 0 [ 189.332540][ T5693] workingset_restore_file 0 [ 189.332540][ T5693] workingset_nodereclaim 0 [ 189.332540][ T5693] pgscan 831 [ 189.332540][ T5693] pgsteal 2 [ 189.332540][ T5693] pgscan_kswapd 0 [ 189.332540][ T5693] pgscan_direct 831 [ 189.332540][ T5693] pgscan_khugepaged 0 [ 189.332540][ T5693] pgsteal_kswapd 0 [ 189.332540][ T5693] pgsteal_direct 2 [ 189.332540][ T5693] pgsteal_khugepaged 0 [ 189.332540][ T5693] pgfault 21 [ 189.332540][ T5693] pgmajfault 0 [pid 5086] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 189.332540][ T5693] pgrefill 830 [ 189.332540][ T5693] pgactivate 829 [ 189.332540][ T5693] pgdeactivate 830 [ 189.332540][ T5693] pglazyfree 0 [ 189.332540][ T5693] pglazyfreed 0 [ 189.332540][ T5693] zswpin 0 [ 189.332540][ T5693] zswpout 0 [ 189.332540][ T5693] thp_fault_alloc 0 [ 189.332540][ T5693] thp_collapse_alloc 0 [ 189.530793][ T5693] Tasks state (memory values in pages): [pid 5086] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5693] <... write resumed>) = 18 [pid 5693] close(3) = 0 [pid 5693] close(4) = 0 [pid 5693] close(5) = 0 [pid 5693] close(6) = 0 [pid 5693] close(7) = -1 EBADF (Bad file descriptor) [pid 5693] close(8) = -1 EBADF (Bad file descriptor) [pid 5693] close(9) = -1 EBADF (Bad file descriptor) [pid 5693] close(10) = -1 EBADF (Bad file descriptor) [pid 5693] close(11) = -1 EBADF (Bad file descriptor) [pid 5693] close(12) = -1 EBADF (Bad file descriptor) [pid 5693] close(13) = -1 EBADF (Bad file descriptor) [pid 5693] close(14) = -1 EBADF (Bad file descriptor) [pid 5693] close(15) = -1 EBADF (Bad file descriptor) [pid 5693] close(16) = -1 EBADF (Bad file descriptor) [pid 5693] close(17) = -1 EBADF (Bad file descriptor) [pid 5693] close(18) = -1 EBADF (Bad file descriptor) [pid 5693] close(19) = -1 EBADF (Bad file descriptor) [pid 5693] close(20) = -1 EBADF (Bad file descriptor) [pid 5693] close(21) = -1 EBADF (Bad file descriptor) [pid 5693] close(22) = -1 EBADF (Bad file descriptor) [pid 5693] close(23) = -1 EBADF (Bad file descriptor) [pid 5693] close(24) = -1 EBADF (Bad file descriptor) [pid 5693] close(25) = -1 EBADF (Bad file descriptor) [pid 5693] close(26) = -1 EBADF (Bad file descriptor) [pid 5693] close(27) = -1 EBADF (Bad file descriptor) [pid 5693] close(28) = -1 EBADF (Bad file descriptor) [pid 5693] close(29) = -1 EBADF (Bad file descriptor) [pid 5693] exit_group(0) = ? [pid 5693] +++ exited with 0 +++ [pid 5086] rmdir("./30/file0") = 0 [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./30/cgroup.cpu", [pid 5089] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] <... openat resumed>) = 3 [pid 5086] unlink("./30/cgroup.cpu" [pid 5089] fstat(3, [pid 5086] <... unlink resumed>) = 0 [ 189.537014][ T5693] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 189.546966][ T5693] Out of memory and no killable processes... [ 189.553503][ T5694] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 189.565498][ T5694] CPU: 1 PID: 5694 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 189.575464][ T5694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 189.585597][ T5694] Call Trace: [pid 5089] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, [pid 5089] getdents64(3, [pid 5086] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] close(3 [pid 5089] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... close resumed>) = 0 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] rmdir("./30" [pid 5089] lstat("./33/binderfs", [pid 5086] <... rmdir resumed>) = 0 [pid 5089] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] mkdir("./31", 0777 [pid 5089] unlink("./33/binderfs" [pid 5086] <... mkdir resumed>) = 0 [pid 5089] <... unlink resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5089] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 33 [pid 5089] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./33/cgroup") = 0 [pid 5089] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./33/cgroup.net") = 0 [pid 5089] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5697 attached [ 189.588920][ T5694] [ 189.591898][ T5694] dump_stack_lvl+0x136/0x150 [ 189.596650][ T5694] dump_header+0x10a/0xd70 [ 189.601133][ T5694] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 189.607301][ T5694] out_of_memory+0xd64/0x1660 [ 189.612068][ T5694] ? oom_killer_disable+0x2b0/0x2b0 [ 189.617339][ T5694] ? find_held_lock+0x2d/0x110 [ 189.622165][ T5694] mem_cgroup_out_of_memory+0x206/0x270 [ 189.627822][ T5694] ? mem_cgroup_margin+0x130/0x130 [ 189.633021][ T5694] ? _raw_spin_unlock_irqrestore+0x54/0x70 [pid 5697] chdir("./31") = 0 [pid 5697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5697] setpgid(0, 0) = 0 [pid 5697] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5697] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5697] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5697] write(3, "1000", 4) = 4 [pid 5697] close(3) = 0 [ 189.638917][ T5694] memory_max_write+0x2f9/0x3c0 [ 189.643850][ T5694] ? mem_cgroup_force_empty_write+0x160/0x160 [ 189.650002][ T5694] ? lock_sync+0x190/0x190 [ 189.654494][ T5694] cgroup_file_write+0x1e2/0x7b0 [ 189.659521][ T5694] ? mem_cgroup_force_empty_write+0x160/0x160 [ 189.665665][ T5694] ? kill_css+0x3b0/0x3b0 [ 189.670050][ T5694] ? lock_acquire+0x32/0xc0 [ 189.674608][ T5694] ? kill_css+0x3b0/0x3b0 [ 189.678999][ T5694] kernfs_fop_write_iter+0x3f1/0x600 [ 189.684338][ T5694] vfs_write+0x9ed/0xe10 [ 189.688635][ T5694] ? kernel_write+0x670/0x670 [ 189.693377][ T5694] ? find_held_lock+0x2d/0x110 [ 189.698189][ T5694] ? __fget_light+0x20a/0x270 [ 189.702922][ T5694] ksys_write+0x12b/0x250 [ 189.707301][ T5694] ? __ia32_sys_read+0xb0/0xb0 [ 189.712101][ T5694] ? lockdep_hardirqs_on+0x7d/0x100 [ 189.717334][ T5694] ? _raw_spin_unlock_irq+0x2e/0x50 [ 189.722572][ T5694] ? ptrace_notify+0xfe/0x140 [ 189.727292][ T5694] do_syscall_64+0x39/0xb0 [ 189.731757][ T5694] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 189.737734][ T5694] RIP: 0033:0x7faecf034129 [ 189.742177][ T5694] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 189.761837][ T5694] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 189.770297][ T5694] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 189.778292][ T5694] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 189.786287][ T5694] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 189.794287][ T5694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 189.802279][ T5694] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000020 [ 189.810302][ T5694] [ 189.814946][ T5694] memory: usage 8kB, limit 0kB, failcnt 36 [ 189.820809][ T5694] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 189.828053][ T5694] Memory cgroup stats for /syz1: [ 189.828334][ T5694] anon 0 [ 189.828334][ T5694] file 0 [pid 5697] symlink("/dev/binderfs", "./binderfs" [pid 5089] <... umount2 resumed>) = 0 [pid 5697] <... symlink resumed>) = 0 [pid 5089] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5697] mkdir("./file0", 000 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5697] <... mkdir resumed>) = 0 [pid 5089] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5697] open("./file0", O_RDONLY [pid 5089] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5697] <... open resumed>) = 3 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5697] mount(NULL, "./file0", "cgroup2", 0, NULL [ 189.828334][ T5694] kernel 8192 [ 189.828334][ T5694] kernel_stack 0 [ 189.828334][ T5694] pagetables 0 [ 189.828334][ T5694] sec_pagetables 0 [ 189.828334][ T5694] percpu 0 [ 189.828334][ T5694] sock 0 [ 189.828334][ T5694] vmalloc 0 [ 189.828334][ T5694] shmem 0 [ 189.828334][ T5694] zswap 0 [ 189.828334][ T5694] zswapped 0 [ 189.828334][ T5694] file_mapped 0 [ 189.828334][ T5694] file_dirty 0 [ 189.828334][ T5694] file_writeback 0 [ 189.828334][ T5694] swapcached 0 [ 189.828334][ T5694] anon_thp 0 [ 189.828334][ T5694] file_thp 0 [pid 5089] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5697] <... mount resumed>) = 0 [pid 5089] <... openat resumed>) = 4 [pid 5697] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5089] fstat(4, [pid 5697] <... openat resumed>) = 4 [pid 5089] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5697] openat(4, "syz1", O_RDWR|O_PATH [pid 5089] getdents64(4, [pid 5697] <... openat resumed>) = 5 [pid 5089] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5697] openat(5, "memory.max", O_RDWR [pid 5089] getdents64(4, [pid 5697] <... openat resumed>) = 6 [pid 5089] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [ 189.828334][ T5694] shmem_thp 0 [ 189.828334][ T5694] inactive_anon 0 [ 189.828334][ T5694] active_anon 0 [ 189.828334][ T5694] inactive_file 0 [ 189.828334][ T5694] active_file 0 [ 189.828334][ T5694] unevictable 0 [ 189.828334][ T5694] slab_reclaimable 6752 [ 189.828334][ T5694] slab_unreclaimable 0 [ 189.828334][ T5694] slab 6752 [ 189.828334][ T5694] workingset_refault_anon 0 [ 189.828334][ T5694] workingset_refault_file 0 [ 189.828334][ T5694] workingset_activate_anon 0 [ 189.828334][ T5694] workingset_activate_file 0 [ 189.828334][ T5694] workingset_restore_anon 0 [ 189.828334][ T5694] workingset_restore_file 0 [ 189.828334][ T5694] workingset_nodereclaim 0 [ 189.828334][ T5694] pgscan 831 [ 189.828334][ T5694] pgsteal 2 [ 189.828334][ T5694] pgscan_kswapd 0 [ 189.828334][ T5694] pgscan_direct 831 [ 189.828334][ T5694] pgscan_khugepaged 0 [ 189.828334][ T5694] pgsteal_kswapd 0 [ 189.828334][ T5694] pgsteal_direct 2 [ 189.828334][ T5694] pgsteal_khugepaged 0 [ 189.828334][ T5694] pgfault 21 [ 189.828334][ T5694] pgmajfault 0 [ 189.828334][ T5694] pgrefill 830 [ 189.828334][ T5694] pgactivate 829 [pid 5697] write(6, "0x000000000000040e", 18 [pid 5089] close(4) = 0 [pid 5089] rmdir("./33/file0") = 0 [pid 5089] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./33/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./33") = 0 [pid 5089] mkdir("./34", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 36 ./strace-static-x86_64: Process 5698 attached [pid 5698] chdir("./34") = 0 [pid 5698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5698] setpgid(0, 0) = 0 [pid 5698] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5698] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5698] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5698] write(3, "1000", 4) = 4 [pid 5698] close(3) = 0 [pid 5698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5698] mkdir("./file0", 000) = 0 [pid 5698] open("./file0", O_RDONLY) = 3 [pid 5698] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5698] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5698] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5698] openat(5, "memory.max", O_RDWR) = 6 [ 189.828334][ T5694] pgdeactivate 830 [ 189.828334][ T5694] pglazyfree 0 [ 189.828334][ T5694] pglazyfreed 0 [ 189.828334][ T5694] zswpin 0 [ 189.828334][ T5694] zswpout 0 [ 189.828334][ T5694] thp_fault_alloc 0 [ 189.828334][ T5694] thp_collapse_alloc 0 [ 190.019119][ T5694] Tasks state (memory values in pages): [ 190.031686][ T5694] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5698] write(6, "0x000000000000040e", 18 [pid 5694] <... write resumed>) = 18 [pid 5694] close(3) = 0 [pid 5694] close(4) = 0 [pid 5694] close(5) = 0 [pid 5694] close(6) = 0 [pid 5694] close(7) = -1 EBADF (Bad file descriptor) [pid 5694] close(8) = -1 EBADF (Bad file descriptor) [pid 5694] close(9) = -1 EBADF (Bad file descriptor) [pid 5694] close(10) = -1 EBADF (Bad file descriptor) [pid 5694] close(11) = -1 EBADF (Bad file descriptor) [pid 5694] close(12) = -1 EBADF (Bad file descriptor) [pid 5694] close(13) = -1 EBADF (Bad file descriptor) [pid 5694] close(14) = -1 EBADF (Bad file descriptor) [pid 5694] close(15) = -1 EBADF (Bad file descriptor) [pid 5694] close(16) = -1 EBADF (Bad file descriptor) [pid 5694] close(17) = -1 EBADF (Bad file descriptor) [pid 5694] close(18) = -1 EBADF (Bad file descriptor) [pid 5694] close(19) = -1 EBADF (Bad file descriptor) [pid 5694] close(20) = -1 EBADF (Bad file descriptor) [pid 5694] close(21) = -1 EBADF (Bad file descriptor) [pid 5694] close(22) = -1 EBADF (Bad file descriptor) [pid 5694] close(23) = -1 EBADF (Bad file descriptor) [ 190.049590][ T5694] Out of memory and no killable processes... [ 190.055788][ T5695] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 190.081662][ T5695] CPU: 0 PID: 5695 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5694] close(24) = -1 EBADF (Bad file descriptor) [pid 5694] close(25) = -1 EBADF (Bad file descriptor) [pid 5694] close(26) = -1 EBADF (Bad file descriptor) [pid 5694] close(27) = -1 EBADF (Bad file descriptor) [pid 5694] close(28) = -1 EBADF (Bad file descriptor) [pid 5694] close(29) = -1 EBADF (Bad file descriptor) [pid 5694] exit_group(0) = ? [pid 5694] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5087] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 190.091670][ T5695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 190.101782][ T5695] Call Trace: [ 190.105118][ T5695] [ 190.108105][ T5695] dump_stack_lvl+0x136/0x150 [ 190.112857][ T5695] dump_header+0x10a/0xd70 [ 190.117343][ T5695] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 190.123501][ T5695] out_of_memory+0xd64/0x1660 [ 190.128256][ T5695] ? oom_killer_disable+0x2b0/0x2b0 [ 190.133533][ T5695] mem_cgroup_out_of_memory+0x206/0x270 [ 190.139154][ T5695] ? mem_cgroup_margin+0x130/0x130 [ 190.144362][ T5695] memory_max_write+0x2f9/0x3c0 [ 190.149295][ T5695] ? mem_cgroup_force_empty_write+0x160/0x160 [ 190.155451][ T5695] ? lock_sync+0x190/0x190 [ 190.159941][ T5695] cgroup_file_write+0x1e2/0x7b0 [ 190.164957][ T5695] ? mem_cgroup_force_empty_write+0x160/0x160 [ 190.171132][ T5695] ? kill_css+0x3b0/0x3b0 [ 190.175538][ T5695] ? lock_acquire+0x32/0xc0 [ 190.180118][ T5695] ? kill_css+0x3b0/0x3b0 [ 190.184526][ T5695] kernfs_fop_write_iter+0x3f1/0x600 [ 190.189873][ T5695] vfs_write+0x9ed/0xe10 [ 190.194184][ T5695] ? kernel_write+0x670/0x670 [ 190.198942][ T5695] ? find_held_lock+0x2d/0x110 [ 190.203784][ T5695] ? __fget_light+0x20a/0x270 [ 190.208537][ T5695] ksys_write+0x12b/0x250 [ 190.212950][ T5695] ? __ia32_sys_read+0xb0/0xb0 [ 190.217794][ T5695] ? lockdep_hardirqs_on+0x7d/0x100 [ 190.223058][ T5695] ? _raw_spin_unlock_irq+0x2e/0x50 [ 190.228324][ T5695] ? ptrace_notify+0xfe/0x140 [ 190.233074][ T5695] do_syscall_64+0x39/0xb0 [ 190.237565][ T5695] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 190.243524][ T5695] RIP: 0033:0x7faecf034129 [ 190.247995][ T5695] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 190.267669][ T5695] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.276146][ T5695] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 190.284169][ T5695] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 190.292211][ T5695] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./32/binderfs") = 0 [pid 5087] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./32/cgroup") = 0 [pid 5087] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./32/cgroup.net") = 0 [pid 5087] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./32/file0") = 0 [pid 5087] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 190.300237][ T5695] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 190.308257][ T5695] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001e [ 190.316306][ T5695] [ 190.328530][ T5695] memory: usage 8kB, limit 0kB, failcnt 36 [ 190.334974][ T5695] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 190.343168][ T5695] Memory cgroup stats for /syz1: [pid 5087] unlink("./32/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./32") = 0 [pid 5087] mkdir("./33", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5699 attached [pid 5699] chdir("./33" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 35 [pid 5699] <... chdir resumed>) = 0 [pid 5699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5699] setpgid(0, 0) = 0 [pid 5699] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5699] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5699] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5699] write(3, "1000", 4) = 4 [pid 5699] close(3) = 0 [pid 5699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5699] mkdir("./file0", 000) = 0 [pid 5699] open("./file0", O_RDONLY) = 3 [ 190.343527][ T5695] anon 0 [ 190.343527][ T5695] file 0 [ 190.343527][ T5695] kernel 8192 [ 190.343527][ T5695] kernel_stack 0 [ 190.343527][ T5695] pagetables 0 [ 190.343527][ T5695] sec_pagetables 0 [ 190.343527][ T5695] percpu 0 [ 190.343527][ T5695] sock 0 [ 190.343527][ T5695] vmalloc 0 [ 190.343527][ T5695] shmem 0 [ 190.343527][ T5695] zswap 0 [ 190.343527][ T5695] zswapped 0 [ 190.343527][ T5695] file_mapped 0 [ 190.343527][ T5695] file_dirty 0 [ 190.343527][ T5695] file_writeback 0 [ 190.343527][ T5695] swapcached 0 [pid 5699] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5699] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5699] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5699] openat(5, "memory.max", O_RDWR) = 6 [ 190.343527][ T5695] anon_thp 0 [ 190.343527][ T5695] file_thp 0 [ 190.343527][ T5695] shmem_thp 0 [ 190.343527][ T5695] inactive_anon 0 [ 190.343527][ T5695] active_anon 0 [ 190.343527][ T5695] inactive_file 0 [ 190.343527][ T5695] active_file 0 [ 190.343527][ T5695] unevictable 0 [ 190.343527][ T5695] slab_reclaimable 6752 [ 190.343527][ T5695] slab_unreclaimable 0 [ 190.343527][ T5695] slab 6752 [ 190.343527][ T5695] workingset_refault_anon 0 [ 190.343527][ T5695] workingset_refault_file 0 [ 190.343527][ T5695] workingset_activate_anon 0 [ 190.343527][ T5695] workingset_activate_file 0 [ 190.343527][ T5695] workingset_restore_anon 0 [ 190.343527][ T5695] workingset_restore_file 0 [ 190.343527][ T5695] workingset_nodereclaim 0 [ 190.343527][ T5695] pgscan 831 [ 190.343527][ T5695] pgsteal 2 [ 190.343527][ T5695] pgscan_kswapd 0 [ 190.343527][ T5695] pgscan_direct 831 [ 190.343527][ T5695] pgscan_khugepaged 0 [ 190.343527][ T5695] pgsteal_kswapd 0 [ 190.343527][ T5695] pgsteal_direct 2 [ 190.343527][ T5695] pgsteal_khugepaged 0 [ 190.343527][ T5695] pgfault 21 [ 190.343527][ T5695] pgmajfault 0 [ 190.343527][ T5695] pgrefill 830 [ 190.343527][ T5695] pgactivate 829 [ 190.343527][ T5695] pgdeactivate 830 [ 190.343527][ T5695] pglazyfree 0 [ 190.343527][ T5695] pglazyfreed 0 [ 190.343527][ T5695] zswpin 0 [ 190.343527][ T5695] zswpout 0 [ 190.343527][ T5695] thp_fault_alloc 0 [ 190.343527][ T5695] thp_collapse_alloc 0 [ 190.536539][ T5695] Tasks state (memory values in pages): [pid 5699] write(6, "0x000000000000040e", 18 [pid 5695] <... write resumed>) = 18 [pid 5695] close(3) = 0 [pid 5695] close(4) = 0 [pid 5695] close(5) = 0 [pid 5695] close(6) = 0 [pid 5695] close(7) = -1 EBADF (Bad file descriptor) [pid 5695] close(8) = -1 EBADF (Bad file descriptor) [pid 5695] close(9) = -1 EBADF (Bad file descriptor) [pid 5695] close(10) = -1 EBADF (Bad file descriptor) [pid 5695] close(11) = -1 EBADF (Bad file descriptor) [pid 5695] close(12) = -1 EBADF (Bad file descriptor) [pid 5695] close(13) = -1 EBADF (Bad file descriptor) [pid 5695] close(14) = -1 EBADF (Bad file descriptor) [pid 5695] close(15) = -1 EBADF (Bad file descriptor) [pid 5695] close(16) = -1 EBADF (Bad file descriptor) [pid 5695] close(17) = -1 EBADF (Bad file descriptor) [ 190.544618][ T5695] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 190.556876][ T5695] Out of memory and no killable processes... [ 190.566010][ T5696] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 190.585699][ T5696] CPU: 0 PID: 5696 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5695] close(18) = -1 EBADF (Bad file descriptor) [pid 5695] close(19) = -1 EBADF (Bad file descriptor) [pid 5695] close(20) = -1 EBADF (Bad file descriptor) [pid 5695] close(21) = -1 EBADF (Bad file descriptor) [pid 5695] close(22) = -1 EBADF (Bad file descriptor) [pid 5695] close(23) = -1 EBADF (Bad file descriptor) [pid 5695] close(24) = -1 EBADF (Bad file descriptor) [pid 5695] close(25) = -1 EBADF (Bad file descriptor) [pid 5695] close(26) = -1 EBADF (Bad file descriptor) [pid 5695] close(27) = -1 EBADF (Bad file descriptor) [pid 5695] close(28) = -1 EBADF (Bad file descriptor) [pid 5695] close(29) = -1 EBADF (Bad file descriptor) [pid 5695] exit_group(0) = ? [pid 5695] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5085] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./30/binderfs") = 0 [pid 5085] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./30/cgroup") = 0 [ 190.595700][ T5696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 190.605813][ T5696] Call Trace: [ 190.609144][ T5696] [ 190.612174][ T5696] dump_stack_lvl+0x136/0x150 [ 190.616928][ T5696] dump_header+0x10a/0xd70 [ 190.621443][ T5696] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 190.627611][ T5696] out_of_memory+0xd64/0x1660 [ 190.632380][ T5696] ? oom_killer_disable+0x2b0/0x2b0 [ 190.637681][ T5696] ? find_held_lock+0x2d/0x110 [ 190.642528][ T5696] mem_cgroup_out_of_memory+0x206/0x270 [pid 5085] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./30/cgroup.net") = 0 [ 190.648157][ T5696] ? mem_cgroup_margin+0x130/0x130 [ 190.653361][ T5696] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 190.659308][ T5696] memory_max_write+0x2f9/0x3c0 [ 190.664249][ T5696] ? mem_cgroup_force_empty_write+0x160/0x160 [ 190.670393][ T5696] ? lock_sync+0x190/0x190 [ 190.674856][ T5696] cgroup_file_write+0x1e2/0x7b0 [ 190.679880][ T5696] ? mem_cgroup_force_empty_write+0x160/0x160 [ 190.685996][ T5696] ? kill_css+0x3b0/0x3b0 [ 190.690384][ T5696] ? lock_acquire+0x32/0xc0 [ 190.694941][ T5696] ? kill_css+0x3b0/0x3b0 [ 190.699315][ T5696] kernfs_fop_write_iter+0x3f1/0x600 [ 190.704651][ T5696] vfs_write+0x9ed/0xe10 [ 190.708949][ T5696] ? kernel_write+0x670/0x670 [ 190.713681][ T5696] ? find_held_lock+0x2d/0x110 [ 190.718505][ T5696] ? __fget_light+0x20a/0x270 [ 190.723233][ T5696] ksys_write+0x12b/0x250 [ 190.727610][ T5696] ? __ia32_sys_read+0xb0/0xb0 [ 190.732416][ T5696] ? lockdep_hardirqs_on+0x7d/0x100 [ 190.737654][ T5696] ? _raw_spin_unlock_irq+0x2e/0x50 [ 190.742896][ T5696] ? ptrace_notify+0xfe/0x140 [ 190.747620][ T5696] do_syscall_64+0x39/0xb0 [ 190.752103][ T5696] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 190.758041][ T5696] RIP: 0033:0x7faecf034129 [ 190.762497][ T5696] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 190.782138][ T5696] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.790600][ T5696] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 190.798597][ T5696] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 190.806682][ T5696] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 190.814678][ T5696] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 190.822690][ T5696] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000022 [ 190.830720][ T5696] [ 190.838828][ T5696] memory: usage 8kB, limit 0kB, failcnt 36 [ 190.844801][ T5696] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5085] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./30/file0") = 0 [pid 5085] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./30/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [ 190.851853][ T5696] Memory cgroup stats for /syz1: [ 190.852138][ T5696] anon 0 [ 190.852138][ T5696] file 0 [ 190.852138][ T5696] kernel 8192 [ 190.852138][ T5696] kernel_stack 0 [ 190.852138][ T5696] pagetables 0 [ 190.852138][ T5696] sec_pagetables 0 [ 190.852138][ T5696] percpu 0 [ 190.852138][ T5696] sock 0 [ 190.852138][ T5696] vmalloc 0 [ 190.852138][ T5696] shmem 0 [ 190.852138][ T5696] zswap 0 [ 190.852138][ T5696] zswapped 0 [ 190.852138][ T5696] file_mapped 0 [ 190.852138][ T5696] file_dirty 0 [ 190.852138][ T5696] file_writeback 0 [pid 5085] rmdir("./30") = 0 [pid 5085] mkdir("./31", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5700 attached [pid 5700] chdir("./31" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 33 [pid 5700] <... chdir resumed>) = 0 [pid 5700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5700] setpgid(0, 0) = 0 [pid 5700] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5700] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5700] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5700] write(3, "1000", 4) = 4 [pid 5700] close(3) = 0 [pid 5700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5700] mkdir("./file0", 000) = 0 [ 190.852138][ T5696] swapcached 0 [ 190.852138][ T5696] anon_thp 0 [ 190.852138][ T5696] file_thp 0 [ 190.852138][ T5696] shmem_thp 0 [ 190.852138][ T5696] inactive_anon 0 [ 190.852138][ T5696] active_anon 0 [ 190.852138][ T5696] inactive_file 0 [ 190.852138][ T5696] active_file 0 [ 190.852138][ T5696] unevictable 0 [ 190.852138][ T5696] slab_reclaimable 6752 [ 190.852138][ T5696] slab_unreclaimable 0 [ 190.852138][ T5696] slab 6752 [ 190.852138][ T5696] workingset_refault_anon 0 [ 190.852138][ T5696] workingset_refault_file 0 [pid 5700] open("./file0", O_RDONLY) = 3 [pid 5700] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5700] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5700] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5700] openat(5, "memory.max", O_RDWR) = 6 [ 190.852138][ T5696] workingset_activate_anon 0 [ 190.852138][ T5696] workingset_activate_file 0 [ 190.852138][ T5696] workingset_restore_anon 0 [ 190.852138][ T5696] workingset_restore_file 0 [ 190.852138][ T5696] workingset_nodereclaim 0 [ 190.852138][ T5696] pgscan 831 [ 190.852138][ T5696] pgsteal 2 [ 190.852138][ T5696] pgscan_kswapd 0 [ 190.852138][ T5696] pgscan_direct 831 [ 190.852138][ T5696] pgscan_khugepaged 0 [ 190.852138][ T5696] pgsteal_kswapd 0 [ 190.852138][ T5696] pgsteal_direct 2 [ 190.852138][ T5696] pgsteal_khugepaged 0 [ 190.852138][ T5696] pgfault 21 [ 190.852138][ T5696] pgmajfault 0 [ 190.852138][ T5696] pgrefill 830 [ 190.852138][ T5696] pgactivate 829 [ 190.852138][ T5696] pgdeactivate 830 [ 190.852138][ T5696] pglazyfree 0 [ 190.852138][ T5696] pglazyfreed 0 [ 190.852138][ T5696] zswpin 0 [ 190.852138][ T5696] zswpout 0 [ 190.852138][ T5696] thp_fault_alloc 0 [ 190.852138][ T5696] thp_collapse_alloc 0 [ 191.045242][ T5696] Tasks state (memory values in pages): [pid 5700] write(6, "0x000000000000040e", 18 [pid 5696] <... write resumed>) = 18 [pid 5696] close(3) = 0 [pid 5696] close(4) = 0 [pid 5696] close(5) = 0 [pid 5696] close(6) = 0 [pid 5696] close(7) = -1 EBADF (Bad file descriptor) [pid 5696] close(8) = -1 EBADF (Bad file descriptor) [pid 5696] close(9) = -1 EBADF (Bad file descriptor) [pid 5696] close(10) = -1 EBADF (Bad file descriptor) [pid 5696] close(11) = -1 EBADF (Bad file descriptor) [pid 5696] close(12) = -1 EBADF (Bad file descriptor) [pid 5696] close(13) = -1 EBADF (Bad file descriptor) [ 191.050872][ T5696] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 191.060487][ T5696] Out of memory and no killable processes... [ 191.066655][ T5697] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 191.077351][ T5697] CPU: 1 PID: 5697 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 191.087309][ T5697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 191.097424][ T5697] Call Trace: [ 191.100751][ T5697] [pid 5696] close(14) = -1 EBADF (Bad file descriptor) [pid 5696] close(15) = -1 EBADF (Bad file descriptor) [pid 5696] close(16) = -1 EBADF (Bad file descriptor) [pid 5696] close(17) = -1 EBADF (Bad file descriptor) [pid 5696] close(18) = -1 EBADF (Bad file descriptor) [pid 5696] close(19) = -1 EBADF (Bad file descriptor) [pid 5696] close(20) = -1 EBADF (Bad file descriptor) [pid 5696] close(21) = -1 EBADF (Bad file descriptor) [pid 5696] close(22) = -1 EBADF (Bad file descriptor) [pid 5696] close(23) = -1 EBADF (Bad file descriptor) [pid 5696] close(24) = -1 EBADF (Bad file descriptor) [pid 5696] close(25) = -1 EBADF (Bad file descriptor) [pid 5696] close(26) = -1 EBADF (Bad file descriptor) [pid 5696] close(27) = -1 EBADF (Bad file descriptor) [pid 5696] close(28) = -1 EBADF (Bad file descriptor) [pid 5696] close(29) = -1 EBADF (Bad file descriptor) [ 191.103728][ T5697] dump_stack_lvl+0x136/0x150 [ 191.108475][ T5697] dump_header+0x10a/0xd70 [ 191.112970][ T5697] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 191.119141][ T5697] out_of_memory+0xd64/0x1660 [ 191.123910][ T5697] ? oom_killer_disable+0x2b0/0x2b0 [ 191.129204][ T5697] mem_cgroup_out_of_memory+0x206/0x270 [ 191.134837][ T5697] ? mem_cgroup_margin+0x130/0x130 [ 191.140051][ T5697] memory_max_write+0x2f9/0x3c0 [ 191.144986][ T5697] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5696] exit_group(0) = ? [pid 5696] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5090] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./34/binderfs") = 0 [pid 5090] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./34/cgroup") = 0 [pid 5090] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 191.151146][ T5697] ? lock_sync+0x190/0x190 [ 191.155640][ T5697] cgroup_file_write+0x1e2/0x7b0 [ 191.160656][ T5697] ? mem_cgroup_force_empty_write+0x160/0x160 [ 191.166803][ T5697] ? kill_css+0x3b0/0x3b0 [ 191.171214][ T5697] ? lock_acquire+0x32/0xc0 [ 191.175811][ T5697] ? kill_css+0x3b0/0x3b0 [ 191.180794][ T5697] kernfs_fop_write_iter+0x3f1/0x600 [ 191.186156][ T5697] vfs_write+0x9ed/0xe10 [ 191.190480][ T5697] ? kernel_write+0x670/0x670 [ 191.195249][ T5697] ? find_held_lock+0x2d/0x110 [ 191.200081][ T5697] ? __fget_light+0x20a/0x270 [ 191.204814][ T5697] ksys_write+0x12b/0x250 [ 191.209192][ T5697] ? __ia32_sys_read+0xb0/0xb0 [ 191.214002][ T5697] ? lockdep_hardirqs_on+0x7d/0x100 [ 191.219236][ T5697] ? _raw_spin_unlock_irq+0x2e/0x50 [ 191.224490][ T5697] ? ptrace_notify+0xfe/0x140 [ 191.229208][ T5697] do_syscall_64+0x39/0xb0 [ 191.233669][ T5697] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.239599][ T5697] RIP: 0033:0x7faecf034129 [ 191.244044][ T5697] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 191.263698][ T5697] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 191.272142][ T5697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 191.280142][ T5697] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 191.288139][ T5697] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 191.296147][ T5697] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5090] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./34/cgroup.net") = 0 [ 191.304143][ T5697] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001f [ 191.312164][ T5697] [ 191.323610][ T5697] memory: usage 8kB, limit 0kB, failcnt 36 [ 191.329490][ T5697] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 191.336946][ T5697] Memory cgroup stats for /syz1: [ 191.337239][ T5697] anon 0 [ 191.337239][ T5697] file 0 [ 191.337239][ T5697] kernel 8192 [ 191.337239][ T5697] kernel_stack 0 [ 191.337239][ T5697] pagetables 0 [ 191.337239][ T5697] sec_pagetables 0 [ 191.337239][ T5697] percpu 0 [ 191.337239][ T5697] sock 0 [ 191.337239][ T5697] vmalloc 0 [ 191.337239][ T5697] shmem 0 [ 191.337239][ T5697] zswap 0 [ 191.337239][ T5697] zswapped 0 [ 191.337239][ T5697] file_mapped 0 [ 191.337239][ T5697] file_dirty 0 [ 191.337239][ T5697] file_writeback 0 [ 191.337239][ T5697] swapcached 0 [ 191.337239][ T5697] anon_thp 0 [ 191.337239][ T5697] file_thp 0 [ 191.337239][ T5697] shmem_thp 0 [ 191.337239][ T5697] inactive_anon 0 [ 191.337239][ T5697] active_anon 0 [ 191.337239][ T5697] inactive_file 0 [ 191.337239][ T5697] active_file 0 [ 191.337239][ T5697] unevictable 0 [ 191.337239][ T5697] slab_reclaimable 6752 [ 191.337239][ T5697] slab_unreclaimable 0 [ 191.337239][ T5697] slab 6752 [ 191.337239][ T5697] workingset_refault_anon 0 [ 191.337239][ T5697] workingset_refault_file 0 [ 191.337239][ T5697] workingset_activate_anon 0 [ 191.337239][ T5697] workingset_activate_file 0 [ 191.337239][ T5697] workingset_restore_anon 0 [ 191.337239][ T5697] workingset_restore_file 0 [ 191.337239][ T5697] workingset_nodereclaim 0 [ 191.337239][ T5697] pgscan 831 [ 191.337239][ T5697] pgsteal 2 [ 191.337239][ T5697] pgscan_kswapd 0 [ 191.337239][ T5697] pgscan_direct 831 [ 191.337239][ T5697] pgscan_khugepaged 0 [ 191.337239][ T5697] pgsteal_kswapd 0 [ 191.337239][ T5697] pgsteal_direct 2 [ 191.337239][ T5697] pgsteal_khugepaged 0 [ 191.337239][ T5697] pgfault 21 [ 191.337239][ T5697] pgmajfault 0 [ 191.337239][ T5697] pgrefill 830 [ 191.337239][ T5697] pgactivate 829 [ 191.337239][ T5697] pgdeactivate 830 [pid 5090] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [ 191.337239][ T5697] pglazyfree 0 [ 191.337239][ T5697] pglazyfreed 0 [ 191.337239][ T5697] zswpin 0 [ 191.337239][ T5697] zswpout 0 [ 191.337239][ T5697] thp_fault_alloc 0 [ 191.337239][ T5697] thp_collapse_alloc 0 [ 191.528371][ T5697] Tasks state (memory values in pages): [ 191.534294][ T5697] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 191.543908][ T5697] Out of memory and no killable processes... [pid 5090] rmdir("./34/file0") = 0 [pid 5090] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5697] <... write resumed>) = 18 [pid 5090] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./34/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./34") = 0 [pid 5090] mkdir("./35", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 37 [pid 5697] close(3) = 0 [pid 5697] close(4) = 0 [pid 5697] close(5) = 0 [pid 5697] close(6) = 0 [pid 5697] close(7) = -1 EBADF (Bad file descriptor) [pid 5697] close(8) = -1 EBADF (Bad file descriptor) [pid 5697] close(9) = -1 EBADF (Bad file descriptor) [pid 5697] close(10) = -1 EBADF (Bad file descriptor) [ 191.550043][ T5698] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 191.560630][ T5698] CPU: 1 PID: 5698 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 191.570605][ T5698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 191.580721][ T5698] Call Trace: [ 191.584053][ T5698] [ 191.587038][ T5698] dump_stack_lvl+0x136/0x150 [ 191.591793][ T5698] dump_header+0x10a/0xd70 [ 191.596282][ T5698] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5697] close(11) = -1 EBADF (Bad file descriptor) [pid 5697] close(12) = -1 EBADF (Bad file descriptor) [pid 5697] close(13) = -1 EBADF (Bad file descriptor) [pid 5697] close(14) = -1 EBADF (Bad file descriptor) [pid 5697] close(15) = -1 EBADF (Bad file descriptor) [pid 5697] close(16) = -1 EBADF (Bad file descriptor) [pid 5697] close(17) = -1 EBADF (Bad file descriptor) [pid 5697] close(18) = -1 EBADF (Bad file descriptor) [pid 5697] close(19) = -1 EBADF (Bad file descriptor) [pid 5697] close(20) = -1 EBADF (Bad file descriptor) [pid 5697] close(21) = -1 EBADF (Bad file descriptor) [pid 5697] close(22) = -1 EBADF (Bad file descriptor) [ 191.602451][ T5698] out_of_memory+0xd64/0x1660 [ 191.607216][ T5698] ? oom_killer_disable+0x2b0/0x2b0 [ 191.612500][ T5698] ? find_held_lock+0x2d/0x110 [ 191.617335][ T5698] mem_cgroup_out_of_memory+0x206/0x270 [ 191.622950][ T5698] ? mem_cgroup_margin+0x130/0x130 [ 191.628142][ T5698] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 191.634036][ T5698] memory_max_write+0x2f9/0x3c0 [ 191.638978][ T5698] ? mem_cgroup_force_empty_write+0x160/0x160 [ 191.645140][ T5698] ? lock_sync+0x190/0x190 [ 191.649632][ T5698] cgroup_file_write+0x1e2/0x7b0 [pid 5697] close(23) = -1 EBADF (Bad file descriptor) [pid 5697] close(24) = -1 EBADF (Bad file descriptor) [pid 5697] close(25) = -1 EBADF (Bad file descriptor) [pid 5697] close(26) = -1 EBADF (Bad file descriptor) [pid 5697] close(27) = -1 EBADF (Bad file descriptor) [pid 5697] close(28) = -1 EBADF (Bad file descriptor) [pid 5697] close(29) = -1 EBADF (Bad file descriptor) [pid 5697] exit_group(0) = ? [pid 5697] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 191.654656][ T5698] ? mem_cgroup_force_empty_write+0x160/0x160 [ 191.660815][ T5698] ? kill_css+0x3b0/0x3b0 [ 191.665230][ T5698] ? lock_acquire+0x32/0xc0 [ 191.669808][ T5698] ? kill_css+0x3b0/0x3b0 [ 191.674216][ T5698] kernfs_fop_write_iter+0x3f1/0x600 [ 191.679598][ T5698] vfs_write+0x9ed/0xe10 [ 191.683933][ T5698] ? kernel_write+0x670/0x670 [ 191.688700][ T5698] ? find_held_lock+0x2d/0x110 [ 191.693553][ T5698] ? __fget_light+0x20a/0x270 [ 191.698323][ T5698] ksys_write+0x12b/0x250 [pid 5086] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./31/binderfs") = 0 [pid 5086] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./31/cgroup") = 0 [pid 5086] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./31/cgroup.net") = 0 [pid 5086] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5701 attached [pid 5701] chdir("./35") = 0 [pid 5701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5701] setpgid(0, 0) = 0 [pid 5701] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5701] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5701] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [ 191.702749][ T5698] ? __ia32_sys_read+0xb0/0xb0 [ 191.707602][ T5698] ? lockdep_hardirqs_on+0x7d/0x100 [ 191.712877][ T5698] ? _raw_spin_unlock_irq+0x2e/0x50 [ 191.718143][ T5698] ? ptrace_notify+0xfe/0x140 [ 191.722896][ T5698] do_syscall_64+0x39/0xb0 [ 191.727400][ T5698] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.733370][ T5698] RIP: 0033:0x7faecf034129 [ 191.737846][ T5698] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5701] write(3, "1000", 4) = 4 [pid 5701] close(3) = 0 [pid 5701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5701] mkdir("./file0", 000) = 0 [pid 5701] open("./file0", O_RDONLY) = 3 [pid 5701] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5701] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5701] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5701] openat(5, "memory.max", O_RDWR) = 6 [ 191.757523][ T5698] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 191.766019][ T5698] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 191.774049][ T5698] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 191.782077][ T5698] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 191.790104][ T5698] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 191.798144][ T5698] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000022 [pid 5701] write(6, "0x000000000000040e", 18 [pid 5086] <... umount2 resumed>) = 0 [pid 5086] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./31/file0") = 0 [pid 5086] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./31/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./31") = 0 [pid 5086] mkdir("./32", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5702 attached [ 191.806201][ T5698] [ 191.826510][ T5698] memory: usage 8kB, limit 0kB, failcnt 36 [ 191.836137][ T5698] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 191.848592][ T5698] Memory cgroup stats for /syz1: [ 191.848880][ T5698] anon 0 [pid 5702] chdir("./32" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 34 [pid 5702] <... chdir resumed>) = 0 [pid 5702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5702] setpgid(0, 0) = 0 [pid 5702] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5702] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5702] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5702] write(3, "1000", 4) = 4 [pid 5702] close(3) = 0 [pid 5702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5702] mkdir("./file0", 000) = 0 [pid 5702] open("./file0", O_RDONLY) = 3 [pid 5702] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5702] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5702] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5702] openat(5, "memory.max", O_RDWR) = 6 [ 191.848880][ T5698] file 0 [ 191.848880][ T5698] kernel 8192 [ 191.848880][ T5698] kernel_stack 0 [ 191.848880][ T5698] pagetables 0 [ 191.848880][ T5698] sec_pagetables 0 [ 191.848880][ T5698] percpu 0 [ 191.848880][ T5698] sock 0 [ 191.848880][ T5698] vmalloc 0 [ 191.848880][ T5698] shmem 0 [ 191.848880][ T5698] zswap 0 [ 191.848880][ T5698] zswapped 0 [ 191.848880][ T5698] file_mapped 0 [ 191.848880][ T5698] file_dirty 0 [ 191.848880][ T5698] file_writeback 0 [ 191.848880][ T5698] swapcached 0 [ 191.848880][ T5698] anon_thp 0 [ 191.848880][ T5698] file_thp 0 [ 191.848880][ T5698] shmem_thp 0 [ 191.848880][ T5698] inactive_anon 0 [ 191.848880][ T5698] active_anon 0 [ 191.848880][ T5698] inactive_file 0 [ 191.848880][ T5698] active_file 0 [ 191.848880][ T5698] unevictable 0 [ 191.848880][ T5698] slab_reclaimable 6752 [ 191.848880][ T5698] slab_unreclaimable 0 [ 191.848880][ T5698] slab 6752 [ 191.848880][ T5698] workingset_refault_anon 0 [ 191.848880][ T5698] workingset_refault_file 0 [ 191.848880][ T5698] workingset_activate_anon 0 [ 191.848880][ T5698] workingset_activate_file 0 [ 191.848880][ T5698] workingset_restore_anon 0 [ 191.848880][ T5698] workingset_restore_file 0 [ 191.848880][ T5698] workingset_nodereclaim 0 [ 191.848880][ T5698] pgscan 831 [ 191.848880][ T5698] pgsteal 2 [ 191.848880][ T5698] pgscan_kswapd 0 [ 191.848880][ T5698] pgscan_direct 831 [ 191.848880][ T5698] pgscan_khugepaged 0 [ 191.848880][ T5698] pgsteal_kswapd 0 [ 191.848880][ T5698] pgsteal_direct 2 [ 191.848880][ T5698] pgsteal_khugepaged 0 [ 191.848880][ T5698] pgfault 21 [ 191.848880][ T5698] pgmajfault 0 [ 191.848880][ T5698] pgrefill 830 [ 191.848880][ T5698] pgactivate 829 [ 191.848880][ T5698] pgdeactivate 830 [ 191.848880][ T5698] pglazyfree 0 [ 191.848880][ T5698] pglazyfreed 0 [ 191.848880][ T5698] zswpin 0 [ 191.848880][ T5698] zswpout 0 [ 191.848880][ T5698] thp_fault_alloc 0 [ 191.848880][ T5698] thp_collapse_alloc 0 [ 192.040275][ T5698] Tasks state (memory values in pages): [ 192.046043][ T5698] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5702] write(6, "0x000000000000040e", 18 [pid 5698] <... write resumed>) = 18 [pid 5698] close(3) = 0 [pid 5698] close(4) = 0 [pid 5698] close(5) = 0 [pid 5698] close(6) = 0 [pid 5698] close(7) = -1 EBADF (Bad file descriptor) [pid 5698] close(8) = -1 EBADF (Bad file descriptor) [pid 5698] close(9) = -1 EBADF (Bad file descriptor) [pid 5698] close(10) = -1 EBADF (Bad file descriptor) [ 192.055678][ T5698] Out of memory and no killable processes... [ 192.062521][ T5699] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 192.073443][ T5699] CPU: 1 PID: 5699 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 192.083419][ T5699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 192.093537][ T5699] Call Trace: [ 192.096865][ T5699] [ 192.099851][ T5699] dump_stack_lvl+0x136/0x150 [ 192.104615][ T5699] dump_header+0x10a/0xd70 [pid 5698] close(11) = -1 EBADF (Bad file descriptor) [pid 5698] close(12) = -1 EBADF (Bad file descriptor) [pid 5698] close(13) = -1 EBADF (Bad file descriptor) [pid 5698] close(14) = -1 EBADF (Bad file descriptor) [pid 5698] close(15) = -1 EBADF (Bad file descriptor) [pid 5698] close(16) = -1 EBADF (Bad file descriptor) [pid 5698] close(17) = -1 EBADF (Bad file descriptor) [pid 5698] close(18) = -1 EBADF (Bad file descriptor) [pid 5698] close(19) = -1 EBADF (Bad file descriptor) [pid 5698] close(20) = -1 EBADF (Bad file descriptor) [pid 5698] close(21) = -1 EBADF (Bad file descriptor) [pid 5698] close(22) = -1 EBADF (Bad file descriptor) [pid 5698] close(23) = -1 EBADF (Bad file descriptor) [pid 5698] close(24) = -1 EBADF (Bad file descriptor) [pid 5698] close(25) = -1 EBADF (Bad file descriptor) [pid 5698] close(26) = -1 EBADF (Bad file descriptor) [pid 5698] close(27) = -1 EBADF (Bad file descriptor) [pid 5698] close(28) = -1 EBADF (Bad file descriptor) [pid 5698] close(29) = -1 EBADF (Bad file descriptor) [ 192.109103][ T5699] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 192.115290][ T5699] out_of_memory+0xd64/0x1660 [ 192.120062][ T5699] ? oom_killer_disable+0x2b0/0x2b0 [ 192.125363][ T5699] ? find_held_lock+0x2d/0x110 [ 192.130208][ T5699] mem_cgroup_out_of_memory+0x206/0x270 [ 192.135837][ T5699] ? mem_cgroup_margin+0x130/0x130 [ 192.141035][ T5699] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 192.146931][ T5699] memory_max_write+0x2f9/0x3c0 [ 192.151872][ T5699] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5698] exit_group(0) = ? [pid 5698] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 192.158037][ T5699] ? lock_sync+0x190/0x190 [ 192.162537][ T5699] cgroup_file_write+0x1e2/0x7b0 [ 192.167561][ T5699] ? mem_cgroup_force_empty_write+0x160/0x160 [ 192.173717][ T5699] ? kill_css+0x3b0/0x3b0 [ 192.178164][ T5699] ? lock_acquire+0x32/0xc0 [ 192.182753][ T5699] ? kill_css+0x3b0/0x3b0 [ 192.187143][ T5699] kernfs_fop_write_iter+0x3f1/0x600 [ 192.192483][ T5699] vfs_write+0x9ed/0xe10 [ 192.196783][ T5699] ? kernel_write+0x670/0x670 [ 192.201509][ T5699] ? find_held_lock+0x2d/0x110 [ 192.206322][ T5699] ? __fget_light+0x20a/0x270 [ 192.211075][ T5699] ksys_write+0x12b/0x250 [ 192.215463][ T5699] ? __ia32_sys_read+0xb0/0xb0 [ 192.220267][ T5699] ? lockdep_hardirqs_on+0x7d/0x100 [ 192.225525][ T5699] ? _raw_spin_unlock_irq+0x2e/0x50 [ 192.230764][ T5699] ? ptrace_notify+0xfe/0x140 [ 192.235490][ T5699] do_syscall_64+0x39/0xb0 [ 192.239959][ T5699] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 192.245891][ T5699] RIP: 0033:0x7faecf034129 [ 192.250330][ T5699] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 192.269973][ T5699] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 192.278417][ T5699] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 192.286446][ T5699] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 192.294450][ T5699] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 192.302449][ T5699] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 192.310452][ T5699] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000021 [ 192.318482][ T5699] [ 192.323187][ T5699] memory: usage 8kB, limit 0kB, failcnt 36 [ 192.329055][ T5699] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 192.336058][ T5699] Memory cgroup stats for /syz1: [ 192.336341][ T5699] anon 0 [ 192.336341][ T5699] file 0 [ 192.336341][ T5699] kernel 8192 [ 192.336341][ T5699] kernel_stack 0 [ 192.336341][ T5699] pagetables 0 [ 192.336341][ T5699] sec_pagetables 0 [pid 5089] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./34/binderfs") = 0 [pid 5089] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./34/cgroup") = 0 [pid 5089] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 192.336341][ T5699] percpu 0 [ 192.336341][ T5699] sock 0 [ 192.336341][ T5699] vmalloc 0 [ 192.336341][ T5699] shmem 0 [ 192.336341][ T5699] zswap 0 [ 192.336341][ T5699] zswapped 0 [ 192.336341][ T5699] file_mapped 0 [ 192.336341][ T5699] file_dirty 0 [ 192.336341][ T5699] file_writeback 0 [ 192.336341][ T5699] swapcached 0 [ 192.336341][ T5699] anon_thp 0 [ 192.336341][ T5699] file_thp 0 [ 192.336341][ T5699] shmem_thp 0 [ 192.336341][ T5699] inactive_anon 0 [ 192.336341][ T5699] active_anon 0 [ 192.336341][ T5699] inactive_file 0 [pid 5089] unlink("./34/cgroup.net") = 0 [ 192.336341][ T5699] active_file 0 [ 192.336341][ T5699] unevictable 0 [ 192.336341][ T5699] slab_reclaimable 6752 [ 192.336341][ T5699] slab_unreclaimable 0 [ 192.336341][ T5699] slab 6752 [ 192.336341][ T5699] workingset_refault_anon 0 [ 192.336341][ T5699] workingset_refault_file 0 [ 192.336341][ T5699] workingset_activate_anon 0 [ 192.336341][ T5699] workingset_activate_file 0 [ 192.336341][ T5699] workingset_restore_anon 0 [ 192.336341][ T5699] workingset_restore_file 0 [ 192.336341][ T5699] workingset_nodereclaim 0 [ 192.336341][ T5699] pgscan 831 [ 192.336341][ T5699] pgsteal 2 [ 192.336341][ T5699] pgscan_kswapd 0 [ 192.336341][ T5699] pgscan_direct 831 [ 192.336341][ T5699] pgscan_khugepaged 0 [ 192.336341][ T5699] pgsteal_kswapd 0 [ 192.336341][ T5699] pgsteal_direct 2 [ 192.336341][ T5699] pgsteal_khugepaged 0 [ 192.336341][ T5699] pgfault 21 [ 192.336341][ T5699] pgmajfault 0 [ 192.336341][ T5699] pgrefill 830 [ 192.336341][ T5699] pgactivate 829 [ 192.336341][ T5699] pgdeactivate 830 [ 192.336341][ T5699] pglazyfree 0 [ 192.336341][ T5699] pglazyfreed 0 [pid 5089] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./34/file0") = 0 [pid 5089] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 192.336341][ T5699] zswpin 0 [ 192.336341][ T5699] zswpout 0 [ 192.336341][ T5699] thp_fault_alloc 0 [ 192.336341][ T5699] thp_collapse_alloc 0 [ 192.526208][ T5699] Tasks state (memory values in pages): [ 192.532559][ T5699] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 192.543780][ T5699] Out of memory and no killable processes... [ 192.550909][ T5700] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5089] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5699] <... write resumed>) = 18 [pid 5089] unlink("./34/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./34") = 0 [pid 5089] mkdir("./35", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 37 [pid 5699] close(3) = 0 [pid 5699] close(4) = 0 [pid 5699] close(5) = 0 [pid 5699] close(6) = 0 [ 192.562108][ T5700] CPU: 0 PID: 5700 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 192.572073][ T5700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 192.582195][ T5700] Call Trace: [ 192.585525][ T5700] [ 192.588507][ T5700] dump_stack_lvl+0x136/0x150 [ 192.593259][ T5700] dump_header+0x10a/0xd70 [ 192.597742][ T5700] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 192.603898][ T5700] out_of_memory+0xd64/0x1660 [pid 5699] close(7) = -1 EBADF (Bad file descriptor) [pid 5699] close(8) = -1 EBADF (Bad file descriptor) [pid 5699] close(9) = -1 EBADF (Bad file descriptor) [pid 5699] close(10) = -1 EBADF (Bad file descriptor) [pid 5699] close(11) = -1 EBADF (Bad file descriptor) [pid 5699] close(12) = -1 EBADF (Bad file descriptor) [pid 5699] close(13) = -1 EBADF (Bad file descriptor) [pid 5699] close(14) = -1 EBADF (Bad file descriptor) [pid 5699] close(15) = -1 EBADF (Bad file descriptor) [pid 5699] close(16) = -1 EBADF (Bad file descriptor) [pid 5699] close(17) = -1 EBADF (Bad file descriptor) [pid 5699] close(18) = -1 EBADF (Bad file descriptor) [pid 5699] close(19) = -1 EBADF (Bad file descriptor) [ 192.608670][ T5700] ? oom_killer_disable+0x2b0/0x2b0 [ 192.613973][ T5700] mem_cgroup_out_of_memory+0x206/0x270 [ 192.619604][ T5700] ? mem_cgroup_margin+0x130/0x130 [ 192.624846][ T5700] memory_max_write+0x2f9/0x3c0 [ 192.629783][ T5700] ? mem_cgroup_force_empty_write+0x160/0x160 [ 192.635947][ T5700] ? lock_sync+0x190/0x190 [ 192.640446][ T5700] cgroup_file_write+0x1e2/0x7b0 [ 192.645473][ T5700] ? mem_cgroup_force_empty_write+0x160/0x160 [ 192.651637][ T5700] ? kill_css+0x3b0/0x3b0 [ 192.656048][ T5700] ? lock_acquire+0x32/0xc0 [ 192.660634][ T5700] ? kill_css+0x3b0/0x3b0 [ 192.665042][ T5700] kernfs_fop_write_iter+0x3f1/0x600 [ 192.670423][ T5700] vfs_write+0x9ed/0xe10 [ 192.674758][ T5700] ? kernel_write+0x670/0x670 [ 192.679526][ T5700] ? find_held_lock+0x2d/0x110 [ 192.684372][ T5700] ? __fget_light+0x20a/0x270 [ 192.689141][ T5700] ksys_write+0x12b/0x250 [ 192.693556][ T5700] ? __ia32_sys_read+0xb0/0xb0 [ 192.698397][ T5700] ? lockdep_hardirqs_on+0x7d/0x100 [ 192.703678][ T5700] ? _raw_spin_unlock_irq+0x2e/0x50 [ 192.708955][ T5700] ? ptrace_notify+0xfe/0x140 [ 192.713726][ T5700] do_syscall_64+0x39/0xb0 [ 192.718223][ T5700] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 192.724186][ T5700] RIP: 0033:0x7faecf034129 [ 192.728651][ T5700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 192.748327][ T5700] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5699] close(20) = -1 EBADF (Bad file descriptor) [pid 5699] close(21) = -1 EBADF (Bad file descriptor) [pid 5699] close(22) = -1 EBADF (Bad file descriptor) [pid 5699] close(23) = -1 EBADF (Bad file descriptor) [pid 5699] close(24) = -1 EBADF (Bad file descriptor) [pid 5699] close(25) = -1 EBADF (Bad file descriptor) [pid 5699] close(26) = -1 EBADF (Bad file descriptor) [pid 5699] close(27) = -1 EBADF (Bad file descriptor) [pid 5699] close(28) = -1 EBADF (Bad file descriptor) [pid 5699] close(29) = -1 EBADF (Bad file descriptor) [pid 5699] exit_group(0) = ? [pid 5699] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./33/binderfs") = 0 [pid 5087] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./33/cgroup") = 0 [pid 5087] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./33/cgroup.net") = 0 [pid 5087] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5703 attached [pid 5703] chdir("./35") = 0 [pid 5703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5703] setpgid(0, 0) = 0 [pid 5703] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5703] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5703] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5703] write(3, "1000", 4) = 4 [pid 5703] close(3) = 0 [pid 5703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5703] mkdir("./file0", 000) = 0 [pid 5703] open("./file0", O_RDONLY) = 3 [pid 5703] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5703] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5087] <... umount2 resumed>) = 0 [pid 5703] openat(4, "syz1", O_RDWR|O_PATH [pid 5087] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5703] <... openat resumed>) = 5 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5703] openat(5, "memory.max", O_RDWR [pid 5087] lstat("./33/file0", [pid 5703] <... openat resumed>) = 6 [pid 5087] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5703] write(6, "0x000000000000040e", 18 [pid 5087] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [ 192.756807][ T5700] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 192.764858][ T5700] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 192.772897][ T5700] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 192.780939][ T5700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 192.788966][ T5700] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000001f [ 192.797032][ T5700] [pid 5087] rmdir("./33/file0") = 0 [pid 5087] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./33/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./33") = 0 [pid 5087] mkdir("./34", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5704 attached [pid 5704] chdir("./34" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 36 [pid 5704] <... chdir resumed>) = 0 [pid 5704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5704] setpgid(0, 0) = 0 [pid 5704] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5704] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [ 192.841312][ T5700] memory: usage 8kB, limit 0kB, failcnt 36 [ 192.857423][ T5700] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 192.869392][ T5700] Memory cgroup stats for /syz1: [ 192.869684][ T5700] anon 0 [ 192.869684][ T5700] file 0 [ 192.869684][ T5700] kernel 8192 [ 192.869684][ T5700] kernel_stack 0 [ 192.869684][ T5700] pagetables 0 [pid 5704] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5704] write(3, "1000", 4) = 4 [pid 5704] close(3) = 0 [pid 5704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5704] mkdir("./file0", 000) = 0 [pid 5704] open("./file0", O_RDONLY) = 3 [pid 5704] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5704] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5704] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5704] openat(5, "memory.max", O_RDWR) = 6 [ 192.869684][ T5700] sec_pagetables 0 [ 192.869684][ T5700] percpu 0 [ 192.869684][ T5700] sock 0 [ 192.869684][ T5700] vmalloc 0 [ 192.869684][ T5700] shmem 0 [ 192.869684][ T5700] zswap 0 [ 192.869684][ T5700] zswapped 0 [ 192.869684][ T5700] file_mapped 0 [ 192.869684][ T5700] file_dirty 0 [ 192.869684][ T5700] file_writeback 0 [ 192.869684][ T5700] swapcached 0 [ 192.869684][ T5700] anon_thp 0 [ 192.869684][ T5700] file_thp 0 [ 192.869684][ T5700] shmem_thp 0 [ 192.869684][ T5700] inactive_anon 0 [ 192.869684][ T5700] active_anon 0 [ 192.869684][ T5700] inactive_file 0 [ 192.869684][ T5700] active_file 0 [ 192.869684][ T5700] unevictable 0 [ 192.869684][ T5700] slab_reclaimable 6752 [ 192.869684][ T5700] slab_unreclaimable 0 [ 192.869684][ T5700] slab 6752 [ 192.869684][ T5700] workingset_refault_anon 0 [ 192.869684][ T5700] workingset_refault_file 0 [ 192.869684][ T5700] workingset_activate_anon 0 [ 192.869684][ T5700] workingset_activate_file 0 [ 192.869684][ T5700] workingset_restore_anon 0 [ 192.869684][ T5700] workingset_restore_file 0 [ 192.869684][ T5700] workingset_nodereclaim 0 [ 192.869684][ T5700] pgscan 831 [ 192.869684][ T5700] pgsteal 2 [ 192.869684][ T5700] pgscan_kswapd 0 [ 192.869684][ T5700] pgscan_direct 831 [ 192.869684][ T5700] pgscan_khugepaged 0 [ 192.869684][ T5700] pgsteal_kswapd 0 [ 192.869684][ T5700] pgsteal_direct 2 [ 192.869684][ T5700] pgsteal_khugepaged 0 [ 192.869684][ T5700] pgfault 21 [ 192.869684][ T5700] pgmajfault 0 [ 192.869684][ T5700] pgrefill 830 [ 192.869684][ T5700] pgactivate 829 [ 192.869684][ T5700] pgdeactivate 830 [ 192.869684][ T5700] pglazyfree 0 [ 192.869684][ T5700] pglazyfreed 0 [ 192.869684][ T5700] zswpin 0 [ 192.869684][ T5700] zswpout 0 [ 192.869684][ T5700] thp_fault_alloc 0 [ 192.869684][ T5700] thp_collapse_alloc 0 [ 193.061008][ T5700] Tasks state (memory values in pages): [ 193.066712][ T5700] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 193.076277][ T5700] Out of memory and no killable processes... [ 193.082432][ T5701] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5704] write(6, "0x000000000000040e", 18 [pid 5700] <... write resumed>) = 18 [pid 5700] close(3) = 0 [pid 5700] close(4) = 0 [pid 5700] close(5) = 0 [pid 5700] close(6) = 0 [pid 5700] close(7) = -1 EBADF (Bad file descriptor) [pid 5700] close(8) = -1 EBADF (Bad file descriptor) [ 193.092918][ T5701] CPU: 0 PID: 5701 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 193.102890][ T5701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 193.113017][ T5701] Call Trace: [ 193.116340][ T5701] [ 193.119313][ T5701] dump_stack_lvl+0x136/0x150 [ 193.124066][ T5701] dump_header+0x10a/0xd70 [ 193.128539][ T5701] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 193.134703][ T5701] out_of_memory+0xd64/0x1660 [pid 5700] close(9) = -1 EBADF (Bad file descriptor) [pid 5700] close(10) = -1 EBADF (Bad file descriptor) [pid 5700] close(11) = -1 EBADF (Bad file descriptor) [pid 5700] close(12) = -1 EBADF (Bad file descriptor) [pid 5700] close(13) = -1 EBADF (Bad file descriptor) [pid 5700] close(14) = -1 EBADF (Bad file descriptor) [pid 5700] close(15) = -1 EBADF (Bad file descriptor) [pid 5700] close(16) = -1 EBADF (Bad file descriptor) [pid 5700] close(17) = -1 EBADF (Bad file descriptor) [pid 5700] close(18) = -1 EBADF (Bad file descriptor) [ 193.139471][ T5701] ? oom_killer_disable+0x2b0/0x2b0 [ 193.144753][ T5701] ? find_held_lock+0x2d/0x110 [ 193.149603][ T5701] mem_cgroup_out_of_memory+0x206/0x270 [ 193.155228][ T5701] ? mem_cgroup_margin+0x130/0x130 [ 193.160437][ T5701] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 193.166342][ T5701] memory_max_write+0x2f9/0x3c0 [ 193.171286][ T5701] ? mem_cgroup_force_empty_write+0x160/0x160 [ 193.177441][ T5701] ? lock_sync+0x190/0x190 [ 193.181913][ T5701] cgroup_file_write+0x1e2/0x7b0 [ 193.186912][ T5701] ? mem_cgroup_force_empty_write+0x160/0x160 [ 193.193039][ T5701] ? kill_css+0x3b0/0x3b0 [ 193.197420][ T5701] ? lock_acquire+0x32/0xc0 [ 193.201987][ T5701] ? kill_css+0x3b0/0x3b0 [ 193.206381][ T5701] kernfs_fop_write_iter+0x3f1/0x600 [ 193.211730][ T5701] vfs_write+0x9ed/0xe10 [ 193.216041][ T5701] ? kernel_write+0x670/0x670 [ 193.220773][ T5701] ? find_held_lock+0x2d/0x110 [ 193.225586][ T5701] ? __fget_light+0x20a/0x270 [ 193.230316][ T5701] ksys_write+0x12b/0x250 [ 193.234708][ T5701] ? __ia32_sys_read+0xb0/0xb0 [ 193.239519][ T5701] ? lockdep_hardirqs_on+0x7d/0x100 [ 193.244774][ T5701] ? _raw_spin_unlock_irq+0x2e/0x50 [ 193.250021][ T5701] ? ptrace_notify+0xfe/0x140 [ 193.254760][ T5701] do_syscall_64+0x39/0xb0 [ 193.259231][ T5701] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 193.265169][ T5701] RIP: 0033:0x7faecf034129 [ 193.269616][ T5701] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 193.289258][ T5701] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 193.297707][ T5701] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 193.305709][ T5701] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 193.313704][ T5701] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 193.321706][ T5701] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 193.329707][ T5701] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000023 [ 193.337730][ T5701] [pid 5700] close(19) = -1 EBADF (Bad file descriptor) [pid 5700] close(20) = -1 EBADF (Bad file descriptor) [pid 5700] close(21) = -1 EBADF (Bad file descriptor) [pid 5700] close(22) = -1 EBADF (Bad file descriptor) [pid 5700] close(23) = -1 EBADF (Bad file descriptor) [pid 5700] close(24) = -1 EBADF (Bad file descriptor) [pid 5700] close(25) = -1 EBADF (Bad file descriptor) [pid 5700] close(26) = -1 EBADF (Bad file descriptor) [pid 5700] close(27) = -1 EBADF (Bad file descriptor) [pid 5700] close(28) = -1 EBADF (Bad file descriptor) [pid 5700] close(29) = -1 EBADF (Bad file descriptor) [pid 5700] exit_group(0) = ? [pid 5700] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5085] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 193.352044][ T5701] memory: usage 8kB, limit 0kB, failcnt 36 [ 193.357928][ T5701] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 193.365527][ T5701] Memory cgroup stats for /syz1: [ 193.365885][ T5701] anon 0 [ 193.365885][ T5701] file 0 [ 193.365885][ T5701] kernel 8192 [ 193.365885][ T5701] kernel_stack 0 [ 193.365885][ T5701] pagetables 0 [ 193.365885][ T5701] sec_pagetables 0 [ 193.365885][ T5701] percpu 0 [ 193.365885][ T5701] sock 0 [ 193.365885][ T5701] vmalloc 0 [ 193.365885][ T5701] shmem 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./31/binderfs") = 0 [pid 5085] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./31/cgroup") = 0 [pid 5085] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./31/cgroup.net") = 0 [ 193.365885][ T5701] zswap 0 [ 193.365885][ T5701] zswapped 0 [ 193.365885][ T5701] file_mapped 0 [ 193.365885][ T5701] file_dirty 0 [ 193.365885][ T5701] file_writeback 0 [ 193.365885][ T5701] swapcached 0 [ 193.365885][ T5701] anon_thp 0 [ 193.365885][ T5701] file_thp 0 [ 193.365885][ T5701] shmem_thp 0 [ 193.365885][ T5701] inactive_anon 0 [ 193.365885][ T5701] active_anon 0 [ 193.365885][ T5701] inactive_file 0 [ 193.365885][ T5701] active_file 0 [ 193.365885][ T5701] unevictable 0 [ 193.365885][ T5701] slab_reclaimable 6752 [ 193.365885][ T5701] slab_unreclaimable 0 [ 193.365885][ T5701] slab 6752 [ 193.365885][ T5701] workingset_refault_anon 0 [ 193.365885][ T5701] workingset_refault_file 0 [ 193.365885][ T5701] workingset_activate_anon 0 [ 193.365885][ T5701] workingset_activate_file 0 [ 193.365885][ T5701] workingset_restore_anon 0 [ 193.365885][ T5701] workingset_restore_file 0 [ 193.365885][ T5701] workingset_nodereclaim 0 [ 193.365885][ T5701] pgscan 831 [ 193.365885][ T5701] pgsteal 2 [ 193.365885][ T5701] pgscan_kswapd 0 [ 193.365885][ T5701] pgscan_direct 831 [pid 5085] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 193.365885][ T5701] pgscan_khugepaged 0 [ 193.365885][ T5701] pgsteal_kswapd 0 [ 193.365885][ T5701] pgsteal_direct 2 [ 193.365885][ T5701] pgsteal_khugepaged 0 [ 193.365885][ T5701] pgfault 21 [ 193.365885][ T5701] pgmajfault 0 [ 193.365885][ T5701] pgrefill 830 [ 193.365885][ T5701] pgactivate 829 [ 193.365885][ T5701] pgdeactivate 830 [ 193.365885][ T5701] pglazyfree 0 [ 193.365885][ T5701] pglazyfreed 0 [ 193.365885][ T5701] zswpin 0 [ 193.365885][ T5701] zswpout 0 [ 193.365885][ T5701] thp_fault_alloc 0 [ 193.365885][ T5701] thp_collapse_alloc 0 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./31/file0") = 0 [pid 5085] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./31/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./31" [pid 5701] <... write resumed>) = 18 [pid 5701] close(3) = 0 [pid 5701] close(4) = 0 [pid 5701] close(5) = 0 [pid 5701] close(6) = 0 [pid 5701] close(7) = -1 EBADF (Bad file descriptor) [pid 5701] close(8) = -1 EBADF (Bad file descriptor) [pid 5701] close(9) = -1 EBADF (Bad file descriptor) [pid 5701] close(10) = -1 EBADF (Bad file descriptor) [pid 5701] close(11) = -1 EBADF (Bad file descriptor) [pid 5701] close(12) = -1 EBADF (Bad file descriptor) [pid 5701] close(13) = -1 EBADF (Bad file descriptor) [pid 5701] close(14) = -1 EBADF (Bad file descriptor) [pid 5701] close(15) = -1 EBADF (Bad file descriptor) [pid 5701] close(16) = -1 EBADF (Bad file descriptor) [pid 5701] close(17) = -1 EBADF (Bad file descriptor) [pid 5701] close(18) = -1 EBADF (Bad file descriptor) [pid 5701] close(19) = -1 EBADF (Bad file descriptor) [pid 5701] close(20) = -1 EBADF (Bad file descriptor) [ 193.571695][ T5701] Tasks state (memory values in pages): [ 193.577324][ T5701] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 193.595331][ T5701] Out of memory and no killable processes... [ 193.602165][ T5702] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5701] close(21) = -1 EBADF (Bad file descriptor) [pid 5085] <... rmdir resumed>) = 0 [pid 5701] close(22) = -1 EBADF (Bad file descriptor) [pid 5701] close(23) = -1 EBADF (Bad file descriptor) [pid 5701] close(24) = -1 EBADF (Bad file descriptor) [pid 5701] close(25) = -1 EBADF (Bad file descriptor) [pid 5701] close(26) = -1 EBADF (Bad file descriptor) [pid 5701] close(27) = -1 EBADF (Bad file descriptor) [pid 5701] close(28) = -1 EBADF (Bad file descriptor) [pid 5701] close(29) = -1 EBADF (Bad file descriptor) [pid 5701] exit_group(0) = ? [pid 5701] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5085] mkdir("./32", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5090] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 34 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./35/binderfs") = 0 [pid 5090] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 193.614747][ T5702] CPU: 0 PID: 5702 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 193.624724][ T5702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 193.634865][ T5702] Call Trace: [ 193.638182][ T5702] [ 193.641161][ T5702] dump_stack_lvl+0x136/0x150 [ 193.645921][ T5702] dump_header+0x10a/0xd70 [ 193.650410][ T5702] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 193.656580][ T5702] out_of_memory+0xd64/0x1660 [ 193.661352][ T5702] ? oom_killer_disable+0x2b0/0x2b0 [ 193.666628][ T5702] ? find_held_lock+0x2d/0x110 [pid 5090] unlink("./35/cgroup") = 0 [pid 5090] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./35/cgroup.net") = 0 [pid 5090] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5705 attached [pid 5705] chdir("./32") = 0 [pid 5705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5705] setpgid(0, 0) = 0 [pid 5705] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5705] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5705] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 193.671465][ T5702] mem_cgroup_out_of_memory+0x206/0x270 [ 193.677096][ T5702] ? mem_cgroup_margin+0x130/0x130 [ 193.682299][ T5702] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 193.688194][ T5702] memory_max_write+0x2f9/0x3c0 [ 193.693177][ T5702] ? mem_cgroup_force_empty_write+0x160/0x160 [ 193.699334][ T5702] ? lock_sync+0x190/0x190 [ 193.703830][ T5702] cgroup_file_write+0x1e2/0x7b0 [ 193.708873][ T5702] ? mem_cgroup_force_empty_write+0x160/0x160 [ 193.715030][ T5702] ? kill_css+0x3b0/0x3b0 [pid 5705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5705] write(3, "1000", 4) = 4 [pid 5705] close(3) = 0 [pid 5705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5705] mkdir("./file0", 000) = 0 [pid 5705] open("./file0", O_RDONLY) = 3 [pid 5705] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5705] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5705] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5705] openat(5, "memory.max", O_RDWR) = 6 [ 193.719439][ T5702] ? lock_acquire+0x32/0xc0 [ 193.724025][ T5702] ? kill_css+0x3b0/0x3b0 [ 193.728432][ T5702] kernfs_fop_write_iter+0x3f1/0x600 [ 193.733807][ T5702] vfs_write+0x9ed/0xe10 [ 193.738156][ T5702] ? kernel_write+0x670/0x670 [ 193.742928][ T5702] ? find_held_lock+0x2d/0x110 [ 193.747774][ T5702] ? __fget_light+0x20a/0x270 [ 193.752545][ T5702] ksys_write+0x12b/0x250 [ 193.756952][ T5702] ? __ia32_sys_read+0xb0/0xb0 [ 193.761800][ T5702] ? lockdep_hardirqs_on+0x7d/0x100 [ 193.767075][ T5702] ? _raw_spin_unlock_irq+0x2e/0x50 [ 193.772345][ T5702] ? ptrace_notify+0xfe/0x140 [ 193.777098][ T5702] do_syscall_64+0x39/0xb0 [ 193.781595][ T5702] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 193.787558][ T5702] RIP: 0033:0x7faecf034129 [ 193.792025][ T5702] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 193.812653][ T5702] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5705] write(6, "0x000000000000040e", 18 [pid 5090] <... umount2 resumed>) = 0 [pid 5090] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 193.821154][ T5702] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 193.829173][ T5702] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 193.837169][ T5702] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 193.845170][ T5702] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 193.853167][ T5702] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000020 [ 193.861188][ T5702] [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./35/file0") = 0 [pid 5090] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./35/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./35") = 0 [pid 5090] mkdir("./36", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5706 attached [pid 5706] chdir("./36" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 38 [pid 5706] <... chdir resumed>) = 0 [pid 5706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5706] setpgid(0, 0) = 0 [pid 5706] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5706] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5706] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 193.881694][ T5702] memory: usage 8kB, limit 0kB, failcnt 36 [ 193.887956][ T5702] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 193.901628][ T5702] Memory cgroup stats for /syz1: [ 193.901974][ T5702] anon 0 [ 193.901974][ T5702] file 0 [ 193.901974][ T5702] kernel 8192 [ 193.901974][ T5702] kernel_stack 0 [ 193.901974][ T5702] pagetables 0 [ 193.901974][ T5702] sec_pagetables 0 [ 193.901974][ T5702] percpu 0 [ 193.901974][ T5702] sock 0 [pid 5706] write(3, "1000", 4) = 4 [pid 5706] close(3) = 0 [pid 5706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5706] mkdir("./file0", 000) = 0 [pid 5706] open("./file0", O_RDONLY) = 3 [pid 5706] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5706] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5706] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5706] openat(5, "memory.max", O_RDWR) = 6 [ 193.901974][ T5702] vmalloc 0 [ 193.901974][ T5702] shmem 0 [ 193.901974][ T5702] zswap 0 [ 193.901974][ T5702] zswapped 0 [ 193.901974][ T5702] file_mapped 0 [ 193.901974][ T5702] file_dirty 0 [ 193.901974][ T5702] file_writeback 0 [ 193.901974][ T5702] swapcached 0 [ 193.901974][ T5702] anon_thp 0 [ 193.901974][ T5702] file_thp 0 [ 193.901974][ T5702] shmem_thp 0 [ 193.901974][ T5702] inactive_anon 0 [ 193.901974][ T5702] active_anon 0 [ 193.901974][ T5702] inactive_file 0 [ 193.901974][ T5702] active_file 0 [ 193.901974][ T5702] unevictable 0 [ 193.901974][ T5702] slab_reclaimable 6752 [ 193.901974][ T5702] slab_unreclaimable 0 [ 193.901974][ T5702] slab 6752 [ 193.901974][ T5702] workingset_refault_anon 0 [ 193.901974][ T5702] workingset_refault_file 0 [ 193.901974][ T5702] workingset_activate_anon 0 [ 193.901974][ T5702] workingset_activate_file 0 [ 193.901974][ T5702] workingset_restore_anon 0 [ 193.901974][ T5702] workingset_restore_file 0 [ 193.901974][ T5702] workingset_nodereclaim 0 [ 193.901974][ T5702] pgscan 831 [ 193.901974][ T5702] pgsteal 2 [ 193.901974][ T5702] pgscan_kswapd 0 [ 193.901974][ T5702] pgscan_direct 831 [ 193.901974][ T5702] pgscan_khugepaged 0 [ 193.901974][ T5702] pgsteal_kswapd 0 [ 193.901974][ T5702] pgsteal_direct 2 [ 193.901974][ T5702] pgsteal_khugepaged 0 [ 193.901974][ T5702] pgfault 21 [ 193.901974][ T5702] pgmajfault 0 [ 193.901974][ T5702] pgrefill 830 [ 193.901974][ T5702] pgactivate 829 [ 193.901974][ T5702] pgdeactivate 830 [ 193.901974][ T5702] pglazyfree 0 [ 193.901974][ T5702] pglazyfreed 0 [ 193.901974][ T5702] zswpin 0 [ 193.901974][ T5702] zswpout 0 [ 193.901974][ T5702] thp_fault_alloc 0 [ 193.901974][ T5702] thp_collapse_alloc 0 [ 194.117343][ T5702] Tasks state (memory values in pages): [pid 5706] write(6, "0x000000000000040e", 18 [pid 5702] <... write resumed>) = 18 [pid 5702] close(3) = 0 [pid 5702] close(4) = 0 [pid 5702] close(5) = 0 [pid 5702] close(6) = 0 [pid 5702] close(7) = -1 EBADF (Bad file descriptor) [pid 5702] close(8) = -1 EBADF (Bad file descriptor) [pid 5702] close(9) = -1 EBADF (Bad file descriptor) [pid 5702] close(10) = -1 EBADF (Bad file descriptor) [pid 5702] close(11) = -1 EBADF (Bad file descriptor) [pid 5702] close(12) = -1 EBADF (Bad file descriptor) [pid 5702] close(13) = -1 EBADF (Bad file descriptor) [pid 5702] close(14) = -1 EBADF (Bad file descriptor) [pid 5702] close(15) = -1 EBADF (Bad file descriptor) [pid 5702] close(16) = -1 EBADF (Bad file descriptor) [pid 5702] close(17) = -1 EBADF (Bad file descriptor) [pid 5702] close(18) = -1 EBADF (Bad file descriptor) [pid 5702] close(19) = -1 EBADF (Bad file descriptor) [pid 5702] close(20) = -1 EBADF (Bad file descriptor) [pid 5702] close(21) = -1 EBADF (Bad file descriptor) [pid 5702] close(22) = -1 EBADF (Bad file descriptor) [pid 5702] close(23) = -1 EBADF (Bad file descriptor) [pid 5702] close(24) = -1 EBADF (Bad file descriptor) [pid 5702] close(25) = -1 EBADF (Bad file descriptor) [pid 5702] close(26) = -1 EBADF (Bad file descriptor) [pid 5702] close(27) = -1 EBADF (Bad file descriptor) [pid 5702] close(28) = -1 EBADF (Bad file descriptor) [pid 5702] close(29) = -1 EBADF (Bad file descriptor) [pid 5702] exit_group(0) = ? [pid 5702] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 194.125326][ T5702] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 194.142019][ T5702] Out of memory and no killable processes... [ 194.150196][ T5703] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 194.161902][ T5703] CPU: 1 PID: 5703 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 194.171873][ T5703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./32/binderfs") = 0 [pid 5086] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./32/cgroup") = 0 [pid 5086] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./32/cgroup.net") = 0 [ 194.181987][ T5703] Call Trace: [ 194.185316][ T5703] [ 194.188300][ T5703] dump_stack_lvl+0x136/0x150 [ 194.193048][ T5703] dump_header+0x10a/0xd70 [ 194.197539][ T5703] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 194.203705][ T5703] out_of_memory+0xd64/0x1660 [ 194.208484][ T5703] ? oom_killer_disable+0x2b0/0x2b0 [ 194.213780][ T5703] mem_cgroup_out_of_memory+0x206/0x270 [ 194.219403][ T5703] ? mem_cgroup_margin+0x130/0x130 [ 194.224616][ T5703] memory_max_write+0x2f9/0x3c0 [ 194.229562][ T5703] ? mem_cgroup_force_empty_write+0x160/0x160 [ 194.235707][ T5703] ? lock_sync+0x190/0x190 [ 194.240173][ T5703] cgroup_file_write+0x1e2/0x7b0 [ 194.245191][ T5703] ? mem_cgroup_force_empty_write+0x160/0x160 [ 194.251324][ T5703] ? kill_css+0x3b0/0x3b0 [ 194.255704][ T5703] ? lock_acquire+0x32/0xc0 [ 194.260296][ T5703] ? kill_css+0x3b0/0x3b0 [ 194.264688][ T5703] kernfs_fop_write_iter+0x3f1/0x600 [ 194.270039][ T5703] vfs_write+0x9ed/0xe10 [ 194.274341][ T5703] ? kernel_write+0x670/0x670 [ 194.279096][ T5703] ? find_held_lock+0x2d/0x110 [ 194.283913][ T5703] ? __fget_light+0x20a/0x270 [ 194.288646][ T5703] ksys_write+0x12b/0x250 [ 194.293064][ T5703] ? __ia32_sys_read+0xb0/0xb0 [ 194.297909][ T5703] ? lockdep_hardirqs_on+0x7d/0x100 [ 194.303170][ T5703] ? _raw_spin_unlock_irq+0x2e/0x50 [ 194.308438][ T5703] ? ptrace_notify+0xfe/0x140 [ 194.313172][ T5703] do_syscall_64+0x39/0xb0 [ 194.317655][ T5703] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 194.323619][ T5703] RIP: 0033:0x7faecf034129 [ 194.328103][ T5703] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 194.347773][ T5703] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 194.356251][ T5703] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 194.364268][ T5703] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 194.372291][ T5703] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5086] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./32/file0") = 0 [pid 5086] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./32/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./32") = 0 [pid 5086] mkdir("./33", 0777) = 0 [ 194.380309][ T5703] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 194.388327][ T5703] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000023 [ 194.396382][ T5703] [ 194.421652][ T5703] memory: usage 8kB, limit 0kB, failcnt 36 [ 194.427537][ T5703] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 35 ./strace-static-x86_64: Process 5707 attached [pid 5707] chdir("./33") = 0 [pid 5707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5707] setpgid(0, 0) = 0 [pid 5707] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5707] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5707] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5707] write(3, "1000", 4) = 4 [pid 5707] close(3) = 0 [pid 5707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5707] mkdir("./file0", 000) = 0 [pid 5707] open("./file0", O_RDONLY) = 3 [pid 5707] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5707] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5707] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5707] openat(5, "memory.max", O_RDWR) = 6 [ 194.442283][ T5703] Memory cgroup stats for /syz1: [ 194.442579][ T5703] anon 0 [ 194.442579][ T5703] file 0 [ 194.442579][ T5703] kernel 8192 [ 194.442579][ T5703] kernel_stack 0 [ 194.442579][ T5703] pagetables 0 [ 194.442579][ T5703] sec_pagetables 0 [ 194.442579][ T5703] percpu 0 [ 194.442579][ T5703] sock 0 [ 194.442579][ T5703] vmalloc 0 [ 194.442579][ T5703] shmem 0 [ 194.442579][ T5703] zswap 0 [ 194.442579][ T5703] zswapped 0 [ 194.442579][ T5703] file_mapped 0 [ 194.442579][ T5703] file_dirty 0 [ 194.442579][ T5703] file_writeback 0 [ 194.442579][ T5703] swapcached 0 [ 194.442579][ T5703] anon_thp 0 [ 194.442579][ T5703] file_thp 0 [ 194.442579][ T5703] shmem_thp 0 [ 194.442579][ T5703] inactive_anon 0 [ 194.442579][ T5703] active_anon 0 [ 194.442579][ T5703] inactive_file 0 [ 194.442579][ T5703] active_file 0 [ 194.442579][ T5703] unevictable 0 [ 194.442579][ T5703] slab_reclaimable 6752 [ 194.442579][ T5703] slab_unreclaimable 0 [ 194.442579][ T5703] slab 6752 [ 194.442579][ T5703] workingset_refault_anon 0 [ 194.442579][ T5703] workingset_refault_file 0 [ 194.442579][ T5703] workingset_activate_anon 0 [ 194.442579][ T5703] workingset_activate_file 0 [ 194.442579][ T5703] workingset_restore_anon 0 [ 194.442579][ T5703] workingset_restore_file 0 [ 194.442579][ T5703] workingset_nodereclaim 0 [ 194.442579][ T5703] pgscan 831 [ 194.442579][ T5703] pgsteal 2 [ 194.442579][ T5703] pgscan_kswapd 0 [ 194.442579][ T5703] pgscan_direct 831 [ 194.442579][ T5703] pgscan_khugepaged 0 [ 194.442579][ T5703] pgsteal_kswapd 0 [ 194.442579][ T5703] pgsteal_direct 2 [ 194.442579][ T5703] pgsteal_khugepaged 0 [ 194.442579][ T5703] pgfault 21 [ 194.442579][ T5703] pgmajfault 0 [ 194.442579][ T5703] pgrefill 830 [ 194.442579][ T5703] pgactivate 829 [ 194.442579][ T5703] pgdeactivate 830 [ 194.442579][ T5703] pglazyfree 0 [ 194.442579][ T5703] pglazyfreed 0 [ 194.442579][ T5703] zswpin 0 [ 194.442579][ T5703] zswpout 0 [ 194.442579][ T5703] thp_fault_alloc 0 [ 194.442579][ T5703] thp_collapse_alloc 0 [ 194.631552][ T5703] Tasks state (memory values in pages): [pid 5707] write(6, "0x000000000000040e", 18 [pid 5703] <... write resumed>) = 18 [pid 5703] close(3) = 0 [pid 5703] close(4) = 0 [pid 5703] close(5) = 0 [pid 5703] close(6) = 0 [pid 5703] close(7) = -1 EBADF (Bad file descriptor) [pid 5703] close(8) = -1 EBADF (Bad file descriptor) [pid 5703] close(9) = -1 EBADF (Bad file descriptor) [pid 5703] close(10) = -1 EBADF (Bad file descriptor) [ 194.638874][ T5703] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 194.651032][ T5703] Out of memory and no killable processes... [ 194.660061][ T5704] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5703] close(11) = -1 EBADF (Bad file descriptor) [pid 5703] close(12) = -1 EBADF (Bad file descriptor) [pid 5703] close(13) = -1 EBADF (Bad file descriptor) [pid 5703] close(14) = -1 EBADF (Bad file descriptor) [pid 5703] close(15) = -1 EBADF (Bad file descriptor) [pid 5703] close(16) = -1 EBADF (Bad file descriptor) [pid 5703] close(17) = -1 EBADF (Bad file descriptor) [pid 5703] close(18) = -1 EBADF (Bad file descriptor) [pid 5703] close(19) = -1 EBADF (Bad file descriptor) [pid 5703] close(20) = -1 EBADF (Bad file descriptor) [pid 5703] close(21) = -1 EBADF (Bad file descriptor) [pid 5703] close(22) = -1 EBADF (Bad file descriptor) [pid 5703] close(23) = -1 EBADF (Bad file descriptor) [pid 5703] close(24) = -1 EBADF (Bad file descriptor) [pid 5703] close(25) = -1 EBADF (Bad file descriptor) [pid 5703] close(26) = -1 EBADF (Bad file descriptor) [pid 5703] close(27) = -1 EBADF (Bad file descriptor) [pid 5703] close(28) = -1 EBADF (Bad file descriptor) [pid 5703] close(29) = -1 EBADF (Bad file descriptor) [pid 5703] exit_group(0) = ? [pid 5703] +++ exited with 0 +++ [ 194.688764][ T5704] CPU: 1 PID: 5704 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 194.698808][ T5704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 194.708921][ T5704] Call Trace: [ 194.712250][ T5704] [ 194.715235][ T5704] dump_stack_lvl+0x136/0x150 [ 194.719993][ T5704] dump_header+0x10a/0xd70 [ 194.724482][ T5704] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 194.730644][ T5704] out_of_memory+0xd64/0x1660 [ 194.735417][ T5704] ? oom_killer_disable+0x2b0/0x2b0 [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./35/binderfs") = 0 [pid 5089] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./35/cgroup") = 0 [pid 5089] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./35/cgroup.net") = 0 [ 194.740701][ T5704] ? find_held_lock+0x2d/0x110 [ 194.745539][ T5704] mem_cgroup_out_of_memory+0x206/0x270 [ 194.751163][ T5704] ? mem_cgroup_margin+0x130/0x130 [ 194.756369][ T5704] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 194.762272][ T5704] memory_max_write+0x2f9/0x3c0 [ 194.767207][ T5704] ? mem_cgroup_force_empty_write+0x160/0x160 [ 194.773375][ T5704] ? lock_sync+0x190/0x190 [ 194.777880][ T5704] cgroup_file_write+0x1e2/0x7b0 [ 194.782903][ T5704] ? mem_cgroup_force_empty_write+0x160/0x160 [ 194.789051][ T5704] ? kill_css+0x3b0/0x3b0 [ 194.793456][ T5704] ? lock_acquire+0x32/0xc0 [ 194.798033][ T5704] ? kill_css+0x3b0/0x3b0 [ 194.802436][ T5704] kernfs_fop_write_iter+0x3f1/0x600 [ 194.807807][ T5704] vfs_write+0x9ed/0xe10 [ 194.812117][ T5704] ? kernel_write+0x670/0x670 [ 194.816863][ T5704] ? find_held_lock+0x2d/0x110 [ 194.821706][ T5704] ? __fget_light+0x20a/0x270 [ 194.826451][ T5704] ksys_write+0x12b/0x250 [ 194.830828][ T5704] ? __ia32_sys_read+0xb0/0xb0 [ 194.835675][ T5704] ? lockdep_hardirqs_on+0x7d/0x100 [ 194.840939][ T5704] ? _raw_spin_unlock_irq+0x2e/0x50 [ 194.846208][ T5704] ? ptrace_notify+0xfe/0x140 [ 194.850958][ T5704] do_syscall_64+0x39/0xb0 [ 194.855430][ T5704] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 194.861393][ T5704] RIP: 0033:0x7faecf034129 [ 194.865858][ T5704] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 194.885530][ T5704] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5089] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 194.894013][ T5704] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 194.902026][ T5704] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 194.910035][ T5704] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 194.918077][ T5704] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 194.926107][ T5704] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000022 [ 194.934166][ T5704] [pid 5089] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./35/file0") = 0 [pid 5089] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./35/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./35") = 0 [pid 5089] mkdir("./36", 0777) = 0 [ 194.948528][ T5704] memory: usage 8kB, limit 0kB, failcnt 36 [ 194.954533][ T5704] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 194.961450][ T5704] Memory cgroup stats for /syz1: [ 194.962298][ T5704] anon 0 [ 194.962298][ T5704] file 0 [ 194.962298][ T5704] kernel 8192 [ 194.962298][ T5704] kernel_stack 0 [ 194.962298][ T5704] pagetables 0 [ 194.962298][ T5704] sec_pagetables 0 [ 194.962298][ T5704] percpu 0 [ 194.962298][ T5704] sock 0 [ 194.962298][ T5704] vmalloc 0 [ 194.962298][ T5704] shmem 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 38 ./strace-static-x86_64: Process 5708 attached [pid 5708] chdir("./36") = 0 [pid 5708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] setpgid(0, 0) = 0 [pid 5708] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5708] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5708] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] write(3, "1000", 4) = 4 [pid 5708] close(3) = 0 [pid 5708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5708] mkdir("./file0", 000) = 0 [ 194.962298][ T5704] zswap 0 [ 194.962298][ T5704] zswapped 0 [ 194.962298][ T5704] file_mapped 0 [ 194.962298][ T5704] file_dirty 0 [ 194.962298][ T5704] file_writeback 0 [ 194.962298][ T5704] swapcached 0 [ 194.962298][ T5704] anon_thp 0 [ 194.962298][ T5704] file_thp 0 [ 194.962298][ T5704] shmem_thp 0 [ 194.962298][ T5704] inactive_anon 0 [ 194.962298][ T5704] active_anon 0 [ 194.962298][ T5704] inactive_file 0 [ 194.962298][ T5704] active_file 0 [ 194.962298][ T5704] unevictable 0 [ 194.962298][ T5704] slab_reclaimable 6752 [pid 5708] open("./file0", O_RDONLY) = 3 [pid 5708] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5708] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5708] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5708] openat(5, "memory.max", O_RDWR) = 6 [ 194.962298][ T5704] slab_unreclaimable 0 [ 194.962298][ T5704] slab 6752 [ 194.962298][ T5704] workingset_refault_anon 0 [ 194.962298][ T5704] workingset_refault_file 0 [ 194.962298][ T5704] workingset_activate_anon 0 [ 194.962298][ T5704] workingset_activate_file 0 [ 194.962298][ T5704] workingset_restore_anon 0 [ 194.962298][ T5704] workingset_restore_file 0 [ 194.962298][ T5704] workingset_nodereclaim 0 [ 194.962298][ T5704] pgscan 831 [ 194.962298][ T5704] pgsteal 2 [ 194.962298][ T5704] pgscan_kswapd 0 [ 194.962298][ T5704] pgscan_direct 831 [ 194.962298][ T5704] pgscan_khugepaged 0 [ 194.962298][ T5704] pgsteal_kswapd 0 [ 194.962298][ T5704] pgsteal_direct 2 [ 194.962298][ T5704] pgsteal_khugepaged 0 [ 194.962298][ T5704] pgfault 21 [ 194.962298][ T5704] pgmajfault 0 [ 194.962298][ T5704] pgrefill 830 [ 194.962298][ T5704] pgactivate 829 [ 194.962298][ T5704] pgdeactivate 830 [ 194.962298][ T5704] pglazyfree 0 [ 194.962298][ T5704] pglazyfreed 0 [ 194.962298][ T5704] zswpin 0 [ 194.962298][ T5704] zswpout 0 [ 194.962298][ T5704] thp_fault_alloc 0 [ 194.962298][ T5704] thp_collapse_alloc 0 [pid 5708] write(6, "0x000000000000040e", 18 [pid 5704] <... write resumed>) = 18 [pid 5704] close(3) = 0 [pid 5704] close(4) = 0 [pid 5704] close(5) = 0 [pid 5704] close(6) = 0 [pid 5704] close(7) = -1 EBADF (Bad file descriptor) [pid 5704] close(8) = -1 EBADF (Bad file descriptor) [ 195.154576][ T5704] Tasks state (memory values in pages): [ 195.160533][ T5704] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 195.172805][ T5704] Out of memory and no killable processes... [ 195.181485][ T5705] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5704] close(9) = -1 EBADF (Bad file descriptor) [pid 5704] close(10) = -1 EBADF (Bad file descriptor) [pid 5704] close(11) = -1 EBADF (Bad file descriptor) [pid 5704] close(12) = -1 EBADF (Bad file descriptor) [pid 5704] close(13) = -1 EBADF (Bad file descriptor) [pid 5704] close(14) = -1 EBADF (Bad file descriptor) [pid 5704] close(15) = -1 EBADF (Bad file descriptor) [pid 5704] close(16) = -1 EBADF (Bad file descriptor) [pid 5704] close(17) = -1 EBADF (Bad file descriptor) [pid 5704] close(18) = -1 EBADF (Bad file descriptor) [pid 5704] close(19) = -1 EBADF (Bad file descriptor) [pid 5704] close(20) = -1 EBADF (Bad file descriptor) [pid 5704] close(21) = -1 EBADF (Bad file descriptor) [pid 5704] close(22) = -1 EBADF (Bad file descriptor) [pid 5704] close(23) = -1 EBADF (Bad file descriptor) [pid 5704] close(24) = -1 EBADF (Bad file descriptor) [pid 5704] close(25) = -1 EBADF (Bad file descriptor) [pid 5704] close(26) = -1 EBADF (Bad file descriptor) [pid 5704] close(27) = -1 EBADF (Bad file descriptor) [pid 5704] close(28) = -1 EBADF (Bad file descriptor) [pid 5704] close(29) = -1 EBADF (Bad file descriptor) [ 195.200537][ T5705] CPU: 1 PID: 5705 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 195.210523][ T5705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 195.220635][ T5705] Call Trace: [ 195.223990][ T5705] [ 195.226988][ T5705] dump_stack_lvl+0x136/0x150 [ 195.231772][ T5705] dump_header+0x10a/0xd70 [ 195.236261][ T5705] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 195.242431][ T5705] out_of_memory+0xd64/0x1660 [ 195.247255][ T5705] ? oom_killer_disable+0x2b0/0x2b0 [pid 5704] exit_group(0) = ? [pid 5704] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./34/binderfs") = 0 [pid 5087] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./34/cgroup") = 0 [pid 5087] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./34/cgroup.net") = 0 [ 195.252543][ T5705] mem_cgroup_out_of_memory+0x206/0x270 [ 195.258174][ T5705] ? mem_cgroup_margin+0x130/0x130 [ 195.263410][ T5705] memory_max_write+0x2f9/0x3c0 [ 195.268361][ T5705] ? mem_cgroup_force_empty_write+0x160/0x160 [ 195.274519][ T5705] ? lock_sync+0x190/0x190 [ 195.279008][ T5705] cgroup_file_write+0x1e2/0x7b0 [ 195.284043][ T5705] ? mem_cgroup_force_empty_write+0x160/0x160 [ 195.290199][ T5705] ? kill_css+0x3b0/0x3b0 [ 195.294606][ T5705] ? lock_acquire+0x32/0xc0 [ 195.299197][ T5705] ? kill_css+0x3b0/0x3b0 [ 195.303625][ T5705] kernfs_fop_write_iter+0x3f1/0x600 [ 195.308997][ T5705] vfs_write+0x9ed/0xe10 [ 195.313330][ T5705] ? kernel_write+0x670/0x670 [ 195.318081][ T5705] ? find_held_lock+0x2d/0x110 [ 195.322911][ T5705] ? __fget_light+0x20a/0x270 [ 195.327680][ T5705] ksys_write+0x12b/0x250 [ 195.332076][ T5705] ? __ia32_sys_read+0xb0/0xb0 [ 195.336902][ T5705] ? lockdep_hardirqs_on+0x7d/0x100 [ 195.342182][ T5705] ? _raw_spin_unlock_irq+0x2e/0x50 [ 195.347460][ T5705] ? ptrace_notify+0xfe/0x140 [ 195.352223][ T5705] do_syscall_64+0x39/0xb0 [ 195.356724][ T5705] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 195.362678][ T5705] RIP: 0033:0x7faecf034129 [ 195.367131][ T5705] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 195.386807][ T5705] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 195.395282][ T5705] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5087] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 195.403308][ T5705] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 195.411340][ T5705] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 195.419363][ T5705] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 195.427387][ T5705] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000020 [ 195.435445][ T5705] [ 195.450313][ T5705] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5087] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./34/file0") = 0 [pid 5087] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./34/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./34") = 0 [pid 5087] mkdir("./35", 0777) = 0 [ 195.456348][ T5705] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 195.463856][ T5705] Memory cgroup stats for /syz1: [ 195.464141][ T5705] anon 0 [ 195.464141][ T5705] file 0 [ 195.464141][ T5705] kernel 8192 [ 195.464141][ T5705] kernel_stack 0 [ 195.464141][ T5705] pagetables 0 [ 195.464141][ T5705] sec_pagetables 0 [ 195.464141][ T5705] percpu 0 [ 195.464141][ T5705] sock 0 [ 195.464141][ T5705] vmalloc 0 [ 195.464141][ T5705] shmem 0 [ 195.464141][ T5705] zswap 0 [ 195.464141][ T5705] zswapped 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 37 ./strace-static-x86_64: Process 5709 attached [pid 5709] chdir("./35") = 0 [pid 5709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5709] setpgid(0, 0) = 0 [pid 5709] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5709] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5709] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5709] write(3, "1000", 4) = 4 [pid 5709] close(3) = 0 [pid 5709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5709] mkdir("./file0", 000) = 0 [ 195.464141][ T5705] file_mapped 0 [ 195.464141][ T5705] file_dirty 0 [ 195.464141][ T5705] file_writeback 0 [ 195.464141][ T5705] swapcached 0 [ 195.464141][ T5705] anon_thp 0 [ 195.464141][ T5705] file_thp 0 [ 195.464141][ T5705] shmem_thp 0 [ 195.464141][ T5705] inactive_anon 0 [ 195.464141][ T5705] active_anon 0 [ 195.464141][ T5705] inactive_file 0 [ 195.464141][ T5705] active_file 0 [ 195.464141][ T5705] unevictable 0 [ 195.464141][ T5705] slab_reclaimable 6752 [ 195.464141][ T5705] slab_unreclaimable 0 [ 195.464141][ T5705] slab 6752 [pid 5709] open("./file0", O_RDONLY) = 3 [pid 5709] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5709] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5709] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5709] openat(5, "memory.max", O_RDWR) = 6 [ 195.464141][ T5705] workingset_refault_anon 0 [ 195.464141][ T5705] workingset_refault_file 0 [ 195.464141][ T5705] workingset_activate_anon 0 [ 195.464141][ T5705] workingset_activate_file 0 [ 195.464141][ T5705] workingset_restore_anon 0 [ 195.464141][ T5705] workingset_restore_file 0 [ 195.464141][ T5705] workingset_nodereclaim 0 [ 195.464141][ T5705] pgscan 831 [ 195.464141][ T5705] pgsteal 2 [ 195.464141][ T5705] pgscan_kswapd 0 [ 195.464141][ T5705] pgscan_direct 831 [ 195.464141][ T5705] pgscan_khugepaged 0 [ 195.464141][ T5705] pgsteal_kswapd 0 [ 195.464141][ T5705] pgsteal_direct 2 [ 195.464141][ T5705] pgsteal_khugepaged 0 [ 195.464141][ T5705] pgfault 21 [ 195.464141][ T5705] pgmajfault 0 [ 195.464141][ T5705] pgrefill 830 [ 195.464141][ T5705] pgactivate 829 [ 195.464141][ T5705] pgdeactivate 830 [ 195.464141][ T5705] pglazyfree 0 [ 195.464141][ T5705] pglazyfreed 0 [ 195.464141][ T5705] zswpin 0 [ 195.464141][ T5705] zswpout 0 [ 195.464141][ T5705] thp_fault_alloc 0 [ 195.464141][ T5705] thp_collapse_alloc 0 [pid 5709] write(6, "0x000000000000040e", 18 [pid 5705] <... write resumed>) = 18 [pid 5705] close(3) = 0 [pid 5705] close(4) = 0 [pid 5705] close(5) = 0 [pid 5705] close(6) = 0 [pid 5705] close(7) = -1 EBADF (Bad file descriptor) [pid 5705] close(8) = -1 EBADF (Bad file descriptor) [pid 5705] close(9) = -1 EBADF (Bad file descriptor) [pid 5705] close(10) = -1 EBADF (Bad file descriptor) [ 195.659364][ T5705] Tasks state (memory values in pages): [ 195.666014][ T5705] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 195.676095][ T5705] Out of memory and no killable processes... [ 195.683810][ T5706] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 195.696192][ T5706] CPU: 1 PID: 5706 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5705] close(11) = -1 EBADF (Bad file descriptor) [pid 5705] close(12) = -1 EBADF (Bad file descriptor) [pid 5705] close(13) = -1 EBADF (Bad file descriptor) [pid 5705] close(14) = -1 EBADF (Bad file descriptor) [pid 5705] close(15) = -1 EBADF (Bad file descriptor) [pid 5705] close(16) = -1 EBADF (Bad file descriptor) [pid 5705] close(17) = -1 EBADF (Bad file descriptor) [pid 5705] close(18) = -1 EBADF (Bad file descriptor) [pid 5705] close(19) = -1 EBADF (Bad file descriptor) [pid 5705] close(20) = -1 EBADF (Bad file descriptor) [pid 5705] close(21) = -1 EBADF (Bad file descriptor) [pid 5705] close(22) = -1 EBADF (Bad file descriptor) [pid 5705] close(23) = -1 EBADF (Bad file descriptor) [pid 5705] close(24) = -1 EBADF (Bad file descriptor) [pid 5705] close(25) = -1 EBADF (Bad file descriptor) [pid 5705] close(26) = -1 EBADF (Bad file descriptor) [pid 5705] close(27) = -1 EBADF (Bad file descriptor) [pid 5705] close(28) = -1 EBADF (Bad file descriptor) [pid 5705] close(29) = -1 EBADF (Bad file descriptor) [pid 5705] exit_group(0) = ? [pid 5705] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 195.706165][ T5706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 195.716273][ T5706] Call Trace: [ 195.719591][ T5706] [ 195.722564][ T5706] dump_stack_lvl+0x136/0x150 [ 195.727315][ T5706] dump_header+0x10a/0xd70 [ 195.731802][ T5706] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 195.737964][ T5706] out_of_memory+0xd64/0x1660 [ 195.742730][ T5706] ? oom_killer_disable+0x2b0/0x2b0 [ 195.748025][ T5706] mem_cgroup_out_of_memory+0x206/0x270 [ 195.753649][ T5706] ? mem_cgroup_margin+0x130/0x130 [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./32/binderfs") = 0 [pid 5085] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./32/cgroup") = 0 [pid 5085] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./32/cgroup.net") = 0 [ 195.758864][ T5706] memory_max_write+0x2f9/0x3c0 [ 195.763804][ T5706] ? mem_cgroup_force_empty_write+0x160/0x160 [ 195.769963][ T5706] ? lock_sync+0x190/0x190 [ 195.774465][ T5706] cgroup_file_write+0x1e2/0x7b0 [ 195.779492][ T5706] ? mem_cgroup_force_empty_write+0x160/0x160 [ 195.785653][ T5706] ? kill_css+0x3b0/0x3b0 [ 195.790070][ T5706] ? lock_acquire+0x32/0xc0 [ 195.794666][ T5706] ? kill_css+0x3b0/0x3b0 [ 195.799076][ T5706] kernfs_fop_write_iter+0x3f1/0x600 [ 195.804437][ T5706] vfs_write+0x9ed/0xe10 [ 195.808732][ T5706] ? kernel_write+0x670/0x670 [ 195.813459][ T5706] ? find_held_lock+0x2d/0x110 [ 195.818270][ T5706] ? __fget_light+0x20a/0x270 [ 195.823004][ T5706] ksys_write+0x12b/0x250 [ 195.827382][ T5706] ? __ia32_sys_read+0xb0/0xb0 [ 195.832210][ T5706] ? lockdep_hardirqs_on+0x7d/0x100 [ 195.837454][ T5706] ? _raw_spin_unlock_irq+0x2e/0x50 [ 195.842694][ T5706] ? ptrace_notify+0xfe/0x140 [ 195.847413][ T5706] do_syscall_64+0x39/0xb0 [ 195.851873][ T5706] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 195.857805][ T5706] RIP: 0033:0x7faecf034129 [ 195.862249][ T5706] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 195.881893][ T5706] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 195.890336][ T5706] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 195.898330][ T5706] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5085] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [ 195.906338][ T5706] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 195.914365][ T5706] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 195.922372][ T5706] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000024 [ 195.930409][ T5706] [pid 5085] rmdir("./32/file0") = 0 [pid 5085] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./32/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./32") = 0 [pid 5085] mkdir("./33", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5710 attached , child_tidptr=0x555555c0c5d0) = 35 [ 195.956498][ T5706] memory: usage 8kB, limit 0kB, failcnt 36 [ 195.969671][ T5706] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 195.978977][ T5706] Memory cgroup stats for /syz1: [ 195.979464][ T5706] anon 0 [ 195.979464][ T5706] file 0 [ 195.979464][ T5706] kernel 8192 [ 195.979464][ T5706] kernel_stack 0 [ 195.979464][ T5706] pagetables 0 [ 195.979464][ T5706] sec_pagetables 0 [ 195.979464][ T5706] percpu 0 [ 195.979464][ T5706] sock 0 [ 195.979464][ T5706] vmalloc 0 [ 195.979464][ T5706] shmem 0 [ 195.979464][ T5706] zswap 0 [ 195.979464][ T5706] zswapped 0 [ 195.979464][ T5706] file_mapped 0 [ 195.979464][ T5706] file_dirty 0 [ 195.979464][ T5706] file_writeback 0 [ 195.979464][ T5706] swapcached 0 [ 195.979464][ T5706] anon_thp 0 [ 195.979464][ T5706] file_thp 0 [ 195.979464][ T5706] shmem_thp 0 [ 195.979464][ T5706] inactive_anon 0 [ 195.979464][ T5706] active_anon 0 [ 195.979464][ T5706] inactive_file 0 [ 195.979464][ T5706] active_file 0 [ 195.979464][ T5706] unevictable 0 [ 195.979464][ T5706] slab_reclaimable 6752 [ 195.979464][ T5706] slab_unreclaimable 0 [ 195.979464][ T5706] slab 6752 [ 195.979464][ T5706] workingset_refault_anon 0 [ 195.979464][ T5706] workingset_refault_file 0 [ 195.979464][ T5706] workingset_activate_anon 0 [ 195.979464][ T5706] workingset_activate_file 0 [ 195.979464][ T5706] workingset_restore_anon 0 [ 195.979464][ T5706] workingset_restore_file 0 [ 195.979464][ T5706] workingset_nodereclaim 0 [ 195.979464][ T5706] pgscan 831 [ 195.979464][ T5706] pgsteal 2 [ 195.979464][ T5706] pgscan_kswapd 0 [ 195.979464][ T5706] pgscan_direct 831 [ 195.979464][ T5706] pgscan_khugepaged 0 [ 195.979464][ T5706] pgsteal_kswapd 0 [ 195.979464][ T5706] pgsteal_direct 2 [ 195.979464][ T5706] pgsteal_khugepaged 0 [ 195.979464][ T5706] pgfault 21 [ 195.979464][ T5706] pgmajfault 0 [ 195.979464][ T5706] pgrefill 830 [ 195.979464][ T5706] pgactivate 829 [ 195.979464][ T5706] pgdeactivate 830 [ 195.979464][ T5706] pglazyfree 0 [ 195.979464][ T5706] pglazyfreed 0 [ 195.979464][ T5706] zswpin 0 [pid 5710] chdir("./33") = 0 [pid 5710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5710] setpgid(0, 0) = 0 [pid 5710] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5710] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5710] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5710] write(3, "1000", 4) = 4 [pid 5710] close(3) = 0 [pid 5710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5710] mkdir("./file0", 000) = 0 [ 195.979464][ T5706] zswpout 0 [ 195.979464][ T5706] thp_fault_alloc 0 [ 195.979464][ T5706] thp_collapse_alloc 0 [ 196.181840][ T5706] Tasks state (memory values in pages): [ 196.187472][ T5706] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 196.197774][ T5706] Out of memory and no killable processes... [pid 5710] open("./file0", O_RDONLY) = 3 [pid 5710] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5706] <... write resumed>) = 18 [pid 5710] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5710] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5710] openat(5, "memory.max", O_RDWR) = 6 [ 196.205262][ T5707] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 196.216237][ T5707] CPU: 0 PID: 5707 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 196.226203][ T5707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 196.236403][ T5707] Call Trace: [ 196.239814][ T5707] [ 196.242790][ T5707] dump_stack_lvl+0x136/0x150 [ 196.247533][ T5707] dump_header+0x10a/0xd70 [ 196.252013][ T5707] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5710] write(6, "0x000000000000040e", 18 [pid 5706] close(3) = 0 [pid 5706] close(4) = 0 [pid 5706] close(5) = 0 [pid 5706] close(6) = 0 [ 196.258164][ T5707] out_of_memory+0xd64/0x1660 [ 196.262932][ T5707] ? oom_killer_disable+0x2b0/0x2b0 [ 196.268222][ T5707] mem_cgroup_out_of_memory+0x206/0x270 [ 196.273840][ T5707] ? mem_cgroup_margin+0x130/0x130 [ 196.279049][ T5707] memory_max_write+0x2f9/0x3c0 [ 196.283982][ T5707] ? mem_cgroup_force_empty_write+0x160/0x160 [ 196.290144][ T5707] ? lock_sync+0x190/0x190 [ 196.294642][ T5707] cgroup_file_write+0x1e2/0x7b0 [ 196.299672][ T5707] ? mem_cgroup_force_empty_write+0x160/0x160 [ 196.305824][ T5707] ? kill_css+0x3b0/0x3b0 [ 196.310240][ T5707] ? lock_acquire+0x32/0xc0 [ 196.314831][ T5707] ? kill_css+0x3b0/0x3b0 [ 196.319239][ T5707] kernfs_fop_write_iter+0x3f1/0x600 [ 196.324628][ T5707] vfs_write+0x9ed/0xe10 [ 196.328955][ T5707] ? kernel_write+0x670/0x670 [ 196.333711][ T5707] ? find_held_lock+0x2d/0x110 [ 196.338553][ T5707] ? __fget_light+0x20a/0x270 [ 196.343322][ T5707] ksys_write+0x12b/0x250 [ 196.347781][ T5707] ? __ia32_sys_read+0xb0/0xb0 [ 196.352624][ T5707] ? lockdep_hardirqs_on+0x7d/0x100 [ 196.357892][ T5707] ? _raw_spin_unlock_irq+0x2e/0x50 [ 196.363171][ T5707] ? ptrace_notify+0xfe/0x140 [ 196.367934][ T5707] do_syscall_64+0x39/0xb0 [ 196.372429][ T5707] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 196.378381][ T5707] RIP: 0033:0x7faecf034129 [ 196.382833][ T5707] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5706] close(7) = -1 EBADF (Bad file descriptor) [pid 5706] close(8) = -1 EBADF (Bad file descriptor) [pid 5706] close(9) = -1 EBADF (Bad file descriptor) [pid 5706] close(10) = -1 EBADF (Bad file descriptor) [pid 5706] close(11) = -1 EBADF (Bad file descriptor) [pid 5706] close(12) = -1 EBADF (Bad file descriptor) [pid 5706] close(13) = -1 EBADF (Bad file descriptor) [pid 5706] close(14) = -1 EBADF (Bad file descriptor) [pid 5706] close(15) = -1 EBADF (Bad file descriptor) [pid 5706] close(16) = -1 EBADF (Bad file descriptor) [pid 5706] close(17) = -1 EBADF (Bad file descriptor) [pid 5706] close(18) = -1 EBADF (Bad file descriptor) [pid 5706] close(19) = -1 EBADF (Bad file descriptor) [pid 5706] close(20) = -1 EBADF (Bad file descriptor) [pid 5706] close(21) = -1 EBADF (Bad file descriptor) [pid 5706] close(22) = -1 EBADF (Bad file descriptor) [pid 5706] close(23) = -1 EBADF (Bad file descriptor) [pid 5706] close(24) = -1 EBADF (Bad file descriptor) [pid 5706] close(25) = -1 EBADF (Bad file descriptor) [pid 5706] close(26) = -1 EBADF (Bad file descriptor) [pid 5706] close(27) = -1 EBADF (Bad file descriptor) [pid 5706] close(28) = -1 EBADF (Bad file descriptor) [pid 5706] close(29) = -1 EBADF (Bad file descriptor) [pid 5706] exit_group(0) = ? [pid 5706] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5090] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./36/binderfs") = 0 [pid 5090] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./36/cgroup") = 0 [pid 5090] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./36/cgroup.net") = 0 [pid 5090] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 196.402509][ T5707] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 196.410979][ T5707] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 196.418983][ T5707] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 196.427010][ T5707] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 196.435041][ T5707] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 196.443067][ T5707] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000021 [ 196.451124][ T5707] [pid 5090] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./36/file0") = 0 [pid 5090] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./36/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./36") = 0 [pid 5090] mkdir("./37", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 39 [ 196.458008][ T5707] memory: usage 8kB, limit 0kB, failcnt 36 [ 196.465082][ T5707] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 196.472945][ T5707] Memory cgroup stats for /syz1: [ 196.473227][ T5707] anon 0 [ 196.473227][ T5707] file 0 [ 196.473227][ T5707] kernel 8192 [ 196.473227][ T5707] kernel_stack 0 [ 196.473227][ T5707] pagetables 0 [ 196.473227][ T5707] sec_pagetables 0 [ 196.473227][ T5707] percpu 0 [ 196.473227][ T5707] sock 0 [ 196.473227][ T5707] vmalloc 0 [ 196.473227][ T5707] shmem 0 ./strace-static-x86_64: Process 5711 attached [pid 5711] chdir("./37") = 0 [pid 5711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 196.473227][ T5707] zswap 0 [ 196.473227][ T5707] zswapped 0 [ 196.473227][ T5707] file_mapped 0 [ 196.473227][ T5707] file_dirty 0 [ 196.473227][ T5707] file_writeback 0 [ 196.473227][ T5707] swapcached 0 [ 196.473227][ T5707] anon_thp 0 [ 196.473227][ T5707] file_thp 0 [ 196.473227][ T5707] shmem_thp 0 [ 196.473227][ T5707] inactive_anon 0 [ 196.473227][ T5707] active_anon 0 [ 196.473227][ T5707] inactive_file 0 [ 196.473227][ T5707] active_file 0 [ 196.473227][ T5707] unevictable 0 [ 196.473227][ T5707] slab_reclaimable 6752 [pid 5711] setpgid(0, 0) = 0 [pid 5711] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5711] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5711] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5711] write(3, "1000", 4) = 4 [pid 5711] close(3) = 0 [pid 5711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5711] mkdir("./file0", 000) = 0 [pid 5711] open("./file0", O_RDONLY) = 3 [ 196.473227][ T5707] slab_unreclaimable 0 [ 196.473227][ T5707] slab 6752 [ 196.473227][ T5707] workingset_refault_anon 0 [ 196.473227][ T5707] workingset_refault_file 0 [ 196.473227][ T5707] workingset_activate_anon 0 [ 196.473227][ T5707] workingset_activate_file 0 [ 196.473227][ T5707] workingset_restore_anon 0 [ 196.473227][ T5707] workingset_restore_file 0 [ 196.473227][ T5707] workingset_nodereclaim 0 [ 196.473227][ T5707] pgscan 831 [ 196.473227][ T5707] pgsteal 2 [ 196.473227][ T5707] pgscan_kswapd 0 [ 196.473227][ T5707] pgscan_direct 831 [pid 5711] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5711] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5711] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5711] openat(5, "memory.max", O_RDWR) = 6 [ 196.473227][ T5707] pgscan_khugepaged 0 [ 196.473227][ T5707] pgsteal_kswapd 0 [ 196.473227][ T5707] pgsteal_direct 2 [ 196.473227][ T5707] pgsteal_khugepaged 0 [ 196.473227][ T5707] pgfault 21 [ 196.473227][ T5707] pgmajfault 0 [ 196.473227][ T5707] pgrefill 830 [ 196.473227][ T5707] pgactivate 829 [ 196.473227][ T5707] pgdeactivate 830 [ 196.473227][ T5707] pglazyfree 0 [ 196.473227][ T5707] pglazyfreed 0 [ 196.473227][ T5707] zswpin 0 [ 196.473227][ T5707] zswpout 0 [ 196.473227][ T5707] thp_fault_alloc 0 [ 196.473227][ T5707] thp_collapse_alloc 0 [pid 5711] write(6, "0x000000000000040e", 18 [pid 5707] <... write resumed>) = 18 [pid 5707] close(3) = 0 [pid 5707] close(4) = 0 [pid 5707] close(5) = 0 [pid 5707] close(6) = 0 [pid 5707] close(7) = -1 EBADF (Bad file descriptor) [ 196.661750][ T5707] Tasks state (memory values in pages): [ 196.667883][ T5707] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 196.677878][ T5707] Out of memory and no killable processes... [ 196.685699][ T5708] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 196.697014][ T5708] CPU: 0 PID: 5708 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5707] close(8) = -1 EBADF (Bad file descriptor) [pid 5707] close(9) = -1 EBADF (Bad file descriptor) [pid 5707] close(10) = -1 EBADF (Bad file descriptor) [pid 5707] close(11) = -1 EBADF (Bad file descriptor) [pid 5707] close(12) = -1 EBADF (Bad file descriptor) [pid 5707] close(13) = -1 EBADF (Bad file descriptor) [pid 5707] close(14) = -1 EBADF (Bad file descriptor) [pid 5707] close(15) = -1 EBADF (Bad file descriptor) [pid 5707] close(16) = -1 EBADF (Bad file descriptor) [pid 5707] close(17) = -1 EBADF (Bad file descriptor) [pid 5707] close(18) = -1 EBADF (Bad file descriptor) [pid 5707] close(19) = -1 EBADF (Bad file descriptor) [pid 5707] close(20) = -1 EBADF (Bad file descriptor) [ 196.706989][ T5708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 196.717094][ T5708] Call Trace: [ 196.720419][ T5708] [ 196.723416][ T5708] dump_stack_lvl+0x136/0x150 [ 196.728166][ T5708] dump_header+0x10a/0xd70 [ 196.732654][ T5708] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 196.738813][ T5708] out_of_memory+0xd64/0x1660 [ 196.743574][ T5708] ? oom_killer_disable+0x2b0/0x2b0 [ 196.748855][ T5708] ? find_held_lock+0x2d/0x110 [ 196.753695][ T5708] mem_cgroup_out_of_memory+0x206/0x270 [ 196.759317][ T5708] ? mem_cgroup_margin+0x130/0x130 [ 196.764509][ T5708] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 196.770420][ T5708] memory_max_write+0x2f9/0x3c0 [ 196.775356][ T5708] ? mem_cgroup_force_empty_write+0x160/0x160 [ 196.781532][ T5708] ? lock_sync+0x190/0x190 [ 196.786021][ T5708] cgroup_file_write+0x1e2/0x7b0 [ 196.791037][ T5708] ? mem_cgroup_force_empty_write+0x160/0x160 [ 196.797188][ T5708] ? kill_css+0x3b0/0x3b0 [ 196.801595][ T5708] ? lock_acquire+0x32/0xc0 [ 196.806176][ T5708] ? kill_css+0x3b0/0x3b0 [ 196.810588][ T5708] kernfs_fop_write_iter+0x3f1/0x600 [ 196.815951][ T5708] vfs_write+0x9ed/0xe10 [ 196.820281][ T5708] ? kernel_write+0x670/0x670 [ 196.825060][ T5708] ? find_held_lock+0x2d/0x110 [ 196.829917][ T5708] ? __fget_light+0x20a/0x270 [ 196.834685][ T5708] ksys_write+0x12b/0x250 [ 196.839107][ T5708] ? __ia32_sys_read+0xb0/0xb0 [ 196.843958][ T5708] ? lockdep_hardirqs_on+0x7d/0x100 [ 196.849233][ T5708] ? _raw_spin_unlock_irq+0x2e/0x50 [ 196.854522][ T5708] ? ptrace_notify+0xfe/0x140 [pid 5707] close(21) = -1 EBADF (Bad file descriptor) [pid 5707] close(22) = -1 EBADF (Bad file descriptor) [pid 5707] close(23) = -1 EBADF (Bad file descriptor) [pid 5707] close(24) = -1 EBADF (Bad file descriptor) [pid 5707] close(25) = -1 EBADF (Bad file descriptor) [pid 5707] close(26) = -1 EBADF (Bad file descriptor) [pid 5707] close(27) = -1 EBADF (Bad file descriptor) [pid 5707] close(28) = -1 EBADF (Bad file descriptor) [pid 5707] close(29) = -1 EBADF (Bad file descriptor) [ 196.859265][ T5708] do_syscall_64+0x39/0xb0 [ 196.863737][ T5708] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 196.869703][ T5708] RIP: 0033:0x7faecf034129 [ 196.874171][ T5708] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 196.893840][ T5708] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 196.902317][ T5708] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5707] exit_group(0) = ? [pid 5707] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./33/binderfs") = 0 [pid 5086] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./33/cgroup") = 0 [pid 5086] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./33/cgroup.net") = 0 [pid 5086] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [ 196.910340][ T5708] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 196.918379][ T5708] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 196.926403][ T5708] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 196.934427][ T5708] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000024 [ 196.942487][ T5708] [pid 5086] rmdir("./33/file0") = 0 [pid 5086] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./33/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./33") = 0 [pid 5086] mkdir("./34", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5712 attached [pid 5712] chdir("./34" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 36 [pid 5712] <... chdir resumed>) = 0 [pid 5712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5712] setpgid(0, 0) = 0 [pid 5712] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5712] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5712] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5712] write(3, "1000", 4) = 4 [pid 5712] close(3) = 0 [pid 5712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5712] mkdir("./file0", 000) = 0 [ 196.966301][ T5708] memory: usage 8kB, limit 0kB, failcnt 36 [ 196.980390][ T5708] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 196.991099][ T5708] Memory cgroup stats for /syz1: [ 196.991392][ T5708] anon 0 [ 196.991392][ T5708] file 0 [ 196.991392][ T5708] kernel 8192 [ 196.991392][ T5708] kernel_stack 0 [ 196.991392][ T5708] pagetables 0 [ 196.991392][ T5708] sec_pagetables 0 [pid 5712] open("./file0", O_RDONLY) = 3 [pid 5712] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5712] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5712] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5712] openat(5, "memory.max", O_RDWR) = 6 [ 196.991392][ T5708] percpu 0 [ 196.991392][ T5708] sock 0 [ 196.991392][ T5708] vmalloc 0 [ 196.991392][ T5708] shmem 0 [ 196.991392][ T5708] zswap 0 [ 196.991392][ T5708] zswapped 0 [ 196.991392][ T5708] file_mapped 0 [ 196.991392][ T5708] file_dirty 0 [ 196.991392][ T5708] file_writeback 0 [ 196.991392][ T5708] swapcached 0 [ 196.991392][ T5708] anon_thp 0 [ 196.991392][ T5708] file_thp 0 [ 196.991392][ T5708] shmem_thp 0 [ 196.991392][ T5708] inactive_anon 0 [ 196.991392][ T5708] active_anon 0 [ 196.991392][ T5708] inactive_file 0 [ 196.991392][ T5708] active_file 0 [ 196.991392][ T5708] unevictable 0 [ 196.991392][ T5708] slab_reclaimable 6752 [ 196.991392][ T5708] slab_unreclaimable 0 [ 196.991392][ T5708] slab 6752 [ 196.991392][ T5708] workingset_refault_anon 0 [ 196.991392][ T5708] workingset_refault_file 0 [ 196.991392][ T5708] workingset_activate_anon 0 [ 196.991392][ T5708] workingset_activate_file 0 [ 196.991392][ T5708] workingset_restore_anon 0 [ 196.991392][ T5708] workingset_restore_file 0 [ 196.991392][ T5708] workingset_nodereclaim 0 [ 196.991392][ T5708] pgscan 831 [ 196.991392][ T5708] pgsteal 2 [ 196.991392][ T5708] pgscan_kswapd 0 [ 196.991392][ T5708] pgscan_direct 831 [ 196.991392][ T5708] pgscan_khugepaged 0 [ 196.991392][ T5708] pgsteal_kswapd 0 [ 196.991392][ T5708] pgsteal_direct 2 [ 196.991392][ T5708] pgsteal_khugepaged 0 [ 196.991392][ T5708] pgfault 21 [ 196.991392][ T5708] pgmajfault 0 [ 196.991392][ T5708] pgrefill 830 [ 196.991392][ T5708] pgactivate 829 [ 196.991392][ T5708] pgdeactivate 830 [ 196.991392][ T5708] pglazyfree 0 [ 196.991392][ T5708] pglazyfreed 0 [ 196.991392][ T5708] zswpin 0 [pid 5712] write(6, "0x000000000000040e", 18 [pid 5708] <... write resumed>) = 18 [ 196.991392][ T5708] zswpout 0 [ 196.991392][ T5708] thp_fault_alloc 0 [ 196.991392][ T5708] thp_collapse_alloc 0 [ 197.191124][ T5708] Tasks state (memory values in pages): [ 197.198102][ T5708] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 197.208441][ T5708] Out of memory and no killable processes... [pid 5708] close(3) = 0 [pid 5708] close(4) = 0 [pid 5708] close(5) = 0 [pid 5708] close(6) = 0 [pid 5708] close(7) = -1 EBADF (Bad file descriptor) [pid 5708] close(8) = -1 EBADF (Bad file descriptor) [pid 5708] close(9) = -1 EBADF (Bad file descriptor) [pid 5708] close(10) = -1 EBADF (Bad file descriptor) [pid 5708] close(11) = -1 EBADF (Bad file descriptor) [pid 5708] close(12) = -1 EBADF (Bad file descriptor) [pid 5708] close(13) = -1 EBADF (Bad file descriptor) [pid 5708] close(14) = -1 EBADF (Bad file descriptor) [pid 5708] close(15) = -1 EBADF (Bad file descriptor) [pid 5708] close(16) = -1 EBADF (Bad file descriptor) [pid 5708] close(17) = -1 EBADF (Bad file descriptor) [ 197.215943][ T5709] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 197.245023][ T5709] CPU: 1 PID: 5709 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 197.255016][ T5709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5708] close(18) = -1 EBADF (Bad file descriptor) [pid 5708] close(19) = -1 EBADF (Bad file descriptor) [pid 5708] close(20) = -1 EBADF (Bad file descriptor) [pid 5708] close(21) = -1 EBADF (Bad file descriptor) [pid 5708] close(22) = -1 EBADF (Bad file descriptor) [pid 5708] close(23) = -1 EBADF (Bad file descriptor) [pid 5708] close(24) = -1 EBADF (Bad file descriptor) [pid 5708] close(25) = -1 EBADF (Bad file descriptor) [pid 5708] close(26) = -1 EBADF (Bad file descriptor) [pid 5708] close(27) = -1 EBADF (Bad file descriptor) [pid 5708] close(28) = -1 EBADF (Bad file descriptor) [pid 5708] close(29) = -1 EBADF (Bad file descriptor) [pid 5708] exit_group(0) = ? [pid 5708] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./36/binderfs") = 0 [pid 5089] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./36/cgroup") = 0 [pid 5089] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 197.265130][ T5709] Call Trace: [ 197.268457][ T5709] [ 197.271437][ T5709] dump_stack_lvl+0x136/0x150 [ 197.276189][ T5709] dump_header+0x10a/0xd70 [ 197.280680][ T5709] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 197.286851][ T5709] out_of_memory+0xd64/0x1660 [ 197.291620][ T5709] ? oom_killer_disable+0x2b0/0x2b0 [ 197.296900][ T5709] ? find_held_lock+0x2d/0x110 [ 197.301739][ T5709] mem_cgroup_out_of_memory+0x206/0x270 [ 197.307360][ T5709] ? mem_cgroup_margin+0x130/0x130 [pid 5089] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./36/cgroup.net") = 0 [ 197.312560][ T5709] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 197.318464][ T5709] memory_max_write+0x2f9/0x3c0 [ 197.323490][ T5709] ? mem_cgroup_force_empty_write+0x160/0x160 [ 197.329659][ T5709] ? lock_sync+0x190/0x190 [ 197.334159][ T5709] cgroup_file_write+0x1e2/0x7b0 [ 197.339178][ T5709] ? mem_cgroup_force_empty_write+0x160/0x160 [ 197.345328][ T5709] ? kill_css+0x3b0/0x3b0 [ 197.349740][ T5709] ? lock_acquire+0x32/0xc0 [ 197.354299][ T5709] ? kill_css+0x3b0/0x3b0 [ 197.358700][ T5709] kernfs_fop_write_iter+0x3f1/0x600 [ 197.364049][ T5709] vfs_write+0x9ed/0xe10 [ 197.368351][ T5709] ? kernel_write+0x670/0x670 [ 197.373120][ T5709] ? find_held_lock+0x2d/0x110 [ 197.377942][ T5709] ? __fget_light+0x20a/0x270 [ 197.382677][ T5709] ksys_write+0x12b/0x250 [ 197.387088][ T5709] ? __ia32_sys_read+0xb0/0xb0 [ 197.391920][ T5709] ? lockdep_hardirqs_on+0x7d/0x100 [ 197.397159][ T5709] ? _raw_spin_unlock_irq+0x2e/0x50 [ 197.402432][ T5709] ? ptrace_notify+0xfe/0x140 [ 197.407186][ T5709] do_syscall_64+0x39/0xb0 [ 197.411670][ T5709] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 197.417596][ T5709] RIP: 0033:0x7faecf034129 [ 197.422043][ T5709] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 197.441709][ T5709] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 197.450194][ T5709] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 197.458207][ T5709] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5089] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 197.466198][ T5709] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 197.474199][ T5709] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 197.482223][ T5709] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000023 [ 197.490283][ T5709] [ 197.500319][ T5709] memory: usage 8kB, limit 0kB, failcnt 36 [ 197.510663][ T5709] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./36/file0") = 0 [pid 5089] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./36/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./36") = 0 [pid 5089] mkdir("./37", 0777) = 0 [ 197.518093][ T5709] Memory cgroup stats for /syz1: [ 197.518388][ T5709] anon 0 [ 197.518388][ T5709] file 0 [ 197.518388][ T5709] kernel 8192 [ 197.518388][ T5709] kernel_stack 0 [ 197.518388][ T5709] pagetables 0 [ 197.518388][ T5709] sec_pagetables 0 [ 197.518388][ T5709] percpu 0 [ 197.518388][ T5709] sock 0 [ 197.518388][ T5709] vmalloc 0 [ 197.518388][ T5709] shmem 0 [ 197.518388][ T5709] zswap 0 [ 197.518388][ T5709] zswapped 0 [ 197.518388][ T5709] file_mapped 0 [ 197.518388][ T5709] file_dirty 0 [ 197.518388][ T5709] file_writeback 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 39 ./strace-static-x86_64: Process 5714 attached [pid 5714] chdir("./37") = 0 [pid 5714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5714] setpgid(0, 0) = 0 [ 197.518388][ T5709] swapcached 0 [ 197.518388][ T5709] anon_thp 0 [ 197.518388][ T5709] file_thp 0 [ 197.518388][ T5709] shmem_thp 0 [ 197.518388][ T5709] inactive_anon 0 [ 197.518388][ T5709] active_anon 0 [ 197.518388][ T5709] inactive_file 0 [ 197.518388][ T5709] active_file 0 [ 197.518388][ T5709] unevictable 0 [ 197.518388][ T5709] slab_reclaimable 6752 [ 197.518388][ T5709] slab_unreclaimable 0 [ 197.518388][ T5709] slab 6752 [ 197.518388][ T5709] workingset_refault_anon 0 [ 197.518388][ T5709] workingset_refault_file 0 [pid 5714] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5714] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5714] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5714] write(3, "1000", 4) = 4 [ 197.518388][ T5709] workingset_activate_anon 0 [ 197.518388][ T5709] workingset_activate_file 0 [ 197.518388][ T5709] workingset_restore_anon 0 [ 197.518388][ T5709] workingset_restore_file 0 [ 197.518388][ T5709] workingset_nodereclaim 0 [ 197.518388][ T5709] pgscan 831 [ 197.518388][ T5709] pgsteal 2 [ 197.518388][ T5709] pgscan_kswapd 0 [ 197.518388][ T5709] pgscan_direct 831 [ 197.518388][ T5709] pgscan_khugepaged 0 [ 197.518388][ T5709] pgsteal_kswapd 0 [ 197.518388][ T5709] pgsteal_direct 2 [ 197.518388][ T5709] pgsteal_khugepaged 0 [ 197.518388][ T5709] pgfault 21 [ 197.518388][ T5709] pgmajfault 0 [ 197.518388][ T5709] pgrefill 830 [ 197.518388][ T5709] pgactivate 829 [ 197.518388][ T5709] pgdeactivate 830 [ 197.518388][ T5709] pglazyfree 0 [ 197.518388][ T5709] pglazyfreed 0 [ 197.518388][ T5709] zswpin 0 [ 197.518388][ T5709] zswpout 0 [ 197.518388][ T5709] thp_fault_alloc 0 [ 197.518388][ T5709] thp_collapse_alloc 0 [pid 5714] close(3) = 0 [pid 5714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5714] mkdir("./file0", 000) = 0 [pid 5714] open("./file0", O_RDONLY) = 3 [pid 5714] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5714] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5714] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5714] openat(5, "memory.max", O_RDWR) = 6 [pid 5714] write(6, "0x000000000000040e", 18 [pid 5709] <... write resumed>) = 18 [pid 5709] close(3) = 0 [pid 5709] close(4) = 0 [pid 5709] close(5) = 0 [pid 5709] close(6) = 0 [ 197.714899][ T5709] Tasks state (memory values in pages): [ 197.720718][ T5709] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 197.737233][ T5709] Out of memory and no killable processes... [ 197.744402][ T5710] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 197.756019][ T5710] CPU: 0 PID: 5710 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5709] close(7) = -1 EBADF (Bad file descriptor) [pid 5709] close(8) = -1 EBADF (Bad file descriptor) [pid 5709] close(9) = -1 EBADF (Bad file descriptor) [pid 5709] close(10) = -1 EBADF (Bad file descriptor) [pid 5709] close(11) = -1 EBADF (Bad file descriptor) [pid 5709] close(12) = -1 EBADF (Bad file descriptor) [pid 5709] close(13) = -1 EBADF (Bad file descriptor) [pid 5709] close(14) = -1 EBADF (Bad file descriptor) [pid 5709] close(15) = -1 EBADF (Bad file descriptor) [pid 5709] close(16) = -1 EBADF (Bad file descriptor) [pid 5709] close(17) = -1 EBADF (Bad file descriptor) [pid 5709] close(18) = -1 EBADF (Bad file descriptor) [pid 5709] close(19) = -1 EBADF (Bad file descriptor) [pid 5709] close(20) = -1 EBADF (Bad file descriptor) [pid 5709] close(21) = -1 EBADF (Bad file descriptor) [pid 5709] close(22) = -1 EBADF (Bad file descriptor) [pid 5709] close(23) = -1 EBADF (Bad file descriptor) [pid 5709] close(24) = -1 EBADF (Bad file descriptor) [pid 5709] close(25) = -1 EBADF (Bad file descriptor) [pid 5709] close(26) = -1 EBADF (Bad file descriptor) [pid 5709] close(27) = -1 EBADF (Bad file descriptor) [pid 5709] close(28) = -1 EBADF (Bad file descriptor) [pid 5709] close(29) = -1 EBADF (Bad file descriptor) [pid 5709] exit_group(0) = ? [pid 5709] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5087] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 197.765984][ T5710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 197.776100][ T5710] Call Trace: [ 197.779430][ T5710] [ 197.782416][ T5710] dump_stack_lvl+0x136/0x150 [ 197.787170][ T5710] dump_header+0x10a/0xd70 [ 197.791650][ T5710] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 197.797814][ T5710] out_of_memory+0xd64/0x1660 [ 197.802578][ T5710] ? oom_killer_disable+0x2b0/0x2b0 [ 197.807868][ T5710] mem_cgroup_out_of_memory+0x206/0x270 [ 197.813491][ T5710] ? mem_cgroup_margin+0x130/0x130 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./35/binderfs") = 0 [pid 5087] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./35/cgroup") = 0 [pid 5087] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./35/cgroup.net") = 0 [ 197.818701][ T5710] memory_max_write+0x2f9/0x3c0 [ 197.823642][ T5710] ? mem_cgroup_force_empty_write+0x160/0x160 [ 197.829808][ T5710] ? lock_sync+0x190/0x190 [ 197.834306][ T5710] cgroup_file_write+0x1e2/0x7b0 [ 197.839321][ T5710] ? mem_cgroup_force_empty_write+0x160/0x160 [ 197.845469][ T5710] ? kill_css+0x3b0/0x3b0 [ 197.849883][ T5710] ? lock_acquire+0x32/0xc0 [ 197.854496][ T5710] ? kill_css+0x3b0/0x3b0 [ 197.858898][ T5710] kernfs_fop_write_iter+0x3f1/0x600 [ 197.864265][ T5710] vfs_write+0x9ed/0xe10 [ 197.868595][ T5710] ? kernel_write+0x670/0x670 [ 197.873359][ T5710] ? find_held_lock+0x2d/0x110 [ 197.878203][ T5710] ? __fget_light+0x20a/0x270 [ 197.882960][ T5710] ksys_write+0x12b/0x250 [ 197.887376][ T5710] ? __ia32_sys_read+0xb0/0xb0 [ 197.892240][ T5710] ? lockdep_hardirqs_on+0x7d/0x100 [ 197.897517][ T5710] ? _raw_spin_unlock_irq+0x2e/0x50 [ 197.902796][ T5710] ? ptrace_notify+0xfe/0x140 [ 197.907555][ T5710] do_syscall_64+0x39/0xb0 [ 197.912064][ T5710] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 197.918030][ T5710] RIP: 0033:0x7faecf034129 [ 197.922506][ T5710] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 197.942179][ T5710] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 197.950672][ T5710] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 197.958692][ T5710] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5087] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./35/file0") = 0 [pid 5087] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 197.966716][ T5710] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 197.974737][ T5710] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 197.982762][ T5710] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000021 [ 197.990811][ T5710] [ 198.003695][ T5710] memory: usage 8kB, limit 0kB, failcnt 36 [ 198.010453][ T5710] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5087] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./35/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./35") = 0 [ 198.018836][ T5710] Memory cgroup stats for /syz1: [ 198.019221][ T5710] anon 0 [ 198.019221][ T5710] file 0 [ 198.019221][ T5710] kernel 8192 [ 198.019221][ T5710] kernel_stack 0 [ 198.019221][ T5710] pagetables 0 [ 198.019221][ T5710] sec_pagetables 0 [ 198.019221][ T5710] percpu 0 [ 198.019221][ T5710] sock 0 [ 198.019221][ T5710] vmalloc 0 [ 198.019221][ T5710] shmem 0 [ 198.019221][ T5710] zswap 0 [ 198.019221][ T5710] zswapped 0 [ 198.019221][ T5710] file_mapped 0 [ 198.019221][ T5710] file_dirty 0 [ 198.019221][ T5710] file_writeback 0 [pid 5087] mkdir("./36", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 38 ./strace-static-x86_64: Process 5715 attached [pid 5715] chdir("./36") = 0 [pid 5715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5715] setpgid(0, 0) = 0 [pid 5715] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5715] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5715] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 198.019221][ T5710] swapcached 0 [ 198.019221][ T5710] anon_thp 0 [ 198.019221][ T5710] file_thp 0 [ 198.019221][ T5710] shmem_thp 0 [ 198.019221][ T5710] inactive_anon 0 [ 198.019221][ T5710] active_anon 0 [ 198.019221][ T5710] inactive_file 0 [ 198.019221][ T5710] active_file 0 [ 198.019221][ T5710] unevictable 0 [ 198.019221][ T5710] slab_reclaimable 6752 [ 198.019221][ T5710] slab_unreclaimable 0 [ 198.019221][ T5710] slab 6752 [ 198.019221][ T5710] workingset_refault_anon 0 [ 198.019221][ T5710] workingset_refault_file 0 [ 198.019221][ T5710] workingset_activate_anon 0 [ 198.019221][ T5710] workingset_activate_file 0 [ 198.019221][ T5710] workingset_restore_anon 0 [ 198.019221][ T5710] workingset_restore_file 0 [ 198.019221][ T5710] workingset_nodereclaim 0 [ 198.019221][ T5710] pgscan 831 [ 198.019221][ T5710] pgsteal 2 [ 198.019221][ T5710] pgscan_kswapd 0 [ 198.019221][ T5710] pgscan_direct 831 [ 198.019221][ T5710] pgscan_khugepaged 0 [ 198.019221][ T5710] pgsteal_kswapd 0 [ 198.019221][ T5710] pgsteal_direct 2 [ 198.019221][ T5710] pgsteal_khugepaged 0 [ 198.019221][ T5710] pgfault 21 [pid 5715] write(3, "1000", 4) = 4 [ 198.019221][ T5710] pgmajfault 0 [ 198.019221][ T5710] pgrefill 830 [ 198.019221][ T5710] pgactivate 829 [ 198.019221][ T5710] pgdeactivate 830 [ 198.019221][ T5710] pglazyfree 0 [ 198.019221][ T5710] pglazyfreed 0 [ 198.019221][ T5710] zswpin 0 [ 198.019221][ T5710] zswpout 0 [ 198.019221][ T5710] thp_fault_alloc 0 [ 198.019221][ T5710] thp_collapse_alloc 0 [ 198.210495][ T5710] Tasks state (memory values in pages): [pid 5715] close(3) = 0 [pid 5715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5715] mkdir("./file0", 000) = 0 [pid 5715] open("./file0", O_RDONLY) = 3 [pid 5715] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5715] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5715] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5715] openat(5, "memory.max", O_RDWR) = 6 [pid 5715] write(6, "0x000000000000040e", 18 [pid 5710] <... write resumed>) = 18 [pid 5710] close(3) = 0 [pid 5710] close(4) = 0 [pid 5710] close(5) = 0 [pid 5710] close(6) = 0 [pid 5710] close(7) = -1 EBADF (Bad file descriptor) [pid 5710] close(8) = -1 EBADF (Bad file descriptor) [pid 5710] close(9) = -1 EBADF (Bad file descriptor) [pid 5710] close(10) = -1 EBADF (Bad file descriptor) [pid 5710] close(11) = -1 EBADF (Bad file descriptor) [ 198.216822][ T5710] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 198.227682][ T5710] Out of memory and no killable processes... [ 198.258699][ T5711] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5710] close(12) = -1 EBADF (Bad file descriptor) [pid 5710] close(13) = -1 EBADF (Bad file descriptor) [pid 5710] close(14) = -1 EBADF (Bad file descriptor) [pid 5710] close(15) = -1 EBADF (Bad file descriptor) [pid 5710] close(16) = -1 EBADF (Bad file descriptor) [pid 5710] close(17) = -1 EBADF (Bad file descriptor) [pid 5710] close(18) = -1 EBADF (Bad file descriptor) [pid 5710] close(19) = -1 EBADF (Bad file descriptor) [pid 5710] close(20) = -1 EBADF (Bad file descriptor) [pid 5710] close(21) = -1 EBADF (Bad file descriptor) [pid 5710] close(22) = -1 EBADF (Bad file descriptor) [pid 5710] close(23) = -1 EBADF (Bad file descriptor) [pid 5710] close(24) = -1 EBADF (Bad file descriptor) [pid 5710] close(25) = -1 EBADF (Bad file descriptor) [pid 5710] close(26) = -1 EBADF (Bad file descriptor) [pid 5710] close(27) = -1 EBADF (Bad file descriptor) [pid 5710] close(28) = -1 EBADF (Bad file descriptor) [pid 5710] close(29) = -1 EBADF (Bad file descriptor) [pid 5710] exit_group(0) = ? [pid 5710] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5085] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 198.277543][ T5711] CPU: 1 PID: 5711 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 198.287547][ T5711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 198.297668][ T5711] Call Trace: [ 198.300998][ T5711] [ 198.303970][ T5711] dump_stack_lvl+0x136/0x150 [ 198.308737][ T5711] dump_header+0x10a/0xd70 [ 198.313225][ T5711] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 198.319399][ T5711] out_of_memory+0xd64/0x1660 [pid 5085] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./33/binderfs") = 0 [pid 5085] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./33/cgroup") = 0 [pid 5085] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./33/cgroup.net") = 0 [ 198.324169][ T5711] ? oom_killer_disable+0x2b0/0x2b0 [ 198.329456][ T5711] mem_cgroup_out_of_memory+0x206/0x270 [ 198.335088][ T5711] ? mem_cgroup_margin+0x130/0x130 [ 198.340306][ T5711] memory_max_write+0x2f9/0x3c0 [ 198.345248][ T5711] ? mem_cgroup_force_empty_write+0x160/0x160 [ 198.351408][ T5711] ? lock_sync+0x190/0x190 [ 198.355886][ T5711] cgroup_file_write+0x1e2/0x7b0 [ 198.360881][ T5711] ? mem_cgroup_force_empty_write+0x160/0x160 [ 198.367023][ T5711] ? kill_css+0x3b0/0x3b0 [ 198.371403][ T5711] ? lock_acquire+0x32/0xc0 [ 198.376073][ T5711] ? kill_css+0x3b0/0x3b0 [ 198.380473][ T5711] kernfs_fop_write_iter+0x3f1/0x600 [ 198.385822][ T5711] vfs_write+0x9ed/0xe10 [ 198.390152][ T5711] ? kernel_write+0x670/0x670 [ 198.394910][ T5711] ? find_held_lock+0x2d/0x110 [ 198.399722][ T5711] ? __fget_light+0x20a/0x270 [ 198.404473][ T5711] ksys_write+0x12b/0x250 [ 198.408896][ T5711] ? __ia32_sys_read+0xb0/0xb0 [ 198.413747][ T5711] ? lockdep_hardirqs_on+0x7d/0x100 [ 198.418990][ T5711] ? _raw_spin_unlock_irq+0x2e/0x50 [ 198.424269][ T5711] ? ptrace_notify+0xfe/0x140 [ 198.429015][ T5711] do_syscall_64+0x39/0xb0 [ 198.433499][ T5711] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 198.439451][ T5711] RIP: 0033:0x7faecf034129 [ 198.443921][ T5711] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 198.463598][ T5711] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5085] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 198.472084][ T5711] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 198.480114][ T5711] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 198.488138][ T5711] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 198.496171][ T5711] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 198.504180][ T5711] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000025 [ 198.512194][ T5711] [pid 5085] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./33/file0") = 0 [pid 5085] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./33/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./33") = 0 [pid 5085] mkdir("./34", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5716 attached [pid 5716] chdir("./34" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 36 [pid 5716] <... chdir resumed>) = 0 [pid 5716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 198.525609][ T5711] memory: usage 8kB, limit 0kB, failcnt 36 [ 198.531703][ T5711] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 198.538733][ T5711] Memory cgroup stats for /syz1: [ 198.539102][ T5711] anon 0 [ 198.539102][ T5711] file 0 [ 198.539102][ T5711] kernel 8192 [ 198.539102][ T5711] kernel_stack 0 [ 198.539102][ T5711] pagetables 0 [ 198.539102][ T5711] sec_pagetables 0 [ 198.539102][ T5711] percpu 0 [ 198.539102][ T5711] sock 0 [ 198.539102][ T5711] vmalloc 0 [ 198.539102][ T5711] shmem 0 [ 198.539102][ T5711] zswap 0 [pid 5716] setpgid(0, 0) = 0 [pid 5716] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5716] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5716] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5716] write(3, "1000", 4) = 4 [pid 5716] close(3) = 0 [pid 5716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5716] mkdir("./file0", 000) = 0 [pid 5716] open("./file0", O_RDONLY) = 3 [pid 5716] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5716] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5716] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5716] openat(5, "memory.max", O_RDWR) = 6 [ 198.539102][ T5711] zswapped 0 [ 198.539102][ T5711] file_mapped 0 [ 198.539102][ T5711] file_dirty 0 [ 198.539102][ T5711] file_writeback 0 [ 198.539102][ T5711] swapcached 0 [ 198.539102][ T5711] anon_thp 0 [ 198.539102][ T5711] file_thp 0 [ 198.539102][ T5711] shmem_thp 0 [ 198.539102][ T5711] inactive_anon 0 [ 198.539102][ T5711] active_anon 0 [ 198.539102][ T5711] inactive_file 0 [ 198.539102][ T5711] active_file 0 [ 198.539102][ T5711] unevictable 0 [ 198.539102][ T5711] slab_reclaimable 6752 [ 198.539102][ T5711] slab_unreclaimable 0 [ 198.539102][ T5711] slab 6752 [ 198.539102][ T5711] workingset_refault_anon 0 [ 198.539102][ T5711] workingset_refault_file 0 [ 198.539102][ T5711] workingset_activate_anon 0 [ 198.539102][ T5711] workingset_activate_file 0 [ 198.539102][ T5711] workingset_restore_anon 0 [ 198.539102][ T5711] workingset_restore_file 0 [ 198.539102][ T5711] workingset_nodereclaim 0 [ 198.539102][ T5711] pgscan 831 [ 198.539102][ T5711] pgsteal 2 [ 198.539102][ T5711] pgscan_kswapd 0 [ 198.539102][ T5711] pgscan_direct 831 [ 198.539102][ T5711] pgscan_khugepaged 0 [ 198.539102][ T5711] pgsteal_kswapd 0 [ 198.539102][ T5711] pgsteal_direct 2 [ 198.539102][ T5711] pgsteal_khugepaged 0 [ 198.539102][ T5711] pgfault 21 [ 198.539102][ T5711] pgmajfault 0 [ 198.539102][ T5711] pgrefill 830 [ 198.539102][ T5711] pgactivate 829 [ 198.539102][ T5711] pgdeactivate 830 [ 198.539102][ T5711] pglazyfree 0 [ 198.539102][ T5711] pglazyfreed 0 [ 198.539102][ T5711] zswpin 0 [ 198.539102][ T5711] zswpout 0 [ 198.539102][ T5711] thp_fault_alloc 0 [ 198.539102][ T5711] thp_collapse_alloc 0 [pid 5716] write(6, "0x000000000000040e", 18 [pid 5711] <... write resumed>) = 18 [pid 5711] close(3) = 0 [pid 5711] close(4) = 0 [pid 5711] close(5) = 0 [pid 5711] close(6) = 0 [pid 5711] close(7) = -1 EBADF (Bad file descriptor) [pid 5711] close(8) = -1 EBADF (Bad file descriptor) [pid 5711] close(9) = -1 EBADF (Bad file descriptor) [pid 5711] close(10) = -1 EBADF (Bad file descriptor) [pid 5711] close(11) = -1 EBADF (Bad file descriptor) [pid 5711] close(12) = -1 EBADF (Bad file descriptor) [pid 5711] close(13) = -1 EBADF (Bad file descriptor) [pid 5711] close(14) = -1 EBADF (Bad file descriptor) [pid 5711] close(15) = -1 EBADF (Bad file descriptor) [pid 5711] close(16) = -1 EBADF (Bad file descriptor) [pid 5711] close(17) = -1 EBADF (Bad file descriptor) [pid 5711] close(18) = -1 EBADF (Bad file descriptor) [pid 5711] close(19) = -1 EBADF (Bad file descriptor) [pid 5711] close(20) = -1 EBADF (Bad file descriptor) [ 198.736021][ T5711] Tasks state (memory values in pages): [ 198.741990][ T5711] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 198.751535][ T5711] Out of memory and no killable processes... [ 198.762091][ T5712] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 198.773080][ T5712] CPU: 1 PID: 5712 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5711] close(21) = -1 EBADF (Bad file descriptor) [pid 5711] close(22) = -1 EBADF (Bad file descriptor) [pid 5711] close(23) = -1 EBADF (Bad file descriptor) [pid 5711] close(24) = -1 EBADF (Bad file descriptor) [pid 5711] close(25) = -1 EBADF (Bad file descriptor) [pid 5711] close(26) = -1 EBADF (Bad file descriptor) [pid 5711] close(27) = -1 EBADF (Bad file descriptor) [pid 5711] close(28) = -1 EBADF (Bad file descriptor) [pid 5711] close(29) = -1 EBADF (Bad file descriptor) [pid 5711] exit_group(0) = ? [pid 5711] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5090] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./37/binderfs") = 0 [pid 5090] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./37/cgroup") = 0 [pid 5090] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./37/cgroup.net") = 0 [ 198.783056][ T5712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 198.793167][ T5712] Call Trace: [ 198.796497][ T5712] [ 198.799484][ T5712] dump_stack_lvl+0x136/0x150 [ 198.804240][ T5712] dump_header+0x10a/0xd70 [ 198.808734][ T5712] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 198.814906][ T5712] out_of_memory+0xd64/0x1660 [ 198.819676][ T5712] ? oom_killer_disable+0x2b0/0x2b0 [ 198.824998][ T5712] ? find_held_lock+0x2d/0x110 [ 198.829840][ T5712] mem_cgroup_out_of_memory+0x206/0x270 [ 198.835465][ T5712] ? mem_cgroup_margin+0x130/0x130 [ 198.840678][ T5712] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 198.846584][ T5712] memory_max_write+0x2f9/0x3c0 [ 198.851530][ T5712] ? mem_cgroup_force_empty_write+0x160/0x160 [ 198.857684][ T5712] ? lock_sync+0x190/0x190 [ 198.862174][ T5712] cgroup_file_write+0x1e2/0x7b0 [ 198.867197][ T5712] ? mem_cgroup_force_empty_write+0x160/0x160 [ 198.873344][ T5712] ? kill_css+0x3b0/0x3b0 [ 198.877757][ T5712] ? lock_acquire+0x32/0xc0 [ 198.882352][ T5712] ? kill_css+0x3b0/0x3b0 [ 198.886762][ T5712] kernfs_fop_write_iter+0x3f1/0x600 [ 198.892113][ T5712] vfs_write+0x9ed/0xe10 [ 198.896424][ T5712] ? kernel_write+0x670/0x670 [ 198.901186][ T5712] ? find_held_lock+0x2d/0x110 [ 198.905994][ T5712] ? __fget_light+0x20a/0x270 [ 198.910735][ T5712] ksys_write+0x12b/0x250 [ 198.915111][ T5712] ? __ia32_sys_read+0xb0/0xb0 [ 198.919919][ T5712] ? lockdep_hardirqs_on+0x7d/0x100 [ 198.925185][ T5712] ? _raw_spin_unlock_irq+0x2e/0x50 [ 198.930422][ T5712] ? ptrace_notify+0xfe/0x140 [ 198.935141][ T5712] do_syscall_64+0x39/0xb0 [ 198.939609][ T5712] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 198.945544][ T5712] RIP: 0033:0x7faecf034129 [ 198.949987][ T5712] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 198.969636][ T5712] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 198.978083][ T5712] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5090] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 198.986081][ T5712] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 198.994080][ T5712] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 199.002080][ T5712] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 199.010082][ T5712] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000022 [ 199.018104][ T5712] [pid 5090] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./37/file0") = 0 [pid 5090] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./37/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./37") = 0 [pid 5090] mkdir("./38", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 40 [ 199.041463][ T5712] memory: usage 8kB, limit 0kB, failcnt 36 [ 199.047918][ T5712] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 199.063914][ T5712] Memory cgroup stats for /syz1: [ 199.064204][ T5712] anon 0 [ 199.064204][ T5712] file 0 [ 199.064204][ T5712] kernel 8192 [ 199.064204][ T5712] kernel_stack 0 [ 199.064204][ T5712] pagetables 0 [ 199.064204][ T5712] sec_pagetables 0 [ 199.064204][ T5712] percpu 0 ./strace-static-x86_64: Process 5718 attached [pid 5718] chdir("./38") = 0 [pid 5718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5718] setpgid(0, 0) = 0 [pid 5718] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5718] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5718] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5718] write(3, "1000", 4) = 4 [pid 5718] close(3) = 0 [pid 5718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5718] mkdir("./file0", 000) = 0 [pid 5718] open("./file0", O_RDONLY) = 3 [pid 5718] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5718] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5718] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5718] openat(5, "memory.max", O_RDWR) = 6 [ 199.064204][ T5712] sock 0 [ 199.064204][ T5712] vmalloc 0 [ 199.064204][ T5712] shmem 0 [ 199.064204][ T5712] zswap 0 [ 199.064204][ T5712] zswapped 0 [ 199.064204][ T5712] file_mapped 0 [ 199.064204][ T5712] file_dirty 0 [ 199.064204][ T5712] file_writeback 0 [ 199.064204][ T5712] swapcached 0 [ 199.064204][ T5712] anon_thp 0 [ 199.064204][ T5712] file_thp 0 [ 199.064204][ T5712] shmem_thp 0 [ 199.064204][ T5712] inactive_anon 0 [ 199.064204][ T5712] active_anon 0 [ 199.064204][ T5712] inactive_file 0 [ 199.064204][ T5712] active_file 0 [ 199.064204][ T5712] unevictable 0 [ 199.064204][ T5712] slab_reclaimable 6752 [ 199.064204][ T5712] slab_unreclaimable 0 [ 199.064204][ T5712] slab 6752 [ 199.064204][ T5712] workingset_refault_anon 0 [ 199.064204][ T5712] workingset_refault_file 0 [ 199.064204][ T5712] workingset_activate_anon 0 [ 199.064204][ T5712] workingset_activate_file 0 [ 199.064204][ T5712] workingset_restore_anon 0 [ 199.064204][ T5712] workingset_restore_file 0 [ 199.064204][ T5712] workingset_nodereclaim 0 [ 199.064204][ T5712] pgscan 831 [ 199.064204][ T5712] pgsteal 2 [ 199.064204][ T5712] pgscan_kswapd 0 [ 199.064204][ T5712] pgscan_direct 831 [ 199.064204][ T5712] pgscan_khugepaged 0 [ 199.064204][ T5712] pgsteal_kswapd 0 [ 199.064204][ T5712] pgsteal_direct 2 [ 199.064204][ T5712] pgsteal_khugepaged 0 [ 199.064204][ T5712] pgfault 21 [ 199.064204][ T5712] pgmajfault 0 [ 199.064204][ T5712] pgrefill 830 [ 199.064204][ T5712] pgactivate 829 [ 199.064204][ T5712] pgdeactivate 830 [ 199.064204][ T5712] pglazyfree 0 [ 199.064204][ T5712] pglazyfreed 0 [ 199.064204][ T5712] zswpin 0 [ 199.064204][ T5712] zswpout 0 [ 199.064204][ T5712] thp_fault_alloc 0 [ 199.064204][ T5712] thp_collapse_alloc 0 [ 199.262547][ T5712] Tasks state (memory values in pages): [ 199.268795][ T5712] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 199.280146][ T5712] Out of memory and no killable processes... [pid 5718] write(6, "0x000000000000040e", 18 [pid 5712] <... write resumed>) = 18 [pid 5712] close(3) = 0 [pid 5712] close(4) = 0 [pid 5712] close(5) = 0 [pid 5712] close(6) = 0 [pid 5712] close(7) = -1 EBADF (Bad file descriptor) [pid 5712] close(8) = -1 EBADF (Bad file descriptor) [pid 5712] close(9) = -1 EBADF (Bad file descriptor) [pid 5712] close(10) = -1 EBADF (Bad file descriptor) [pid 5712] close(11) = -1 EBADF (Bad file descriptor) [pid 5712] close(12) = -1 EBADF (Bad file descriptor) [pid 5712] close(13) = -1 EBADF (Bad file descriptor) [pid 5712] close(14) = -1 EBADF (Bad file descriptor) [pid 5712] close(15) = -1 EBADF (Bad file descriptor) [pid 5712] close(16) = -1 EBADF (Bad file descriptor) [pid 5712] close(17) = -1 EBADF (Bad file descriptor) [pid 5712] close(18) = -1 EBADF (Bad file descriptor) [pid 5712] close(19) = -1 EBADF (Bad file descriptor) [pid 5712] close(20) = -1 EBADF (Bad file descriptor) [pid 5712] close(21) = -1 EBADF (Bad file descriptor) [pid 5712] close(22) = -1 EBADF (Bad file descriptor) [ 199.293527][ T5714] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 199.306158][ T5714] CPU: 1 PID: 5714 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 199.316133][ T5714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 199.326253][ T5714] Call Trace: [ 199.329584][ T5714] [ 199.332571][ T5714] dump_stack_lvl+0x136/0x150 [ 199.337329][ T5714] dump_header+0x10a/0xd70 [pid 5712] close(23) = -1 EBADF (Bad file descriptor) [pid 5712] close(24) = -1 EBADF (Bad file descriptor) [pid 5712] close(25) = -1 EBADF (Bad file descriptor) [pid 5712] close(26) = -1 EBADF (Bad file descriptor) [pid 5712] close(27) = -1 EBADF (Bad file descriptor) [pid 5712] close(28) = -1 EBADF (Bad file descriptor) [pid 5712] close(29) = -1 EBADF (Bad file descriptor) [pid 5712] exit_group(0) = ? [pid 5712] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./34/binderfs") = 0 [pid 5086] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 199.341822][ T5714] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 199.347990][ T5714] out_of_memory+0xd64/0x1660 [ 199.352759][ T5714] ? oom_killer_disable+0x2b0/0x2b0 [ 199.358047][ T5714] ? find_held_lock+0x2d/0x110 [ 199.362884][ T5714] mem_cgroup_out_of_memory+0x206/0x270 [ 199.368502][ T5714] ? mem_cgroup_margin+0x130/0x130 [ 199.373704][ T5714] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 199.379603][ T5714] memory_max_write+0x2f9/0x3c0 [ 199.384541][ T5714] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5086] unlink("./34/cgroup") = 0 [pid 5086] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./34/cgroup.net") = 0 [ 199.390704][ T5714] ? lock_sync+0x190/0x190 [ 199.395206][ T5714] cgroup_file_write+0x1e2/0x7b0 [ 199.400238][ T5714] ? mem_cgroup_force_empty_write+0x160/0x160 [ 199.406390][ T5714] ? kill_css+0x3b0/0x3b0 [ 199.410783][ T5714] ? lock_acquire+0x32/0xc0 [ 199.415437][ T5714] ? kill_css+0x3b0/0x3b0 [ 199.419836][ T5714] kernfs_fop_write_iter+0x3f1/0x600 [ 199.425188][ T5714] vfs_write+0x9ed/0xe10 [ 199.429489][ T5714] ? kernel_write+0x670/0x670 [ 199.434207][ T5714] ? find_held_lock+0x2d/0x110 [ 199.439027][ T5714] ? __fget_light+0x20a/0x270 [ 199.443786][ T5714] ksys_write+0x12b/0x250 [ 199.448195][ T5714] ? __ia32_sys_read+0xb0/0xb0 [ 199.453034][ T5714] ? lockdep_hardirqs_on+0x7d/0x100 [ 199.458298][ T5714] ? _raw_spin_unlock_irq+0x2e/0x50 [ 199.463569][ T5714] ? ptrace_notify+0xfe/0x140 [ 199.468324][ T5714] do_syscall_64+0x39/0xb0 [ 199.472821][ T5714] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 199.478789][ T5714] RIP: 0033:0x7faecf034129 [ 199.483221][ T5714] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 199.502871][ T5714] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 199.511378][ T5714] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 199.519425][ T5714] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 199.527459][ T5714] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 199.535485][ T5714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5086] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./34/file0") = 0 [pid 5086] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 199.543496][ T5714] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000025 [ 199.551559][ T5714] [ 199.564262][ T5714] memory: usage 8kB, limit 0kB, failcnt 36 [ 199.570194][ T5714] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 199.577748][ T5714] Memory cgroup stats for /syz1: [ 199.578040][ T5714] anon 0 [ 199.578040][ T5714] file 0 [ 199.578040][ T5714] kernel 8192 [pid 5086] unlink("./34/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./34") = 0 [pid 5086] mkdir("./35", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 37 ./strace-static-x86_64: Process 5719 attached [pid 5719] chdir("./35") = 0 [ 199.578040][ T5714] kernel_stack 0 [ 199.578040][ T5714] pagetables 0 [ 199.578040][ T5714] sec_pagetables 0 [ 199.578040][ T5714] percpu 0 [ 199.578040][ T5714] sock 0 [ 199.578040][ T5714] vmalloc 0 [ 199.578040][ T5714] shmem 0 [ 199.578040][ T5714] zswap 0 [ 199.578040][ T5714] zswapped 0 [ 199.578040][ T5714] file_mapped 0 [ 199.578040][ T5714] file_dirty 0 [ 199.578040][ T5714] file_writeback 0 [ 199.578040][ T5714] swapcached 0 [ 199.578040][ T5714] anon_thp 0 [ 199.578040][ T5714] file_thp 0 [ 199.578040][ T5714] shmem_thp 0 [ 199.578040][ T5714] inactive_anon 0 [pid 5719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5719] setpgid(0, 0) = 0 [pid 5719] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5719] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5719] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5719] write(3, "1000", 4) = 4 [pid 5719] close(3) = 0 [pid 5719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5719] mkdir("./file0", 000) = 0 [pid 5719] open("./file0", O_RDONLY) = 3 [pid 5719] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5719] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5719] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5719] openat(5, "memory.max", O_RDWR) = 6 [ 199.578040][ T5714] active_anon 0 [ 199.578040][ T5714] inactive_file 0 [ 199.578040][ T5714] active_file 0 [ 199.578040][ T5714] unevictable 0 [ 199.578040][ T5714] slab_reclaimable 6752 [ 199.578040][ T5714] slab_unreclaimable 0 [ 199.578040][ T5714] slab 6752 [ 199.578040][ T5714] workingset_refault_anon 0 [ 199.578040][ T5714] workingset_refault_file 0 [ 199.578040][ T5714] workingset_activate_anon 0 [ 199.578040][ T5714] workingset_activate_file 0 [ 199.578040][ T5714] workingset_restore_anon 0 [ 199.578040][ T5714] workingset_restore_file 0 [ 199.578040][ T5714] workingset_nodereclaim 0 [ 199.578040][ T5714] pgscan 831 [ 199.578040][ T5714] pgsteal 2 [ 199.578040][ T5714] pgscan_kswapd 0 [ 199.578040][ T5714] pgscan_direct 831 [ 199.578040][ T5714] pgscan_khugepaged 0 [ 199.578040][ T5714] pgsteal_kswapd 0 [ 199.578040][ T5714] pgsteal_direct 2 [ 199.578040][ T5714] pgsteal_khugepaged 0 [ 199.578040][ T5714] pgfault 21 [ 199.578040][ T5714] pgmajfault 0 [ 199.578040][ T5714] pgrefill 830 [ 199.578040][ T5714] pgactivate 829 [ 199.578040][ T5714] pgdeactivate 830 [ 199.578040][ T5714] pglazyfree 0 [ 199.578040][ T5714] pglazyfreed 0 [ 199.578040][ T5714] zswpin 0 [ 199.578040][ T5714] zswpout 0 [ 199.578040][ T5714] thp_fault_alloc 0 [ 199.578040][ T5714] thp_collapse_alloc 0 [ 199.765489][ T5714] Tasks state (memory values in pages): [ 199.771106][ T5714] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 199.782140][ T5714] Out of memory and no killable processes... [ 199.789019][ T5715] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 199.800095][ T5715] CPU: 0 PID: 5715 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 199.810061][ T5715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 199.820173][ T5715] Call Trace: [ 199.823517][ T5715] [ 199.826503][ T5715] dump_stack_lvl+0x136/0x150 [ 199.831255][ T5715] dump_header+0x10a/0xd70 [ 199.836003][ T5715] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 199.842169][ T5715] out_of_memory+0xd64/0x1660 [ 199.846936][ T5715] ? oom_killer_disable+0x2b0/0x2b0 [ 199.852234][ T5715] ? find_held_lock+0x2d/0x110 [ 199.857068][ T5715] mem_cgroup_out_of_memory+0x206/0x270 [ 199.862693][ T5715] ? mem_cgroup_margin+0x130/0x130 [ 199.867901][ T5715] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 199.873797][ T5715] memory_max_write+0x2f9/0x3c0 [ 199.878732][ T5715] ? mem_cgroup_force_empty_write+0x160/0x160 [ 199.884894][ T5715] ? lock_sync+0x190/0x190 [ 199.889387][ T5715] cgroup_file_write+0x1e2/0x7b0 [ 199.894408][ T5715] ? mem_cgroup_force_empty_write+0x160/0x160 [ 199.900574][ T5715] ? kill_css+0x3b0/0x3b0 [ 199.904979][ T5715] ? lock_acquire+0x32/0xc0 [ 199.909537][ T5715] ? kill_css+0x3b0/0x3b0 [ 199.914271][ T5715] kernfs_fop_write_iter+0x3f1/0x600 [ 199.919615][ T5715] vfs_write+0x9ed/0xe10 [ 199.923914][ T5715] ? kernel_write+0x670/0x670 [ 199.928666][ T5715] ? find_held_lock+0x2d/0x110 [ 199.933483][ T5715] ? __fget_light+0x20a/0x270 [ 199.938243][ T5715] ksys_write+0x12b/0x250 [ 199.942630][ T5715] ? __ia32_sys_read+0xb0/0xb0 [ 199.947530][ T5715] ? lockdep_hardirqs_on+0x7d/0x100 [ 199.952788][ T5715] ? _raw_spin_unlock_irq+0x2e/0x50 [ 199.958034][ T5715] ? ptrace_notify+0xfe/0x140 [ 199.962757][ T5715] do_syscall_64+0x39/0xb0 [ 199.967226][ T5715] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 199.973162][ T5715] RIP: 0033:0x7faecf034129 [ 199.977608][ T5715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 199.997252][ T5715] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 200.005704][ T5715] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 200.013809][ T5715] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 200.021818][ T5715] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 200.029825][ T5715] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 200.037926][ T5715] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000024 [pid 5719] write(6, "0x000000000000040e", 18 [pid 5714] <... write resumed>) = 18 [pid 5714] close(3) = 0 [pid 5714] close(4) = 0 [pid 5714] close(5) = 0 [pid 5714] close(6) = 0 [pid 5714] close(7) = -1 EBADF (Bad file descriptor) [pid 5714] close(8) = -1 EBADF (Bad file descriptor) [pid 5714] close(9) = -1 EBADF (Bad file descriptor) [pid 5714] close(10) = -1 EBADF (Bad file descriptor) [pid 5714] close(11) = -1 EBADF (Bad file descriptor) [pid 5714] close(12) = -1 EBADF (Bad file descriptor) [pid 5714] close(13) = -1 EBADF (Bad file descriptor) [pid 5714] close(14) = -1 EBADF (Bad file descriptor) [pid 5714] close(15) = -1 EBADF (Bad file descriptor) [pid 5714] close(16) = -1 EBADF (Bad file descriptor) [pid 5714] close(17) = -1 EBADF (Bad file descriptor) [pid 5714] close(18) = -1 EBADF (Bad file descriptor) [pid 5714] close(19) = -1 EBADF (Bad file descriptor) [pid 5714] close(20) = -1 EBADF (Bad file descriptor) [pid 5714] close(21) = -1 EBADF (Bad file descriptor) [pid 5714] close(22) = -1 EBADF (Bad file descriptor) [pid 5714] close(23) = -1 EBADF (Bad file descriptor) [pid 5714] close(24) = -1 EBADF (Bad file descriptor) [pid 5714] close(25) = -1 EBADF (Bad file descriptor) [pid 5714] close(26) = -1 EBADF (Bad file descriptor) [ 200.045953][ T5715] [ 200.053833][ T5715] memory: usage 8kB, limit 0kB, failcnt 36 [ 200.060077][ T5715] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 200.068987][ T5715] Memory cgroup stats for /syz1: [ 200.070142][ T5715] anon 0 [ 200.070142][ T5715] file 0 [ 200.070142][ T5715] kernel 8192 [ 200.070142][ T5715] kernel_stack 0 [ 200.070142][ T5715] pagetables 0 [ 200.070142][ T5715] sec_pagetables 0 [pid 5714] close(27) = -1 EBADF (Bad file descriptor) [pid 5714] close(28) = -1 EBADF (Bad file descriptor) [pid 5714] close(29) = -1 EBADF (Bad file descriptor) [pid 5714] exit_group(0) = ? [pid 5714] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5089] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./37/binderfs") = 0 [pid 5089] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./37/cgroup") = 0 [pid 5089] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./37/cgroup.net") = 0 [ 200.070142][ T5715] percpu 0 [ 200.070142][ T5715] sock 0 [ 200.070142][ T5715] vmalloc 0 [ 200.070142][ T5715] shmem 0 [ 200.070142][ T5715] zswap 0 [ 200.070142][ T5715] zswapped 0 [ 200.070142][ T5715] file_mapped 0 [ 200.070142][ T5715] file_dirty 0 [ 200.070142][ T5715] file_writeback 0 [ 200.070142][ T5715] swapcached 0 [ 200.070142][ T5715] anon_thp 0 [ 200.070142][ T5715] file_thp 0 [ 200.070142][ T5715] shmem_thp 0 [ 200.070142][ T5715] inactive_anon 0 [ 200.070142][ T5715] active_anon 0 [ 200.070142][ T5715] inactive_file 0 [ 200.070142][ T5715] active_file 0 [ 200.070142][ T5715] unevictable 0 [ 200.070142][ T5715] slab_reclaimable 6752 [ 200.070142][ T5715] slab_unreclaimable 0 [ 200.070142][ T5715] slab 6752 [ 200.070142][ T5715] workingset_refault_anon 0 [ 200.070142][ T5715] workingset_refault_file 0 [ 200.070142][ T5715] workingset_activate_anon 0 [ 200.070142][ T5715] workingset_activate_file 0 [ 200.070142][ T5715] workingset_restore_anon 0 [ 200.070142][ T5715] workingset_restore_file 0 [ 200.070142][ T5715] workingset_nodereclaim 0 [ 200.070142][ T5715] pgscan 831 [ 200.070142][ T5715] pgsteal 2 [ 200.070142][ T5715] pgscan_kswapd 0 [ 200.070142][ T5715] pgscan_direct 831 [ 200.070142][ T5715] pgscan_khugepaged 0 [ 200.070142][ T5715] pgsteal_kswapd 0 [ 200.070142][ T5715] pgsteal_direct 2 [ 200.070142][ T5715] pgsteal_khugepaged 0 [ 200.070142][ T5715] pgfault 21 [ 200.070142][ T5715] pgmajfault 0 [ 200.070142][ T5715] pgrefill 830 [ 200.070142][ T5715] pgactivate 829 [ 200.070142][ T5715] pgdeactivate 830 [ 200.070142][ T5715] pglazyfree 0 [ 200.070142][ T5715] pglazyfreed 0 [ 200.070142][ T5715] zswpin 0 [pid 5089] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./37/file0") = 0 [pid 5089] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./37/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./37") = 0 [ 200.070142][ T5715] zswpout 0 [ 200.070142][ T5715] thp_fault_alloc 0 [ 200.070142][ T5715] thp_collapse_alloc 0 [ 200.270684][ T5715] Tasks state (memory values in pages): [ 200.276428][ T5715] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5089] mkdir("./38", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5715] <... write resumed>) = 18 [pid 5715] close(3) = 0 [pid 5715] close(4) = 0 [pid 5715] close(5) = 0 ./strace-static-x86_64: Process 5720 attached [pid 5720] chdir("./38" [pid 5715] close(6 [pid 5720] <... chdir resumed>) = 0 [pid 5720] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5715] <... close resumed>) = 0 [pid 5720] <... prctl resumed>) = 0 [pid 5720] setpgid(0, 0 [pid 5715] close(7 [pid 5720] <... setpgid resumed>) = 0 [pid 5720] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... symlink resumed>) = 0 [pid 5720] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 5715] close(8 [pid 5720] <... symlink resumed>) = 0 [pid 5720] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... symlink resumed>) = 0 [pid 5720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5715] close(9 [pid 5720] <... openat resumed>) = 3 [pid 5720] write(3, "1000", 4 [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... write resumed>) = 4 [pid 5715] close(10 [pid 5720] close(3 [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... close resumed>) = 0 [pid 5715] close(11 [pid 5720] symlink("/dev/binderfs", "./binderfs" [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... symlink resumed>) = 0 [pid 5715] close(12 [pid 5720] mkdir("./file0", 000 [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... mkdir resumed>) = 0 [pid 5715] close(13 [pid 5720] open("./file0", O_RDONLY [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... open resumed>) = 3 [pid 5715] close(14 [pid 5720] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... mount resumed>) = 0 [pid 5715] close(15 [pid 5720] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... openat resumed>) = 4 [pid 5715] close(16 [pid 5720] openat(4, "syz1", O_RDWR|O_PATH [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... openat resumed>) = 5 [pid 5715] close(17 [pid 5720] openat(5, "memory.max", O_RDWR [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5720] <... openat resumed>) = 6 [pid 5715] close(18 [pid 5720] write(6, "0x000000000000040e", 18 [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5715] close(19) = -1 EBADF (Bad file descriptor) [pid 5715] close(20) = -1 EBADF (Bad file descriptor) [pid 5715] close(21) = -1 EBADF (Bad file descriptor) [pid 5715] close(22) = -1 EBADF (Bad file descriptor) [pid 5715] close(23) = -1 EBADF (Bad file descriptor) [pid 5715] close(24) = -1 EBADF (Bad file descriptor) [pid 5715] close(25) = -1 EBADF (Bad file descriptor) [pid 5715] close(26) = -1 EBADF (Bad file descriptor) [pid 5715] close(27) = -1 EBADF (Bad file descriptor) [pid 5715] close(28) = -1 EBADF (Bad file descriptor) [pid 5715] close(29) = -1 EBADF (Bad file descriptor) [pid 5715] exit_group(0) = ? [pid 5715] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 40 [pid 5087] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 200.295311][ T5715] Out of memory and no killable processes... [ 200.303050][ T5716] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 200.338174][ T5716] CPU: 1 PID: 5716 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5087] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./36/binderfs") = 0 [pid 5087] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./36/cgroup") = 0 [pid 5087] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./36/cgroup.net") = 0 [ 200.348180][ T5716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 200.358298][ T5716] Call Trace: [ 200.361633][ T5716] [ 200.364623][ T5716] dump_stack_lvl+0x136/0x150 [ 200.369378][ T5716] dump_header+0x10a/0xd70 [ 200.373864][ T5716] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 200.379998][ T5716] out_of_memory+0xd64/0x1660 [ 200.384763][ T5716] ? oom_killer_disable+0x2b0/0x2b0 [ 200.390036][ T5716] mem_cgroup_out_of_memory+0x206/0x270 [ 200.395636][ T5716] ? mem_cgroup_margin+0x130/0x130 [ 200.400822][ T5716] memory_max_write+0x2f9/0x3c0 [ 200.405735][ T5716] ? mem_cgroup_force_empty_write+0x160/0x160 [ 200.411867][ T5716] ? lock_sync+0x190/0x190 [ 200.416362][ T5716] cgroup_file_write+0x1e2/0x7b0 [ 200.421386][ T5716] ? mem_cgroup_force_empty_write+0x160/0x160 [ 200.427523][ T5716] ? kill_css+0x3b0/0x3b0 [ 200.431893][ T5716] ? lock_acquire+0x32/0xc0 [ 200.436438][ T5716] ? kill_css+0x3b0/0x3b0 [ 200.440821][ T5716] kernfs_fop_write_iter+0x3f1/0x600 [ 200.446199][ T5716] vfs_write+0x9ed/0xe10 [ 200.450528][ T5716] ? kernel_write+0x670/0x670 [ 200.455269][ T5716] ? find_held_lock+0x2d/0x110 [ 200.460118][ T5716] ? __fget_light+0x20a/0x270 [ 200.464844][ T5716] ksys_write+0x12b/0x250 [ 200.469216][ T5716] ? __ia32_sys_read+0xb0/0xb0 [ 200.474019][ T5716] ? lockdep_hardirqs_on+0x7d/0x100 [ 200.479247][ T5716] ? _raw_spin_unlock_irq+0x2e/0x50 [ 200.484499][ T5716] ? ptrace_notify+0xfe/0x140 [ 200.489261][ T5716] do_syscall_64+0x39/0xb0 [ 200.493770][ T5716] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 200.499742][ T5716] RIP: 0033:0x7faecf034129 [ 200.504213][ T5716] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 200.523925][ T5716] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 200.532391][ T5716] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 200.540429][ T5716] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5087] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 200.548459][ T5716] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 200.556491][ T5716] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 200.564511][ T5716] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000022 [ 200.572559][ T5716] [ 200.580802][ T5716] memory: usage 8kB, limit 0kB, failcnt 36 [ 200.586818][ T5716] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 200.593830][ T5716] Memory cgroup stats for /syz1: [pid 5087] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./36/file0") = 0 [pid 5087] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./36/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./36") = 0 [pid 5087] mkdir("./37", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5721 attached [pid 5721] chdir("./37" [ 200.594118][ T5716] anon 0 [ 200.594118][ T5716] file 0 [ 200.594118][ T5716] kernel 8192 [ 200.594118][ T5716] kernel_stack 0 [ 200.594118][ T5716] pagetables 0 [ 200.594118][ T5716] sec_pagetables 0 [ 200.594118][ T5716] percpu 0 [ 200.594118][ T5716] sock 0 [ 200.594118][ T5716] vmalloc 0 [ 200.594118][ T5716] shmem 0 [ 200.594118][ T5716] zswap 0 [ 200.594118][ T5716] zswapped 0 [ 200.594118][ T5716] file_mapped 0 [ 200.594118][ T5716] file_dirty 0 [ 200.594118][ T5716] file_writeback 0 [ 200.594118][ T5716] swapcached 0 [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 39 [pid 5721] <... chdir resumed>) = 0 [pid 5721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5721] setpgid(0, 0) = 0 [pid 5721] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5721] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5721] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5721] write(3, "1000", 4) = 4 [pid 5721] close(3) = 0 [pid 5721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5721] mkdir("./file0", 000) = 0 [pid 5721] open("./file0", O_RDONLY) = 3 [pid 5721] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5721] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 200.594118][ T5716] anon_thp 0 [ 200.594118][ T5716] file_thp 0 [ 200.594118][ T5716] shmem_thp 0 [ 200.594118][ T5716] inactive_anon 0 [ 200.594118][ T5716] active_anon 0 [ 200.594118][ T5716] inactive_file 0 [ 200.594118][ T5716] active_file 0 [ 200.594118][ T5716] unevictable 0 [ 200.594118][ T5716] slab_reclaimable 6752 [ 200.594118][ T5716] slab_unreclaimable 0 [ 200.594118][ T5716] slab 6752 [ 200.594118][ T5716] workingset_refault_anon 0 [ 200.594118][ T5716] workingset_refault_file 0 [ 200.594118][ T5716] workingset_activate_anon 0 [pid 5721] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 200.594118][ T5716] workingset_activate_file 0 [ 200.594118][ T5716] workingset_restore_anon 0 [ 200.594118][ T5716] workingset_restore_file 0 [ 200.594118][ T5716] workingset_nodereclaim 0 [ 200.594118][ T5716] pgscan 831 [ 200.594118][ T5716] pgsteal 2 [ 200.594118][ T5716] pgscan_kswapd 0 [ 200.594118][ T5716] pgscan_direct 831 [ 200.594118][ T5716] pgscan_khugepaged 0 [ 200.594118][ T5716] pgsteal_kswapd 0 [ 200.594118][ T5716] pgsteal_direct 2 [ 200.594118][ T5716] pgsteal_khugepaged 0 [ 200.594118][ T5716] pgfault 21 [ 200.594118][ T5716] pgmajfault 0 [ 200.594118][ T5716] pgrefill 830 [ 200.594118][ T5716] pgactivate 829 [ 200.594118][ T5716] pgdeactivate 830 [ 200.594118][ T5716] pglazyfree 0 [ 200.594118][ T5716] pglazyfreed 0 [ 200.594118][ T5716] zswpin 0 [ 200.594118][ T5716] zswpout 0 [ 200.594118][ T5716] thp_fault_alloc 0 [ 200.594118][ T5716] thp_collapse_alloc 0 [ 200.781326][ T5716] Tasks state (memory values in pages): [ 200.787535][ T5716] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5721] openat(5, "memory.max", O_RDWR) = 6 [pid 5721] write(6, "0x000000000000040e", 18 [pid 5716] <... write resumed>) = 18 [pid 5716] close(3) = 0 [pid 5716] close(4) = 0 [pid 5716] close(5) = 0 [pid 5716] close(6) = 0 [pid 5716] close(7) = -1 EBADF (Bad file descriptor) [pid 5716] close(8) = -1 EBADF (Bad file descriptor) [pid 5716] close(9) = -1 EBADF (Bad file descriptor) [pid 5716] close(10) = -1 EBADF (Bad file descriptor) [pid 5716] close(11) = -1 EBADF (Bad file descriptor) [ 200.798846][ T5716] Out of memory and no killable processes... [ 200.808415][ T5718] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 200.820513][ T5718] CPU: 0 PID: 5718 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 200.830489][ T5718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 200.840607][ T5718] Call Trace: [ 200.843942][ T5718] [pid 5716] close(12) = -1 EBADF (Bad file descriptor) [pid 5716] close(13) = -1 EBADF (Bad file descriptor) [pid 5716] close(14) = -1 EBADF (Bad file descriptor) [pid 5716] close(15) = -1 EBADF (Bad file descriptor) [pid 5716] close(16) = -1 EBADF (Bad file descriptor) [pid 5716] close(17) = -1 EBADF (Bad file descriptor) [pid 5716] close(18) = -1 EBADF (Bad file descriptor) [pid 5716] close(19) = -1 EBADF (Bad file descriptor) [pid 5716] close(20) = -1 EBADF (Bad file descriptor) [ 200.846913][ T5718] dump_stack_lvl+0x136/0x150 [ 200.851659][ T5718] dump_header+0x10a/0xd70 [ 200.856147][ T5718] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 200.862319][ T5718] out_of_memory+0xd64/0x1660 [ 200.867091][ T5718] ? oom_killer_disable+0x2b0/0x2b0 [ 200.872385][ T5718] ? find_held_lock+0x2d/0x110 [ 200.877222][ T5718] mem_cgroup_out_of_memory+0x206/0x270 [ 200.882844][ T5718] ? mem_cgroup_margin+0x130/0x130 [ 200.888059][ T5718] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 200.893961][ T5718] memory_max_write+0x2f9/0x3c0 [ 200.898990][ T5718] ? mem_cgroup_force_empty_write+0x160/0x160 [ 200.905162][ T5718] ? lock_sync+0x190/0x190 [ 200.909657][ T5718] cgroup_file_write+0x1e2/0x7b0 [ 200.914675][ T5718] ? mem_cgroup_force_empty_write+0x160/0x160 [ 200.920810][ T5718] ? kill_css+0x3b0/0x3b0 [ 200.925218][ T5718] ? lock_acquire+0x32/0xc0 [ 200.929785][ T5718] ? kill_css+0x3b0/0x3b0 [ 200.934188][ T5718] kernfs_fop_write_iter+0x3f1/0x600 [ 200.939536][ T5718] vfs_write+0x9ed/0xe10 [ 200.943839][ T5718] ? kernel_write+0x670/0x670 [ 200.948585][ T5718] ? find_held_lock+0x2d/0x110 [ 200.953398][ T5718] ? __fget_light+0x20a/0x270 [ 200.958129][ T5718] ksys_write+0x12b/0x250 [ 200.962513][ T5718] ? __ia32_sys_read+0xb0/0xb0 [ 200.967328][ T5718] ? lockdep_hardirqs_on+0x7d/0x100 [ 200.972576][ T5718] ? _raw_spin_unlock_irq+0x2e/0x50 [ 200.977827][ T5718] ? ptrace_notify+0xfe/0x140 [ 200.982552][ T5718] do_syscall_64+0x39/0xb0 [ 200.987023][ T5718] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 200.992960][ T5718] RIP: 0033:0x7faecf034129 [ 200.997410][ T5718] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 201.017060][ T5718] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 201.025512][ T5718] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 201.033544][ T5718] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 201.041556][ T5718] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5716] close(21) = -1 EBADF (Bad file descriptor) [pid 5716] close(22) = -1 EBADF (Bad file descriptor) [pid 5716] close(23) = -1 EBADF (Bad file descriptor) [pid 5716] close(24) = -1 EBADF (Bad file descriptor) [pid 5716] close(25) = -1 EBADF (Bad file descriptor) [pid 5716] close(26) = -1 EBADF (Bad file descriptor) [pid 5716] close(27) = -1 EBADF (Bad file descriptor) [pid 5716] close(28) = -1 EBADF (Bad file descriptor) [pid 5716] close(29) = -1 EBADF (Bad file descriptor) [pid 5716] exit_group(0) = ? [pid 5716] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5085] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./34/binderfs") = 0 [pid 5085] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./34/cgroup") = 0 [pid 5085] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./34/cgroup.net") = 0 [pid 5085] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 201.049571][ T5718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 201.057578][ T5718] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000026 [ 201.065603][ T5718] [ 201.072087][ T5718] memory: usage 8kB, limit 0kB, failcnt 36 [ 201.077978][ T5718] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 201.086361][ T5718] Memory cgroup stats for /syz1: [ 201.086648][ T5718] anon 0 [ 201.086648][ T5718] file 0 [ 201.086648][ T5718] kernel 8192 [pid 5085] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./34/file0") = 0 [pid 5085] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./34/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./34") = 0 [ 201.086648][ T5718] kernel_stack 0 [ 201.086648][ T5718] pagetables 0 [ 201.086648][ T5718] sec_pagetables 0 [ 201.086648][ T5718] percpu 0 [ 201.086648][ T5718] sock 0 [ 201.086648][ T5718] vmalloc 0 [ 201.086648][ T5718] shmem 0 [ 201.086648][ T5718] zswap 0 [ 201.086648][ T5718] zswapped 0 [ 201.086648][ T5718] file_mapped 0 [ 201.086648][ T5718] file_dirty 0 [ 201.086648][ T5718] file_writeback 0 [ 201.086648][ T5718] swapcached 0 [ 201.086648][ T5718] anon_thp 0 [ 201.086648][ T5718] file_thp 0 [ 201.086648][ T5718] shmem_thp 0 [ 201.086648][ T5718] inactive_anon 0 [ 201.086648][ T5718] active_anon 0 [ 201.086648][ T5718] inactive_file 0 [ 201.086648][ T5718] active_file 0 [ 201.086648][ T5718] unevictable 0 [ 201.086648][ T5718] slab_reclaimable 6752 [ 201.086648][ T5718] slab_unreclaimable 0 [ 201.086648][ T5718] slab 6752 [ 201.086648][ T5718] workingset_refault_anon 0 [ 201.086648][ T5718] workingset_refault_file 0 [ 201.086648][ T5718] workingset_activate_anon 0 [ 201.086648][ T5718] workingset_activate_file 0 [ 201.086648][ T5718] workingset_restore_anon 0 [ 201.086648][ T5718] workingset_restore_file 0 [ 201.086648][ T5718] workingset_nodereclaim 0 [ 201.086648][ T5718] pgscan 831 [ 201.086648][ T5718] pgsteal 2 [ 201.086648][ T5718] pgscan_kswapd 0 [ 201.086648][ T5718] pgscan_direct 831 [ 201.086648][ T5718] pgscan_khugepaged 0 [ 201.086648][ T5718] pgsteal_kswapd 0 [ 201.086648][ T5718] pgsteal_direct 2 [ 201.086648][ T5718] pgsteal_khugepaged 0 [ 201.086648][ T5718] pgfault 21 [ 201.086648][ T5718] pgmajfault 0 [ 201.086648][ T5718] pgrefill 830 [ 201.086648][ T5718] pgactivate 829 [pid 5085] mkdir("./35", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 37 ./strace-static-x86_64: Process 5722 attached [pid 5722] chdir("./35") = 0 [pid 5722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5722] setpgid(0, 0) = 0 [pid 5722] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5722] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5722] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5722] write(3, "1000", 4) = 4 [pid 5722] close(3) = 0 [pid 5722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5722] mkdir("./file0", 000) = 0 [pid 5722] open("./file0", O_RDONLY) = 3 [pid 5722] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5722] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5722] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5722] openat(5, "memory.max", O_RDWR) = 6 [ 201.086648][ T5718] pgdeactivate 830 [ 201.086648][ T5718] pglazyfree 0 [ 201.086648][ T5718] pglazyfreed 0 [ 201.086648][ T5718] zswpin 0 [ 201.086648][ T5718] zswpout 0 [ 201.086648][ T5718] thp_fault_alloc 0 [ 201.086648][ T5718] thp_collapse_alloc 0 [ 201.278229][ T5718] Tasks state (memory values in pages): [ 201.283957][ T5718] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 201.293707][ T5718] Out of memory and no killable processes... [pid 5722] write(6, "0x000000000000040e", 18 [pid 5718] <... write resumed>) = 18 [pid 5718] close(3) = 0 [pid 5718] close(4) = 0 [ 201.299791][ T5719] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 201.310721][ T5719] CPU: 0 PID: 5719 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 201.320688][ T5719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 201.330803][ T5719] Call Trace: [ 201.334135][ T5719] [ 201.337112][ T5719] dump_stack_lvl+0x136/0x150 [ 201.341865][ T5719] dump_header+0x10a/0xd70 [ 201.346346][ T5719] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5718] close(5) = 0 [pid 5718] close(6) = 0 [pid 5718] close(7) = -1 EBADF (Bad file descriptor) [pid 5718] close(8) = -1 EBADF (Bad file descriptor) [pid 5718] close(9) = -1 EBADF (Bad file descriptor) [pid 5718] close(10) = -1 EBADF (Bad file descriptor) [pid 5718] close(11) = -1 EBADF (Bad file descriptor) [pid 5718] close(12) = -1 EBADF (Bad file descriptor) [pid 5718] close(13) = -1 EBADF (Bad file descriptor) [pid 5718] close(14) = -1 EBADF (Bad file descriptor) [pid 5718] close(15) = -1 EBADF (Bad file descriptor) [pid 5718] close(16) = -1 EBADF (Bad file descriptor) [pid 5718] close(17) = -1 EBADF (Bad file descriptor) [ 201.352526][ T5719] out_of_memory+0xd64/0x1660 [ 201.357291][ T5719] ? oom_killer_disable+0x2b0/0x2b0 [ 201.362568][ T5719] ? find_held_lock+0x2d/0x110 [ 201.367401][ T5719] mem_cgroup_out_of_memory+0x206/0x270 [ 201.373023][ T5719] ? mem_cgroup_margin+0x130/0x130 [ 201.378228][ T5719] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 201.384127][ T5719] memory_max_write+0x2f9/0x3c0 [ 201.389104][ T5719] ? mem_cgroup_force_empty_write+0x160/0x160 [ 201.395259][ T5719] ? lock_sync+0x190/0x190 [ 201.399757][ T5719] cgroup_file_write+0x1e2/0x7b0 [ 201.404789][ T5719] ? mem_cgroup_force_empty_write+0x160/0x160 [ 201.410942][ T5719] ? kill_css+0x3b0/0x3b0 [ 201.415354][ T5719] ? lock_acquire+0x32/0xc0 [ 201.419944][ T5719] ? kill_css+0x3b0/0x3b0 [ 201.424372][ T5719] kernfs_fop_write_iter+0x3f1/0x600 [ 201.429745][ T5719] vfs_write+0x9ed/0xe10 [ 201.434086][ T5719] ? kernel_write+0x670/0x670 [ 201.438856][ T5719] ? find_held_lock+0x2d/0x110 [ 201.443708][ T5719] ? __fget_light+0x20a/0x270 [ 201.448486][ T5719] ksys_write+0x12b/0x250 [ 201.452922][ T5719] ? __ia32_sys_read+0xb0/0xb0 [ 201.457783][ T5719] ? lockdep_hardirqs_on+0x7d/0x100 [ 201.463057][ T5719] ? _raw_spin_unlock_irq+0x2e/0x50 [ 201.468335][ T5719] ? ptrace_notify+0xfe/0x140 [ 201.473087][ T5719] do_syscall_64+0x39/0xb0 [ 201.477587][ T5719] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 201.483546][ T5719] RIP: 0033:0x7faecf034129 [ 201.488011][ T5719] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 201.507682][ T5719] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 201.516216][ T5719] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 201.524261][ T5719] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 201.532293][ T5719] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 201.540321][ T5719] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5718] close(18) = -1 EBADF (Bad file descriptor) [pid 5718] close(19) = -1 EBADF (Bad file descriptor) [pid 5718] close(20) = -1 EBADF (Bad file descriptor) [pid 5718] close(21) = -1 EBADF (Bad file descriptor) [pid 5718] close(22) = -1 EBADF (Bad file descriptor) [pid 5718] close(23) = -1 EBADF (Bad file descriptor) [pid 5718] close(24) = -1 EBADF (Bad file descriptor) [pid 5718] close(25) = -1 EBADF (Bad file descriptor) [pid 5718] close(26) = -1 EBADF (Bad file descriptor) [pid 5718] close(27) = -1 EBADF (Bad file descriptor) [pid 5718] close(28) = -1 EBADF (Bad file descriptor) [pid 5718] close(29) = -1 EBADF (Bad file descriptor) [pid 5718] exit_group(0) = ? [pid 5718] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5090] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./38/binderfs") = 0 [pid 5090] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./38/cgroup") = 0 [pid 5090] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./38/cgroup.net") = 0 [pid 5090] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./38/file0") = 0 [pid 5090] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./38/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [ 201.548351][ T5719] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000023 [ 201.556408][ T5719] [ 201.580923][ T5719] memory: usage 8kB, limit 0kB, failcnt 36 [ 201.590515][ T5719] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 201.598005][ T5719] Memory cgroup stats for /syz1: [pid 5090] rmdir("./38") = 0 [pid 5090] mkdir("./39", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5723 attached [pid 5723] chdir("./39" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 41 [pid 5723] <... chdir resumed>) = 0 [pid 5723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5723] setpgid(0, 0) = 0 [pid 5723] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5723] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5723] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5723] write(3, "1000", 4) = 4 [pid 5723] close(3) = 0 [pid 5723] symlink("/dev/binderfs", "./binderfs") = 0 [ 201.598283][ T5719] anon 0 [ 201.598283][ T5719] file 0 [ 201.598283][ T5719] kernel 8192 [ 201.598283][ T5719] kernel_stack 0 [ 201.598283][ T5719] pagetables 0 [ 201.598283][ T5719] sec_pagetables 0 [ 201.598283][ T5719] percpu 0 [ 201.598283][ T5719] sock 0 [ 201.598283][ T5719] vmalloc 0 [ 201.598283][ T5719] shmem 0 [ 201.598283][ T5719] zswap 0 [ 201.598283][ T5719] zswapped 0 [ 201.598283][ T5719] file_mapped 0 [ 201.598283][ T5719] file_dirty 0 [ 201.598283][ T5719] file_writeback 0 [ 201.598283][ T5719] swapcached 0 [pid 5723] mkdir("./file0", 000) = 0 [ 201.598283][ T5719] anon_thp 0 [ 201.598283][ T5719] file_thp 0 [ 201.598283][ T5719] shmem_thp 0 [ 201.598283][ T5719] inactive_anon 0 [ 201.598283][ T5719] active_anon 0 [ 201.598283][ T5719] inactive_file 0 [ 201.598283][ T5719] active_file 0 [ 201.598283][ T5719] unevictable 0 [ 201.598283][ T5719] slab_reclaimable 6752 [ 201.598283][ T5719] slab_unreclaimable 0 [ 201.598283][ T5719] slab 6752 [ 201.598283][ T5719] workingset_refault_anon 0 [ 201.598283][ T5719] workingset_refault_file 0 [ 201.598283][ T5719] workingset_activate_anon 0 [pid 5723] open("./file0", O_RDONLY) = 3 [pid 5723] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5723] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5723] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5723] openat(5, "memory.max", O_RDWR) = 6 [ 201.598283][ T5719] workingset_activate_file 0 [ 201.598283][ T5719] workingset_restore_anon 0 [ 201.598283][ T5719] workingset_restore_file 0 [ 201.598283][ T5719] workingset_nodereclaim 0 [ 201.598283][ T5719] pgscan 831 [ 201.598283][ T5719] pgsteal 2 [ 201.598283][ T5719] pgscan_kswapd 0 [ 201.598283][ T5719] pgscan_direct 831 [ 201.598283][ T5719] pgscan_khugepaged 0 [ 201.598283][ T5719] pgsteal_kswapd 0 [ 201.598283][ T5719] pgsteal_direct 2 [ 201.598283][ T5719] pgsteal_khugepaged 0 [ 201.598283][ T5719] pgfault 21 [ 201.598283][ T5719] pgmajfault 0 [ 201.598283][ T5719] pgrefill 830 [ 201.598283][ T5719] pgactivate 829 [ 201.598283][ T5719] pgdeactivate 830 [ 201.598283][ T5719] pglazyfree 0 [ 201.598283][ T5719] pglazyfreed 0 [ 201.598283][ T5719] zswpin 0 [ 201.598283][ T5719] zswpout 0 [ 201.598283][ T5719] thp_fault_alloc 0 [ 201.598283][ T5719] thp_collapse_alloc 0 [ 201.790362][ T5719] Tasks state (memory values in pages): [pid 5723] write(6, "0x000000000000040e", 18 [pid 5719] <... write resumed>) = 18 [pid 5719] close(3) = 0 [pid 5719] close(4) = 0 [pid 5719] close(5) = 0 [pid 5719] close(6) = 0 [pid 5719] close(7) = -1 EBADF (Bad file descriptor) [pid 5719] close(8) = -1 EBADF (Bad file descriptor) [pid 5719] close(9) = -1 EBADF (Bad file descriptor) [pid 5719] close(10) = -1 EBADF (Bad file descriptor) [pid 5719] close(11) = -1 EBADF (Bad file descriptor) [pid 5719] close(12) = -1 EBADF (Bad file descriptor) [pid 5719] close(13) = -1 EBADF (Bad file descriptor) [pid 5719] close(14) = -1 EBADF (Bad file descriptor) [pid 5719] close(15) = -1 EBADF (Bad file descriptor) [pid 5719] close(16) = -1 EBADF (Bad file descriptor) [pid 5719] close(17) = -1 EBADF (Bad file descriptor) [pid 5719] close(18) = -1 EBADF (Bad file descriptor) [pid 5719] close(19) = -1 EBADF (Bad file descriptor) [pid 5719] close(20) = -1 EBADF (Bad file descriptor) [pid 5719] close(21) = -1 EBADF (Bad file descriptor) [pid 5719] close(22) = -1 EBADF (Bad file descriptor) [pid 5719] close(23) = -1 EBADF (Bad file descriptor) [pid 5719] close(24) = -1 EBADF (Bad file descriptor) [pid 5719] close(25) = -1 EBADF (Bad file descriptor) [pid 5719] close(26) = -1 EBADF (Bad file descriptor) [pid 5719] close(27) = -1 EBADF (Bad file descriptor) [pid 5719] close(28) = -1 EBADF (Bad file descriptor) [pid 5719] close(29) = -1 EBADF (Bad file descriptor) [pid 5719] exit_group(0) = ? [pid 5719] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5086] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 201.796101][ T5719] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 201.805680][ T5719] Out of memory and no killable processes... [ 201.812144][ T5720] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 201.823716][ T5720] CPU: 1 PID: 5720 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 201.833688][ T5720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 201.843802][ T5720] Call Trace: [ 201.847130][ T5720] [ 201.850112][ T5720] dump_stack_lvl+0x136/0x150 [pid 5086] unlink("./35/binderfs") = 0 [pid 5086] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./35/cgroup") = 0 [pid 5086] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./35/cgroup.net") = 0 [ 201.854871][ T5720] dump_header+0x10a/0xd70 [ 201.859365][ T5720] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 201.865580][ T5720] out_of_memory+0xd64/0x1660 [ 201.870360][ T5720] ? oom_killer_disable+0x2b0/0x2b0 [ 201.875666][ T5720] mem_cgroup_out_of_memory+0x206/0x270 [ 201.881316][ T5720] ? mem_cgroup_margin+0x130/0x130 [ 201.886539][ T5720] memory_max_write+0x2f9/0x3c0 [ 201.891476][ T5720] ? mem_cgroup_force_empty_write+0x160/0x160 [ 201.897717][ T5720] ? lock_sync+0x190/0x190 [ 201.902233][ T5720] cgroup_file_write+0x1e2/0x7b0 [ 201.907264][ T5720] ? mem_cgroup_force_empty_write+0x160/0x160 [ 201.913409][ T5720] ? kill_css+0x3b0/0x3b0 [ 201.917790][ T5720] ? lock_acquire+0x32/0xc0 [ 201.922469][ T5720] ? kill_css+0x3b0/0x3b0 [ 201.926868][ T5720] kernfs_fop_write_iter+0x3f1/0x600 [ 201.932231][ T5720] vfs_write+0x9ed/0xe10 [ 201.936566][ T5720] ? kernel_write+0x670/0x670 [ 201.941324][ T5720] ? find_held_lock+0x2d/0x110 [ 201.946150][ T5720] ? __fget_light+0x20a/0x270 [ 201.950899][ T5720] ksys_write+0x12b/0x250 [ 201.955289][ T5720] ? __ia32_sys_read+0xb0/0xb0 [ 201.960131][ T5720] ? lockdep_hardirqs_on+0x7d/0x100 [ 201.965404][ T5720] ? _raw_spin_unlock_irq+0x2e/0x50 [ 201.970677][ T5720] ? ptrace_notify+0xfe/0x140 [ 201.975431][ T5720] do_syscall_64+0x39/0xb0 [ 201.979919][ T5720] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 201.985868][ T5720] RIP: 0033:0x7faecf034129 [ 201.990331][ T5720] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 202.010075][ T5720] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 202.018518][ T5720] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 202.026533][ T5720] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 202.034546][ T5720] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 202.042559][ T5720] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5086] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./35/file0") = 0 [pid 5086] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./35/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 202.050557][ T5720] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000026 [ 202.058605][ T5720] [ 202.072073][ T5720] memory: usage 8kB, limit 0kB, failcnt 36 [ 202.077956][ T5720] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 202.085019][ T5720] Memory cgroup stats for /syz1: [ 202.085310][ T5720] anon 0 [ 202.085310][ T5720] file 0 [ 202.085310][ T5720] kernel 8192 [ 202.085310][ T5720] kernel_stack 0 [ 202.085310][ T5720] pagetables 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./35") = 0 [pid 5086] mkdir("./36", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 38 ./strace-static-x86_64: Process 5724 attached [pid 5724] chdir("./36") = 0 [pid 5724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5724] setpgid(0, 0) = 0 [pid 5724] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5724] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5724] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5724] write(3, "1000", 4) = 4 [pid 5724] close(3) = 0 [pid 5724] symlink("/dev/binderfs", "./binderfs") = 0 [ 202.085310][ T5720] sec_pagetables 0 [ 202.085310][ T5720] percpu 0 [ 202.085310][ T5720] sock 0 [ 202.085310][ T5720] vmalloc 0 [ 202.085310][ T5720] shmem 0 [ 202.085310][ T5720] zswap 0 [ 202.085310][ T5720] zswapped 0 [ 202.085310][ T5720] file_mapped 0 [ 202.085310][ T5720] file_dirty 0 [ 202.085310][ T5720] file_writeback 0 [ 202.085310][ T5720] swapcached 0 [ 202.085310][ T5720] anon_thp 0 [ 202.085310][ T5720] file_thp 0 [ 202.085310][ T5720] shmem_thp 0 [ 202.085310][ T5720] inactive_anon 0 [ 202.085310][ T5720] active_anon 0 [pid 5724] mkdir("./file0", 000) = 0 [pid 5724] open("./file0", O_RDONLY) = 3 [pid 5724] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5724] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5724] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5724] openat(5, "memory.max", O_RDWR) = 6 [ 202.085310][ T5720] inactive_file 0 [ 202.085310][ T5720] active_file 0 [ 202.085310][ T5720] unevictable 0 [ 202.085310][ T5720] slab_reclaimable 6752 [ 202.085310][ T5720] slab_unreclaimable 0 [ 202.085310][ T5720] slab 6752 [ 202.085310][ T5720] workingset_refault_anon 0 [ 202.085310][ T5720] workingset_refault_file 0 [ 202.085310][ T5720] workingset_activate_anon 0 [ 202.085310][ T5720] workingset_activate_file 0 [ 202.085310][ T5720] workingset_restore_anon 0 [ 202.085310][ T5720] workingset_restore_file 0 [ 202.085310][ T5720] workingset_nodereclaim 0 [ 202.085310][ T5720] pgscan 831 [ 202.085310][ T5720] pgsteal 2 [ 202.085310][ T5720] pgscan_kswapd 0 [ 202.085310][ T5720] pgscan_direct 831 [ 202.085310][ T5720] pgscan_khugepaged 0 [ 202.085310][ T5720] pgsteal_kswapd 0 [ 202.085310][ T5720] pgsteal_direct 2 [ 202.085310][ T5720] pgsteal_khugepaged 0 [ 202.085310][ T5720] pgfault 21 [ 202.085310][ T5720] pgmajfault 0 [ 202.085310][ T5720] pgrefill 830 [ 202.085310][ T5720] pgactivate 829 [ 202.085310][ T5720] pgdeactivate 830 [ 202.085310][ T5720] pglazyfree 0 [ 202.085310][ T5720] pglazyfreed 0 [ 202.085310][ T5720] zswpin 0 [ 202.085310][ T5720] zswpout 0 [ 202.085310][ T5720] thp_fault_alloc 0 [ 202.085310][ T5720] thp_collapse_alloc 0 [ 202.278872][ T5720] Tasks state (memory values in pages): [ 202.285848][ T5720] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 202.295773][ T5720] Out of memory and no killable processes... [pid 5724] write(6, "0x000000000000040e", 18 [pid 5720] <... write resumed>) = 18 [pid 5720] close(3) = 0 [pid 5720] close(4) = 0 [pid 5720] close(5) = 0 [pid 5720] close(6) = 0 [pid 5720] close(7) = -1 EBADF (Bad file descriptor) [ 202.302966][ T5721] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 202.313902][ T5721] CPU: 1 PID: 5721 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 202.323871][ T5721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 202.333980][ T5721] Call Trace: [ 202.337307][ T5721] [ 202.340285][ T5721] dump_stack_lvl+0x136/0x150 [ 202.345033][ T5721] dump_header+0x10a/0xd70 [ 202.349525][ T5721] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5720] close(8) = -1 EBADF (Bad file descriptor) [pid 5720] close(9) = -1 EBADF (Bad file descriptor) [pid 5720] close(10) = -1 EBADF (Bad file descriptor) [pid 5720] close(11) = -1 EBADF (Bad file descriptor) [pid 5720] close(12) = -1 EBADF (Bad file descriptor) [pid 5720] close(13) = -1 EBADF (Bad file descriptor) [pid 5720] close(14) = -1 EBADF (Bad file descriptor) [pid 5720] close(15) = -1 EBADF (Bad file descriptor) [pid 5720] close(16) = -1 EBADF (Bad file descriptor) [pid 5720] close(17) = -1 EBADF (Bad file descriptor) [pid 5720] close(18) = -1 EBADF (Bad file descriptor) [pid 5720] close(19) = -1 EBADF (Bad file descriptor) [pid 5720] close(20) = -1 EBADF (Bad file descriptor) [pid 5720] close(21) = -1 EBADF (Bad file descriptor) [pid 5720] close(22) = -1 EBADF (Bad file descriptor) [pid 5720] close(23) = -1 EBADF (Bad file descriptor) [pid 5720] close(24) = -1 EBADF (Bad file descriptor) [pid 5720] close(25) = -1 EBADF (Bad file descriptor) [ 202.355686][ T5721] out_of_memory+0xd64/0x1660 [ 202.360456][ T5721] ? oom_killer_disable+0x2b0/0x2b0 [ 202.365746][ T5721] mem_cgroup_out_of_memory+0x206/0x270 [ 202.371378][ T5721] ? mem_cgroup_margin+0x130/0x130 [ 202.376592][ T5721] memory_max_write+0x2f9/0x3c0 [ 202.381527][ T5721] ? mem_cgroup_force_empty_write+0x160/0x160 [ 202.387682][ T5721] ? lock_sync+0x190/0x190 [ 202.392177][ T5721] cgroup_file_write+0x1e2/0x7b0 [ 202.397224][ T5721] ? mem_cgroup_force_empty_write+0x160/0x160 [ 202.403388][ T5721] ? kill_css+0x3b0/0x3b0 [pid 5720] close(26) = -1 EBADF (Bad file descriptor) [pid 5720] close(27) = -1 EBADF (Bad file descriptor) [pid 5720] close(28) = -1 EBADF (Bad file descriptor) [pid 5720] close(29) = -1 EBADF (Bad file descriptor) [pid 5720] exit_group(0) = ? [pid 5720] +++ exited with 0 +++ [ 202.407820][ T5721] ? lock_acquire+0x32/0xc0 [ 202.412417][ T5721] ? kill_css+0x3b0/0x3b0 [ 202.416836][ T5721] kernfs_fop_write_iter+0x3f1/0x600 [ 202.422197][ T5721] vfs_write+0x9ed/0xe10 [ 202.426507][ T5721] ? kernel_write+0x670/0x670 [ 202.431234][ T5721] ? find_held_lock+0x2d/0x110 [ 202.436048][ T5721] ? __fget_light+0x20a/0x270 [ 202.440867][ T5721] ksys_write+0x12b/0x250 [ 202.445246][ T5721] ? __ia32_sys_read+0xb0/0xb0 [ 202.450074][ T5721] ? lockdep_hardirqs_on+0x7d/0x100 [ 202.455314][ T5721] ? _raw_spin_unlock_irq+0x2e/0x50 [ 202.460558][ T5721] ? ptrace_notify+0xfe/0x140 [ 202.465276][ T5721] do_syscall_64+0x39/0xb0 [ 202.469769][ T5721] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 202.475701][ T5721] RIP: 0033:0x7faecf034129 [ 202.480145][ T5721] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 202.499784][ T5721] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 202.508233][ T5721] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 202.516235][ T5721] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 202.524252][ T5721] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 202.532253][ T5721] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 202.540259][ T5721] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000025 [ 202.548285][ T5721] [ 202.552916][ T5721] memory: usage 8kB, limit 0kB, failcnt 36 [ 202.558790][ T5721] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 202.565760][ T5721] Memory cgroup stats for /syz1: [ 202.566037][ T5721] anon 0 [ 202.566037][ T5721] file 0 [ 202.566037][ T5721] kernel 8192 [ 202.566037][ T5721] kernel_stack 0 [ 202.566037][ T5721] pagetables 0 [ 202.566037][ T5721] sec_pagetables 0 [ 202.566037][ T5721] percpu 0 [ 202.566037][ T5721] sock 0 [ 202.566037][ T5721] vmalloc 0 [ 202.566037][ T5721] shmem 0 [ 202.566037][ T5721] zswap 0 [ 202.566037][ T5721] zswapped 0 [ 202.566037][ T5721] file_mapped 0 [ 202.566037][ T5721] file_dirty 0 [ 202.566037][ T5721] file_writeback 0 [ 202.566037][ T5721] swapcached 0 [ 202.566037][ T5721] anon_thp 0 [ 202.566037][ T5721] file_thp 0 [ 202.566037][ T5721] shmem_thp 0 [ 202.566037][ T5721] inactive_anon 0 [ 202.566037][ T5721] active_anon 0 [ 202.566037][ T5721] inactive_file 0 [ 202.566037][ T5721] active_file 0 [ 202.566037][ T5721] unevictable 0 [ 202.566037][ T5721] slab_reclaimable 6752 [ 202.566037][ T5721] slab_unreclaimable 0 [ 202.566037][ T5721] slab 6752 [ 202.566037][ T5721] workingset_refault_anon 0 [ 202.566037][ T5721] workingset_refault_file 0 [ 202.566037][ T5721] workingset_activate_anon 0 [ 202.566037][ T5721] workingset_activate_file 0 [ 202.566037][ T5721] workingset_restore_anon 0 [ 202.566037][ T5721] workingset_restore_file 0 [ 202.566037][ T5721] workingset_nodereclaim 0 [ 202.566037][ T5721] pgscan 831 [ 202.566037][ T5721] pgsteal 2 [ 202.566037][ T5721] pgscan_kswapd 0 [ 202.566037][ T5721] pgscan_direct 831 [ 202.566037][ T5721] pgscan_khugepaged 0 [ 202.566037][ T5721] pgsteal_kswapd 0 [ 202.566037][ T5721] pgsteal_direct 2 [ 202.566037][ T5721] pgsteal_khugepaged 0 [ 202.566037][ T5721] pgfault 21 [ 202.566037][ T5721] pgmajfault 0 [ 202.566037][ T5721] pgrefill 830 [ 202.566037][ T5721] pgactivate 829 [ 202.566037][ T5721] pgdeactivate 830 [ 202.566037][ T5721] pglazyfree 0 [ 202.566037][ T5721] pglazyfreed 0 [ 202.566037][ T5721] zswpin 0 [ 202.566037][ T5721] zswpout 0 [ 202.566037][ T5721] thp_fault_alloc 0 [ 202.566037][ T5721] thp_collapse_alloc 0 [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./38/binderfs") = 0 [pid 5089] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./38/cgroup") = 0 [pid 5089] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./38/cgroup.net") = 0 [pid 5089] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 202.766499][ T5721] Tasks state (memory values in pages): [ 202.779938][ T5721] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 202.789897][ T5721] Out of memory and no killable processes... [ 202.805239][ T5722] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5721] <... write resumed>) = 18 [pid 5089] close(4) = 0 [pid 5089] rmdir("./38/file0") = 0 [pid 5089] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./38/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./38") = 0 [pid 5089] mkdir("./39", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 41 [ 202.821090][ T5722] CPU: 1 PID: 5722 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 202.831082][ T5722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 202.841196][ T5722] Call Trace: [ 202.844525][ T5722] [ 202.847505][ T5722] dump_stack_lvl+0x136/0x150 [ 202.852270][ T5722] dump_header+0x10a/0xd70 [ 202.856765][ T5722] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 202.862926][ T5722] out_of_memory+0xd64/0x1660 [pid 5721] close(3) = 0 [pid 5721] close(4) = 0 [pid 5721] close(5) = 0 [pid 5721] close(6) = 0 [pid 5721] close(7) = -1 EBADF (Bad file descriptor) [pid 5721] close(8) = -1 EBADF (Bad file descriptor) [pid 5721] close(9) = -1 EBADF (Bad file descriptor) [pid 5721] close(10) = -1 EBADF (Bad file descriptor) [pid 5721] close(11) = -1 EBADF (Bad file descriptor) [pid 5721] close(12) = -1 EBADF (Bad file descriptor) [pid 5721] close(13) = -1 EBADF (Bad file descriptor) [pid 5721] close(14) = -1 EBADF (Bad file descriptor) [pid 5721] close(15) = -1 EBADF (Bad file descriptor) [pid 5721] close(16) = -1 EBADF (Bad file descriptor) [pid 5721] close(17) = -1 EBADF (Bad file descriptor) [pid 5721] close(18) = -1 EBADF (Bad file descriptor) [pid 5721] close(19) = -1 EBADF (Bad file descriptor) [pid 5721] close(20) = -1 EBADF (Bad file descriptor) [pid 5721] close(21) = -1 EBADF (Bad file descriptor) [pid 5721] close(22) = -1 EBADF (Bad file descriptor) [ 202.867694][ T5722] ? oom_killer_disable+0x2b0/0x2b0 [ 202.872971][ T5722] ? find_held_lock+0x2d/0x110 [ 202.877820][ T5722] mem_cgroup_out_of_memory+0x206/0x270 [ 202.883450][ T5722] ? mem_cgroup_margin+0x130/0x130 [ 202.888659][ T5722] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 202.894559][ T5722] memory_max_write+0x2f9/0x3c0 [ 202.899507][ T5722] ? mem_cgroup_force_empty_write+0x160/0x160 [ 202.905691][ T5722] ? lock_sync+0x190/0x190 [ 202.910206][ T5722] cgroup_file_write+0x1e2/0x7b0 [ 202.915243][ T5722] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5721] close(23) = -1 EBADF (Bad file descriptor) [pid 5721] close(24) = -1 EBADF (Bad file descriptor) [pid 5721] close(25) = -1 EBADF (Bad file descriptor) [pid 5721] close(26) = -1 EBADF (Bad file descriptor) [pid 5721] close(27) = -1 EBADF (Bad file descriptor) [pid 5721] close(28) = -1 EBADF (Bad file descriptor) [pid 5721] close(29) = -1 EBADF (Bad file descriptor) [pid 5721] exit_group(0) = ? [pid 5721] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./37/binderfs") = 0 [pid 5087] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./37/cgroup") = 0 [ 202.921402][ T5722] ? kill_css+0x3b0/0x3b0 [ 202.925815][ T5722] ? lock_acquire+0x32/0xc0 [ 202.930405][ T5722] ? kill_css+0x3b0/0x3b0 [ 202.934813][ T5722] kernfs_fop_write_iter+0x3f1/0x600 [ 202.940191][ T5722] vfs_write+0x9ed/0xe10 [ 202.944546][ T5722] ? kernel_write+0x670/0x670 [ 202.949324][ T5722] ? find_held_lock+0x2d/0x110 [ 202.954183][ T5722] ? __fget_light+0x20a/0x270 [ 202.958953][ T5722] ksys_write+0x12b/0x250 [ 202.963374][ T5722] ? __ia32_sys_read+0xb0/0xb0 [pid 5087] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./37/cgroup.net") = 0 [pid 5087] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5725 attached [pid 5725] chdir("./39") = 0 [pid 5725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5725] setpgid(0, 0) = 0 [pid 5725] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5725] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5725] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5725] write(3, "1000", 4) = 4 [pid 5725] close(3) = 0 [pid 5725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5725] mkdir("./file0", 000) = 0 [pid 5725] open("./file0", O_RDONLY) = 3 [pid 5725] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5725] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5725] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 202.968225][ T5722] ? lockdep_hardirqs_on+0x7d/0x100 [ 202.973517][ T5722] ? _raw_spin_unlock_irq+0x2e/0x50 [ 202.978789][ T5722] ? ptrace_notify+0xfe/0x140 [ 202.983559][ T5722] do_syscall_64+0x39/0xb0 [ 202.988066][ T5722] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 202.994038][ T5722] RIP: 0033:0x7faecf034129 [ 202.998508][ T5722] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5725] openat(5, "memory.max", O_RDWR) = 6 [ 203.018272][ T5722] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 203.026756][ T5722] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 203.034782][ T5722] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 203.042802][ T5722] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 203.050837][ T5722] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 203.058842][ T5722] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000023 [ 203.066873][ T5722] [pid 5725] write(6, "0x000000000000040e", 18 [pid 5087] <... umount2 resumed>) = 0 [pid 5087] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [ 203.080876][ T5722] memory: usage 8kB, limit 0kB, failcnt 36 [ 203.087054][ T5722] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 203.096545][ T5722] Memory cgroup stats for /syz1: [ 203.096835][ T5722] anon 0 [ 203.096835][ T5722] file 0 [ 203.096835][ T5722] kernel 8192 [ 203.096835][ T5722] kernel_stack 0 [ 203.096835][ T5722] pagetables 0 [ 203.096835][ T5722] sec_pagetables 0 [ 203.096835][ T5722] percpu 0 [ 203.096835][ T5722] sock 0 [ 203.096835][ T5722] vmalloc 0 [ 203.096835][ T5722] shmem 0 [ 203.096835][ T5722] zswap 0 [ 203.096835][ T5722] zswapped 0 [ 203.096835][ T5722] file_mapped 0 [ 203.096835][ T5722] file_dirty 0 [ 203.096835][ T5722] file_writeback 0 [ 203.096835][ T5722] swapcached 0 [ 203.096835][ T5722] anon_thp 0 [ 203.096835][ T5722] file_thp 0 [ 203.096835][ T5722] shmem_thp 0 [ 203.096835][ T5722] inactive_anon 0 [ 203.096835][ T5722] active_anon 0 [ 203.096835][ T5722] inactive_file 0 [ 203.096835][ T5722] active_file 0 [ 203.096835][ T5722] unevictable 0 [ 203.096835][ T5722] slab_reclaimable 6752 [ 203.096835][ T5722] slab_unreclaimable 0 [ 203.096835][ T5722] slab 6752 [ 203.096835][ T5722] workingset_refault_anon 0 [ 203.096835][ T5722] workingset_refault_file 0 [ 203.096835][ T5722] workingset_activate_anon 0 [ 203.096835][ T5722] workingset_activate_file 0 [ 203.096835][ T5722] workingset_restore_anon 0 [ 203.096835][ T5722] workingset_restore_file 0 [ 203.096835][ T5722] workingset_nodereclaim 0 [ 203.096835][ T5722] pgscan 831 [ 203.096835][ T5722] pgsteal 2 [ 203.096835][ T5722] pgscan_kswapd 0 [ 203.096835][ T5722] pgscan_direct 831 [ 203.096835][ T5722] pgscan_khugepaged 0 [ 203.096835][ T5722] pgsteal_kswapd 0 [ 203.096835][ T5722] pgsteal_direct 2 [ 203.096835][ T5722] pgsteal_khugepaged 0 [ 203.096835][ T5722] pgfault 21 [ 203.096835][ T5722] pgmajfault 0 [ 203.096835][ T5722] pgrefill 830 [ 203.096835][ T5722] pgactivate 829 [ 203.096835][ T5722] pgdeactivate 830 [ 203.096835][ T5722] pglazyfree 0 [ 203.096835][ T5722] pglazyfreed 0 [ 203.096835][ T5722] zswpin 0 [ 203.096835][ T5722] zswpout 0 [ 203.096835][ T5722] thp_fault_alloc 0 [pid 5087] rmdir("./37/file0") = 0 [pid 5087] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./37/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./37") = 0 [pid 5087] mkdir("./38", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5726 attached [ 203.096835][ T5722] thp_collapse_alloc 0 [ 203.299109][ T5722] Tasks state (memory values in pages): [ 203.305313][ T5722] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 203.316034][ T5722] Out of memory and no killable processes... [pid 5726] chdir("./38" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 40 [pid 5726] <... chdir resumed>) = 0 [pid 5722] <... write resumed>) = 18 [pid 5726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5726] setpgid(0, 0) = 0 [pid 5726] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5726] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5726] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5726] write(3, "1000", 4) = 4 [pid 5726] close(3) = 0 [pid 5726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5726] mkdir("./file0", 000) = 0 [pid 5726] open("./file0", O_RDONLY) = 3 [pid 5726] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5726] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5726] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5726] openat(5, "memory.max", O_RDWR) = 6 [ 203.322590][ T5723] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 203.333425][ T5723] CPU: 1 PID: 5723 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 203.343395][ T5723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 203.353510][ T5723] Call Trace: [ 203.356837][ T5723] [ 203.359905][ T5723] dump_stack_lvl+0x136/0x150 [ 203.364657][ T5723] dump_header+0x10a/0xd70 [ 203.369172][ T5723] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 203.375343][ T5723] out_of_memory+0xd64/0x1660 [ 203.380107][ T5723] ? oom_killer_disable+0x2b0/0x2b0 [ 203.385398][ T5723] mem_cgroup_out_of_memory+0x206/0x270 [ 203.391039][ T5723] ? mem_cgroup_margin+0x130/0x130 [ 203.396242][ T5723] memory_max_write+0x2f9/0x3c0 [ 203.401219][ T5723] ? mem_cgroup_force_empty_write+0x160/0x160 [ 203.407361][ T5723] ? lock_sync+0x190/0x190 [ 203.411822][ T5723] cgroup_file_write+0x1e2/0x7b0 [ 203.416851][ T5723] ? mem_cgroup_force_empty_write+0x160/0x160 [ 203.422968][ T5723] ? kill_css+0x3b0/0x3b0 [ 203.427348][ T5723] ? lock_acquire+0x32/0xc0 [ 203.431900][ T5723] ? kill_css+0x3b0/0x3b0 [ 203.436289][ T5723] kernfs_fop_write_iter+0x3f1/0x600 [ 203.441641][ T5723] vfs_write+0x9ed/0xe10 [ 203.445976][ T5723] ? kernel_write+0x670/0x670 [ 203.450727][ T5723] ? find_held_lock+0x2d/0x110 [ 203.455539][ T5723] ? __fget_light+0x20a/0x270 [ 203.460325][ T5723] ksys_write+0x12b/0x250 [ 203.464704][ T5723] ? __ia32_sys_read+0xb0/0xb0 [ 203.469524][ T5723] ? lockdep_hardirqs_on+0x7d/0x100 [ 203.474766][ T5723] ? _raw_spin_unlock_irq+0x2e/0x50 [ 203.480011][ T5723] ? ptrace_notify+0xfe/0x140 [ 203.484735][ T5723] do_syscall_64+0x39/0xb0 [ 203.489204][ T5723] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 203.495145][ T5723] RIP: 0033:0x7faecf034129 [ 203.499589][ T5723] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 203.519233][ T5723] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 203.527705][ T5723] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 203.535707][ T5723] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 203.543709][ T5723] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 203.551713][ T5723] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 203.559717][ T5723] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000027 [ 203.567747][ T5723] [pid 5726] write(6, "0x000000000000040e", 18 [pid 5722] close(3) = 0 [pid 5722] close(4) = 0 [pid 5722] close(5) = 0 [pid 5722] close(6) = 0 [pid 5722] close(7) = -1 EBADF (Bad file descriptor) [pid 5722] close(8) = -1 EBADF (Bad file descriptor) [pid 5722] close(9) = -1 EBADF (Bad file descriptor) [pid 5722] close(10) = -1 EBADF (Bad file descriptor) [pid 5722] close(11) = -1 EBADF (Bad file descriptor) [pid 5722] close(12) = -1 EBADF (Bad file descriptor) [pid 5722] close(13) = -1 EBADF (Bad file descriptor) [pid 5722] close(14) = -1 EBADF (Bad file descriptor) [pid 5722] close(15) = -1 EBADF (Bad file descriptor) [pid 5722] close(16) = -1 EBADF (Bad file descriptor) [pid 5722] close(17) = -1 EBADF (Bad file descriptor) [pid 5722] close(18) = -1 EBADF (Bad file descriptor) [pid 5722] close(19) = -1 EBADF (Bad file descriptor) [ 203.581861][ T5723] memory: usage 8kB, limit 0kB, failcnt 36 [ 203.590065][ T5723] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 203.599252][ T5723] Memory cgroup stats for /syz1: [ 203.599480][ T5723] anon 0 [ 203.599480][ T5723] file 0 [ 203.599480][ T5723] kernel 8192 [ 203.599480][ T5723] kernel_stack 0 [ 203.599480][ T5723] pagetables 0 [ 203.599480][ T5723] sec_pagetables 0 [ 203.599480][ T5723] percpu 0 [ 203.599480][ T5723] sock 0 [ 203.599480][ T5723] vmalloc 0 [pid 5722] close(20) = -1 EBADF (Bad file descriptor) [pid 5722] close(21) = -1 EBADF (Bad file descriptor) [pid 5722] close(22) = -1 EBADF (Bad file descriptor) [pid 5722] close(23) = -1 EBADF (Bad file descriptor) [pid 5722] close(24) = -1 EBADF (Bad file descriptor) [pid 5722] close(25) = -1 EBADF (Bad file descriptor) [pid 5722] close(26) = -1 EBADF (Bad file descriptor) [pid 5722] close(27) = -1 EBADF (Bad file descriptor) [pid 5722] close(28) = -1 EBADF (Bad file descriptor) [pid 5722] close(29) = -1 EBADF (Bad file descriptor) [pid 5722] exit_group(0) = ? [pid 5722] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5085] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./35/binderfs") = 0 [pid 5085] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 203.599480][ T5723] shmem 0 [ 203.599480][ T5723] zswap 0 [ 203.599480][ T5723] zswapped 0 [ 203.599480][ T5723] file_mapped 0 [ 203.599480][ T5723] file_dirty 0 [ 203.599480][ T5723] file_writeback 0 [ 203.599480][ T5723] swapcached 0 [ 203.599480][ T5723] anon_thp 0 [ 203.599480][ T5723] file_thp 0 [ 203.599480][ T5723] shmem_thp 0 [ 203.599480][ T5723] inactive_anon 0 [ 203.599480][ T5723] active_anon 0 [ 203.599480][ T5723] inactive_file 0 [ 203.599480][ T5723] active_file 0 [ 203.599480][ T5723] unevictable 0 [pid 5085] unlink("./35/cgroup") = 0 [pid 5085] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./35/cgroup.net") = 0 [ 203.599480][ T5723] slab_reclaimable 6752 [ 203.599480][ T5723] slab_unreclaimable 0 [ 203.599480][ T5723] slab 6752 [ 203.599480][ T5723] workingset_refault_anon 0 [ 203.599480][ T5723] workingset_refault_file 0 [ 203.599480][ T5723] workingset_activate_anon 0 [ 203.599480][ T5723] workingset_activate_file 0 [ 203.599480][ T5723] workingset_restore_anon 0 [ 203.599480][ T5723] workingset_restore_file 0 [ 203.599480][ T5723] workingset_nodereclaim 0 [ 203.599480][ T5723] pgscan 831 [ 203.599480][ T5723] pgsteal 2 [ 203.599480][ T5723] pgscan_kswapd 0 [ 203.599480][ T5723] pgscan_direct 831 [ 203.599480][ T5723] pgscan_khugepaged 0 [ 203.599480][ T5723] pgsteal_kswapd 0 [ 203.599480][ T5723] pgsteal_direct 2 [ 203.599480][ T5723] pgsteal_khugepaged 0 [ 203.599480][ T5723] pgfault 21 [ 203.599480][ T5723] pgmajfault 0 [ 203.599480][ T5723] pgrefill 830 [ 203.599480][ T5723] pgactivate 829 [ 203.599480][ T5723] pgdeactivate 830 [ 203.599480][ T5723] pglazyfree 0 [ 203.599480][ T5723] pglazyfreed 0 [ 203.599480][ T5723] zswpin 0 [ 203.599480][ T5723] zswpout 0 [ 203.599480][ T5723] thp_fault_alloc 0 [pid 5085] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./35/file0") = 0 [pid 5085] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./35/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 203.599480][ T5723] thp_collapse_alloc 0 [ 203.787125][ T5723] Tasks state (memory values in pages): [ 203.793340][ T5723] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 203.803284][ T5723] Out of memory and no killable processes... [ 203.815454][ T5724] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5723] <... write resumed>) = 18 [pid 5085] close(3) = 0 [pid 5085] rmdir("./35") = 0 [pid 5085] mkdir("./36", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5727 attached [pid 5727] chdir("./36" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 38 [pid 5727] <... chdir resumed>) = 0 [pid 5727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5727] setpgid(0, 0) = 0 [pid 5727] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 203.839119][ T5724] CPU: 0 PID: 5724 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 203.849119][ T5724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 203.859236][ T5724] Call Trace: [ 203.862571][ T5724] [ 203.865553][ T5724] dump_stack_lvl+0x136/0x150 [ 203.870310][ T5724] dump_header+0x10a/0xd70 [ 203.874793][ T5724] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 203.880956][ T5724] out_of_memory+0xd64/0x1660 [pid 5727] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5727] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5727] write(3, "1000", 4) = 4 [pid 5727] close(3) = 0 [pid 5727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5727] mkdir("./file0", 000) = 0 [pid 5727] open("./file0", O_RDONLY) = 3 [pid 5727] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5727] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5727] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 203.885733][ T5724] ? oom_killer_disable+0x2b0/0x2b0 [ 203.891023][ T5724] mem_cgroup_out_of_memory+0x206/0x270 [ 203.896652][ T5724] ? mem_cgroup_margin+0x130/0x130 [ 203.901867][ T5724] memory_max_write+0x2f9/0x3c0 [ 203.906803][ T5724] ? mem_cgroup_force_empty_write+0x160/0x160 [ 203.912961][ T5724] ? lock_sync+0x190/0x190 [ 203.917455][ T5724] cgroup_file_write+0x1e2/0x7b0 [ 203.922479][ T5724] ? mem_cgroup_force_empty_write+0x160/0x160 [ 203.928625][ T5724] ? kill_css+0x3b0/0x3b0 [ 203.933043][ T5724] ? lock_acquire+0x32/0xc0 [ 203.937648][ T5724] ? kill_css+0x3b0/0x3b0 [ 203.942060][ T5724] kernfs_fop_write_iter+0x3f1/0x600 [ 203.947437][ T5724] vfs_write+0x9ed/0xe10 [ 203.951779][ T5724] ? kernel_write+0x670/0x670 [ 203.956548][ T5724] ? find_held_lock+0x2d/0x110 [ 203.961393][ T5724] ? __fget_light+0x20a/0x270 [ 203.966156][ T5724] ksys_write+0x12b/0x250 [ 203.970571][ T5724] ? __ia32_sys_read+0xb0/0xb0 [ 203.975418][ T5724] ? lockdep_hardirqs_on+0x7d/0x100 [ 203.980798][ T5724] ? _raw_spin_unlock_irq+0x2e/0x50 [ 203.986088][ T5724] ? ptrace_notify+0xfe/0x140 [ 203.990859][ T5724] do_syscall_64+0x39/0xb0 [ 203.995369][ T5724] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 204.001336][ T5724] RIP: 0033:0x7faecf034129 [ 204.005805][ T5724] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 204.025560][ T5724] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5727] openat(5, "memory.max", O_RDWR) = 6 [pid 5727] write(6, "0x000000000000040e", 18 [pid 5723] close(3) = 0 [pid 5723] close(4) = 0 [pid 5723] close(5) = 0 [pid 5723] close(6) = 0 [pid 5723] close(7) = -1 EBADF (Bad file descriptor) [pid 5723] close(8) = -1 EBADF (Bad file descriptor) [pid 5723] close(9) = -1 EBADF (Bad file descriptor) [pid 5723] close(10) = -1 EBADF (Bad file descriptor) [pid 5723] close(11) = -1 EBADF (Bad file descriptor) [pid 5723] close(12) = -1 EBADF (Bad file descriptor) [pid 5723] close(13) = -1 EBADF (Bad file descriptor) [pid 5723] close(14) = -1 EBADF (Bad file descriptor) [pid 5723] close(15) = -1 EBADF (Bad file descriptor) [pid 5723] close(16) = -1 EBADF (Bad file descriptor) [pid 5723] close(17) = -1 EBADF (Bad file descriptor) [pid 5723] close(18) = -1 EBADF (Bad file descriptor) [pid 5723] close(19) = -1 EBADF (Bad file descriptor) [pid 5723] close(20) = -1 EBADF (Bad file descriptor) [pid 5723] close(21) = -1 EBADF (Bad file descriptor) [pid 5723] close(22) = -1 EBADF (Bad file descriptor) [pid 5723] close(23) = -1 EBADF (Bad file descriptor) [pid 5723] close(24) = -1 EBADF (Bad file descriptor) [pid 5723] close(25) = -1 EBADF (Bad file descriptor) [pid 5723] close(26) = -1 EBADF (Bad file descriptor) [pid 5723] close(27) = -1 EBADF (Bad file descriptor) [pid 5723] close(28) = -1 EBADF (Bad file descriptor) [pid 5723] close(29) = -1 EBADF (Bad file descriptor) [pid 5723] exit_group(0) = ? [pid 5723] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5090] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./39/binderfs") = 0 [pid 5090] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./39/cgroup") = 0 [pid 5090] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./39/cgroup.net") = 0 [pid 5090] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 204.034045][ T5724] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 204.042205][ T5724] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 204.050242][ T5724] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 204.058279][ T5724] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 204.066330][ T5724] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000024 [ 204.074430][ T5724] [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./39/file0") = 0 [pid 5090] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./39/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./39") = 0 [pid 5090] mkdir("./40", 0777) = 0 [ 204.088912][ T5724] memory: usage 8kB, limit 0kB, failcnt 36 [ 204.095553][ T5724] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 204.103265][ T5724] Memory cgroup stats for /syz1: [ 204.103561][ T5724] anon 0 [ 204.103561][ T5724] file 0 [ 204.103561][ T5724] kernel 8192 [ 204.103561][ T5724] kernel_stack 0 [ 204.103561][ T5724] pagetables 0 [ 204.103561][ T5724] sec_pagetables 0 [ 204.103561][ T5724] percpu 0 [ 204.103561][ T5724] sock 0 [ 204.103561][ T5724] vmalloc 0 [ 204.103561][ T5724] shmem 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 42 ./strace-static-x86_64: Process 5728 attached [pid 5728] chdir("./40") = 0 [pid 5728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5728] setpgid(0, 0) = 0 [pid 5728] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5728] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5728] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 204.103561][ T5724] zswap 0 [ 204.103561][ T5724] zswapped 0 [ 204.103561][ T5724] file_mapped 0 [ 204.103561][ T5724] file_dirty 0 [ 204.103561][ T5724] file_writeback 0 [ 204.103561][ T5724] swapcached 0 [ 204.103561][ T5724] anon_thp 0 [ 204.103561][ T5724] file_thp 0 [ 204.103561][ T5724] shmem_thp 0 [ 204.103561][ T5724] inactive_anon 0 [ 204.103561][ T5724] active_anon 0 [ 204.103561][ T5724] inactive_file 0 [ 204.103561][ T5724] active_file 0 [ 204.103561][ T5724] unevictable 0 [ 204.103561][ T5724] slab_reclaimable 6752 [ 204.103561][ T5724] slab_unreclaimable 0 [ 204.103561][ T5724] slab 6752 [ 204.103561][ T5724] workingset_refault_anon 0 [ 204.103561][ T5724] workingset_refault_file 0 [ 204.103561][ T5724] workingset_activate_anon 0 [ 204.103561][ T5724] workingset_activate_file 0 [ 204.103561][ T5724] workingset_restore_anon 0 [ 204.103561][ T5724] workingset_restore_file 0 [ 204.103561][ T5724] workingset_nodereclaim 0 [ 204.103561][ T5724] pgscan 831 [ 204.103561][ T5724] pgsteal 2 [ 204.103561][ T5724] pgscan_kswapd 0 [ 204.103561][ T5724] pgscan_direct 831 [pid 5728] write(3, "1000", 4) = 4 [pid 5728] close(3) = 0 [pid 5728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5728] mkdir("./file0", 000) = 0 [pid 5728] open("./file0", O_RDONLY) = 3 [pid 5728] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5728] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5728] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5728] openat(5, "memory.max", O_RDWR) = 6 [ 204.103561][ T5724] pgscan_khugepaged 0 [ 204.103561][ T5724] pgsteal_kswapd 0 [ 204.103561][ T5724] pgsteal_direct 2 [ 204.103561][ T5724] pgsteal_khugepaged 0 [ 204.103561][ T5724] pgfault 21 [ 204.103561][ T5724] pgmajfault 0 [ 204.103561][ T5724] pgrefill 830 [ 204.103561][ T5724] pgactivate 829 [ 204.103561][ T5724] pgdeactivate 830 [ 204.103561][ T5724] pglazyfree 0 [ 204.103561][ T5724] pglazyfreed 0 [ 204.103561][ T5724] zswpin 0 [ 204.103561][ T5724] zswpout 0 [ 204.103561][ T5724] thp_fault_alloc 0 [ 204.103561][ T5724] thp_collapse_alloc 0 [pid 5728] write(6, "0x000000000000040e", 18 [pid 5724] <... write resumed>) = 18 [pid 5724] close(3) = 0 [pid 5724] close(4) = 0 [pid 5724] close(5) = 0 [pid 5724] close(6) = 0 [pid 5724] close(7) = -1 EBADF (Bad file descriptor) [pid 5724] close(8) = -1 EBADF (Bad file descriptor) [pid 5724] close(9) = -1 EBADF (Bad file descriptor) [pid 5724] close(10) = -1 EBADF (Bad file descriptor) [pid 5724] close(11) = -1 EBADF (Bad file descriptor) [pid 5724] close(12) = -1 EBADF (Bad file descriptor) [pid 5724] close(13) = -1 EBADF (Bad file descriptor) [ 204.302200][ T5724] Tasks state (memory values in pages): [ 204.308081][ T5724] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 204.319744][ T5724] Out of memory and no killable processes... [ 204.326396][ T5725] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 204.338017][ T5725] CPU: 0 PID: 5725 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5724] close(14) = -1 EBADF (Bad file descriptor) [pid 5724] close(15) = -1 EBADF (Bad file descriptor) [pid 5724] close(16) = -1 EBADF (Bad file descriptor) [pid 5724] close(17) = -1 EBADF (Bad file descriptor) [pid 5724] close(18) = -1 EBADF (Bad file descriptor) [pid 5724] close(19) = -1 EBADF (Bad file descriptor) [pid 5724] close(20) = -1 EBADF (Bad file descriptor) [pid 5724] close(21) = -1 EBADF (Bad file descriptor) [pid 5724] close(22) = -1 EBADF (Bad file descriptor) [pid 5724] close(23) = -1 EBADF (Bad file descriptor) [pid 5724] close(24) = -1 EBADF (Bad file descriptor) [pid 5724] close(25) = -1 EBADF (Bad file descriptor) [pid 5724] close(26) = -1 EBADF (Bad file descriptor) [pid 5724] close(27) = -1 EBADF (Bad file descriptor) [pid 5724] close(28) = -1 EBADF (Bad file descriptor) [pid 5724] close(29) = -1 EBADF (Bad file descriptor) [pid 5724] exit_group(0) = ? [pid 5724] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./36/binderfs") = 0 [pid 5086] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./36/cgroup") = 0 [pid 5086] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./36/cgroup.net") = 0 [ 204.348004][ T5725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 204.358120][ T5725] Call Trace: [ 204.361447][ T5725] [ 204.364435][ T5725] dump_stack_lvl+0x136/0x150 [ 204.369194][ T5725] dump_header+0x10a/0xd70 [ 204.373677][ T5725] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 204.379842][ T5725] out_of_memory+0xd64/0x1660 [ 204.384603][ T5725] ? oom_killer_disable+0x2b0/0x2b0 [ 204.389898][ T5725] mem_cgroup_out_of_memory+0x206/0x270 [ 204.395523][ T5725] ? mem_cgroup_margin+0x130/0x130 [ 204.400743][ T5725] memory_max_write+0x2f9/0x3c0 [ 204.405688][ T5725] ? mem_cgroup_force_empty_write+0x160/0x160 [ 204.411847][ T5725] ? lock_sync+0x190/0x190 [ 204.416332][ T5725] cgroup_file_write+0x1e2/0x7b0 [ 204.421327][ T5725] ? mem_cgroup_force_empty_write+0x160/0x160 [ 204.427449][ T5725] ? kill_css+0x3b0/0x3b0 [ 204.431830][ T5725] ? lock_acquire+0x32/0xc0 [ 204.436385][ T5725] ? kill_css+0x3b0/0x3b0 [ 204.440764][ T5725] kernfs_fop_write_iter+0x3f1/0x600 [ 204.446121][ T5725] vfs_write+0x9ed/0xe10 [ 204.450444][ T5725] ? kernel_write+0x670/0x670 [ 204.455191][ T5725] ? find_held_lock+0x2d/0x110 [ 204.460009][ T5725] ? __fget_light+0x20a/0x270 [ 204.464744][ T5725] ksys_write+0x12b/0x250 [ 204.469124][ T5725] ? __ia32_sys_read+0xb0/0xb0 [ 204.473935][ T5725] ? lockdep_hardirqs_on+0x7d/0x100 [ 204.479171][ T5725] ? _raw_spin_unlock_irq+0x2e/0x50 [ 204.484435][ T5725] ? ptrace_notify+0xfe/0x140 [ 204.489155][ T5725] do_syscall_64+0x39/0xb0 [ 204.493621][ T5725] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 204.499556][ T5725] RIP: 0033:0x7faecf034129 [ 204.504018][ T5725] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 204.523663][ T5725] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 204.532112][ T5725] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 204.540128][ T5725] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5086] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./36/file0") = 0 [ 204.548135][ T5725] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 204.556141][ T5725] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 204.564159][ T5725] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000027 [ 204.572187][ T5725] [ 204.576210][ T5725] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5086] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./36/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./36") = 0 [pid 5086] mkdir("./37", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5729 attached [pid 5729] chdir("./37") = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 39 [pid 5729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5729] setpgid(0, 0) = 0 [pid 5729] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5729] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5729] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5729] write(3, "1000", 4) = 4 [pid 5729] close(3) = 0 [pid 5729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5729] mkdir("./file0", 000) = 0 [pid 5729] open("./file0", O_RDONLY) = 3 [pid 5729] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5729] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5729] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5729] openat(5, "memory.max", O_RDWR) = 6 [ 204.600697][ T5725] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 204.610140][ T5725] Memory cgroup stats for /syz1: [ 204.610666][ T5725] anon 0 [ 204.610666][ T5725] file 0 [ 204.610666][ T5725] kernel 8192 [ 204.610666][ T5725] kernel_stack 0 [ 204.610666][ T5725] pagetables 0 [ 204.610666][ T5725] sec_pagetables 0 [ 204.610666][ T5725] percpu 0 [ 204.610666][ T5725] sock 0 [ 204.610666][ T5725] vmalloc 0 [ 204.610666][ T5725] shmem 0 [ 204.610666][ T5725] zswap 0 [ 204.610666][ T5725] zswapped 0 [ 204.610666][ T5725] file_mapped 0 [ 204.610666][ T5725] file_dirty 0 [ 204.610666][ T5725] file_writeback 0 [ 204.610666][ T5725] swapcached 0 [ 204.610666][ T5725] anon_thp 0 [ 204.610666][ T5725] file_thp 0 [ 204.610666][ T5725] shmem_thp 0 [ 204.610666][ T5725] inactive_anon 0 [ 204.610666][ T5725] active_anon 0 [ 204.610666][ T5725] inactive_file 0 [ 204.610666][ T5725] active_file 0 [ 204.610666][ T5725] unevictable 0 [ 204.610666][ T5725] slab_reclaimable 6752 [ 204.610666][ T5725] slab_unreclaimable 0 [ 204.610666][ T5725] slab 6752 [ 204.610666][ T5725] workingset_refault_anon 0 [ 204.610666][ T5725] workingset_refault_file 0 [ 204.610666][ T5725] workingset_activate_anon 0 [ 204.610666][ T5725] workingset_activate_file 0 [ 204.610666][ T5725] workingset_restore_anon 0 [ 204.610666][ T5725] workingset_restore_file 0 [ 204.610666][ T5725] workingset_nodereclaim 0 [ 204.610666][ T5725] pgscan 831 [ 204.610666][ T5725] pgsteal 2 [ 204.610666][ T5725] pgscan_kswapd 0 [ 204.610666][ T5725] pgscan_direct 831 [ 204.610666][ T5725] pgscan_khugepaged 0 [ 204.610666][ T5725] pgsteal_kswapd 0 [ 204.610666][ T5725] pgsteal_direct 2 [ 204.610666][ T5725] pgsteal_khugepaged 0 [ 204.610666][ T5725] pgfault 21 [ 204.610666][ T5725] pgmajfault 0 [ 204.610666][ T5725] pgrefill 830 [ 204.610666][ T5725] pgactivate 829 [ 204.610666][ T5725] pgdeactivate 830 [ 204.610666][ T5725] pglazyfree 0 [ 204.610666][ T5725] pglazyfreed 0 [ 204.610666][ T5725] zswpin 0 [ 204.610666][ T5725] zswpout 0 [ 204.610666][ T5725] thp_fault_alloc 0 [ 204.610666][ T5725] thp_collapse_alloc 0 [ 204.797838][ T5725] Tasks state (memory values in pages): [pid 5729] write(6, "0x000000000000040e", 18 [pid 5725] <... write resumed>) = 18 [pid 5725] close(3) = 0 [ 204.808784][ T5725] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 204.820692][ T5725] Out of memory and no killable processes... [ 204.827237][ T5726] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 204.838859][ T5726] CPU: 0 PID: 5726 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 204.848812][ T5726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 204.858898][ T5726] Call Trace: [ 204.862198][ T5726] [ 204.865158][ T5726] dump_stack_lvl+0x136/0x150 [ 204.869877][ T5726] dump_header+0x10a/0xd70 [ 204.874338][ T5726] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 204.880459][ T5726] out_of_memory+0xd64/0x1660 [ 204.885184][ T5726] ? oom_killer_disable+0x2b0/0x2b0 [ 204.890428][ T5726] ? find_held_lock+0x2d/0x110 [ 204.895229][ T5726] mem_cgroup_out_of_memory+0x206/0x270 [ 204.900836][ T5726] ? mem_cgroup_margin+0x130/0x130 [ 204.906018][ T5726] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 204.911890][ T5726] memory_max_write+0x2f9/0x3c0 [ 204.916790][ T5726] ? mem_cgroup_force_empty_write+0x160/0x160 [ 204.922996][ T5726] ? lock_sync+0x190/0x190 [ 204.927457][ T5726] cgroup_file_write+0x1e2/0x7b0 [ 204.932462][ T5726] ? mem_cgroup_force_empty_write+0x160/0x160 [ 204.938602][ T5726] ? kill_css+0x3b0/0x3b0 [ 204.942984][ T5726] ? lock_acquire+0x32/0xc0 [ 204.947539][ T5726] ? kill_css+0x3b0/0x3b0 [ 204.951915][ T5726] kernfs_fop_write_iter+0x3f1/0x600 [ 204.957248][ T5726] vfs_write+0x9ed/0xe10 [ 204.961538][ T5726] ? kernel_write+0x670/0x670 [ 204.966276][ T5726] ? find_held_lock+0x2d/0x110 [ 204.971085][ T5726] ? __fget_light+0x20a/0x270 [ 204.975811][ T5726] ksys_write+0x12b/0x250 [ 204.980184][ T5726] ? __ia32_sys_read+0xb0/0xb0 [ 204.984990][ T5726] ? lockdep_hardirqs_on+0x7d/0x100 [ 204.990224][ T5726] ? _raw_spin_unlock_irq+0x2e/0x50 [ 204.995477][ T5726] ? ptrace_notify+0xfe/0x140 [ 205.000286][ T5726] do_syscall_64+0x39/0xb0 [ 205.004769][ T5726] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 205.010723][ T5726] RIP: 0033:0x7faecf034129 [ 205.015181][ T5726] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 205.034826][ T5726] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 205.043291][ T5726] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 205.051306][ T5726] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5725] close(4) = 0 [pid 5725] close(5) = 0 [pid 5725] close(6) = 0 [pid 5725] close(7) = -1 EBADF (Bad file descriptor) [pid 5725] close(8) = -1 EBADF (Bad file descriptor) [pid 5725] close(9) = -1 EBADF (Bad file descriptor) [pid 5725] close(10) = -1 EBADF (Bad file descriptor) [pid 5725] close(11) = -1 EBADF (Bad file descriptor) [pid 5725] close(12) = -1 EBADF (Bad file descriptor) [ 205.059301][ T5726] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 205.067317][ T5726] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 205.075330][ T5726] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000026 [ 205.083364][ T5726] [ 205.097611][ T5726] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5725] close(13) = -1 EBADF (Bad file descriptor) [ 205.108593][ T5726] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 205.116625][ T5726] Memory cgroup stats for /syz1: [ 205.117276][ T5726] anon 0 [ 205.117276][ T5726] file 0 [ 205.117276][ T5726] kernel 8192 [ 205.117276][ T5726] kernel_stack 0 [ 205.117276][ T5726] pagetables 0 [ 205.117276][ T5726] sec_pagetables 0 [ 205.117276][ T5726] percpu 0 [ 205.117276][ T5726] sock 0 [ 205.117276][ T5726] vmalloc 0 [ 205.117276][ T5726] shmem 0 [ 205.117276][ T5726] zswap 0 [ 205.117276][ T5726] zswapped 0 [pid 5725] close(14) = -1 EBADF (Bad file descriptor) [pid 5725] close(15) = -1 EBADF (Bad file descriptor) [pid 5725] close(16) = -1 EBADF (Bad file descriptor) [pid 5725] close(17) = -1 EBADF (Bad file descriptor) [pid 5725] close(18) = -1 EBADF (Bad file descriptor) [pid 5725] close(19) = -1 EBADF (Bad file descriptor) [pid 5725] close(20) = -1 EBADF (Bad file descriptor) [pid 5725] close(21) = -1 EBADF (Bad file descriptor) [pid 5725] close(22) = -1 EBADF (Bad file descriptor) [pid 5725] close(23) = -1 EBADF (Bad file descriptor) [pid 5725] close(24) = -1 EBADF (Bad file descriptor) [pid 5725] close(25) = -1 EBADF (Bad file descriptor) [pid 5725] close(26) = -1 EBADF (Bad file descriptor) [pid 5725] close(27) = -1 EBADF (Bad file descriptor) [pid 5725] close(28) = -1 EBADF (Bad file descriptor) [pid 5725] close(29) = -1 EBADF (Bad file descriptor) [pid 5725] exit_group(0) = ? [pid 5725] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./39/binderfs") = 0 [pid 5089] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./39/cgroup") = 0 [pid 5089] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./39/cgroup.net") = 0 [ 205.117276][ T5726] file_mapped 0 [ 205.117276][ T5726] file_dirty 0 [ 205.117276][ T5726] file_writeback 0 [ 205.117276][ T5726] swapcached 0 [ 205.117276][ T5726] anon_thp 0 [ 205.117276][ T5726] file_thp 0 [ 205.117276][ T5726] shmem_thp 0 [ 205.117276][ T5726] inactive_anon 0 [ 205.117276][ T5726] active_anon 0 [ 205.117276][ T5726] inactive_file 0 [ 205.117276][ T5726] active_file 0 [ 205.117276][ T5726] unevictable 0 [ 205.117276][ T5726] slab_reclaimable 6752 [ 205.117276][ T5726] slab_unreclaimable 0 [ 205.117276][ T5726] slab 6752 [ 205.117276][ T5726] workingset_refault_anon 0 [ 205.117276][ T5726] workingset_refault_file 0 [ 205.117276][ T5726] workingset_activate_anon 0 [ 205.117276][ T5726] workingset_activate_file 0 [ 205.117276][ T5726] workingset_restore_anon 0 [ 205.117276][ T5726] workingset_restore_file 0 [ 205.117276][ T5726] workingset_nodereclaim 0 [ 205.117276][ T5726] pgscan 831 [ 205.117276][ T5726] pgsteal 2 [ 205.117276][ T5726] pgscan_kswapd 0 [ 205.117276][ T5726] pgscan_direct 831 [ 205.117276][ T5726] pgscan_khugepaged 0 [ 205.117276][ T5726] pgsteal_kswapd 0 [pid 5089] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 205.117276][ T5726] pgsteal_direct 2 [ 205.117276][ T5726] pgsteal_khugepaged 0 [ 205.117276][ T5726] pgfault 21 [ 205.117276][ T5726] pgmajfault 0 [ 205.117276][ T5726] pgrefill 830 [ 205.117276][ T5726] pgactivate 829 [ 205.117276][ T5726] pgdeactivate 830 [ 205.117276][ T5726] pglazyfree 0 [ 205.117276][ T5726] pglazyfreed 0 [ 205.117276][ T5726] zswpin 0 [ 205.117276][ T5726] zswpout 0 [ 205.117276][ T5726] thp_fault_alloc 0 [ 205.117276][ T5726] thp_collapse_alloc 0 [pid 5089] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./39/file0") = 0 [pid 5089] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./39/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./39") = 0 [pid 5089] mkdir("./40", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 42 ./strace-static-x86_64: Process 5730 attached [pid 5730] chdir("./40" [pid 5726] <... write resumed>) = 18 [ 205.308685][ T5726] Tasks state (memory values in pages): [ 205.321737][ T5726] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 205.332935][ T5726] Out of memory and no killable processes... [ 205.339046][ T5727] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5730] <... chdir resumed>) = 0 [pid 5730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5730] setpgid(0, 0) = 0 [pid 5730] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5730] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5730] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5730] write(3, "1000", 4) = 4 [pid 5730] close(3) = 0 [pid 5730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5730] mkdir("./file0", 000) = 0 [pid 5730] open("./file0", O_RDONLY) = 3 [pid 5730] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5730] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5730] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5730] openat(5, "memory.max", O_RDWR) = 6 [ 205.353942][ T5727] CPU: 0 PID: 5727 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 205.363911][ T5727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 205.374040][ T5727] Call Trace: [ 205.377364][ T5727] [ 205.380346][ T5727] dump_stack_lvl+0x136/0x150 [ 205.385100][ T5727] dump_header+0x10a/0xd70 [ 205.389628][ T5727] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 205.395789][ T5727] out_of_memory+0xd64/0x1660 [ 205.400543][ T5727] ? oom_killer_disable+0x2b0/0x2b0 [ 205.405840][ T5727] mem_cgroup_out_of_memory+0x206/0x270 [pid 5730] write(6, "0x000000000000040e", 18 [pid 5726] close(3) = 0 [pid 5726] close(4) = 0 [pid 5726] close(5) = 0 [pid 5726] close(6) = 0 [pid 5726] close(7) = -1 EBADF (Bad file descriptor) [pid 5726] close(8) = -1 EBADF (Bad file descriptor) [ 205.411464][ T5727] ? mem_cgroup_margin+0x130/0x130 [ 205.416687][ T5727] memory_max_write+0x2f9/0x3c0 [ 205.421627][ T5727] ? mem_cgroup_force_empty_write+0x160/0x160 [ 205.427781][ T5727] ? lock_sync+0x190/0x190 [ 205.432269][ T5727] cgroup_file_write+0x1e2/0x7b0 [ 205.437287][ T5727] ? mem_cgroup_force_empty_write+0x160/0x160 [ 205.443437][ T5727] ? kill_css+0x3b0/0x3b0 [ 205.447910][ T5727] ? lock_acquire+0x32/0xc0 [ 205.452503][ T5727] ? kill_css+0x3b0/0x3b0 [pid 5726] close(9) = -1 EBADF (Bad file descriptor) [pid 5726] close(10) = -1 EBADF (Bad file descriptor) [pid 5726] close(11) = -1 EBADF (Bad file descriptor) [pid 5726] close(12) = -1 EBADF (Bad file descriptor) [pid 5726] close(13) = -1 EBADF (Bad file descriptor) [pid 5726] close(14) = -1 EBADF (Bad file descriptor) [pid 5726] close(15) = -1 EBADF (Bad file descriptor) [pid 5726] close(16) = -1 EBADF (Bad file descriptor) [pid 5726] close(17) = -1 EBADF (Bad file descriptor) [ 205.456925][ T5727] kernfs_fop_write_iter+0x3f1/0x600 [ 205.462298][ T5727] vfs_write+0x9ed/0xe10 [ 205.466631][ T5727] ? kernel_write+0x670/0x670 [ 205.471394][ T5727] ? find_held_lock+0x2d/0x110 [ 205.476229][ T5727] ? __fget_light+0x20a/0x270 [ 205.480993][ T5727] ksys_write+0x12b/0x250 [ 205.485406][ T5727] ? __ia32_sys_read+0xb0/0xb0 [ 205.490243][ T5727] ? lockdep_hardirqs_on+0x7d/0x100 [ 205.495512][ T5727] ? _raw_spin_unlock_irq+0x2e/0x50 [ 205.500793][ T5727] ? ptrace_notify+0xfe/0x140 [ 205.505587][ T5727] do_syscall_64+0x39/0xb0 [ 205.510087][ T5727] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 205.516055][ T5727] RIP: 0033:0x7faecf034129 [ 205.520565][ T5727] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 205.540244][ T5727] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 205.548728][ T5727] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5726] close(18) = -1 EBADF (Bad file descriptor) [pid 5726] close(19) = -1 EBADF (Bad file descriptor) [pid 5726] close(20) = -1 EBADF (Bad file descriptor) [pid 5726] close(21) = -1 EBADF (Bad file descriptor) [pid 5726] close(22) = -1 EBADF (Bad file descriptor) [pid 5726] close(23) = -1 EBADF (Bad file descriptor) [pid 5726] close(24) = -1 EBADF (Bad file descriptor) [pid 5726] close(25) = -1 EBADF (Bad file descriptor) [pid 5726] close(26) = -1 EBADF (Bad file descriptor) [pid 5726] close(27) = -1 EBADF (Bad file descriptor) [pid 5726] close(28) = -1 EBADF (Bad file descriptor) [pid 5726] close(29) = -1 EBADF (Bad file descriptor) [pid 5726] exit_group(0) = ? [pid 5726] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./38/binderfs") = 0 [pid 5087] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./38/cgroup") = 0 [pid 5087] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./38/cgroup.net") = 0 [pid 5087] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [ 205.556752][ T5727] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 205.564795][ T5727] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 205.572815][ T5727] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 205.580839][ T5727] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000024 [ 205.588899][ T5727] [ 205.604259][ T5727] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5087] rmdir("./38/file0") = 0 [pid 5087] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./38/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./38") = 0 [pid 5087] mkdir("./39", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5731 attached [pid 5731] chdir("./39" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 41 [pid 5731] <... chdir resumed>) = 0 [pid 5731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5731] setpgid(0, 0) = 0 [pid 5731] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5731] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5731] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [ 205.611417][ T5727] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 205.619308][ T5727] Memory cgroup stats for /syz1: [ 205.619598][ T5727] anon 0 [ 205.619598][ T5727] file 0 [ 205.619598][ T5727] kernel 8192 [ 205.619598][ T5727] kernel_stack 0 [ 205.619598][ T5727] pagetables 0 [ 205.619598][ T5727] sec_pagetables 0 [ 205.619598][ T5727] percpu 0 [ 205.619598][ T5727] sock 0 [ 205.619598][ T5727] vmalloc 0 [ 205.619598][ T5727] shmem 0 [ 205.619598][ T5727] zswap 0 [ 205.619598][ T5727] zswapped 0 [pid 5731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5731] write(3, "1000", 4) = 4 [pid 5731] close(3) = 0 [pid 5731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5731] mkdir("./file0", 000) = 0 [ 205.619598][ T5727] file_mapped 0 [ 205.619598][ T5727] file_dirty 0 [ 205.619598][ T5727] file_writeback 0 [ 205.619598][ T5727] swapcached 0 [ 205.619598][ T5727] anon_thp 0 [ 205.619598][ T5727] file_thp 0 [ 205.619598][ T5727] shmem_thp 0 [ 205.619598][ T5727] inactive_anon 0 [ 205.619598][ T5727] active_anon 0 [ 205.619598][ T5727] inactive_file 0 [ 205.619598][ T5727] active_file 0 [ 205.619598][ T5727] unevictable 0 [ 205.619598][ T5727] slab_reclaimable 6752 [ 205.619598][ T5727] slab_unreclaimable 0 [ 205.619598][ T5727] slab 6752 [pid 5731] open("./file0", O_RDONLY) = 3 [pid 5731] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5731] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5731] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5731] openat(5, "memory.max", O_RDWR) = 6 [ 205.619598][ T5727] workingset_refault_anon 0 [ 205.619598][ T5727] workingset_refault_file 0 [ 205.619598][ T5727] workingset_activate_anon 0 [ 205.619598][ T5727] workingset_activate_file 0 [ 205.619598][ T5727] workingset_restore_anon 0 [ 205.619598][ T5727] workingset_restore_file 0 [ 205.619598][ T5727] workingset_nodereclaim 0 [ 205.619598][ T5727] pgscan 831 [ 205.619598][ T5727] pgsteal 2 [ 205.619598][ T5727] pgscan_kswapd 0 [ 205.619598][ T5727] pgscan_direct 831 [ 205.619598][ T5727] pgscan_khugepaged 0 [ 205.619598][ T5727] pgsteal_kswapd 0 [ 205.619598][ T5727] pgsteal_direct 2 [ 205.619598][ T5727] pgsteal_khugepaged 0 [ 205.619598][ T5727] pgfault 21 [ 205.619598][ T5727] pgmajfault 0 [ 205.619598][ T5727] pgrefill 830 [ 205.619598][ T5727] pgactivate 829 [ 205.619598][ T5727] pgdeactivate 830 [ 205.619598][ T5727] pglazyfree 0 [ 205.619598][ T5727] pglazyfreed 0 [ 205.619598][ T5727] zswpin 0 [ 205.619598][ T5727] zswpout 0 [ 205.619598][ T5727] thp_fault_alloc 0 [ 205.619598][ T5727] thp_collapse_alloc 0 [pid 5731] write(6, "0x000000000000040e", 18 [pid 5727] <... write resumed>) = 18 [pid 5727] close(3) = 0 [pid 5727] close(4) = 0 [pid 5727] close(5) = 0 [pid 5727] close(6) = 0 [ 205.814107][ T5727] Tasks state (memory values in pages): [ 205.827556][ T5727] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 205.838209][ T5727] Out of memory and no killable processes... [ 205.846922][ T5728] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5727] close(7) = -1 EBADF (Bad file descriptor) [pid 5727] close(8) = -1 EBADF (Bad file descriptor) [pid 5727] close(9) = -1 EBADF (Bad file descriptor) [pid 5727] close(10) = -1 EBADF (Bad file descriptor) [pid 5727] close(11) = -1 EBADF (Bad file descriptor) [pid 5727] close(12) = -1 EBADF (Bad file descriptor) [pid 5727] close(13) = -1 EBADF (Bad file descriptor) [pid 5727] close(14) = -1 EBADF (Bad file descriptor) [pid 5727] close(15) = -1 EBADF (Bad file descriptor) [pid 5727] close(16) = -1 EBADF (Bad file descriptor) [pid 5727] close(17) = -1 EBADF (Bad file descriptor) [pid 5727] close(18) = -1 EBADF (Bad file descriptor) [pid 5727] close(19) = -1 EBADF (Bad file descriptor) [pid 5727] close(20) = -1 EBADF (Bad file descriptor) [pid 5727] close(21) = -1 EBADF (Bad file descriptor) [pid 5727] close(22) = -1 EBADF (Bad file descriptor) [pid 5727] close(23) = -1 EBADF (Bad file descriptor) [pid 5727] close(24) = -1 EBADF (Bad file descriptor) [pid 5727] close(25) = -1 EBADF (Bad file descriptor) [pid 5727] close(26) = -1 EBADF (Bad file descriptor) [pid 5727] close(27) = -1 EBADF (Bad file descriptor) [pid 5727] close(28) = -1 EBADF (Bad file descriptor) [pid 5727] close(29) = -1 EBADF (Bad file descriptor) [pid 5727] exit_group(0) = ? [pid 5727] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5085] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./36/binderfs") = 0 [pid 5085] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./36/cgroup") = 0 [pid 5085] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./36/cgroup.net") = 0 [ 205.858821][ T5728] CPU: 1 PID: 5728 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 205.868795][ T5728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 205.878905][ T5728] Call Trace: [ 205.882269][ T5728] [ 205.885244][ T5728] dump_stack_lvl+0x136/0x150 [ 205.889986][ T5728] dump_header+0x10a/0xd70 [ 205.894472][ T5728] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 205.900636][ T5728] out_of_memory+0xd64/0x1660 [ 205.905415][ T5728] ? oom_killer_disable+0x2b0/0x2b0 [ 205.910696][ T5728] ? find_held_lock+0x2d/0x110 [ 205.915533][ T5728] mem_cgroup_out_of_memory+0x206/0x270 [ 205.921189][ T5728] ? mem_cgroup_margin+0x130/0x130 [ 205.926388][ T5728] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 205.932288][ T5728] memory_max_write+0x2f9/0x3c0 [ 205.937225][ T5728] ? mem_cgroup_force_empty_write+0x160/0x160 [ 205.943389][ T5728] ? lock_sync+0x190/0x190 [ 205.947883][ T5728] cgroup_file_write+0x1e2/0x7b0 [ 205.952915][ T5728] ? mem_cgroup_force_empty_write+0x160/0x160 [ 205.959076][ T5728] ? kill_css+0x3b0/0x3b0 [ 205.963481][ T5728] ? lock_acquire+0x32/0xc0 [ 205.968051][ T5728] ? kill_css+0x3b0/0x3b0 [ 205.972430][ T5728] kernfs_fop_write_iter+0x3f1/0x600 [ 205.977770][ T5728] vfs_write+0x9ed/0xe10 [ 205.982067][ T5728] ? kernel_write+0x670/0x670 [ 205.986796][ T5728] ? find_held_lock+0x2d/0x110 [ 205.991608][ T5728] ? __fget_light+0x20a/0x270 [ 205.996340][ T5728] ksys_write+0x12b/0x250 [ 206.000714][ T5728] ? __ia32_sys_read+0xb0/0xb0 [ 206.005526][ T5728] ? lockdep_hardirqs_on+0x7d/0x100 [ 206.010765][ T5728] ? _raw_spin_unlock_irq+0x2e/0x50 [ 206.016012][ T5728] ? ptrace_notify+0xfe/0x140 [ 206.020734][ T5728] do_syscall_64+0x39/0xb0 [ 206.025199][ T5728] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 206.031134][ T5728] RIP: 0033:0x7faecf034129 [ 206.035578][ T5728] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 206.055212][ T5728] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 206.063666][ T5728] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 206.071658][ T5728] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 206.079651][ T5728] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 206.087667][ T5728] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 206.095685][ T5728] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000028 [ 206.103711][ T5728] [pid 5085] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 206.113707][ T5728] memory: usage 8kB, limit 0kB, failcnt 36 [ 206.119606][ T5728] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 206.139666][ T5728] Memory cgroup stats for /syz1: [ 206.139921][ T5728] anon 0 [ 206.139921][ T5728] file 0 [ 206.139921][ T5728] kernel 8192 [ 206.139921][ T5728] kernel_stack 0 [ 206.139921][ T5728] pagetables 0 [ 206.139921][ T5728] sec_pagetables 0 [pid 5085] close(4) = 0 [ 206.139921][ T5728] percpu 0 [ 206.139921][ T5728] sock 0 [ 206.139921][ T5728] vmalloc 0 [ 206.139921][ T5728] shmem 0 [ 206.139921][ T5728] zswap 0 [ 206.139921][ T5728] zswapped 0 [ 206.139921][ T5728] file_mapped 0 [ 206.139921][ T5728] file_dirty 0 [ 206.139921][ T5728] file_writeback 0 [ 206.139921][ T5728] swapcached 0 [ 206.139921][ T5728] anon_thp 0 [ 206.139921][ T5728] file_thp 0 [ 206.139921][ T5728] shmem_thp 0 [ 206.139921][ T5728] inactive_anon 0 [ 206.139921][ T5728] active_anon 0 [ 206.139921][ T5728] inactive_file 0 [ 206.139921][ T5728] active_file 0 [ 206.139921][ T5728] unevictable 0 [ 206.139921][ T5728] slab_reclaimable 6752 [ 206.139921][ T5728] slab_unreclaimable 0 [ 206.139921][ T5728] slab 6752 [ 206.139921][ T5728] workingset_refault_anon 0 [ 206.139921][ T5728] workingset_refault_file 0 [ 206.139921][ T5728] workingset_activate_anon 0 [ 206.139921][ T5728] workingset_activate_file 0 [ 206.139921][ T5728] workingset_restore_anon 0 [ 206.139921][ T5728] workingset_restore_file 0 [ 206.139921][ T5728] workingset_nodereclaim 0 [ 206.139921][ T5728] pgscan 831 [ 206.139921][ T5728] pgsteal 2 [ 206.139921][ T5728] pgscan_kswapd 0 [ 206.139921][ T5728] pgscan_direct 831 [ 206.139921][ T5728] pgscan_khugepaged 0 [ 206.139921][ T5728] pgsteal_kswapd 0 [ 206.139921][ T5728] pgsteal_direct 2 [ 206.139921][ T5728] pgsteal_khugepaged 0 [ 206.139921][ T5728] pgfault 21 [ 206.139921][ T5728] pgmajfault 0 [ 206.139921][ T5728] pgrefill 830 [ 206.139921][ T5728] pgactivate 829 [ 206.139921][ T5728] pgdeactivate 830 [ 206.139921][ T5728] pglazyfree 0 [ 206.139921][ T5728] pglazyfreed 0 [ 206.139921][ T5728] zswpin 0 [pid 5085] rmdir("./36/file0") = 0 [pid 5085] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./36/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./36") = 0 [pid 5085] mkdir("./37", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5732 attached , child_tidptr=0x555555c0c5d0) = 39 [pid 5732] chdir("./37") = 0 [pid 5732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5732] setpgid(0, 0) = 0 [pid 5732] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5732] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [ 206.139921][ T5728] zswpout 0 [ 206.139921][ T5728] thp_fault_alloc 0 [ 206.139921][ T5728] thp_collapse_alloc 0 [pid 5732] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5732] write(3, "1000", 4) = 4 [pid 5732] close(3) = 0 [pid 5732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5732] mkdir("./file0", 000) = 0 [pid 5732] open("./file0", O_RDONLY) = 3 [pid 5732] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5728] <... write resumed>) = 18 [pid 5732] <... mount resumed>) = 0 [pid 5728] close(3) = 0 [pid 5728] close(4) = 0 [pid 5728] close(5) = 0 [pid 5728] close(6) = 0 [ 206.368462][ T5728] Tasks state (memory values in pages): [ 206.377796][ T5728] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 206.391040][ T5728] Out of memory and no killable processes... [ 206.402248][ T5729] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5728] close(7 [pid 5732] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5728] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5728] close(8) = -1 EBADF (Bad file descriptor) [pid 5728] close(9) = -1 EBADF (Bad file descriptor) [pid 5728] close(10) = -1 EBADF (Bad file descriptor) [pid 5728] close(11) = -1 EBADF (Bad file descriptor) [pid 5728] close(12) = -1 EBADF (Bad file descriptor) [pid 5728] close(13) = -1 EBADF (Bad file descriptor) [pid 5728] close(14) = -1 EBADF (Bad file descriptor) [pid 5728] close(15) = -1 EBADF (Bad file descriptor) [pid 5728] close(16) = -1 EBADF (Bad file descriptor) [pid 5728] close(17) = -1 EBADF (Bad file descriptor) [pid 5728] close(18) = -1 EBADF (Bad file descriptor) [pid 5728] close(19) = -1 EBADF (Bad file descriptor) [pid 5728] close(20) = -1 EBADF (Bad file descriptor) [pid 5728] close(21) = -1 EBADF (Bad file descriptor) [pid 5728] close(22) = -1 EBADF (Bad file descriptor) [pid 5728] close(23) = -1 EBADF (Bad file descriptor) [pid 5728] close(24) = -1 EBADF (Bad file descriptor) [pid 5728] close(25) = -1 EBADF (Bad file descriptor) [pid 5728] close(26) = -1 EBADF (Bad file descriptor) [pid 5728] close(27) = -1 EBADF (Bad file descriptor) [pid 5728] close(28) = -1 EBADF (Bad file descriptor) [pid 5728] close(29) = -1 EBADF (Bad file descriptor) [pid 5728] exit_group(0) = ? [pid 5728] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5090] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./40/binderfs") = 0 [pid 5090] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./40/cgroup") = 0 [pid 5090] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./40/cgroup.net") = 0 [pid 5090] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5732] <... openat resumed>) = 4 [pid 5732] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5732] openat(5, "memory.max", O_RDWR) = 6 [ 206.413800][ T5729] CPU: 1 PID: 5729 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 206.423767][ T5729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 206.433874][ T5729] Call Trace: [ 206.437201][ T5729] [ 206.440178][ T5729] dump_stack_lvl+0x136/0x150 [ 206.444937][ T5729] dump_header+0x10a/0xd70 [ 206.449422][ T5729] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 206.455588][ T5729] out_of_memory+0xd64/0x1660 [ 206.460343][ T5729] ? oom_killer_disable+0x2b0/0x2b0 [ 206.465628][ T5729] mem_cgroup_out_of_memory+0x206/0x270 [ 206.471252][ T5729] ? mem_cgroup_margin+0x130/0x130 [ 206.476460][ T5729] memory_max_write+0x2f9/0x3c0 [ 206.481394][ T5729] ? mem_cgroup_force_empty_write+0x160/0x160 [ 206.487545][ T5729] ? lock_sync+0x190/0x190 [ 206.492039][ T5729] cgroup_file_write+0x1e2/0x7b0 [ 206.497060][ T5729] ? mem_cgroup_force_empty_write+0x160/0x160 [ 206.503210][ T5729] ? kill_css+0x3b0/0x3b0 [ 206.507607][ T5729] ? lock_acquire+0x32/0xc0 [ 206.512173][ T5729] ? kill_css+0x3b0/0x3b0 [ 206.516579][ T5729] kernfs_fop_write_iter+0x3f1/0x600 [ 206.521956][ T5729] vfs_write+0x9ed/0xe10 [ 206.526280][ T5729] ? kernel_write+0x670/0x670 [ 206.531037][ T5729] ? find_held_lock+0x2d/0x110 [ 206.535877][ T5729] ? __fget_light+0x20a/0x270 [ 206.540630][ T5729] ksys_write+0x12b/0x250 [ 206.545026][ T5729] ? __ia32_sys_read+0xb0/0xb0 [ 206.549881][ T5729] ? lockdep_hardirqs_on+0x7d/0x100 [ 206.555168][ T5729] ? _raw_spin_unlock_irq+0x2e/0x50 [ 206.560440][ T5729] ? ptrace_notify+0xfe/0x140 [ 206.565171][ T5729] do_syscall_64+0x39/0xb0 [ 206.569638][ T5729] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 206.575600][ T5729] RIP: 0033:0x7faecf034129 [ 206.580148][ T5729] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 206.599816][ T5729] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 206.608287][ T5729] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5732] write(6, "0x000000000000040e", 18 [pid 5090] <... umount2 resumed>) = 0 [pid 5090] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 206.616313][ T5729] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 206.624338][ T5729] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 206.632363][ T5729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 206.640393][ T5729] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000025 [ 206.648450][ T5729] [ 206.663467][ T5729] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./40/file0") = 0 [pid 5090] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./40/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./40") = 0 [pid 5090] mkdir("./41", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5733 attached [pid 5733] chdir("./41" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 43 [pid 5733] <... chdir resumed>) = 0 [pid 5733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5733] setpgid(0, 0) = 0 [pid 5733] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5733] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5733] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [ 206.669474][ T5729] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 206.677038][ T5729] Memory cgroup stats for /syz1: [ 206.677384][ T5729] anon 0 [ 206.677384][ T5729] file 0 [ 206.677384][ T5729] kernel 8192 [ 206.677384][ T5729] kernel_stack 0 [ 206.677384][ T5729] pagetables 0 [ 206.677384][ T5729] sec_pagetables 0 [ 206.677384][ T5729] percpu 0 [ 206.677384][ T5729] sock 0 [ 206.677384][ T5729] vmalloc 0 [ 206.677384][ T5729] shmem 0 [ 206.677384][ T5729] zswap 0 [ 206.677384][ T5729] zswapped 0 [pid 5733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5733] write(3, "1000", 4) = 4 [pid 5733] close(3) = 0 [pid 5733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5733] mkdir("./file0", 000) = 0 [pid 5733] open("./file0", O_RDONLY) = 3 [pid 5733] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5733] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5733] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5733] openat(5, "memory.max", O_RDWR) = 6 [ 206.677384][ T5729] file_mapped 0 [ 206.677384][ T5729] file_dirty 0 [ 206.677384][ T5729] file_writeback 0 [ 206.677384][ T5729] swapcached 0 [ 206.677384][ T5729] anon_thp 0 [ 206.677384][ T5729] file_thp 0 [ 206.677384][ T5729] shmem_thp 0 [ 206.677384][ T5729] inactive_anon 0 [ 206.677384][ T5729] active_anon 0 [ 206.677384][ T5729] inactive_file 0 [ 206.677384][ T5729] active_file 0 [ 206.677384][ T5729] unevictable 0 [ 206.677384][ T5729] slab_reclaimable 6752 [ 206.677384][ T5729] slab_unreclaimable 0 [ 206.677384][ T5729] slab 6752 [ 206.677384][ T5729] workingset_refault_anon 0 [ 206.677384][ T5729] workingset_refault_file 0 [ 206.677384][ T5729] workingset_activate_anon 0 [ 206.677384][ T5729] workingset_activate_file 0 [ 206.677384][ T5729] workingset_restore_anon 0 [ 206.677384][ T5729] workingset_restore_file 0 [ 206.677384][ T5729] workingset_nodereclaim 0 [ 206.677384][ T5729] pgscan 831 [ 206.677384][ T5729] pgsteal 2 [ 206.677384][ T5729] pgscan_kswapd 0 [ 206.677384][ T5729] pgscan_direct 831 [ 206.677384][ T5729] pgscan_khugepaged 0 [ 206.677384][ T5729] pgsteal_kswapd 0 [ 206.677384][ T5729] pgsteal_direct 2 [ 206.677384][ T5729] pgsteal_khugepaged 0 [ 206.677384][ T5729] pgfault 21 [ 206.677384][ T5729] pgmajfault 0 [ 206.677384][ T5729] pgrefill 830 [ 206.677384][ T5729] pgactivate 829 [ 206.677384][ T5729] pgdeactivate 830 [ 206.677384][ T5729] pglazyfree 0 [ 206.677384][ T5729] pglazyfreed 0 [ 206.677384][ T5729] zswpin 0 [ 206.677384][ T5729] zswpout 0 [ 206.677384][ T5729] thp_fault_alloc 0 [ 206.677384][ T5729] thp_collapse_alloc 0 [pid 5733] write(6, "0x000000000000040e", 18 [pid 5729] <... write resumed>) = 18 [pid 5729] close(3) = 0 [pid 5729] close(4) = 0 [pid 5729] close(5) = 0 [pid 5729] close(6) = 0 [pid 5729] close(7) = -1 EBADF (Bad file descriptor) [pid 5729] close(8) = -1 EBADF (Bad file descriptor) [pid 5729] close(9) = -1 EBADF (Bad file descriptor) [ 206.874810][ T5729] Tasks state (memory values in pages): [ 206.881811][ T5729] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 206.891360][ T5729] Out of memory and no killable processes... [ 206.897781][ T5730] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 206.908384][ T5730] CPU: 1 PID: 5730 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5729] close(10) = -1 EBADF (Bad file descriptor) [pid 5729] close(11) = -1 EBADF (Bad file descriptor) [pid 5729] close(12) = -1 EBADF (Bad file descriptor) [pid 5729] close(13) = -1 EBADF (Bad file descriptor) [pid 5729] close(14) = -1 EBADF (Bad file descriptor) [pid 5729] close(15) = -1 EBADF (Bad file descriptor) [pid 5729] close(16) = -1 EBADF (Bad file descriptor) [pid 5729] close(17) = -1 EBADF (Bad file descriptor) [pid 5729] close(18) = -1 EBADF (Bad file descriptor) [pid 5729] close(19) = -1 EBADF (Bad file descriptor) [pid 5729] close(20) = -1 EBADF (Bad file descriptor) [pid 5729] close(21) = -1 EBADF (Bad file descriptor) [pid 5729] close(22) = -1 EBADF (Bad file descriptor) [pid 5729] close(23) = -1 EBADF (Bad file descriptor) [pid 5729] close(24) = -1 EBADF (Bad file descriptor) [pid 5729] close(25) = -1 EBADF (Bad file descriptor) [pid 5729] close(26) = -1 EBADF (Bad file descriptor) [pid 5729] close(27) = -1 EBADF (Bad file descriptor) [pid 5729] close(28) = -1 EBADF (Bad file descriptor) [pid 5729] close(29) = -1 EBADF (Bad file descriptor) [ 206.918347][ T5730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 206.928472][ T5730] Call Trace: [ 206.931805][ T5730] [ 206.934788][ T5730] dump_stack_lvl+0x136/0x150 [ 206.939544][ T5730] dump_header+0x10a/0xd70 [ 206.944025][ T5730] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 206.950186][ T5730] out_of_memory+0xd64/0x1660 [ 206.954957][ T5730] ? oom_killer_disable+0x2b0/0x2b0 [ 206.960243][ T5730] mem_cgroup_out_of_memory+0x206/0x270 [ 206.965866][ T5730] ? mem_cgroup_margin+0x130/0x130 [pid 5729] exit_group(0) = ? [pid 5729] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./37/binderfs") = 0 [pid 5086] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./37/cgroup") = 0 [ 206.971081][ T5730] memory_max_write+0x2f9/0x3c0 [ 206.976013][ T5730] ? mem_cgroup_force_empty_write+0x160/0x160 [ 206.982162][ T5730] ? lock_sync+0x190/0x190 [ 206.986660][ T5730] cgroup_file_write+0x1e2/0x7b0 [ 206.991681][ T5730] ? mem_cgroup_force_empty_write+0x160/0x160 [ 206.997831][ T5730] ? kill_css+0x3b0/0x3b0 [ 207.002246][ T5730] ? lock_acquire+0x32/0xc0 [ 207.006831][ T5730] ? kill_css+0x3b0/0x3b0 [ 207.011245][ T5730] kernfs_fop_write_iter+0x3f1/0x600 [ 207.016603][ T5730] vfs_write+0x9ed/0xe10 [ 207.020910][ T5730] ? kernel_write+0x670/0x670 [ 207.025641][ T5730] ? find_held_lock+0x2d/0x110 [ 207.030449][ T5730] ? __fget_light+0x20a/0x270 [ 207.035178][ T5730] ksys_write+0x12b/0x250 [ 207.039553][ T5730] ? __ia32_sys_read+0xb0/0xb0 [ 207.044363][ T5730] ? lockdep_hardirqs_on+0x7d/0x100 [ 207.049613][ T5730] ? _raw_spin_unlock_irq+0x2e/0x50 [ 207.054864][ T5730] ? ptrace_notify+0xfe/0x140 [ 207.059586][ T5730] do_syscall_64+0x39/0xb0 [ 207.064057][ T5730] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 207.070005][ T5730] RIP: 0033:0x7faecf034129 [ 207.074454][ T5730] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 207.094093][ T5730] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 207.102533][ T5730] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 207.110528][ T5730] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5086] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 207.118524][ T5730] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 207.126515][ T5730] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 207.134506][ T5730] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000028 [ 207.142527][ T5730] [ 207.146949][ T5730] memory: usage 8kB, limit 0kB, failcnt 36 [ 207.154002][ T5730] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 207.161220][ T5730] Memory cgroup stats for /syz1: [ 207.161505][ T5730] anon 0 [ 207.161505][ T5730] file 0 [ 207.161505][ T5730] kernel 8192 [pid 5086] unlink("./37/cgroup.net") = 0 [ 207.161505][ T5730] kernel_stack 0 [ 207.161505][ T5730] pagetables 0 [ 207.161505][ T5730] sec_pagetables 0 [ 207.161505][ T5730] percpu 0 [ 207.161505][ T5730] sock 0 [ 207.161505][ T5730] vmalloc 0 [ 207.161505][ T5730] shmem 0 [ 207.161505][ T5730] zswap 0 [ 207.161505][ T5730] zswapped 0 [ 207.161505][ T5730] file_mapped 0 [ 207.161505][ T5730] file_dirty 0 [ 207.161505][ T5730] file_writeback 0 [ 207.161505][ T5730] swapcached 0 [ 207.161505][ T5730] anon_thp 0 [ 207.161505][ T5730] file_thp 0 [ 207.161505][ T5730] shmem_thp 0 [ 207.161505][ T5730] inactive_anon 0 [ 207.161505][ T5730] active_anon 0 [ 207.161505][ T5730] inactive_file 0 [ 207.161505][ T5730] active_file 0 [ 207.161505][ T5730] unevictable 0 [ 207.161505][ T5730] slab_reclaimable 6752 [ 207.161505][ T5730] slab_unreclaimable 0 [ 207.161505][ T5730] slab 6752 [ 207.161505][ T5730] workingset_refault_anon 0 [ 207.161505][ T5730] workingset_refault_file 0 [ 207.161505][ T5730] workingset_activate_anon 0 [ 207.161505][ T5730] workingset_activate_file 0 [ 207.161505][ T5730] workingset_restore_anon 0 [ 207.161505][ T5730] workingset_restore_file 0 [ 207.161505][ T5730] workingset_nodereclaim 0 [ 207.161505][ T5730] pgscan 831 [ 207.161505][ T5730] pgsteal 2 [ 207.161505][ T5730] pgscan_kswapd 0 [ 207.161505][ T5730] pgscan_direct 831 [ 207.161505][ T5730] pgscan_khugepaged 0 [ 207.161505][ T5730] pgsteal_kswapd 0 [ 207.161505][ T5730] pgsteal_direct 2 [ 207.161505][ T5730] pgsteal_khugepaged 0 [ 207.161505][ T5730] pgfault 21 [ 207.161505][ T5730] pgmajfault 0 [ 207.161505][ T5730] pgrefill 830 [ 207.161505][ T5730] pgactivate 829 [pid 5086] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5730] <... write resumed>) = 18 [pid 5730] close(3) = 0 [pid 5730] close(4) = 0 [pid 5730] close(5) = 0 [pid 5730] close(6) = 0 [pid 5730] close(7) = -1 EBADF (Bad file descriptor) [pid 5730] close(8) = -1 EBADF (Bad file descriptor) [ 207.161505][ T5730] pgdeactivate 830 [ 207.161505][ T5730] pglazyfree 0 [ 207.161505][ T5730] pglazyfreed 0 [ 207.161505][ T5730] zswpin 0 [ 207.161505][ T5730] zswpout 0 [ 207.161505][ T5730] thp_fault_alloc 0 [ 207.161505][ T5730] thp_collapse_alloc 0 [ 207.350956][ T5730] Tasks state (memory values in pages): [ 207.357363][ T5730] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 207.368129][ T5730] Out of memory and no killable processes... [pid 5730] close(9) = -1 EBADF (Bad file descriptor) [pid 5730] close(10) = -1 EBADF (Bad file descriptor) [pid 5730] close(11) = -1 EBADF (Bad file descriptor) [pid 5730] close(12) = -1 EBADF (Bad file descriptor) [pid 5730] close(13) = -1 EBADF (Bad file descriptor) [pid 5730] close(14) = -1 EBADF (Bad file descriptor) [pid 5730] close(15) = -1 EBADF (Bad file descriptor) [pid 5730] close(16) = -1 EBADF (Bad file descriptor) [pid 5730] close(17) = -1 EBADF (Bad file descriptor) [pid 5730] close(18) = -1 EBADF (Bad file descriptor) [pid 5730] close(19) = -1 EBADF (Bad file descriptor) [pid 5730] close(20) = -1 EBADF (Bad file descriptor) [pid 5730] close(21) = -1 EBADF (Bad file descriptor) [pid 5730] close(22) = -1 EBADF (Bad file descriptor) [pid 5730] close(23) = -1 EBADF (Bad file descriptor) [pid 5730] close(24) = -1 EBADF (Bad file descriptor) [pid 5730] close(25) = -1 EBADF (Bad file descriptor) [pid 5730] close(26) = -1 EBADF (Bad file descriptor) [pid 5730] close(27) = -1 EBADF (Bad file descriptor) [pid 5730] close(28) = -1 EBADF (Bad file descriptor) [pid 5730] close(29) = -1 EBADF (Bad file descriptor) [pid 5730] exit_group(0) = ? [pid 5730] +++ exited with 0 +++ [pid 5086] close(4) = 0 [pid 5086] rmdir("./37/file0" [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] <... rmdir resumed>) = 0 [pid 5089] restart_syscall(<... resuming interrupted clone ...> [pid 5086] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... restart_syscall resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./37/cgroup.cpu", [pid 5089] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] unlink("./37/cgroup.cpu" [pid 5089] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] <... unlink resumed>) = 0 [pid 5089] <... openat resumed>) = 3 [pid 5089] fstat(3, [pid 5086] getdents64(3, [pid 5089] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] getdents64(3, [pid 5086] close(3 [pid 5089] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] <... close resumed>) = 0 [pid 5089] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] rmdir("./37" [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./40/binderfs" [pid 5086] <... rmdir resumed>) = 0 [pid 5089] <... unlink resumed>) = 0 [pid 5089] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] mkdir("./38", 0777 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./40/cgroup", [pid 5086] <... mkdir resumed>) = 0 [pid 5089] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5089] unlink("./40/cgroup") = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 40 [pid 5089] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 207.380337][ T5731] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 207.401809][ T5731] CPU: 0 PID: 5731 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 207.411793][ T5731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 207.421906][ T5731] Call Trace: [ 207.425250][ T5731] [pid 5089] unlink("./40/cgroup.net") = 0 [pid 5089] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5734 attached [pid 5734] chdir("./38") = 0 [pid 5734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5734] setpgid(0, 0) = 0 [pid 5734] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5734] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5734] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5734] write(3, "1000", 4) = 4 [ 207.428219][ T5731] dump_stack_lvl+0x136/0x150 [ 207.432965][ T5731] dump_header+0x10a/0xd70 [ 207.437464][ T5731] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 207.443627][ T5731] out_of_memory+0xd64/0x1660 [ 207.448397][ T5731] ? oom_killer_disable+0x2b0/0x2b0 [ 207.453692][ T5731] mem_cgroup_out_of_memory+0x206/0x270 [ 207.459315][ T5731] ? mem_cgroup_margin+0x130/0x130 [ 207.464533][ T5731] memory_max_write+0x2f9/0x3c0 [ 207.469481][ T5731] ? mem_cgroup_force_empty_write+0x160/0x160 [ 207.475629][ T5731] ? lock_sync+0x190/0x190 [ 207.480122][ T5731] cgroup_file_write+0x1e2/0x7b0 [ 207.485141][ T5731] ? mem_cgroup_force_empty_write+0x160/0x160 [ 207.491276][ T5731] ? kill_css+0x3b0/0x3b0 [ 207.495684][ T5731] ? lock_acquire+0x32/0xc0 [ 207.500267][ T5731] ? kill_css+0x3b0/0x3b0 [ 207.504686][ T5731] kernfs_fop_write_iter+0x3f1/0x600 [ 207.510068][ T5731] vfs_write+0x9ed/0xe10 [ 207.514452][ T5731] ? kernel_write+0x670/0x670 [ 207.519214][ T5731] ? find_held_lock+0x2d/0x110 [ 207.524064][ T5731] ? __fget_light+0x20a/0x270 [ 207.528832][ T5731] ksys_write+0x12b/0x250 [ 207.533243][ T5731] ? __ia32_sys_read+0xb0/0xb0 [ 207.538097][ T5731] ? lockdep_hardirqs_on+0x7d/0x100 [ 207.543377][ T5731] ? _raw_spin_unlock_irq+0x2e/0x50 [ 207.548662][ T5731] ? ptrace_notify+0xfe/0x140 [ 207.553412][ T5731] do_syscall_64+0x39/0xb0 [ 207.557915][ T5731] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 207.563895][ T5731] RIP: 0033:0x7faecf034129 [ 207.568394][ T5731] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 207.588046][ T5731] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 207.596616][ T5731] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 207.604638][ T5731] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 207.612658][ T5731] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 207.620668][ T5731] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5734] close(3) = 0 [pid 5734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5734] mkdir("./file0", 000) = 0 [pid 5734] open("./file0", O_RDONLY) = 3 [pid 5734] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5734] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5734] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5734] openat(5, "memory.max", O_RDWR) = 6 [pid 5734] write(6, "0x000000000000040e", 18 [pid 5089] <... umount2 resumed>) = 0 [pid 5089] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./40/file0") = 0 [ 207.628668][ T5731] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000027 [ 207.636716][ T5731] [ 207.658099][ T5731] memory: usage 8kB, limit 0kB, failcnt 36 [ 207.664907][ T5731] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 207.673174][ T5731] Memory cgroup stats for /syz1: [ 207.673465][ T5731] anon 0 [pid 5089] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./40/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./40") = 0 [pid 5089] mkdir("./41", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 43 [ 207.673465][ T5731] file 0 [ 207.673465][ T5731] kernel 8192 [ 207.673465][ T5731] kernel_stack 0 [ 207.673465][ T5731] pagetables 0 [ 207.673465][ T5731] sec_pagetables 0 [ 207.673465][ T5731] percpu 0 [ 207.673465][ T5731] sock 0 [ 207.673465][ T5731] vmalloc 0 [ 207.673465][ T5731] shmem 0 [ 207.673465][ T5731] zswap 0 [ 207.673465][ T5731] zswapped 0 [ 207.673465][ T5731] file_mapped 0 [ 207.673465][ T5731] file_dirty 0 [ 207.673465][ T5731] file_writeback 0 [ 207.673465][ T5731] swapcached 0 [ 207.673465][ T5731] anon_thp 0 [ 207.673465][ T5731] file_thp 0 [ 207.673465][ T5731] shmem_thp 0 [ 207.673465][ T5731] inactive_anon 0 [ 207.673465][ T5731] active_anon 0 [ 207.673465][ T5731] inactive_file 0 [ 207.673465][ T5731] active_file 0 [ 207.673465][ T5731] unevictable 0 [ 207.673465][ T5731] slab_reclaimable 6752 [ 207.673465][ T5731] slab_unreclaimable 0 [ 207.673465][ T5731] slab 6752 [ 207.673465][ T5731] workingset_refault_anon 0 [ 207.673465][ T5731] workingset_refault_file 0 [ 207.673465][ T5731] workingset_activate_anon 0 [ 207.673465][ T5731] workingset_activate_file 0 [ 207.673465][ T5731] workingset_restore_anon 0 [ 207.673465][ T5731] workingset_restore_file 0 [ 207.673465][ T5731] workingset_nodereclaim 0 [ 207.673465][ T5731] pgscan 831 [ 207.673465][ T5731] pgsteal 2 [ 207.673465][ T5731] pgscan_kswapd 0 [ 207.673465][ T5731] pgscan_direct 831 [ 207.673465][ T5731] pgscan_khugepaged 0 [ 207.673465][ T5731] pgsteal_kswapd 0 [ 207.673465][ T5731] pgsteal_direct 2 [ 207.673465][ T5731] pgsteal_khugepaged 0 [ 207.673465][ T5731] pgfault 21 [ 207.673465][ T5731] pgmajfault 0 [ 207.673465][ T5731] pgrefill 830 ./strace-static-x86_64: Process 5735 attached [pid 5735] chdir("./41") = 0 [pid 5735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5735] setpgid(0, 0) = 0 [pid 5735] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5735] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5735] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5735] write(3, "1000", 4) = 4 [pid 5735] close(3) = 0 [pid 5735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5735] mkdir("./file0", 000) = 0 [pid 5735] open("./file0", O_RDONLY) = 3 [pid 5735] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5735] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5735] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5735] openat(5, "memory.max", O_RDWR) = 6 [ 207.673465][ T5731] pgactivate 829 [ 207.673465][ T5731] pgdeactivate 830 [ 207.673465][ T5731] pglazyfree 0 [ 207.673465][ T5731] pglazyfreed 0 [ 207.673465][ T5731] zswpin 0 [ 207.673465][ T5731] zswpout 0 [ 207.673465][ T5731] thp_fault_alloc 0 [ 207.673465][ T5731] thp_collapse_alloc 0 [ 207.891546][ T5731] Tasks state (memory values in pages): [ 207.897559][ T5731] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 207.908063][ T5731] Out of memory and no killable processes... [ 207.914448][ T5732] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 207.924941][ T5732] CPU: 1 PID: 5732 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5735] write(6, "0x000000000000040e", 18 [pid 5731] <... write resumed>) = 18 [pid 5731] close(3) = 0 [pid 5731] close(4) = 0 [pid 5731] close(5) = 0 [pid 5731] close(6) = 0 [pid 5731] close(7) = -1 EBADF (Bad file descriptor) [pid 5731] close(8) = -1 EBADF (Bad file descriptor) [pid 5731] close(9) = -1 EBADF (Bad file descriptor) [pid 5731] close(10) = -1 EBADF (Bad file descriptor) [pid 5731] close(11) = -1 EBADF (Bad file descriptor) [pid 5731] close(12) = -1 EBADF (Bad file descriptor) [pid 5731] close(13) = -1 EBADF (Bad file descriptor) [pid 5731] close(14) = -1 EBADF (Bad file descriptor) [pid 5731] close(15) = -1 EBADF (Bad file descriptor) [pid 5731] close(16) = -1 EBADF (Bad file descriptor) [pid 5731] close(17) = -1 EBADF (Bad file descriptor) [pid 5731] close(18) = -1 EBADF (Bad file descriptor) [pid 5731] close(19) = -1 EBADF (Bad file descriptor) [ 207.934892][ T5732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 207.944995][ T5732] Call Trace: [ 207.948308][ T5732] [ 207.951286][ T5732] dump_stack_lvl+0x136/0x150 [ 207.956038][ T5732] dump_header+0x10a/0xd70 [ 207.960520][ T5732] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 207.966683][ T5732] out_of_memory+0xd64/0x1660 [ 207.971446][ T5732] ? oom_killer_disable+0x2b0/0x2b0 [ 207.976736][ T5732] mem_cgroup_out_of_memory+0x206/0x270 [ 207.982350][ T5732] ? mem_cgroup_margin+0x130/0x130 [ 207.987567][ T5732] memory_max_write+0x2f9/0x3c0 [pid 5731] close(20) = -1 EBADF (Bad file descriptor) [pid 5731] close(21) = -1 EBADF (Bad file descriptor) [pid 5731] close(22) = -1 EBADF (Bad file descriptor) [pid 5731] close(23) = -1 EBADF (Bad file descriptor) [pid 5731] close(24) = -1 EBADF (Bad file descriptor) [pid 5731] close(25) = -1 EBADF (Bad file descriptor) [pid 5731] close(26) = -1 EBADF (Bad file descriptor) [pid 5731] close(27) = -1 EBADF (Bad file descriptor) [pid 5731] close(28) = -1 EBADF (Bad file descriptor) [pid 5731] close(29) = -1 EBADF (Bad file descriptor) [pid 5731] exit_group(0) = ? [pid 5731] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 207.992495][ T5732] ? mem_cgroup_force_empty_write+0x160/0x160 [ 207.998643][ T5732] ? lock_sync+0x190/0x190 [ 208.003128][ T5732] cgroup_file_write+0x1e2/0x7b0 [ 208.008148][ T5732] ? mem_cgroup_force_empty_write+0x160/0x160 [ 208.014289][ T5732] ? kill_css+0x3b0/0x3b0 [ 208.018687][ T5732] ? lock_acquire+0x32/0xc0 [ 208.023263][ T5732] ? kill_css+0x3b0/0x3b0 [ 208.027675][ T5732] kernfs_fop_write_iter+0x3f1/0x600 [ 208.033046][ T5732] vfs_write+0x9ed/0xe10 [ 208.037368][ T5732] ? kernel_write+0x670/0x670 [pid 5087] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./39/binderfs") = 0 [pid 5087] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./39/cgroup") = 0 [pid 5087] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./39/cgroup.net") = 0 [ 208.042114][ T5732] ? find_held_lock+0x2d/0x110 [ 208.046956][ T5732] ? __fget_light+0x20a/0x270 [ 208.051715][ T5732] ksys_write+0x12b/0x250 [ 208.056124][ T5732] ? __ia32_sys_read+0xb0/0xb0 [ 208.060962][ T5732] ? lockdep_hardirqs_on+0x7d/0x100 [ 208.066228][ T5732] ? _raw_spin_unlock_irq+0x2e/0x50 [ 208.071506][ T5732] ? ptrace_notify+0xfe/0x140 [ 208.076272][ T5732] do_syscall_64+0x39/0xb0 [ 208.080781][ T5732] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 208.086762][ T5732] RIP: 0033:0x7faecf034129 [ 208.091229][ T5732] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 208.110921][ T5732] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 208.119386][ T5732] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 208.127377][ T5732] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 208.135415][ T5732] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5087] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [ 208.143433][ T5732] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 208.151461][ T5732] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000025 [ 208.159494][ T5732] [ 208.167542][ T5732] memory: usage 8kB, limit 0kB, failcnt 36 [ 208.173787][ T5732] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 208.180900][ T5732] Memory cgroup stats for /syz1: [ 208.181127][ T5732] anon 0 [ 208.181127][ T5732] file 0 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./39/file0") = 0 [pid 5087] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./39/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./39") = 0 [pid 5087] mkdir("./40", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5736 attached [pid 5736] chdir("./40" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 42 [pid 5736] <... chdir resumed>) = 0 [pid 5736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5736] setpgid(0, 0) = 0 [pid 5736] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5736] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5736] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5736] write(3, "1000", 4) = 4 [pid 5736] close(3) = 0 [pid 5736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5736] mkdir("./file0", 000) = 0 [pid 5736] open("./file0", O_RDONLY) = 3 [pid 5736] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5736] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5736] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5736] openat(5, "memory.max", O_RDWR) = 6 [ 208.181127][ T5732] kernel 8192 [ 208.181127][ T5732] kernel_stack 0 [ 208.181127][ T5732] pagetables 0 [ 208.181127][ T5732] sec_pagetables 0 [ 208.181127][ T5732] percpu 0 [ 208.181127][ T5732] sock 0 [ 208.181127][ T5732] vmalloc 0 [ 208.181127][ T5732] shmem 0 [ 208.181127][ T5732] zswap 0 [ 208.181127][ T5732] zswapped 0 [ 208.181127][ T5732] file_mapped 0 [ 208.181127][ T5732] file_dirty 0 [ 208.181127][ T5732] file_writeback 0 [ 208.181127][ T5732] swapcached 0 [ 208.181127][ T5732] anon_thp 0 [ 208.181127][ T5732] file_thp 0 [ 208.181127][ T5732] shmem_thp 0 [ 208.181127][ T5732] inactive_anon 0 [ 208.181127][ T5732] active_anon 0 [ 208.181127][ T5732] inactive_file 0 [ 208.181127][ T5732] active_file 0 [ 208.181127][ T5732] unevictable 0 [ 208.181127][ T5732] slab_reclaimable 6752 [ 208.181127][ T5732] slab_unreclaimable 0 [ 208.181127][ T5732] slab 6752 [ 208.181127][ T5732] workingset_refault_anon 0 [ 208.181127][ T5732] workingset_refault_file 0 [ 208.181127][ T5732] workingset_activate_anon 0 [ 208.181127][ T5732] workingset_activate_file 0 [ 208.181127][ T5732] workingset_restore_anon 0 [ 208.181127][ T5732] workingset_restore_file 0 [ 208.181127][ T5732] workingset_nodereclaim 0 [ 208.181127][ T5732] pgscan 831 [ 208.181127][ T5732] pgsteal 2 [ 208.181127][ T5732] pgscan_kswapd 0 [ 208.181127][ T5732] pgscan_direct 831 [ 208.181127][ T5732] pgscan_khugepaged 0 [ 208.181127][ T5732] pgsteal_kswapd 0 [ 208.181127][ T5732] pgsteal_direct 2 [ 208.181127][ T5732] pgsteal_khugepaged 0 [ 208.181127][ T5732] pgfault 21 [ 208.181127][ T5732] pgmajfault 0 [ 208.181127][ T5732] pgrefill 830 [ 208.181127][ T5732] pgactivate 829 [ 208.181127][ T5732] pgdeactivate 830 [ 208.181127][ T5732] pglazyfree 0 [ 208.181127][ T5732] pglazyfreed 0 [ 208.181127][ T5732] zswpin 0 [ 208.181127][ T5732] zswpout 0 [ 208.181127][ T5732] thp_fault_alloc 0 [ 208.181127][ T5732] thp_collapse_alloc 0 [ 208.373699][ T5732] Tasks state (memory values in pages): [ 208.381368][ T5732] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5736] write(6, "0x000000000000040e", 18 [pid 5732] <... write resumed>) = 18 [pid 5732] close(3) = 0 [pid 5732] close(4) = 0 [pid 5732] close(5) = 0 [pid 5732] close(6) = 0 [pid 5732] close(7) = -1 EBADF (Bad file descriptor) [pid 5732] close(8) = -1 EBADF (Bad file descriptor) [pid 5732] close(9) = -1 EBADF (Bad file descriptor) [pid 5732] close(10) = -1 EBADF (Bad file descriptor) [pid 5732] close(11) = -1 EBADF (Bad file descriptor) [pid 5732] close(12) = -1 EBADF (Bad file descriptor) [pid 5732] close(13) = -1 EBADF (Bad file descriptor) [pid 5732] close(14) = -1 EBADF (Bad file descriptor) [pid 5732] close(15) = -1 EBADF (Bad file descriptor) [pid 5732] close(16) = -1 EBADF (Bad file descriptor) [pid 5732] close(17) = -1 EBADF (Bad file descriptor) [pid 5732] close(18) = -1 EBADF (Bad file descriptor) [pid 5732] close(19) = -1 EBADF (Bad file descriptor) [pid 5732] close(20) = -1 EBADF (Bad file descriptor) [pid 5732] close(21) = -1 EBADF (Bad file descriptor) [pid 5732] close(22) = -1 EBADF (Bad file descriptor) [pid 5732] close(23) = -1 EBADF (Bad file descriptor) [pid 5732] close(24) = -1 EBADF (Bad file descriptor) [pid 5732] close(25) = -1 EBADF (Bad file descriptor) [pid 5732] close(26) = -1 EBADF (Bad file descriptor) [pid 5732] close(27) = -1 EBADF (Bad file descriptor) [pid 5732] close(28) = -1 EBADF (Bad file descriptor) [pid 5732] close(29) = -1 EBADF (Bad file descriptor) [pid 5732] exit_group(0) = ? [pid 5732] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5085] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./37/binderfs") = 0 [pid 5085] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 208.393198][ T5732] Out of memory and no killable processes... [ 208.402728][ T5733] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5085] unlink("./37/cgroup") = 0 [pid 5085] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./37/cgroup.net") = 0 [ 208.438213][ T5733] CPU: 0 PID: 5733 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 208.448205][ T5733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 208.458304][ T5733] Call Trace: [ 208.461609][ T5733] [ 208.464588][ T5733] dump_stack_lvl+0x136/0x150 [ 208.469337][ T5733] dump_header+0x10a/0xd70 [ 208.473828][ T5733] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 208.479992][ T5733] out_of_memory+0xd64/0x1660 [ 208.484761][ T5733] ? oom_killer_disable+0x2b0/0x2b0 [ 208.490024][ T5733] mem_cgroup_out_of_memory+0x206/0x270 [ 208.495649][ T5733] ? mem_cgroup_margin+0x130/0x130 [ 208.500857][ T5733] memory_max_write+0x2f9/0x3c0 [ 208.505814][ T5733] ? mem_cgroup_force_empty_write+0x160/0x160 [ 208.511969][ T5733] ? lock_sync+0x190/0x190 [ 208.516440][ T5733] cgroup_file_write+0x1e2/0x7b0 [ 208.521438][ T5733] ? mem_cgroup_force_empty_write+0x160/0x160 [ 208.527578][ T5733] ? kill_css+0x3b0/0x3b0 [ 208.531944][ T5733] ? lock_acquire+0x32/0xc0 [ 208.536510][ T5733] ? kill_css+0x3b0/0x3b0 [ 208.540932][ T5733] kernfs_fop_write_iter+0x3f1/0x600 [ 208.546302][ T5733] vfs_write+0x9ed/0xe10 [ 208.550605][ T5733] ? kernel_write+0x670/0x670 [ 208.555333][ T5733] ? find_held_lock+0x2d/0x110 [ 208.560147][ T5733] ? __fget_light+0x20a/0x270 [ 208.564879][ T5733] ksys_write+0x12b/0x250 [ 208.569260][ T5733] ? __ia32_sys_read+0xb0/0xb0 [ 208.574070][ T5733] ? lockdep_hardirqs_on+0x7d/0x100 [ 208.579307][ T5733] ? _raw_spin_unlock_irq+0x2e/0x50 [ 208.584571][ T5733] ? ptrace_notify+0xfe/0x140 [ 208.589288][ T5733] do_syscall_64+0x39/0xb0 [ 208.593753][ T5733] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 208.599685][ T5733] RIP: 0033:0x7faecf034129 [ 208.604125][ T5733] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 208.623788][ T5733] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 208.632235][ T5733] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 208.640235][ T5733] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 208.648319][ T5733] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 208.656327][ T5733] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 208.664325][ T5733] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000029 [ 208.672373][ T5733] [ 208.680487][ T5733] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5085] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./37/file0") = 0 [pid 5085] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./37/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./37") = 0 [pid 5085] mkdir("./38", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 40 ./strace-static-x86_64: Process 5737 attached [pid 5737] chdir("./38") = 0 [pid 5737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5737] setpgid(0, 0) = 0 [ 208.687198][ T5733] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 208.695216][ T5733] Memory cgroup stats for /syz1: [ 208.695498][ T5733] anon 0 [ 208.695498][ T5733] file 0 [ 208.695498][ T5733] kernel 8192 [ 208.695498][ T5733] kernel_stack 0 [ 208.695498][ T5733] pagetables 0 [ 208.695498][ T5733] sec_pagetables 0 [ 208.695498][ T5733] percpu 0 [ 208.695498][ T5733] sock 0 [ 208.695498][ T5733] vmalloc 0 [ 208.695498][ T5733] shmem 0 [ 208.695498][ T5733] zswap 0 [ 208.695498][ T5733] zswapped 0 [ 208.695498][ T5733] file_mapped 0 [pid 5737] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5737] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5737] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5737] write(3, "1000", 4) = 4 [pid 5737] close(3) = 0 [pid 5737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5737] mkdir("./file0", 000) = 0 [pid 5737] open("./file0", O_RDONLY) = 3 [pid 5737] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5737] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5737] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 208.695498][ T5733] file_dirty 0 [ 208.695498][ T5733] file_writeback 0 [ 208.695498][ T5733] swapcached 0 [ 208.695498][ T5733] anon_thp 0 [ 208.695498][ T5733] file_thp 0 [ 208.695498][ T5733] shmem_thp 0 [ 208.695498][ T5733] inactive_anon 0 [ 208.695498][ T5733] active_anon 0 [ 208.695498][ T5733] inactive_file 0 [ 208.695498][ T5733] active_file 0 [ 208.695498][ T5733] unevictable 0 [ 208.695498][ T5733] slab_reclaimable 6752 [ 208.695498][ T5733] slab_unreclaimable 0 [ 208.695498][ T5733] slab 6752 [pid 5737] openat(5, "memory.max", O_RDWR) = 6 [ 208.695498][ T5733] workingset_refault_anon 0 [ 208.695498][ T5733] workingset_refault_file 0 [ 208.695498][ T5733] workingset_activate_anon 0 [ 208.695498][ T5733] workingset_activate_file 0 [ 208.695498][ T5733] workingset_restore_anon 0 [ 208.695498][ T5733] workingset_restore_file 0 [ 208.695498][ T5733] workingset_nodereclaim 0 [ 208.695498][ T5733] pgscan 831 [ 208.695498][ T5733] pgsteal 2 [ 208.695498][ T5733] pgscan_kswapd 0 [ 208.695498][ T5733] pgscan_direct 831 [ 208.695498][ T5733] pgscan_khugepaged 0 [ 208.695498][ T5733] pgsteal_kswapd 0 [ 208.695498][ T5733] pgsteal_direct 2 [ 208.695498][ T5733] pgsteal_khugepaged 0 [ 208.695498][ T5733] pgfault 21 [ 208.695498][ T5733] pgmajfault 0 [ 208.695498][ T5733] pgrefill 830 [ 208.695498][ T5733] pgactivate 829 [ 208.695498][ T5733] pgdeactivate 830 [ 208.695498][ T5733] pglazyfree 0 [ 208.695498][ T5733] pglazyfreed 0 [ 208.695498][ T5733] zswpin 0 [ 208.695498][ T5733] zswpout 0 [ 208.695498][ T5733] thp_fault_alloc 0 [ 208.695498][ T5733] thp_collapse_alloc 0 [pid 5737] write(6, "0x000000000000040e", 18 [pid 5733] <... write resumed>) = 18 [pid 5733] close(3) = 0 [pid 5733] close(4) = 0 [pid 5733] close(5) = 0 [pid 5733] close(6) = 0 [pid 5733] close(7) = -1 EBADF (Bad file descriptor) [pid 5733] close(8) = -1 EBADF (Bad file descriptor) [pid 5733] close(9) = -1 EBADF (Bad file descriptor) [pid 5733] close(10) = -1 EBADF (Bad file descriptor) [pid 5733] close(11) = -1 EBADF (Bad file descriptor) [pid 5733] close(12) = -1 EBADF (Bad file descriptor) [pid 5733] close(13) = -1 EBADF (Bad file descriptor) [pid 5733] close(14) = -1 EBADF (Bad file descriptor) [pid 5733] close(15) = -1 EBADF (Bad file descriptor) [pid 5733] close(16) = -1 EBADF (Bad file descriptor) [pid 5733] close(17) = -1 EBADF (Bad file descriptor) [pid 5733] close(18) = -1 EBADF (Bad file descriptor) [pid 5733] close(19) = -1 EBADF (Bad file descriptor) [pid 5733] close(20) = -1 EBADF (Bad file descriptor) [pid 5733] close(21) = -1 EBADF (Bad file descriptor) [pid 5733] close(22) = -1 EBADF (Bad file descriptor) [pid 5733] close(23) = -1 EBADF (Bad file descriptor) [pid 5733] close(24) = -1 EBADF (Bad file descriptor) [ 208.885327][ T5733] Tasks state (memory values in pages): [ 208.891297][ T5733] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 208.905247][ T5733] Out of memory and no killable processes... [ 208.911822][ T5734] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5733] close(25) = -1 EBADF (Bad file descriptor) [pid 5733] close(26) = -1 EBADF (Bad file descriptor) [pid 5733] close(27) = -1 EBADF (Bad file descriptor) [pid 5733] close(28) = -1 EBADF (Bad file descriptor) [pid 5733] close(29) = -1 EBADF (Bad file descriptor) [pid 5733] exit_group(0) = ? [pid 5733] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./41/binderfs") = 0 [pid 5090] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./41/cgroup") = 0 [pid 5090] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./41/cgroup.net") = 0 [ 208.942336][ T5734] CPU: 0 PID: 5734 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 208.952333][ T5734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 208.962443][ T5734] Call Trace: [ 208.965771][ T5734] [ 208.968760][ T5734] dump_stack_lvl+0x136/0x150 [ 208.973499][ T5734] dump_header+0x10a/0xd70 [ 208.977958][ T5734] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 208.984118][ T5734] out_of_memory+0xd64/0x1660 [ 208.988883][ T5734] ? oom_killer_disable+0x2b0/0x2b0 [ 208.994161][ T5734] mem_cgroup_out_of_memory+0x206/0x270 [ 208.999788][ T5734] ? mem_cgroup_margin+0x130/0x130 [ 209.005006][ T5734] memory_max_write+0x2f9/0x3c0 [ 209.009951][ T5734] ? mem_cgroup_force_empty_write+0x160/0x160 [ 209.016114][ T5734] ? lock_sync+0x190/0x190 [ 209.020603][ T5734] cgroup_file_write+0x1e2/0x7b0 [ 209.025625][ T5734] ? mem_cgroup_force_empty_write+0x160/0x160 [ 209.031792][ T5734] ? kill_css+0x3b0/0x3b0 [ 209.036194][ T5734] ? lock_acquire+0x32/0xc0 [ 209.040767][ T5734] ? kill_css+0x3b0/0x3b0 [ 209.045139][ T5734] kernfs_fop_write_iter+0x3f1/0x600 [ 209.050503][ T5734] vfs_write+0x9ed/0xe10 [ 209.054832][ T5734] ? kernel_write+0x670/0x670 [ 209.059572][ T5734] ? find_held_lock+0x2d/0x110 [ 209.064400][ T5734] ? __fget_light+0x20a/0x270 [ 209.069160][ T5734] ksys_write+0x12b/0x250 [ 209.073568][ T5734] ? __ia32_sys_read+0xb0/0xb0 [ 209.078412][ T5734] ? lockdep_hardirqs_on+0x7d/0x100 [ 209.083681][ T5734] ? _raw_spin_unlock_irq+0x2e/0x50 [ 209.088972][ T5734] ? ptrace_notify+0xfe/0x140 [ 209.093723][ T5734] do_syscall_64+0x39/0xb0 [ 209.098233][ T5734] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 209.104202][ T5734] RIP: 0033:0x7faecf034129 [ 209.108671][ T5734] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 209.128337][ T5734] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5090] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 209.136786][ T5734] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 209.144780][ T5734] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 209.152777][ T5734] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 209.160770][ T5734] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 209.168764][ T5734] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000026 [ 209.176778][ T5734] [pid 5090] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./41/file0") = 0 [pid 5090] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./41/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./41") = 0 [pid 5090] mkdir("./42", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5738 attached [pid 5738] chdir("./42" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 44 [pid 5738] <... chdir resumed>) = 0 [pid 5738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5738] setpgid(0, 0) = 0 [ 209.193392][ T5734] memory: usage 8kB, limit 0kB, failcnt 36 [ 209.204537][ T5734] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 209.218803][ T5734] Memory cgroup stats for /syz1: [ 209.219265][ T5734] anon 0 [ 209.219265][ T5734] file 0 [ 209.219265][ T5734] kernel 8192 [ 209.219265][ T5734] kernel_stack 0 [ 209.219265][ T5734] pagetables 0 [ 209.219265][ T5734] sec_pagetables 0 [pid 5738] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5738] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5738] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5738] write(3, "1000", 4) = 4 [pid 5738] close(3) = 0 [pid 5738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5738] mkdir("./file0", 000) = 0 [pid 5738] open("./file0", O_RDONLY) = 3 [pid 5738] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5738] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 209.219265][ T5734] percpu 0 [ 209.219265][ T5734] sock 0 [ 209.219265][ T5734] vmalloc 0 [ 209.219265][ T5734] shmem 0 [ 209.219265][ T5734] zswap 0 [ 209.219265][ T5734] zswapped 0 [ 209.219265][ T5734] file_mapped 0 [ 209.219265][ T5734] file_dirty 0 [ 209.219265][ T5734] file_writeback 0 [ 209.219265][ T5734] swapcached 0 [ 209.219265][ T5734] anon_thp 0 [ 209.219265][ T5734] file_thp 0 [ 209.219265][ T5734] shmem_thp 0 [ 209.219265][ T5734] inactive_anon 0 [ 209.219265][ T5734] active_anon 0 [ 209.219265][ T5734] inactive_file 0 [ 209.219265][ T5734] active_file 0 [ 209.219265][ T5734] unevictable 0 [ 209.219265][ T5734] slab_reclaimable 6752 [ 209.219265][ T5734] slab_unreclaimable 0 [ 209.219265][ T5734] slab 6752 [ 209.219265][ T5734] workingset_refault_anon 0 [ 209.219265][ T5734] workingset_refault_file 0 [ 209.219265][ T5734] workingset_activate_anon 0 [ 209.219265][ T5734] workingset_activate_file 0 [ 209.219265][ T5734] workingset_restore_anon 0 [ 209.219265][ T5734] workingset_restore_file 0 [ 209.219265][ T5734] workingset_nodereclaim 0 [ 209.219265][ T5734] pgscan 831 [ 209.219265][ T5734] pgsteal 2 [ 209.219265][ T5734] pgscan_kswapd 0 [ 209.219265][ T5734] pgscan_direct 831 [ 209.219265][ T5734] pgscan_khugepaged 0 [ 209.219265][ T5734] pgsteal_kswapd 0 [ 209.219265][ T5734] pgsteal_direct 2 [ 209.219265][ T5734] pgsteal_khugepaged 0 [ 209.219265][ T5734] pgfault 21 [ 209.219265][ T5734] pgmajfault 0 [ 209.219265][ T5734] pgrefill 830 [ 209.219265][ T5734] pgactivate 829 [ 209.219265][ T5734] pgdeactivate 830 [ 209.219265][ T5734] pglazyfree 0 [ 209.219265][ T5734] pglazyfreed 0 [ 209.219265][ T5734] zswpin 0 [pid 5738] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5738] openat(5, "memory.max", O_RDWR) = 6 [ 209.219265][ T5734] zswpout 0 [ 209.219265][ T5734] thp_fault_alloc 0 [ 209.219265][ T5734] thp_collapse_alloc 0 [ 209.415745][ T5734] Tasks state (memory values in pages): [ 209.423552][ T5734] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5738] write(6, "0x000000000000040e", 18 [pid 5734] <... write resumed>) = 18 [pid 5734] close(3) = 0 [pid 5734] close(4) = 0 [pid 5734] close(5) = 0 [pid 5734] close(6) = 0 [pid 5734] close(7) = -1 EBADF (Bad file descriptor) [pid 5734] close(8) = -1 EBADF (Bad file descriptor) [pid 5734] close(9) = -1 EBADF (Bad file descriptor) [ 209.453308][ T5734] Out of memory and no killable processes... [ 209.474121][ T5735] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5734] close(10) = -1 EBADF (Bad file descriptor) [pid 5734] close(11) = -1 EBADF (Bad file descriptor) [pid 5734] close(12) = -1 EBADF (Bad file descriptor) [pid 5734] close(13) = -1 EBADF (Bad file descriptor) [pid 5734] close(14) = -1 EBADF (Bad file descriptor) [pid 5734] close(15) = -1 EBADF (Bad file descriptor) [pid 5734] close(16) = -1 EBADF (Bad file descriptor) [pid 5734] close(17) = -1 EBADF (Bad file descriptor) [pid 5734] close(18) = -1 EBADF (Bad file descriptor) [pid 5734] close(19) = -1 EBADF (Bad file descriptor) [pid 5734] close(20) = -1 EBADF (Bad file descriptor) [pid 5734] close(21) = -1 EBADF (Bad file descriptor) [pid 5734] close(22) = -1 EBADF (Bad file descriptor) [ 209.501677][ T5735] CPU: 0 PID: 5735 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 209.511665][ T5735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 209.521794][ T5735] Call Trace: [ 209.525127][ T5735] [ 209.528102][ T5735] dump_stack_lvl+0x136/0x150 [ 209.532830][ T5735] dump_header+0x10a/0xd70 [ 209.537287][ T5735] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 209.543418][ T5735] out_of_memory+0xd64/0x1660 [ 209.548149][ T5735] ? oom_killer_disable+0x2b0/0x2b0 [ 209.553404][ T5735] mem_cgroup_out_of_memory+0x206/0x270 [ 209.558995][ T5735] ? mem_cgroup_margin+0x130/0x130 [ 209.564171][ T5735] memory_max_write+0x2f9/0x3c0 [ 209.569070][ T5735] ? mem_cgroup_force_empty_write+0x160/0x160 [ 209.575186][ T5735] ? lock_sync+0x190/0x190 [ 209.579640][ T5735] cgroup_file_write+0x1e2/0x7b0 [ 209.584622][ T5735] ? mem_cgroup_force_empty_write+0x160/0x160 [ 209.590737][ T5735] ? kill_css+0x3b0/0x3b0 [ 209.595112][ T5735] ? lock_acquire+0x32/0xc0 [ 209.599657][ T5735] ? kill_css+0x3b0/0x3b0 [ 209.604034][ T5735] kernfs_fop_write_iter+0x3f1/0x600 [ 209.609371][ T5735] vfs_write+0x9ed/0xe10 [ 209.613669][ T5735] ? kernel_write+0x670/0x670 [ 209.618396][ T5735] ? find_held_lock+0x2d/0x110 [ 209.623202][ T5735] ? __fget_light+0x20a/0x270 [ 209.627937][ T5735] ksys_write+0x12b/0x250 [ 209.632312][ T5735] ? __ia32_sys_read+0xb0/0xb0 [ 209.637124][ T5735] ? lockdep_hardirqs_on+0x7d/0x100 [ 209.642361][ T5735] ? _raw_spin_unlock_irq+0x2e/0x50 [ 209.647603][ T5735] ? ptrace_notify+0xfe/0x140 [ 209.652330][ T5735] do_syscall_64+0x39/0xb0 [ 209.656797][ T5735] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 209.662731][ T5735] RIP: 0033:0x7faecf034129 [ 209.667176][ T5735] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 209.686822][ T5735] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 209.695285][ T5735] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5734] close(23) = -1 EBADF (Bad file descriptor) [pid 5734] close(24) = -1 EBADF (Bad file descriptor) [pid 5734] close(25) = -1 EBADF (Bad file descriptor) [pid 5734] close(26) = -1 EBADF (Bad file descriptor) [pid 5734] close(27) = -1 EBADF (Bad file descriptor) [pid 5734] close(28) = -1 EBADF (Bad file descriptor) [pid 5734] close(29) = -1 EBADF (Bad file descriptor) [pid 5734] exit_group(0) = ? [pid 5734] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 209.703288][ T5735] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 209.711290][ T5735] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 209.719300][ T5735] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 209.727303][ T5735] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000029 [ 209.735335][ T5735] [pid 5086] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./38/binderfs") = 0 [pid 5086] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./38/cgroup") = 0 [pid 5086] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./38/cgroup.net") = 0 [pid 5086] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./38/file0") = 0 [pid 5086] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./38/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./38") = 0 [pid 5086] mkdir("./39", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 41 [ 209.872787][ T5735] memory: usage 8kB, limit 0kB, failcnt 36 [ 209.878682][ T5735] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 209.906251][ T5735] Memory cgroup stats for /syz1: [ 209.908667][ T5735] anon 0 [ 209.908667][ T5735] file 0 [ 209.908667][ T5735] kernel 8192 [ 209.908667][ T5735] kernel_stack 0 [ 209.908667][ T5735] pagetables 0 [ 209.908667][ T5735] sec_pagetables 0 [ 209.908667][ T5735] percpu 0 [ 209.908667][ T5735] sock 0 [ 209.908667][ T5735] vmalloc 0 [ 209.908667][ T5735] shmem 0 [ 209.908667][ T5735] zswap 0 [ 209.908667][ T5735] zswapped 0 [ 209.908667][ T5735] file_mapped 0 [ 209.908667][ T5735] file_dirty 0 [ 209.908667][ T5735] file_writeback 0 [ 209.908667][ T5735] swapcached 0 [ 209.908667][ T5735] anon_thp 0 [ 209.908667][ T5735] file_thp 0 [ 209.908667][ T5735] shmem_thp 0 [ 209.908667][ T5735] inactive_anon 0 [ 209.908667][ T5735] active_anon 0 [ 209.908667][ T5735] inactive_file 0 [ 209.908667][ T5735] active_file 0 [ 209.908667][ T5735] unevictable 0 [ 209.908667][ T5735] slab_reclaimable 6752 [ 209.908667][ T5735] slab_unreclaimable 0 [ 209.908667][ T5735] slab 6752 [ 209.908667][ T5735] workingset_refault_anon 0 [ 209.908667][ T5735] workingset_refault_file 0 [ 209.908667][ T5735] workingset_activate_anon 0 [ 209.908667][ T5735] workingset_activate_file 0 [ 209.908667][ T5735] workingset_restore_anon 0 [ 209.908667][ T5735] workingset_restore_file 0 [ 209.908667][ T5735] workingset_nodereclaim 0 [ 209.908667][ T5735] pgscan 831 [ 209.908667][ T5735] pgsteal 2 [ 209.908667][ T5735] pgscan_kswapd 0 [ 209.908667][ T5735] pgscan_direct 831 [ 209.908667][ T5735] pgscan_khugepaged 0 [ 209.908667][ T5735] pgsteal_kswapd 0 [ 209.908667][ T5735] pgsteal_direct 2 [ 209.908667][ T5735] pgsteal_khugepaged 0 [ 209.908667][ T5735] pgfault 21 [ 209.908667][ T5735] pgmajfault 0 [ 209.908667][ T5735] pgrefill 830 [ 209.908667][ T5735] pgactivate 829 ./strace-static-x86_64: Process 5739 attached [pid 5739] chdir("./39") = 0 [pid 5739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5739] setpgid(0, 0) = 0 [ 209.908667][ T5735] pgdeactivate 830 [ 209.908667][ T5735] pglazyfree 0 [ 209.908667][ T5735] pglazyfreed 0 [ 209.908667][ T5735] zswpin 0 [ 209.908667][ T5735] zswpout 0 [ 209.908667][ T5735] thp_fault_alloc 0 [ 209.908667][ T5735] thp_collapse_alloc 0 [pid 5739] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5739] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5739] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5739] write(3, "1000", 4) = 4 [pid 5739] close(3) = 0 [pid 5739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5739] mkdir("./file0", 000) = 0 [pid 5739] open("./file0", O_RDONLY) = 3 [pid 5739] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5739] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5739] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5739] openat(5, "memory.max", O_RDWR) = 6 [ 210.116800][ T5735] Tasks state (memory values in pages): [ 210.138865][ T5735] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5739] write(6, "0x000000000000040e", 18 [pid 5735] <... write resumed>) = 18 [pid 5735] close(3) = 0 [pid 5735] close(4) = 0 [ 210.171228][ T5735] Out of memory and no killable processes... [ 210.183037][ T5736] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 210.194061][ T5736] CPU: 1 PID: 5736 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 210.204029][ T5736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 210.214132][ T5736] Call Trace: [ 210.217483][ T5736] [ 210.220452][ T5736] dump_stack_lvl+0x136/0x150 [ 210.225190][ T5736] dump_header+0x10a/0xd70 [ 210.229666][ T5736] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 210.235810][ T5736] out_of_memory+0xd64/0x1660 [ 210.240565][ T5736] ? oom_killer_disable+0x2b0/0x2b0 [ 210.245845][ T5736] mem_cgroup_out_of_memory+0x206/0x270 [ 210.251458][ T5736] ? mem_cgroup_margin+0x130/0x130 [ 210.256663][ T5736] memory_max_write+0x2f9/0x3c0 [ 210.261592][ T5736] ? mem_cgroup_force_empty_write+0x160/0x160 [ 210.267739][ T5736] ? lock_sync+0x190/0x190 [ 210.272222][ T5736] cgroup_file_write+0x1e2/0x7b0 [ 210.277230][ T5736] ? mem_cgroup_force_empty_write+0x160/0x160 [ 210.283373][ T5736] ? kill_css+0x3b0/0x3b0 [ 210.287774][ T5736] ? lock_acquire+0x32/0xc0 [ 210.292353][ T5736] ? kill_css+0x3b0/0x3b0 [ 210.296753][ T5736] kernfs_fop_write_iter+0x3f1/0x600 [ 210.302121][ T5736] vfs_write+0x9ed/0xe10 [ 210.306471][ T5736] ? kernel_write+0x670/0x670 [ 210.311234][ T5736] ? find_held_lock+0x2d/0x110 [ 210.316076][ T5736] ? __fget_light+0x20a/0x270 [ 210.320832][ T5736] ksys_write+0x12b/0x250 [ 210.325241][ T5736] ? __ia32_sys_read+0xb0/0xb0 [ 210.330080][ T5736] ? lockdep_hardirqs_on+0x7d/0x100 [ 210.335353][ T5736] ? _raw_spin_unlock_irq+0x2e/0x50 [ 210.340635][ T5736] ? ptrace_notify+0xfe/0x140 [ 210.345393][ T5736] do_syscall_64+0x39/0xb0 [ 210.349891][ T5736] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 210.355856][ T5736] RIP: 0033:0x7faecf034129 [ 210.360323][ T5736] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 210.380027][ T5736] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 210.388509][ T5736] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 210.396553][ T5736] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 210.404574][ T5736] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 210.412608][ T5736] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5735] close(5) = 0 [pid 5735] close(6) = 0 [pid 5735] close(7) = -1 EBADF (Bad file descriptor) [pid 5735] close(8) = -1 EBADF (Bad file descriptor) [pid 5735] close(9) = -1 EBADF (Bad file descriptor) [pid 5735] close(10) = -1 EBADF (Bad file descriptor) [pid 5735] close(11) = -1 EBADF (Bad file descriptor) [pid 5735] close(12) = -1 EBADF (Bad file descriptor) [pid 5735] close(13) = -1 EBADF (Bad file descriptor) [pid 5735] close(14) = -1 EBADF (Bad file descriptor) [pid 5735] close(15) = -1 EBADF (Bad file descriptor) [pid 5735] close(16) = -1 EBADF (Bad file descriptor) [pid 5735] close(17) = -1 EBADF (Bad file descriptor) [pid 5735] close(18) = -1 EBADF (Bad file descriptor) [pid 5735] close(19) = -1 EBADF (Bad file descriptor) [pid 5735] close(20) = -1 EBADF (Bad file descriptor) [pid 5735] close(21) = -1 EBADF (Bad file descriptor) [pid 5735] close(22) = -1 EBADF (Bad file descriptor) [pid 5735] close(23) = -1 EBADF (Bad file descriptor) [pid 5735] close(24) = -1 EBADF (Bad file descriptor) [pid 5735] close(25) = -1 EBADF (Bad file descriptor) [pid 5735] close(26) = -1 EBADF (Bad file descriptor) [pid 5735] close(27) = -1 EBADF (Bad file descriptor) [pid 5735] close(28) = -1 EBADF (Bad file descriptor) [pid 5735] close(29) = -1 EBADF (Bad file descriptor) [pid 5735] exit_group(0) = ? [pid 5735] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./41/binderfs") = 0 [pid 5089] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 210.420635][ T5736] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000028 [ 210.428698][ T5736] [ 210.458473][ T5736] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5089] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./41/cgroup") = 0 [pid 5089] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./41/cgroup.net") = 0 [pid 5089] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 210.480961][ T5736] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 210.507796][ T5736] Memory cgroup stats for /syz1: [ 210.508088][ T5736] anon 0 [ 210.508088][ T5736] file 0 [ 210.508088][ T5736] kernel 8192 [ 210.508088][ T5736] kernel_stack 0 [ 210.508088][ T5736] pagetables 0 [ 210.508088][ T5736] sec_pagetables 0 [ 210.508088][ T5736] percpu 0 [ 210.508088][ T5736] sock 0 [ 210.508088][ T5736] vmalloc 0 [ 210.508088][ T5736] shmem 0 [ 210.508088][ T5736] zswap 0 [ 210.508088][ T5736] zswapped 0 [ 210.508088][ T5736] file_mapped 0 [ 210.508088][ T5736] file_dirty 0 [ 210.508088][ T5736] file_writeback 0 [ 210.508088][ T5736] swapcached 0 [ 210.508088][ T5736] anon_thp 0 [ 210.508088][ T5736] file_thp 0 [ 210.508088][ T5736] shmem_thp 0 [ 210.508088][ T5736] inactive_anon 0 [ 210.508088][ T5736] active_anon 0 [ 210.508088][ T5736] inactive_file 0 [ 210.508088][ T5736] active_file 0 [ 210.508088][ T5736] unevictable 0 [ 210.508088][ T5736] slab_reclaimable 6752 [ 210.508088][ T5736] slab_unreclaimable 0 [ 210.508088][ T5736] slab 6752 [ 210.508088][ T5736] workingset_refault_anon 0 [ 210.508088][ T5736] workingset_refault_file 0 [ 210.508088][ T5736] workingset_activate_anon 0 [ 210.508088][ T5736] workingset_activate_file 0 [ 210.508088][ T5736] workingset_restore_anon 0 [ 210.508088][ T5736] workingset_restore_file 0 [ 210.508088][ T5736] workingset_nodereclaim 0 [ 210.508088][ T5736] pgscan 831 [ 210.508088][ T5736] pgsteal 2 [ 210.508088][ T5736] pgscan_kswapd 0 [ 210.508088][ T5736] pgscan_direct 831 [ 210.508088][ T5736] pgscan_khugepaged 0 [ 210.508088][ T5736] pgsteal_kswapd 0 [ 210.508088][ T5736] pgsteal_direct 2 [ 210.508088][ T5736] pgsteal_khugepaged 0 [ 210.508088][ T5736] pgfault 21 [ 210.508088][ T5736] pgmajfault 0 [ 210.508088][ T5736] pgrefill 830 [ 210.508088][ T5736] pgactivate 829 [ 210.508088][ T5736] pgdeactivate 830 [ 210.508088][ T5736] pglazyfree 0 [ 210.508088][ T5736] pglazyfreed 0 [pid 5089] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./41/file0") = 0 [pid 5089] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./41/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 210.508088][ T5736] zswpin 0 [ 210.508088][ T5736] zswpout 0 [ 210.508088][ T5736] thp_fault_alloc 0 [ 210.508088][ T5736] thp_collapse_alloc 0 [ 210.701744][ T5736] Tasks state (memory values in pages): [ 210.710329][ T5736] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5089] close(3) = 0 [pid 5089] rmdir("./41") = 0 [pid 5089] mkdir("./42", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 44 [pid 5736] <... write resumed>) = 18 ./strace-static-x86_64: Process 5740 attached [pid 5740] chdir("./42") = 0 [pid 5740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5740] setpgid(0, 0) = 0 [pid 5740] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5736] close(3 [pid 5740] <... symlink resumed>) = 0 [pid 5740] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5740] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5740] write(3, "1000", 4) = 4 [pid 5740] close(3) = 0 [pid 5736] <... close resumed>) = 0 [pid 5740] symlink("/dev/binderfs", "./binderfs" [ 210.741110][ T5736] Out of memory and no killable processes... [ 210.748632][ T5737] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5736] close(4 [pid 5740] <... symlink resumed>) = 0 [pid 5736] <... close resumed>) = 0 [pid 5736] close(5) = 0 [pid 5736] close(6) = 0 [pid 5736] close(7) = -1 EBADF (Bad file descriptor) [pid 5736] close(8) = -1 EBADF (Bad file descriptor) [pid 5736] close(9) = -1 EBADF (Bad file descriptor) [pid 5736] close(10) = -1 EBADF (Bad file descriptor) [pid 5736] close(11) = -1 EBADF (Bad file descriptor) [pid 5736] close(12) = -1 EBADF (Bad file descriptor) [pid 5736] close(13) = -1 EBADF (Bad file descriptor) [pid 5736] close(14) = -1 EBADF (Bad file descriptor) [pid 5736] close(15) = -1 EBADF (Bad file descriptor) [pid 5736] close(16) = -1 EBADF (Bad file descriptor) [pid 5736] close(17) = -1 EBADF (Bad file descriptor) [pid 5736] close(18) = -1 EBADF (Bad file descriptor) [pid 5736] close(19) = -1 EBADF (Bad file descriptor) [pid 5736] close(20) = -1 EBADF (Bad file descriptor) [pid 5736] close(21) = -1 EBADF (Bad file descriptor) [pid 5736] close(22) = -1 EBADF (Bad file descriptor) [pid 5736] close(23) = -1 EBADF (Bad file descriptor) [pid 5736] close(24) = -1 EBADF (Bad file descriptor) [pid 5736] close(25) = -1 EBADF (Bad file descriptor) [ 210.781612][ T5737] CPU: 0 PID: 5737 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 210.791601][ T5737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 210.801714][ T5737] Call Trace: [ 210.805040][ T5737] [ 210.808017][ T5737] dump_stack_lvl+0x136/0x150 [ 210.812782][ T5737] dump_header+0x10a/0xd70 [ 210.817269][ T5737] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 210.823425][ T5737] out_of_memory+0xd64/0x1660 [ 210.828157][ T5737] ? oom_killer_disable+0x2b0/0x2b0 [ 210.833413][ T5737] mem_cgroup_out_of_memory+0x206/0x270 [ 210.839010][ T5737] ? mem_cgroup_margin+0x130/0x130 [ 210.844181][ T5737] memory_max_write+0x2f9/0x3c0 [ 210.849079][ T5737] ? mem_cgroup_force_empty_write+0x160/0x160 [ 210.855204][ T5737] ? lock_sync+0x190/0x190 [ 210.859662][ T5737] cgroup_file_write+0x1e2/0x7b0 [ 210.864652][ T5737] ? mem_cgroup_force_empty_write+0x160/0x160 [ 210.870781][ T5737] ? kill_css+0x3b0/0x3b0 [ 210.875152][ T5737] ? lock_acquire+0x32/0xc0 [ 210.879701][ T5737] ? kill_css+0x3b0/0x3b0 [ 210.884072][ T5737] kernfs_fop_write_iter+0x3f1/0x600 [ 210.889428][ T5737] vfs_write+0x9ed/0xe10 [ 210.893747][ T5737] ? kernel_write+0x670/0x670 [ 210.898609][ T5737] ? find_held_lock+0x2d/0x110 [ 210.903471][ T5737] ? __fget_light+0x20a/0x270 [ 210.908233][ T5737] ksys_write+0x12b/0x250 [ 210.912624][ T5737] ? __ia32_sys_read+0xb0/0xb0 [ 210.917440][ T5737] ? lockdep_hardirqs_on+0x7d/0x100 [ 210.922680][ T5737] ? _raw_spin_unlock_irq+0x2e/0x50 [ 210.927916][ T5737] ? ptrace_notify+0xfe/0x140 [ 210.932641][ T5737] do_syscall_64+0x39/0xb0 [ 210.937127][ T5737] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 210.943063][ T5737] RIP: 0033:0x7faecf034129 [ 210.947501][ T5737] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 210.967140][ T5737] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5736] close(26) = -1 EBADF (Bad file descriptor) [pid 5736] close(27) = -1 EBADF (Bad file descriptor) [pid 5740] mkdir("./file0", 000 [pid 5736] close(28 [pid 5740] <... mkdir resumed>) = 0 [pid 5740] open("./file0", O_RDONLY) = 3 [pid 5736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5740] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5736] close(29 [pid 5740] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5740] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5740] openat(5, "memory.max", O_RDWR [pid 5736] exit_group(0 [pid 5740] <... openat resumed>) = 6 [pid 5736] <... exit_group resumed>) = ? [pid 5740] write(6, "0x000000000000040e", 18 [pid 5736] +++ exited with 0 +++ [ 210.975598][ T5737] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 210.983602][ T5737] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 210.991621][ T5737] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 210.999624][ T5737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 211.007624][ T5737] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000026 [ 211.015663][ T5737] [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./40/binderfs") = 0 [pid 5087] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./40/cgroup") = 0 [pid 5087] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./40/cgroup.net") = 0 [pid 5087] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 211.047477][ T5737] memory: usage 8kB, limit 0kB, failcnt 36 [ 211.055244][ T5737] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 211.097511][ T5737] Memory cgroup stats for /syz1: [ 211.097779][ T5737] anon 0 [ 211.097779][ T5737] file 0 [ 211.097779][ T5737] kernel 8192 [ 211.097779][ T5737] kernel_stack 0 [ 211.097779][ T5737] pagetables 0 [ 211.097779][ T5737] sec_pagetables 0 [ 211.097779][ T5737] percpu 0 [ 211.097779][ T5737] sock 0 [ 211.097779][ T5737] vmalloc 0 [ 211.097779][ T5737] shmem 0 [ 211.097779][ T5737] zswap 0 [ 211.097779][ T5737] zswapped 0 [ 211.097779][ T5737] file_mapped 0 [ 211.097779][ T5737] file_dirty 0 [pid 5087] close(4) = 0 [ 211.097779][ T5737] file_writeback 0 [ 211.097779][ T5737] swapcached 0 [ 211.097779][ T5737] anon_thp 0 [ 211.097779][ T5737] file_thp 0 [ 211.097779][ T5737] shmem_thp 0 [ 211.097779][ T5737] inactive_anon 0 [ 211.097779][ T5737] active_anon 0 [ 211.097779][ T5737] inactive_file 0 [ 211.097779][ T5737] active_file 0 [ 211.097779][ T5737] unevictable 0 [ 211.097779][ T5737] slab_reclaimable 6752 [ 211.097779][ T5737] slab_unreclaimable 0 [ 211.097779][ T5737] slab 6752 [ 211.097779][ T5737] workingset_refault_anon 0 [ 211.097779][ T5737] workingset_refault_file 0 [pid 5087] rmdir("./40/file0") = 0 [pid 5087] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./40/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./40") = 0 [pid 5087] mkdir("./41", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 43 [ 211.097779][ T5737] workingset_activate_anon 0 [ 211.097779][ T5737] workingset_activate_file 0 [ 211.097779][ T5737] workingset_restore_anon 0 [ 211.097779][ T5737] workingset_restore_file 0 [ 211.097779][ T5737] workingset_nodereclaim 0 [ 211.097779][ T5737] pgscan 831 [ 211.097779][ T5737] pgsteal 2 [ 211.097779][ T5737] pgscan_kswapd 0 [ 211.097779][ T5737] pgscan_direct 831 [ 211.097779][ T5737] pgscan_khugepaged 0 [ 211.097779][ T5737] pgsteal_kswapd 0 [ 211.097779][ T5737] pgsteal_direct 2 [ 211.097779][ T5737] pgsteal_khugepaged 0 ./strace-static-x86_64: Process 5741 attached [pid 5741] chdir("./41") = 0 [pid 5741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5741] setpgid(0, 0) = 0 [pid 5741] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5741] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [ 211.097779][ T5737] pgfault 21 [ 211.097779][ T5737] pgmajfault 0 [ 211.097779][ T5737] pgrefill 830 [ 211.097779][ T5737] pgactivate 829 [ 211.097779][ T5737] pgdeactivate 830 [ 211.097779][ T5737] pglazyfree 0 [ 211.097779][ T5737] pglazyfreed 0 [ 211.097779][ T5737] zswpin 0 [ 211.097779][ T5737] zswpout 0 [ 211.097779][ T5737] thp_fault_alloc 0 [ 211.097779][ T5737] thp_collapse_alloc 0 [pid 5741] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5741] write(3, "1000", 4) = 4 [pid 5741] close(3) = 0 [ 211.305392][ T5737] Tasks state (memory values in pages): [ 211.316891][ T5737] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 211.330707][ T5737] Out of memory and no killable processes... [pid 5741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5741] mkdir("./file0", 000) = 0 [pid 5741] open("./file0", O_RDONLY) = 3 [pid 5741] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5737] <... write resumed>) = 18 [pid 5741] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5737] close(3 [pid 5741] openat(4, "syz1", O_RDWR|O_PATH [pid 5737] <... close resumed>) = 0 [pid 5741] <... openat resumed>) = 5 [pid 5737] close(4 [pid 5741] openat(5, "memory.max", O_RDWR [pid 5737] <... close resumed>) = 0 [pid 5741] <... openat resumed>) = 6 [ 211.345784][ T5738] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 211.368614][ T5738] CPU: 1 PID: 5738 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 211.378617][ T5738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 211.388732][ T5738] Call Trace: [ 211.392051][ T5738] [ 211.395021][ T5738] dump_stack_lvl+0x136/0x150 [ 211.399769][ T5738] dump_header+0x10a/0xd70 [pid 5741] write(6, "0x000000000000040e", 18 [pid 5737] close(5) = 0 [pid 5737] close(6) = 0 [pid 5737] close(7) = -1 EBADF (Bad file descriptor) [pid 5737] close(8) = -1 EBADF (Bad file descriptor) [pid 5737] close(9) = -1 EBADF (Bad file descriptor) [pid 5737] close(10) = -1 EBADF (Bad file descriptor) [pid 5737] close(11) = -1 EBADF (Bad file descriptor) [pid 5737] close(12) = -1 EBADF (Bad file descriptor) [pid 5737] close(13) = -1 EBADF (Bad file descriptor) [pid 5737] close(14) = -1 EBADF (Bad file descriptor) [pid 5737] close(15) = -1 EBADF (Bad file descriptor) [pid 5737] close(16) = -1 EBADF (Bad file descriptor) [pid 5737] close(17) = -1 EBADF (Bad file descriptor) [pid 5737] close(18) = -1 EBADF (Bad file descriptor) [pid 5737] close(19) = -1 EBADF (Bad file descriptor) [pid 5737] close(20) = -1 EBADF (Bad file descriptor) [ 211.404254][ T5738] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 211.410430][ T5738] out_of_memory+0xd64/0x1660 [ 211.415191][ T5738] ? oom_killer_disable+0x2b0/0x2b0 [ 211.420479][ T5738] mem_cgroup_out_of_memory+0x206/0x270 [ 211.426103][ T5738] ? mem_cgroup_margin+0x130/0x130 [ 211.431314][ T5738] memory_max_write+0x2f9/0x3c0 [ 211.436249][ T5738] ? mem_cgroup_force_empty_write+0x160/0x160 [ 211.442402][ T5738] ? lock_sync+0x190/0x190 [ 211.446896][ T5738] cgroup_file_write+0x1e2/0x7b0 [pid 5737] close(21) = -1 EBADF (Bad file descriptor) [pid 5737] close(22) = -1 EBADF (Bad file descriptor) [pid 5737] close(23) = -1 EBADF (Bad file descriptor) [pid 5737] close(24) = -1 EBADF (Bad file descriptor) [pid 5737] close(25) = -1 EBADF (Bad file descriptor) [pid 5737] close(26) = -1 EBADF (Bad file descriptor) [pid 5737] close(27) = -1 EBADF (Bad file descriptor) [pid 5737] close(28) = -1 EBADF (Bad file descriptor) [pid 5737] close(29) = -1 EBADF (Bad file descriptor) [pid 5737] exit_group(0) = ? [pid 5737] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5085] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./38/binderfs") = 0 [pid 5085] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 211.451917][ T5738] ? mem_cgroup_force_empty_write+0x160/0x160 [ 211.458065][ T5738] ? kill_css+0x3b0/0x3b0 [ 211.462473][ T5738] ? lock_acquire+0x32/0xc0 [ 211.467062][ T5738] ? kill_css+0x3b0/0x3b0 [ 211.471475][ T5738] kernfs_fop_write_iter+0x3f1/0x600 [ 211.476852][ T5738] vfs_write+0x9ed/0xe10 [ 211.481182][ T5738] ? kernel_write+0x670/0x670 [ 211.485947][ T5738] ? find_held_lock+0x2d/0x110 [ 211.490802][ T5738] ? __fget_light+0x20a/0x270 [ 211.495573][ T5738] ksys_write+0x12b/0x250 [ 211.499999][ T5738] ? __ia32_sys_read+0xb0/0xb0 [pid 5085] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./38/cgroup") = 0 [pid 5085] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./38/cgroup.net") = 0 [ 211.504849][ T5738] ? lockdep_hardirqs_on+0x7d/0x100 [ 211.510124][ T5738] ? _raw_spin_unlock_irq+0x2e/0x50 [ 211.515401][ T5738] ? ptrace_notify+0xfe/0x140 [ 211.520162][ T5738] do_syscall_64+0x39/0xb0 [ 211.524671][ T5738] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 211.530647][ T5738] RIP: 0033:0x7faecf034129 [ 211.535119][ T5738] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5085] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./38/file0") = 0 [pid 5085] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 211.554771][ T5738] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 211.563218][ T5738] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 211.571221][ T5738] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 211.579247][ T5738] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 211.587272][ T5738] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 211.595299][ T5738] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002a [ 211.603376][ T5738] [pid 5085] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./38/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./38") = 0 [pid 5085] mkdir("./39", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 41 ./strace-static-x86_64: Process 5742 attached [pid 5742] chdir("./39") = 0 [pid 5742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5742] setpgid(0, 0) = 0 [pid 5742] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5742] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5742] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5742] write(3, "1000", 4) = 4 [pid 5742] close(3) = 0 [pid 5742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5742] mkdir("./file0", 000) = 0 [pid 5742] open("./file0", O_RDONLY) = 3 [pid 5742] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 211.648069][ T5738] memory: usage 8kB, limit 0kB, failcnt 36 [ 211.655849][ T5738] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 211.670175][ T5738] Memory cgroup stats for /syz1: [ 211.670466][ T5738] anon 0 [ 211.670466][ T5738] file 0 [ 211.670466][ T5738] kernel 8192 [ 211.670466][ T5738] kernel_stack 0 [ 211.670466][ T5738] pagetables 0 [ 211.670466][ T5738] sec_pagetables 0 [ 211.670466][ T5738] percpu 0 [pid 5742] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5742] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5742] openat(5, "memory.max", O_RDWR) = 6 [ 211.670466][ T5738] sock 0 [ 211.670466][ T5738] vmalloc 0 [ 211.670466][ T5738] shmem 0 [ 211.670466][ T5738] zswap 0 [ 211.670466][ T5738] zswapped 0 [ 211.670466][ T5738] file_mapped 0 [ 211.670466][ T5738] file_dirty 0 [ 211.670466][ T5738] file_writeback 0 [ 211.670466][ T5738] swapcached 0 [ 211.670466][ T5738] anon_thp 0 [ 211.670466][ T5738] file_thp 0 [ 211.670466][ T5738] shmem_thp 0 [ 211.670466][ T5738] inactive_anon 0 [ 211.670466][ T5738] active_anon 0 [ 211.670466][ T5738] inactive_file 0 [ 211.670466][ T5738] active_file 0 [ 211.670466][ T5738] unevictable 0 [ 211.670466][ T5738] slab_reclaimable 6752 [ 211.670466][ T5738] slab_unreclaimable 0 [ 211.670466][ T5738] slab 6752 [ 211.670466][ T5738] workingset_refault_anon 0 [ 211.670466][ T5738] workingset_refault_file 0 [ 211.670466][ T5738] workingset_activate_anon 0 [ 211.670466][ T5738] workingset_activate_file 0 [ 211.670466][ T5738] workingset_restore_anon 0 [ 211.670466][ T5738] workingset_restore_file 0 [ 211.670466][ T5738] workingset_nodereclaim 0 [ 211.670466][ T5738] pgscan 831 [ 211.670466][ T5738] pgsteal 2 [ 211.670466][ T5738] pgscan_kswapd 0 [ 211.670466][ T5738] pgscan_direct 831 [ 211.670466][ T5738] pgscan_khugepaged 0 [ 211.670466][ T5738] pgsteal_kswapd 0 [ 211.670466][ T5738] pgsteal_direct 2 [ 211.670466][ T5738] pgsteal_khugepaged 0 [ 211.670466][ T5738] pgfault 21 [ 211.670466][ T5738] pgmajfault 0 [ 211.670466][ T5738] pgrefill 830 [ 211.670466][ T5738] pgactivate 829 [ 211.670466][ T5738] pgdeactivate 830 [ 211.670466][ T5738] pglazyfree 0 [ 211.670466][ T5738] pglazyfreed 0 [ 211.670466][ T5738] zswpin 0 [pid 5742] write(6, "0x000000000000040e", 18 [pid 5738] <... write resumed>) = 18 [pid 5738] close(3) = 0 [pid 5738] close(4) = 0 [pid 5738] close(5) = 0 [pid 5738] close(6) = 0 [pid 5738] close(7) = -1 EBADF (Bad file descriptor) [pid 5738] close(8) = -1 EBADF (Bad file descriptor) [pid 5738] close(9) = -1 EBADF (Bad file descriptor) [pid 5738] close(10) = -1 EBADF (Bad file descriptor) [pid 5738] close(11) = -1 EBADF (Bad file descriptor) [pid 5738] close(12) = -1 EBADF (Bad file descriptor) [pid 5738] close(13) = -1 EBADF (Bad file descriptor) [pid 5738] close(14) = -1 EBADF (Bad file descriptor) [pid 5738] close(15) = -1 EBADF (Bad file descriptor) [pid 5738] close(16) = -1 EBADF (Bad file descriptor) [pid 5738] close(17) = -1 EBADF (Bad file descriptor) [pid 5738] close(18) = -1 EBADF (Bad file descriptor) [pid 5738] close(19) = -1 EBADF (Bad file descriptor) [pid 5738] close(20) = -1 EBADF (Bad file descriptor) [pid 5738] close(21) = -1 EBADF (Bad file descriptor) [pid 5738] close(22) = -1 EBADF (Bad file descriptor) [pid 5738] close(23) = -1 EBADF (Bad file descriptor) [pid 5738] close(24) = -1 EBADF (Bad file descriptor) [pid 5738] close(25) = -1 EBADF (Bad file descriptor) [ 211.670466][ T5738] zswpout 0 [ 211.670466][ T5738] thp_fault_alloc 0 [ 211.670466][ T5738] thp_collapse_alloc 0 [ 211.863804][ T5738] Tasks state (memory values in pages): [ 211.869431][ T5738] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 211.879189][ T5738] Out of memory and no killable processes... [ 211.885530][ T5739] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5738] close(26) = -1 EBADF (Bad file descriptor) [pid 5738] close(27) = -1 EBADF (Bad file descriptor) [pid 5738] close(28) = -1 EBADF (Bad file descriptor) [pid 5738] close(29) = -1 EBADF (Bad file descriptor) [pid 5738] exit_group(0) = ? [pid 5738] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./42/binderfs") = 0 [pid 5090] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./42/cgroup") = 0 [pid 5090] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 211.902870][ T5739] CPU: 1 PID: 5739 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 211.912854][ T5739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 211.922963][ T5739] Call Trace: [ 211.926287][ T5739] [ 211.929264][ T5739] dump_stack_lvl+0x136/0x150 [ 211.934016][ T5739] dump_header+0x10a/0xd70 [ 211.938503][ T5739] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 211.944675][ T5739] out_of_memory+0xd64/0x1660 [pid 5090] unlink("./42/cgroup.net") = 0 [ 211.949451][ T5739] ? oom_killer_disable+0x2b0/0x2b0 [ 211.954731][ T5739] ? find_held_lock+0x2d/0x110 [ 211.959555][ T5739] mem_cgroup_out_of_memory+0x206/0x270 [ 211.965150][ T5739] ? mem_cgroup_margin+0x130/0x130 [ 211.970342][ T5739] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 211.976330][ T5739] memory_max_write+0x2f9/0x3c0 [ 211.981224][ T5739] ? mem_cgroup_force_empty_write+0x160/0x160 [ 211.987366][ T5739] ? lock_sync+0x190/0x190 [ 211.991859][ T5739] cgroup_file_write+0x1e2/0x7b0 [ 211.996891][ T5739] ? mem_cgroup_force_empty_write+0x160/0x160 [ 212.003057][ T5739] ? kill_css+0x3b0/0x3b0 [ 212.007449][ T5739] ? lock_acquire+0x32/0xc0 [ 212.012007][ T5739] ? kill_css+0x3b0/0x3b0 [ 212.016410][ T5739] kernfs_fop_write_iter+0x3f1/0x600 [ 212.021771][ T5739] vfs_write+0x9ed/0xe10 [ 212.026097][ T5739] ? kernel_write+0x670/0x670 [ 212.030858][ T5739] ? find_held_lock+0x2d/0x110 [ 212.035705][ T5739] ? __fget_light+0x20a/0x270 [ 212.040493][ T5739] ksys_write+0x12b/0x250 [ 212.044908][ T5739] ? __ia32_sys_read+0xb0/0xb0 [ 212.049749][ T5739] ? lockdep_hardirqs_on+0x7d/0x100 [ 212.055021][ T5739] ? _raw_spin_unlock_irq+0x2e/0x50 [ 212.060295][ T5739] ? ptrace_notify+0xfe/0x140 [ 212.065044][ T5739] do_syscall_64+0x39/0xb0 [ 212.069532][ T5739] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 212.075505][ T5739] RIP: 0033:0x7faecf034129 [ 212.079972][ T5739] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 212.099642][ T5739] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 212.108123][ T5739] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 212.116155][ T5739] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 212.124178][ T5739] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 212.132197][ T5739] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 212.140219][ T5739] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000027 [ 212.148270][ T5739] [pid 5090] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./42/file0") = 0 [pid 5090] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./42/cgroup.cpu") = 0 [ 212.156408][ T5739] memory: usage 8kB, limit 0kB, failcnt 36 [ 212.162587][ T5739] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 212.169477][ T5739] Memory cgroup stats for /syz1: [ 212.169769][ T5739] anon 0 [ 212.169769][ T5739] file 0 [ 212.169769][ T5739] kernel 8192 [ 212.169769][ T5739] kernel_stack 0 [ 212.169769][ T5739] pagetables 0 [ 212.169769][ T5739] sec_pagetables 0 [ 212.169769][ T5739] percpu 0 [ 212.169769][ T5739] sock 0 [ 212.169769][ T5739] vmalloc 0 [ 212.169769][ T5739] shmem 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./42") = 0 [pid 5090] mkdir("./43", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 45 [ 212.169769][ T5739] zswap 0 [ 212.169769][ T5739] zswapped 0 [ 212.169769][ T5739] file_mapped 0 [ 212.169769][ T5739] file_dirty 0 [ 212.169769][ T5739] file_writeback 0 [ 212.169769][ T5739] swapcached 0 [ 212.169769][ T5739] anon_thp 0 [ 212.169769][ T5739] file_thp 0 [ 212.169769][ T5739] shmem_thp 0 [ 212.169769][ T5739] inactive_anon 0 [ 212.169769][ T5739] active_anon 0 [ 212.169769][ T5739] inactive_file 0 [ 212.169769][ T5739] active_file 0 [ 212.169769][ T5739] unevictable 0 [ 212.169769][ T5739] slab_reclaimable 6752 [ 212.169769][ T5739] slab_unreclaimable 0 [ 212.169769][ T5739] slab 6752 [ 212.169769][ T5739] workingset_refault_anon 0 [ 212.169769][ T5739] workingset_refault_file 0 [ 212.169769][ T5739] workingset_activate_anon 0 [ 212.169769][ T5739] workingset_activate_file 0 [ 212.169769][ T5739] workingset_restore_anon 0 [ 212.169769][ T5739] workingset_restore_file 0 [ 212.169769][ T5739] workingset_nodereclaim 0 [ 212.169769][ T5739] pgscan 831 [ 212.169769][ T5739] pgsteal 2 [ 212.169769][ T5739] pgscan_kswapd 0 [ 212.169769][ T5739] pgscan_direct 831 ./strace-static-x86_64: Process 5743 attached [pid 5743] chdir("./43") = 0 [pid 5743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5743] setpgid(0, 0) = 0 [pid 5743] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5743] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5743] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5743] write(3, "1000", 4) = 4 [pid 5743] close(3) = 0 [pid 5743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5743] mkdir("./file0", 000) = 0 [pid 5743] open("./file0", O_RDONLY) = 3 [pid 5743] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5743] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5743] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5743] openat(5, "memory.max", O_RDWR) = 6 [ 212.169769][ T5739] pgscan_khugepaged 0 [ 212.169769][ T5739] pgsteal_kswapd 0 [ 212.169769][ T5739] pgsteal_direct 2 [ 212.169769][ T5739] pgsteal_khugepaged 0 [ 212.169769][ T5739] pgfault 21 [ 212.169769][ T5739] pgmajfault 0 [ 212.169769][ T5739] pgrefill 830 [ 212.169769][ T5739] pgactivate 829 [ 212.169769][ T5739] pgdeactivate 830 [ 212.169769][ T5739] pglazyfree 0 [ 212.169769][ T5739] pglazyfreed 0 [ 212.169769][ T5739] zswpin 0 [ 212.169769][ T5739] zswpout 0 [ 212.169769][ T5739] thp_fault_alloc 0 [ 212.169769][ T5739] thp_collapse_alloc 0 [ 212.386196][ T5739] Tasks state (memory values in pages): [ 212.392436][ T5739] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 212.403026][ T5739] Out of memory and no killable processes... [ 212.409206][ T5740] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 212.420150][ T5740] CPU: 0 PID: 5740 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5743] write(6, "0x000000000000040e", 18 [pid 5739] <... write resumed>) = 18 [pid 5739] close(3) = 0 [pid 5739] close(4) = 0 [pid 5739] close(5) = 0 [pid 5739] close(6) = 0 [ 212.430105][ T5740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 212.440208][ T5740] Call Trace: [ 212.443525][ T5740] [ 212.446501][ T5740] dump_stack_lvl+0x136/0x150 [ 212.451242][ T5740] dump_header+0x10a/0xd70 [ 212.455722][ T5740] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 212.461868][ T5740] out_of_memory+0xd64/0x1660 [ 212.466637][ T5740] ? oom_killer_disable+0x2b0/0x2b0 [ 212.471910][ T5740] ? find_held_lock+0x2d/0x110 [ 212.476737][ T5740] mem_cgroup_out_of_memory+0x206/0x270 [pid 5739] close(7) = -1 EBADF (Bad file descriptor) [pid 5739] close(8) = -1 EBADF (Bad file descriptor) [pid 5739] close(9) = -1 EBADF (Bad file descriptor) [pid 5739] close(10) = -1 EBADF (Bad file descriptor) [pid 5739] close(11) = -1 EBADF (Bad file descriptor) [pid 5739] close(12) = -1 EBADF (Bad file descriptor) [pid 5739] close(13) = -1 EBADF (Bad file descriptor) [pid 5739] close(14) = -1 EBADF (Bad file descriptor) [pid 5739] close(15) = -1 EBADF (Bad file descriptor) [ 212.482357][ T5740] ? mem_cgroup_margin+0x130/0x130 [ 212.487562][ T5740] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 212.493467][ T5740] memory_max_write+0x2f9/0x3c0 [ 212.498403][ T5740] ? mem_cgroup_force_empty_write+0x160/0x160 [ 212.504550][ T5740] ? lock_sync+0x190/0x190 [ 212.509049][ T5740] cgroup_file_write+0x1e2/0x7b0 [ 212.514075][ T5740] ? mem_cgroup_force_empty_write+0x160/0x160 [ 212.520228][ T5740] ? kill_css+0x3b0/0x3b0 [ 212.524646][ T5740] ? lock_acquire+0x32/0xc0 [ 212.529231][ T5740] ? kill_css+0x3b0/0x3b0 [ 212.533638][ T5740] kernfs_fop_write_iter+0x3f1/0x600 [ 212.539012][ T5740] vfs_write+0x9ed/0xe10 [ 212.543362][ T5740] ? kernel_write+0x670/0x670 [ 212.548152][ T5740] ? find_held_lock+0x2d/0x110 [ 212.553002][ T5740] ? __fget_light+0x20a/0x270 [ 212.557769][ T5740] ksys_write+0x12b/0x250 [ 212.562187][ T5740] ? __ia32_sys_read+0xb0/0xb0 [ 212.567028][ T5740] ? lockdep_hardirqs_on+0x7d/0x100 [ 212.572299][ T5740] ? _raw_spin_unlock_irq+0x2e/0x50 [ 212.577571][ T5740] ? ptrace_notify+0xfe/0x140 [ 212.582326][ T5740] do_syscall_64+0x39/0xb0 [ 212.586823][ T5740] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 212.592781][ T5740] RIP: 0033:0x7faecf034129 [ 212.597242][ T5740] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 212.616915][ T5740] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 212.625402][ T5740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5739] close(16) = -1 EBADF (Bad file descriptor) [pid 5739] close(17) = -1 EBADF (Bad file descriptor) [pid 5739] close(18) = -1 EBADF (Bad file descriptor) [pid 5739] close(19) = -1 EBADF (Bad file descriptor) [pid 5739] close(20) = -1 EBADF (Bad file descriptor) [pid 5739] close(21) = -1 EBADF (Bad file descriptor) [pid 5739] close(22) = -1 EBADF (Bad file descriptor) [pid 5739] close(23) = -1 EBADF (Bad file descriptor) [pid 5739] close(24) = -1 EBADF (Bad file descriptor) [pid 5739] close(25) = -1 EBADF (Bad file descriptor) [pid 5739] close(26) = -1 EBADF (Bad file descriptor) [pid 5739] close(27) = -1 EBADF (Bad file descriptor) [pid 5739] close(28) = -1 EBADF (Bad file descriptor) [pid 5739] close(29) = -1 EBADF (Bad file descriptor) [pid 5739] exit_group(0) = ? [pid 5739] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5086] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./39/binderfs") = 0 [pid 5086] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./39/cgroup") = 0 [pid 5086] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./39/cgroup.net") = 0 [pid 5086] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 212.633433][ T5740] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 212.641452][ T5740] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 212.649474][ T5740] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 212.657482][ T5740] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002a [ 212.665524][ T5740] [pid 5086] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./39/file0") = 0 [pid 5086] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./39/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./39") = 0 [pid 5086] mkdir("./40", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5744 attached [ 212.682070][ T5740] memory: usage 8kB, limit 0kB, failcnt 36 [ 212.688149][ T5740] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 212.696755][ T5740] Memory cgroup stats for /syz1: [ 212.697156][ T5740] anon 0 [ 212.697156][ T5740] file 0 [ 212.697156][ T5740] kernel 8192 [ 212.697156][ T5740] kernel_stack 0 [ 212.697156][ T5740] pagetables 0 [ 212.697156][ T5740] sec_pagetables 0 [ 212.697156][ T5740] percpu 0 [ 212.697156][ T5740] sock 0 [ 212.697156][ T5740] vmalloc 0 [ 212.697156][ T5740] shmem 0 [ 212.697156][ T5740] zswap 0 [pid 5744] chdir("./40" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 42 [pid 5744] <... chdir resumed>) = 0 [ 212.697156][ T5740] zswapped 0 [ 212.697156][ T5740] file_mapped 0 [ 212.697156][ T5740] file_dirty 0 [ 212.697156][ T5740] file_writeback 0 [ 212.697156][ T5740] swapcached 0 [ 212.697156][ T5740] anon_thp 0 [ 212.697156][ T5740] file_thp 0 [ 212.697156][ T5740] shmem_thp 0 [ 212.697156][ T5740] inactive_anon 0 [ 212.697156][ T5740] active_anon 0 [ 212.697156][ T5740] inactive_file 0 [ 212.697156][ T5740] active_file 0 [ 212.697156][ T5740] unevictable 0 [ 212.697156][ T5740] slab_reclaimable 6752 [ 212.697156][ T5740] slab_unreclaimable 0 [pid 5744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5744] setpgid(0, 0) = 0 [pid 5744] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5744] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5744] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5744] write(3, "1000", 4) = 4 [pid 5744] close(3) = 0 [pid 5744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5744] mkdir("./file0", 000) = 0 [pid 5744] open("./file0", O_RDONLY) = 3 [ 212.697156][ T5740] slab 6752 [ 212.697156][ T5740] workingset_refault_anon 0 [ 212.697156][ T5740] workingset_refault_file 0 [ 212.697156][ T5740] workingset_activate_anon 0 [ 212.697156][ T5740] workingset_activate_file 0 [ 212.697156][ T5740] workingset_restore_anon 0 [ 212.697156][ T5740] workingset_restore_file 0 [ 212.697156][ T5740] workingset_nodereclaim 0 [ 212.697156][ T5740] pgscan 831 [ 212.697156][ T5740] pgsteal 2 [ 212.697156][ T5740] pgscan_kswapd 0 [ 212.697156][ T5740] pgscan_direct 831 [ 212.697156][ T5740] pgscan_khugepaged 0 [pid 5744] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5744] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5744] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5744] openat(5, "memory.max", O_RDWR) = 6 [ 212.697156][ T5740] pgsteal_kswapd 0 [ 212.697156][ T5740] pgsteal_direct 2 [ 212.697156][ T5740] pgsteal_khugepaged 0 [ 212.697156][ T5740] pgfault 21 [ 212.697156][ T5740] pgmajfault 0 [ 212.697156][ T5740] pgrefill 830 [ 212.697156][ T5740] pgactivate 829 [ 212.697156][ T5740] pgdeactivate 830 [ 212.697156][ T5740] pglazyfree 0 [ 212.697156][ T5740] pglazyfreed 0 [ 212.697156][ T5740] zswpin 0 [ 212.697156][ T5740] zswpout 0 [ 212.697156][ T5740] thp_fault_alloc 0 [ 212.697156][ T5740] thp_collapse_alloc 0 [pid 5744] write(6, "0x000000000000040e", 18 [pid 5740] <... write resumed>) = 18 [ 212.886890][ T5740] Tasks state (memory values in pages): [ 212.893391][ T5740] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 212.907830][ T5740] Out of memory and no killable processes... [ 212.914383][ T5741] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 212.925156][ T5741] CPU: 1 PID: 5741 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5740] close(3) = 0 [pid 5740] close(4) = 0 [pid 5740] close(5) = 0 [pid 5740] close(6) = 0 [pid 5740] close(7) = -1 EBADF (Bad file descriptor) [pid 5740] close(8) = -1 EBADF (Bad file descriptor) [pid 5740] close(9) = -1 EBADF (Bad file descriptor) [pid 5740] close(10) = -1 EBADF (Bad file descriptor) [pid 5740] close(11) = -1 EBADF (Bad file descriptor) [pid 5740] close(12) = -1 EBADF (Bad file descriptor) [pid 5740] close(13) = -1 EBADF (Bad file descriptor) [pid 5740] close(14) = -1 EBADF (Bad file descriptor) [pid 5740] close(15) = -1 EBADF (Bad file descriptor) [pid 5740] close(16) = -1 EBADF (Bad file descriptor) [pid 5740] close(17) = -1 EBADF (Bad file descriptor) [pid 5740] close(18) = -1 EBADF (Bad file descriptor) [pid 5740] close(19) = -1 EBADF (Bad file descriptor) [pid 5740] close(20) = -1 EBADF (Bad file descriptor) [pid 5740] close(21) = -1 EBADF (Bad file descriptor) [ 212.935122][ T5741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 212.945235][ T5741] Call Trace: [ 212.948567][ T5741] [ 212.951552][ T5741] dump_stack_lvl+0x136/0x150 [ 212.956306][ T5741] dump_header+0x10a/0xd70 [ 212.960795][ T5741] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 212.966959][ T5741] out_of_memory+0xd64/0x1660 [ 212.971730][ T5741] ? oom_killer_disable+0x2b0/0x2b0 [ 212.977016][ T5741] ? find_held_lock+0x2d/0x110 [ 212.981860][ T5741] mem_cgroup_out_of_memory+0x206/0x270 [pid 5740] close(22) = -1 EBADF (Bad file descriptor) [pid 5740] close(23) = -1 EBADF (Bad file descriptor) [pid 5740] close(24) = -1 EBADF (Bad file descriptor) [pid 5740] close(25) = -1 EBADF (Bad file descriptor) [pid 5740] close(26) = -1 EBADF (Bad file descriptor) [pid 5740] close(27) = -1 EBADF (Bad file descriptor) [pid 5740] close(28) = -1 EBADF (Bad file descriptor) [pid 5740] close(29) = -1 EBADF (Bad file descriptor) [pid 5740] exit_group(0) = ? [pid 5740] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 212.987486][ T5741] ? mem_cgroup_margin+0x130/0x130 [ 212.992690][ T5741] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 212.998596][ T5741] memory_max_write+0x2f9/0x3c0 [ 213.003549][ T5741] ? mem_cgroup_force_empty_write+0x160/0x160 [ 213.009713][ T5741] ? lock_sync+0x190/0x190 [ 213.014206][ T5741] cgroup_file_write+0x1e2/0x7b0 [ 213.019234][ T5741] ? mem_cgroup_force_empty_write+0x160/0x160 [ 213.025392][ T5741] ? kill_css+0x3b0/0x3b0 [ 213.029810][ T5741] ? lock_acquire+0x32/0xc0 [ 213.034409][ T5741] ? kill_css+0x3b0/0x3b0 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./42/binderfs") = 0 [pid 5089] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./42/cgroup") = 0 [pid 5089] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./42/cgroup.net") = 0 [ 213.038816][ T5741] kernfs_fop_write_iter+0x3f1/0x600 [ 213.044189][ T5741] vfs_write+0x9ed/0xe10 [ 213.048530][ T5741] ? kernel_write+0x670/0x670 [ 213.053303][ T5741] ? find_held_lock+0x2d/0x110 [ 213.058151][ T5741] ? __fget_light+0x20a/0x270 [ 213.062928][ T5741] ksys_write+0x12b/0x250 [ 213.067355][ T5741] ? __ia32_sys_read+0xb0/0xb0 [ 213.072230][ T5741] ? lockdep_hardirqs_on+0x7d/0x100 [ 213.077512][ T5741] ? _raw_spin_unlock_irq+0x2e/0x50 [ 213.082794][ T5741] ? ptrace_notify+0xfe/0x140 [ 213.087542][ T5741] do_syscall_64+0x39/0xb0 [ 213.092035][ T5741] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 213.097994][ T5741] RIP: 0033:0x7faecf034129 [ 213.102444][ T5741] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 213.122113][ T5741] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 213.130569][ T5741] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5089] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 213.138596][ T5741] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 213.146622][ T5741] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 213.154630][ T5741] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 213.162645][ T5741] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000029 [ 213.170706][ T5741] [ 213.182615][ T5741] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5089] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./42/file0") = 0 [pid 5089] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./42/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./42") = 0 [ 213.188511][ T5741] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 213.195532][ T5741] Memory cgroup stats for /syz1: [ 213.195821][ T5741] anon 0 [ 213.195821][ T5741] file 0 [ 213.195821][ T5741] kernel 8192 [ 213.195821][ T5741] kernel_stack 0 [ 213.195821][ T5741] pagetables 0 [ 213.195821][ T5741] sec_pagetables 0 [ 213.195821][ T5741] percpu 0 [ 213.195821][ T5741] sock 0 [ 213.195821][ T5741] vmalloc 0 [ 213.195821][ T5741] shmem 0 [ 213.195821][ T5741] zswap 0 [ 213.195821][ T5741] zswapped 0 [ 213.195821][ T5741] file_mapped 0 [pid 5089] mkdir("./43", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 45 ./strace-static-x86_64: Process 5745 attached [pid 5745] chdir("./43") = 0 [ 213.195821][ T5741] file_dirty 0 [ 213.195821][ T5741] file_writeback 0 [ 213.195821][ T5741] swapcached 0 [ 213.195821][ T5741] anon_thp 0 [ 213.195821][ T5741] file_thp 0 [ 213.195821][ T5741] shmem_thp 0 [ 213.195821][ T5741] inactive_anon 0 [ 213.195821][ T5741] active_anon 0 [ 213.195821][ T5741] inactive_file 0 [ 213.195821][ T5741] active_file 0 [ 213.195821][ T5741] unevictable 0 [ 213.195821][ T5741] slab_reclaimable 6752 [ 213.195821][ T5741] slab_unreclaimable 0 [ 213.195821][ T5741] slab 6752 [pid 5745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5745] setpgid(0, 0) = 0 [pid 5745] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5745] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 213.195821][ T5741] workingset_refault_anon 0 [ 213.195821][ T5741] workingset_refault_file 0 [ 213.195821][ T5741] workingset_activate_anon 0 [ 213.195821][ T5741] workingset_activate_file 0 [ 213.195821][ T5741] workingset_restore_anon 0 [ 213.195821][ T5741] workingset_restore_file 0 [ 213.195821][ T5741] workingset_nodereclaim 0 [ 213.195821][ T5741] pgscan 831 [ 213.195821][ T5741] pgsteal 2 [ 213.195821][ T5741] pgscan_kswapd 0 [ 213.195821][ T5741] pgscan_direct 831 [ 213.195821][ T5741] pgscan_khugepaged 0 [ 213.195821][ T5741] pgsteal_kswapd 0 [pid 5745] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5745] write(3, "1000", 4) = 4 [pid 5745] close(3) = 0 [ 213.195821][ T5741] pgsteal_direct 2 [ 213.195821][ T5741] pgsteal_khugepaged 0 [ 213.195821][ T5741] pgfault 21 [ 213.195821][ T5741] pgmajfault 0 [ 213.195821][ T5741] pgrefill 830 [ 213.195821][ T5741] pgactivate 829 [ 213.195821][ T5741] pgdeactivate 830 [ 213.195821][ T5741] pglazyfree 0 [ 213.195821][ T5741] pglazyfreed 0 [ 213.195821][ T5741] zswpin 0 [ 213.195821][ T5741] zswpout 0 [ 213.195821][ T5741] thp_fault_alloc 0 [ 213.195821][ T5741] thp_collapse_alloc 0 [pid 5745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5745] mkdir("./file0", 000) = 0 [pid 5745] open("./file0", O_RDONLY) = 3 [pid 5745] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5745] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5745] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5745] openat(5, "memory.max", O_RDWR) = 6 [pid 5745] write(6, "0x000000000000040e", 18 [pid 5741] <... write resumed>) = 18 [pid 5741] close(3) = 0 [pid 5741] close(4) = 0 [pid 5741] close(5) = 0 [pid 5741] close(6) = 0 [ 213.394974][ T5741] Tasks state (memory values in pages): [ 213.400599][ T5741] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 213.419698][ T5741] Out of memory and no killable processes... [ 213.427388][ T5742] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5741] close(7) = -1 EBADF (Bad file descriptor) [pid 5741] close(8) = -1 EBADF (Bad file descriptor) [pid 5741] close(9) = -1 EBADF (Bad file descriptor) [pid 5741] close(10) = -1 EBADF (Bad file descriptor) [pid 5741] close(11) = -1 EBADF (Bad file descriptor) [pid 5741] close(12) = -1 EBADF (Bad file descriptor) [pid 5741] close(13) = -1 EBADF (Bad file descriptor) [pid 5741] close(14) = -1 EBADF (Bad file descriptor) [pid 5741] close(15) = -1 EBADF (Bad file descriptor) [pid 5741] close(16) = -1 EBADF (Bad file descriptor) [pid 5741] close(17) = -1 EBADF (Bad file descriptor) [pid 5741] close(18) = -1 EBADF (Bad file descriptor) [pid 5741] close(19) = -1 EBADF (Bad file descriptor) [pid 5741] close(20) = -1 EBADF (Bad file descriptor) [pid 5741] close(21) = -1 EBADF (Bad file descriptor) [pid 5741] close(22) = -1 EBADF (Bad file descriptor) [pid 5741] close(23) = -1 EBADF (Bad file descriptor) [pid 5741] close(24) = -1 EBADF (Bad file descriptor) [pid 5741] close(25) = -1 EBADF (Bad file descriptor) [pid 5741] close(26) = -1 EBADF (Bad file descriptor) [pid 5741] close(27) = -1 EBADF (Bad file descriptor) [pid 5741] close(28) = -1 EBADF (Bad file descriptor) [pid 5741] close(29) = -1 EBADF (Bad file descriptor) [pid 5741] exit_group(0) = ? [pid 5741] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 213.449847][ T5742] CPU: 1 PID: 5742 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 213.459839][ T5742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 213.469956][ T5742] Call Trace: [ 213.473284][ T5742] [ 213.476266][ T5742] dump_stack_lvl+0x136/0x150 [ 213.481022][ T5742] dump_header+0x10a/0xd70 [ 213.485515][ T5742] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 213.491684][ T5742] out_of_memory+0xd64/0x1660 [pid 5087] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 213.496458][ T5742] ? oom_killer_disable+0x2b0/0x2b0 [ 213.501751][ T5742] mem_cgroup_out_of_memory+0x206/0x270 [ 213.507375][ T5742] ? mem_cgroup_margin+0x130/0x130 [ 213.512603][ T5742] memory_max_write+0x2f9/0x3c0 [ 213.517551][ T5742] ? mem_cgroup_force_empty_write+0x160/0x160 [ 213.523713][ T5742] ? lock_sync+0x190/0x190 [ 213.528210][ T5742] cgroup_file_write+0x1e2/0x7b0 [ 213.533233][ T5742] ? mem_cgroup_force_empty_write+0x160/0x160 [ 213.539384][ T5742] ? kill_css+0x3b0/0x3b0 [ 213.543784][ T5742] ? lock_acquire+0x32/0xc0 [ 213.548354][ T5742] ? kill_css+0x3b0/0x3b0 [ 213.552764][ T5742] kernfs_fop_write_iter+0x3f1/0x600 [ 213.558133][ T5742] vfs_write+0x9ed/0xe10 [ 213.562467][ T5742] ? kernel_write+0x670/0x670 [ 213.567231][ T5742] ? find_held_lock+0x2d/0x110 [ 213.572103][ T5742] ? __fget_light+0x20a/0x270 [ 213.576866][ T5742] ksys_write+0x12b/0x250 [ 213.581273][ T5742] ? __ia32_sys_read+0xb0/0xb0 [ 213.586120][ T5742] ? lockdep_hardirqs_on+0x7d/0x100 [ 213.591387][ T5742] ? _raw_spin_unlock_irq+0x2e/0x50 [ 213.596664][ T5742] ? ptrace_notify+0xfe/0x140 [ 213.601417][ T5742] do_syscall_64+0x39/0xb0 [ 213.605913][ T5742] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 213.611840][ T5742] RIP: 0033:0x7faecf034129 [ 213.616289][ T5742] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 213.635960][ T5742] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 213.644448][ T5742] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 213.652479][ T5742] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 213.660506][ T5742] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 213.668532][ T5742] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 213.676549][ T5742] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000027 [ 213.684586][ T5742] [ 213.690248][ T5742] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5087] unlink("./41/binderfs") = 0 [pid 5087] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./41/cgroup") = 0 [pid 5087] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./41/cgroup.net") = 0 [ 213.698367][ T5742] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 213.716171][ T5742] Memory cgroup stats for /syz1: [ 213.716479][ T5742] anon 0 [ 213.716479][ T5742] file 0 [ 213.716479][ T5742] kernel 8192 [ 213.716479][ T5742] kernel_stack 0 [ 213.716479][ T5742] pagetables 0 [ 213.716479][ T5742] sec_pagetables 0 [ 213.716479][ T5742] percpu 0 [ 213.716479][ T5742] sock 0 [ 213.716479][ T5742] vmalloc 0 [ 213.716479][ T5742] shmem 0 [ 213.716479][ T5742] zswap 0 [ 213.716479][ T5742] zswapped 0 [ 213.716479][ T5742] file_mapped 0 [ 213.716479][ T5742] file_dirty 0 [ 213.716479][ T5742] file_writeback 0 [ 213.716479][ T5742] swapcached 0 [ 213.716479][ T5742] anon_thp 0 [ 213.716479][ T5742] file_thp 0 [ 213.716479][ T5742] shmem_thp 0 [ 213.716479][ T5742] inactive_anon 0 [ 213.716479][ T5742] active_anon 0 [ 213.716479][ T5742] inactive_file 0 [ 213.716479][ T5742] active_file 0 [ 213.716479][ T5742] unevictable 0 [ 213.716479][ T5742] slab_reclaimable 6752 [ 213.716479][ T5742] slab_unreclaimable 0 [ 213.716479][ T5742] slab 6752 [ 213.716479][ T5742] workingset_refault_anon 0 [ 213.716479][ T5742] workingset_refault_file 0 [ 213.716479][ T5742] workingset_activate_anon 0 [ 213.716479][ T5742] workingset_activate_file 0 [ 213.716479][ T5742] workingset_restore_anon 0 [ 213.716479][ T5742] workingset_restore_file 0 [ 213.716479][ T5742] workingset_nodereclaim 0 [ 213.716479][ T5742] pgscan 831 [ 213.716479][ T5742] pgsteal 2 [ 213.716479][ T5742] pgscan_kswapd 0 [ 213.716479][ T5742] pgscan_direct 831 [ 213.716479][ T5742] pgscan_khugepaged 0 [ 213.716479][ T5742] pgsteal_kswapd 0 [ 213.716479][ T5742] pgsteal_direct 2 [ 213.716479][ T5742] pgsteal_khugepaged 0 [ 213.716479][ T5742] pgfault 21 [ 213.716479][ T5742] pgmajfault 0 [ 213.716479][ T5742] pgrefill 830 [ 213.716479][ T5742] pgactivate 829 [ 213.716479][ T5742] pgdeactivate 830 [ 213.716479][ T5742] pglazyfree 0 [ 213.716479][ T5742] pglazyfreed 0 [ 213.716479][ T5742] zswpin 0 [ 213.716479][ T5742] zswpout 0 [ 213.716479][ T5742] thp_fault_alloc 0 [pid 5087] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./41/file0") = 0 [pid 5742] <... write resumed>) = 18 [pid 5087] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./41/cgroup.cpu") = 0 [ 213.716479][ T5742] thp_collapse_alloc 0 [ 213.909095][ T5742] Tasks state (memory values in pages): [ 213.914976][ T5742] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 213.924768][ T5742] Out of memory and no killable processes... [ 213.930869][ T5743] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 213.941370][ T5743] CPU: 1 PID: 5743 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./41") = 0 [pid 5087] mkdir("./42", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5746 attached [pid 5746] chdir("./42" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 44 [pid 5746] <... chdir resumed>) = 0 [pid 5746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5746] setpgid(0, 0) = 0 [pid 5746] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5746] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [ 213.951330][ T5743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 213.961445][ T5743] Call Trace: [ 213.964778][ T5743] [ 213.967759][ T5743] dump_stack_lvl+0x136/0x150 [ 213.972510][ T5743] dump_header+0x10a/0xd70 [ 213.976994][ T5743] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 213.983165][ T5743] out_of_memory+0xd64/0x1660 [ 213.987930][ T5743] ? oom_killer_disable+0x2b0/0x2b0 [ 213.993213][ T5743] ? find_held_lock+0x2d/0x110 [pid 5746] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5746] write(3, "1000", 4) = 4 [pid 5746] close(3) = 0 [pid 5746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5746] mkdir("./file0", 000) = 0 [pid 5746] open("./file0", O_RDONLY) = 3 [pid 5746] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5746] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5746] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5746] openat(5, "memory.max", O_RDWR) = 6 [ 213.998057][ T5743] mem_cgroup_out_of_memory+0x206/0x270 [ 214.003679][ T5743] ? mem_cgroup_margin+0x130/0x130 [ 214.008879][ T5743] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 214.014778][ T5743] memory_max_write+0x2f9/0x3c0 [ 214.019733][ T5743] ? mem_cgroup_force_empty_write+0x160/0x160 [ 214.025914][ T5743] ? lock_sync+0x190/0x190 [ 214.030448][ T5743] cgroup_file_write+0x1e2/0x7b0 [ 214.035480][ T5743] ? mem_cgroup_force_empty_write+0x160/0x160 [ 214.041627][ T5743] ? kill_css+0x3b0/0x3b0 [ 214.046028][ T5743] ? lock_acquire+0x32/0xc0 [ 214.050605][ T5743] ? kill_css+0x3b0/0x3b0 [ 214.055002][ T5743] kernfs_fop_write_iter+0x3f1/0x600 [ 214.060360][ T5743] vfs_write+0x9ed/0xe10 [ 214.064662][ T5743] ? kernel_write+0x670/0x670 [ 214.069393][ T5743] ? find_held_lock+0x2d/0x110 [ 214.074206][ T5743] ? __fget_light+0x20a/0x270 [ 214.078937][ T5743] ksys_write+0x12b/0x250 [ 214.083320][ T5743] ? __ia32_sys_read+0xb0/0xb0 [ 214.088157][ T5743] ? lockdep_hardirqs_on+0x7d/0x100 [ 214.093395][ T5743] ? _raw_spin_unlock_irq+0x2e/0x50 [ 214.098658][ T5743] ? ptrace_notify+0xfe/0x140 [ 214.103403][ T5743] do_syscall_64+0x39/0xb0 [ 214.107871][ T5743] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 214.113803][ T5743] RIP: 0033:0x7faecf034129 [ 214.118246][ T5743] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 214.137909][ T5743] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5746] write(6, "0x000000000000040e", 18 [pid 5742] close(3) = 0 [pid 5742] close(4) = 0 [ 214.146357][ T5743] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 214.154355][ T5743] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 214.162350][ T5743] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 214.170351][ T5743] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 214.178355][ T5743] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002b [ 214.186378][ T5743] [ 214.196039][ T5743] memory: usage 8kB, limit 0kB, failcnt 36 [ 214.202713][ T5743] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 214.210114][ T5743] Memory cgroup stats for /syz1: [ 214.210355][ T5743] anon 0 [ 214.210355][ T5743] file 0 [ 214.210355][ T5743] kernel 8192 [ 214.210355][ T5743] kernel_stack 0 [ 214.210355][ T5743] pagetables 0 [ 214.210355][ T5743] sec_pagetables 0 [ 214.210355][ T5743] percpu 0 [ 214.210355][ T5743] sock 0 [ 214.210355][ T5743] vmalloc 0 [ 214.210355][ T5743] shmem 0 [ 214.210355][ T5743] zswap 0 [ 214.210355][ T5743] zswapped 0 [ 214.210355][ T5743] file_mapped 0 [ 214.210355][ T5743] file_dirty 0 [ 214.210355][ T5743] file_writeback 0 [ 214.210355][ T5743] swapcached 0 [ 214.210355][ T5743] anon_thp 0 [ 214.210355][ T5743] file_thp 0 [ 214.210355][ T5743] shmem_thp 0 [ 214.210355][ T5743] inactive_anon 0 [ 214.210355][ T5743] active_anon 0 [ 214.210355][ T5743] inactive_file 0 [ 214.210355][ T5743] active_file 0 [ 214.210355][ T5743] unevictable 0 [ 214.210355][ T5743] slab_reclaimable 6752 [ 214.210355][ T5743] slab_unreclaimable 0 [ 214.210355][ T5743] slab 6752 [ 214.210355][ T5743] workingset_refault_anon 0 [ 214.210355][ T5743] workingset_refault_file 0 [ 214.210355][ T5743] workingset_activate_anon 0 [ 214.210355][ T5743] workingset_activate_file 0 [ 214.210355][ T5743] workingset_restore_anon 0 [ 214.210355][ T5743] workingset_restore_file 0 [ 214.210355][ T5743] workingset_nodereclaim 0 [ 214.210355][ T5743] pgscan 831 [ 214.210355][ T5743] pgsteal 2 [ 214.210355][ T5743] pgscan_kswapd 0 [ 214.210355][ T5743] pgscan_direct 831 [ 214.210355][ T5743] pgscan_khugepaged 0 [ 214.210355][ T5743] pgsteal_kswapd 0 [ 214.210355][ T5743] pgsteal_direct 2 [ 214.210355][ T5743] pgsteal_khugepaged 0 [ 214.210355][ T5743] pgfault 21 [ 214.210355][ T5743] pgmajfault 0 [ 214.210355][ T5743] pgrefill 830 [ 214.210355][ T5743] pgactivate 829 [ 214.210355][ T5743] pgdeactivate 830 [ 214.210355][ T5743] pglazyfree 0 [ 214.210355][ T5743] pglazyfreed 0 [ 214.210355][ T5743] zswpin 0 [ 214.210355][ T5743] zswpout 0 [ 214.210355][ T5743] thp_fault_alloc 0 [ 214.210355][ T5743] thp_collapse_alloc 0 [pid 5742] close(5) = 0 [pid 5742] close(6) = 0 [pid 5742] close(7 [pid 5743] <... write resumed>) = 18 [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5742] close(8) = -1 EBADF (Bad file descriptor) [pid 5742] close(9) = -1 EBADF (Bad file descriptor) [pid 5742] close(10) = -1 EBADF (Bad file descriptor) [pid 5742] close(11) = -1 EBADF (Bad file descriptor) [pid 5742] close(12) = -1 EBADF (Bad file descriptor) [pid 5742] close(13) = -1 EBADF (Bad file descriptor) [pid 5742] close(14) = -1 EBADF (Bad file descriptor) [pid 5742] close(15) = -1 EBADF (Bad file descriptor) [pid 5742] close(16) = -1 EBADF (Bad file descriptor) [pid 5742] close(17) = -1 EBADF (Bad file descriptor) [pid 5742] close(18) = -1 EBADF (Bad file descriptor) [pid 5742] close(19) = -1 EBADF (Bad file descriptor) [pid 5743] close(3 [pid 5742] close(20 [pid 5743] <... close resumed>) = 0 [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5743] close(4 [pid 5742] close(21 [pid 5743] <... close resumed>) = 0 [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 214.402913][ T5743] Tasks state (memory values in pages): [ 214.408529][ T5743] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 214.418970][ T5743] Out of memory and no killable processes... [ 214.426743][ T5744] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 214.437391][ T5744] CPU: 0 PID: 5744 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5743] close(5 [pid 5742] close(22 [pid 5743] <... close resumed>) = 0 [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5743] close(6 [pid 5742] close(23 [pid 5743] <... close resumed>) = 0 [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5743] close(7 [pid 5742] close(24 [pid 5743] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5743] close(8 [pid 5742] close(25 [pid 5743] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5743] close(9 [pid 5742] close(26 [pid 5743] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5743] close(10 [pid 5742] close(27 [pid 5743] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5743] close(11 [pid 5742] close(28 [pid 5743] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5743] close(12 [pid 5742] close(29 [pid 5743] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5742] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5743] close(13 [pid 5742] exit_group(0 [pid 5743] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5742] <... exit_group resumed>) = ? [pid 5743] close(14 [pid 5742] +++ exited with 0 +++ [pid 5743] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5743] close(15) = -1 EBADF (Bad file descriptor) [pid 5743] close(16) = -1 EBADF (Bad file descriptor) [pid 5743] close(17) = -1 EBADF (Bad file descriptor) [pid 5743] close(18) = -1 EBADF (Bad file descriptor) [pid 5743] close(19) = -1 EBADF (Bad file descriptor) [pid 5743] close(20) = -1 EBADF (Bad file descriptor) [pid 5743] close(21) = -1 EBADF (Bad file descriptor) [pid 5743] close(22) = -1 EBADF (Bad file descriptor) [pid 5743] close(23) = -1 EBADF (Bad file descriptor) [pid 5743] close(24) = -1 EBADF (Bad file descriptor) [pid 5743] close(25) = -1 EBADF (Bad file descriptor) [pid 5743] close(26) = -1 EBADF (Bad file descriptor) [pid 5743] close(27) = -1 EBADF (Bad file descriptor) [pid 5743] close(28) = -1 EBADF (Bad file descriptor) [pid 5743] close(29) = -1 EBADF (Bad file descriptor) [pid 5743] exit_group(0) = ? [pid 5743] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./43/binderfs") = 0 [ 214.447452][ T5744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 214.457571][ T5744] Call Trace: [ 214.460898][ T5744] [ 214.463879][ T5744] dump_stack_lvl+0x136/0x150 [ 214.468632][ T5744] dump_header+0x10a/0xd70 [ 214.473121][ T5744] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 214.479290][ T5744] out_of_memory+0xd64/0x1660 [ 214.484048][ T5744] ? oom_killer_disable+0x2b0/0x2b0 [ 214.489327][ T5744] ? find_held_lock+0x2d/0x110 [ 214.494165][ T5744] mem_cgroup_out_of_memory+0x206/0x270 [ 214.499792][ T5744] ? mem_cgroup_margin+0x130/0x130 [pid 5090] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./43/cgroup") = 0 [pid 5090] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./43/cgroup.net") = 0 [pid 5090] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5085] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 214.504994][ T5744] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 214.510901][ T5744] memory_max_write+0x2f9/0x3c0 [ 214.515843][ T5744] ? mem_cgroup_force_empty_write+0x160/0x160 [ 214.522004][ T5744] ? lock_sync+0x190/0x190 [ 214.526517][ T5744] cgroup_file_write+0x1e2/0x7b0 [ 214.531551][ T5744] ? mem_cgroup_force_empty_write+0x160/0x160 [ 214.537701][ T5744] ? kill_css+0x3b0/0x3b0 [ 214.542117][ T5744] ? lock_acquire+0x32/0xc0 [ 214.546709][ T5744] ? kill_css+0x3b0/0x3b0 [ 214.551074][ T5744] kernfs_fop_write_iter+0x3f1/0x600 [ 214.556404][ T5744] vfs_write+0x9ed/0xe10 [ 214.560697][ T5744] ? kernel_write+0x670/0x670 [ 214.565439][ T5744] ? find_held_lock+0x2d/0x110 [ 214.570279][ T5744] ? __fget_light+0x20a/0x270 [ 214.575020][ T5744] ksys_write+0x12b/0x250 [ 214.579430][ T5744] ? __ia32_sys_read+0xb0/0xb0 [ 214.584275][ T5744] ? lockdep_hardirqs_on+0x7d/0x100 [ 214.589523][ T5744] ? _raw_spin_unlock_irq+0x2e/0x50 [ 214.594763][ T5744] ? ptrace_notify+0xfe/0x140 [ 214.599519][ T5744] do_syscall_64+0x39/0xb0 [ 214.604020][ T5744] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 214.609970][ T5744] RIP: 0033:0x7faecf034129 [ 214.614415][ T5744] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 214.634073][ T5744] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 214.642536][ T5744] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5085] unlink("./39/binderfs") = 0 [pid 5085] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./39/cgroup") = 0 [pid 5085] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./39/cgroup.net") = 0 [pid 5085] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] <... umount2 resumed>) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5090] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 214.650552][ T5744] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 214.658562][ T5744] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 214.666589][ T5744] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 214.674602][ T5744] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000028 [ 214.682641][ T5744] [ 214.697019][ T5744] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./43/file0", [pid 5085] lstat("./39/file0", [pid 5090] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5090] <... openat resumed>) = 4 [pid 5085] <... openat resumed>) = 4 [pid 5090] fstat(4, [pid 5085] fstat(4, [pid 5090] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, [pid 5085] getdents64(4, [pid 5090] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, [pid 5085] getdents64(4, [pid 5090] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4 [pid 5085] close(4 [pid 5090] <... close resumed>) = 0 [pid 5085] <... close resumed>) = 0 [ 214.703455][ T5744] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 214.711052][ T5744] Memory cgroup stats for /syz1: [ 214.711398][ T5744] anon 0 [ 214.711398][ T5744] file 0 [ 214.711398][ T5744] kernel 8192 [ 214.711398][ T5744] kernel_stack 0 [ 214.711398][ T5744] pagetables 0 [ 214.711398][ T5744] sec_pagetables 0 [ 214.711398][ T5744] percpu 0 [ 214.711398][ T5744] sock 0 [ 214.711398][ T5744] vmalloc 0 [ 214.711398][ T5744] shmem 0 [ 214.711398][ T5744] zswap 0 [ 214.711398][ T5744] zswapped 0 [pid 5090] rmdir("./43/file0" [pid 5085] rmdir("./39/file0" [pid 5090] <... rmdir resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5090] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./43/cgroup.cpu", [pid 5085] lstat("./39/cgroup.cpu", [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./43/cgroup.cpu" [pid 5085] unlink("./39/cgroup.cpu" [pid 5090] <... unlink resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5090] getdents64(3, [pid 5085] getdents64(3, [pid 5090] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3 [pid 5085] close(3 [pid 5090] <... close resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5090] rmdir("./43" [pid 5085] rmdir("./39" [pid 5090] <... rmdir resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5090] mkdir("./44", 0777 [pid 5085] mkdir("./40", 0777 [pid 5090] <... mkdir resumed>) = 0 [pid 5085] <... mkdir resumed>) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5748 attached [pid 5748] chdir("./40" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 46 [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 42 [pid 5748] <... chdir resumed>) = 0 [pid 5748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5748] setpgid(0, 0) = 0 [pid 5748] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 214.711398][ T5744] file_mapped 0 [ 214.711398][ T5744] file_dirty 0 [ 214.711398][ T5744] file_writeback 0 [ 214.711398][ T5744] swapcached 0 [ 214.711398][ T5744] anon_thp 0 [ 214.711398][ T5744] file_thp 0 [ 214.711398][ T5744] shmem_thp 0 [ 214.711398][ T5744] inactive_anon 0 [ 214.711398][ T5744] active_anon 0 [ 214.711398][ T5744] inactive_file 0 [ 214.711398][ T5744] active_file 0 [ 214.711398][ T5744] unevictable 0 [ 214.711398][ T5744] slab_reclaimable 6752 [ 214.711398][ T5744] slab_unreclaimable 0 [ 214.711398][ T5744] slab 6752 [ 214.711398][ T5744] workingset_refault_anon 0 [ 214.711398][ T5744] workingset_refault_file 0 [ 214.711398][ T5744] workingset_activate_anon 0 [ 214.711398][ T5744] workingset_activate_file 0 [ 214.711398][ T5744] workingset_restore_anon 0 [ 214.711398][ T5744] workingset_restore_file 0 [ 214.711398][ T5744] workingset_nodereclaim 0 [ 214.711398][ T5744] pgscan 831 [ 214.711398][ T5744] pgsteal 2 [ 214.711398][ T5744] pgscan_kswapd 0 [ 214.711398][ T5744] pgscan_direct 831 [ 214.711398][ T5744] pgscan_khugepaged 0 [ 214.711398][ T5744] pgsteal_kswapd 0 [ 214.711398][ T5744] pgsteal_direct 2 [ 214.711398][ T5744] pgsteal_khugepaged 0 [ 214.711398][ T5744] pgfault 21 [ 214.711398][ T5744] pgmajfault 0 [ 214.711398][ T5744] pgrefill 830 [ 214.711398][ T5744] pgactivate 829 [ 214.711398][ T5744] pgdeactivate 830 [ 214.711398][ T5744] pglazyfree 0 [ 214.711398][ T5744] pglazyfreed 0 [ 214.711398][ T5744] zswpin 0 [ 214.711398][ T5744] zswpout 0 [ 214.711398][ T5744] thp_fault_alloc 0 [ 214.711398][ T5744] thp_collapse_alloc 0 ./strace-static-x86_64: Process 5747 attached [pid 5748] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5748] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5748] write(3, "1000", 4) = 4 [pid 5748] close(3 [pid 5747] chdir("./44" [pid 5748] <... close resumed>) = 0 [pid 5748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5748] mkdir("./file0", 000) = 0 [pid 5747] <... chdir resumed>) = 0 [pid 5748] open("./file0", O_RDONLY) = 3 [pid 5748] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5748] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5748] openat(4, "syz1", O_RDWR|O_PATH [pid 5747] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5744] <... write resumed>) = 18 [pid 5748] <... openat resumed>) = 5 [pid 5748] openat(5, "memory.max", O_RDWR) = 6 [ 214.906194][ T5744] Tasks state (memory values in pages): [ 214.912657][ T5744] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 214.924205][ T5744] Out of memory and no killable processes... [ 214.931177][ T5745] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 214.943508][ T5745] CPU: 0 PID: 5745 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 214.953494][ T5745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 214.963605][ T5745] Call Trace: [ 214.966931][ T5745] [ 214.969911][ T5745] dump_stack_lvl+0x136/0x150 [ 214.974668][ T5745] dump_header+0x10a/0xd70 [ 214.979156][ T5745] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 214.985332][ T5745] out_of_memory+0xd64/0x1660 [ 214.990105][ T5745] ? oom_killer_disable+0x2b0/0x2b0 [ 214.995399][ T5745] mem_cgroup_out_of_memory+0x206/0x270 [ 215.001028][ T5745] ? mem_cgroup_margin+0x130/0x130 [ 215.006249][ T5745] memory_max_write+0x2f9/0x3c0 [ 215.011194][ T5745] ? mem_cgroup_force_empty_write+0x160/0x160 [ 215.017365][ T5745] ? lock_sync+0x190/0x190 [ 215.021856][ T5745] cgroup_file_write+0x1e2/0x7b0 [ 215.026880][ T5745] ? mem_cgroup_force_empty_write+0x160/0x160 [ 215.033031][ T5745] ? kill_css+0x3b0/0x3b0 [ 215.037435][ T5745] ? lock_acquire+0x32/0xc0 [ 215.042007][ T5745] ? kill_css+0x3b0/0x3b0 [ 215.046408][ T5745] kernfs_fop_write_iter+0x3f1/0x600 [ 215.051770][ T5745] vfs_write+0x9ed/0xe10 [ 215.056087][ T5745] ? kernel_write+0x670/0x670 [ 215.060830][ T5745] ? find_held_lock+0x2d/0x110 [ 215.065653][ T5745] ? __fget_light+0x20a/0x270 [ 215.070387][ T5745] ksys_write+0x12b/0x250 [ 215.074769][ T5745] ? __ia32_sys_read+0xb0/0xb0 [ 215.079578][ T5745] ? lockdep_hardirqs_on+0x7d/0x100 [ 215.084814][ T5745] ? _raw_spin_unlock_irq+0x2e/0x50 [ 215.090055][ T5745] ? ptrace_notify+0xfe/0x140 [ 215.094779][ T5745] do_syscall_64+0x39/0xb0 [ 215.099242][ T5745] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 215.105175][ T5745] RIP: 0033:0x7faecf034129 [ 215.109616][ T5745] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 215.129273][ T5745] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 215.137727][ T5745] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 215.145728][ T5745] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5748] write(6, "0x000000000000040e", 18 [pid 5747] <... prctl resumed>) = 0 [pid 5744] close(3 [pid 5747] setpgid(0, 0 [pid 5744] <... close resumed>) = 0 [pid 5747] <... setpgid resumed>) = 0 [pid 5744] close(4 [pid 5747] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5744] <... close resumed>) = 0 [pid 5747] <... symlink resumed>) = 0 [pid 5744] close(5) = 0 [pid 5744] close(6) = 0 [pid 5744] close(7) = -1 EBADF (Bad file descriptor) [pid 5744] close(8 [pid 5747] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] <... symlink resumed>) = 0 [pid 5744] close(9 [pid 5747] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] <... symlink resumed>) = 0 [pid 5744] close(10 [pid 5747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] <... openat resumed>) = 3 [pid 5744] close(11 [pid 5747] write(3, "1000", 4 [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] <... write resumed>) = 4 [pid 5744] close(12 [pid 5747] close(3 [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] <... close resumed>) = 0 [pid 5744] close(13 [pid 5747] symlink("/dev/binderfs", "./binderfs" [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] <... symlink resumed>) = 0 [pid 5744] close(14 [pid 5747] mkdir("./file0", 000 [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] <... mkdir resumed>) = 0 [pid 5744] close(15) = -1 EBADF (Bad file descriptor) [pid 5747] open("./file0", O_RDONLY [pid 5744] close(16 [pid 5747] <... open resumed>) = 3 [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5744] close(17 [pid 5747] <... mount resumed>) = 0 [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5744] close(18 [pid 5747] <... openat resumed>) = 4 [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] openat(4, "syz1", O_RDWR|O_PATH [pid 5744] close(19 [pid 5747] <... openat resumed>) = 5 [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] openat(5, "memory.max", O_RDWR [pid 5744] close(20 [pid 5747] <... openat resumed>) = 6 [pid 5744] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5747] write(6, "0x000000000000040e", 18 [ 215.153723][ T5745] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 215.161717][ T5745] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 215.169721][ T5745] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002b [ 215.177743][ T5745] [pid 5744] close(21) = -1 EBADF (Bad file descriptor) [pid 5744] close(22) = -1 EBADF (Bad file descriptor) [pid 5744] close(23) = -1 EBADF (Bad file descriptor) [pid 5744] close(24) = -1 EBADF (Bad file descriptor) [pid 5744] close(25) = -1 EBADF (Bad file descriptor) [pid 5744] close(26) = -1 EBADF (Bad file descriptor) [pid 5744] close(27) = -1 EBADF (Bad file descriptor) [pid 5744] close(28) = -1 EBADF (Bad file descriptor) [pid 5744] close(29) = -1 EBADF (Bad file descriptor) [pid 5744] exit_group(0) = ? [pid 5744] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./40/binderfs") = 0 [pid 5086] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./40/cgroup") = 0 [pid 5086] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./40/cgroup.net") = 0 [pid 5086] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./40/file0") = 0 [pid 5086] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./40/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 215.253073][ T5745] memory: usage 8kB, limit 0kB, failcnt 36 [ 215.260263][ T5745] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 215.280871][ T5745] Memory cgroup stats for /syz1: [ 215.281272][ T5745] anon 0 [ 215.281272][ T5745] file 0 [ 215.281272][ T5745] kernel 8192 [ 215.281272][ T5745] kernel_stack 0 [ 215.281272][ T5745] pagetables 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./40") = 0 [pid 5086] mkdir("./41", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5749 attached [pid 5749] chdir("./41" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 43 [pid 5749] <... chdir resumed>) = 0 [pid 5749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5749] setpgid(0, 0) = 0 [pid 5749] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5749] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5749] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5749] write(3, "1000", 4) = 4 [pid 5749] close(3) = 0 [pid 5749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5749] mkdir("./file0", 000) = 0 [pid 5749] open("./file0", O_RDONLY) = 3 [pid 5749] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5749] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5749] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5749] openat(5, "memory.max", O_RDWR) = 6 [ 215.281272][ T5745] sec_pagetables 0 [ 215.281272][ T5745] percpu 0 [ 215.281272][ T5745] sock 0 [ 215.281272][ T5745] vmalloc 0 [ 215.281272][ T5745] shmem 0 [ 215.281272][ T5745] zswap 0 [ 215.281272][ T5745] zswapped 0 [ 215.281272][ T5745] file_mapped 0 [ 215.281272][ T5745] file_dirty 0 [ 215.281272][ T5745] file_writeback 0 [ 215.281272][ T5745] swapcached 0 [ 215.281272][ T5745] anon_thp 0 [ 215.281272][ T5745] file_thp 0 [ 215.281272][ T5745] shmem_thp 0 [ 215.281272][ T5745] inactive_anon 0 [ 215.281272][ T5745] active_anon 0 [ 215.281272][ T5745] inactive_file 0 [ 215.281272][ T5745] active_file 0 [ 215.281272][ T5745] unevictable 0 [ 215.281272][ T5745] slab_reclaimable 6752 [ 215.281272][ T5745] slab_unreclaimable 0 [ 215.281272][ T5745] slab 6752 [ 215.281272][ T5745] workingset_refault_anon 0 [ 215.281272][ T5745] workingset_refault_file 0 [ 215.281272][ T5745] workingset_activate_anon 0 [ 215.281272][ T5745] workingset_activate_file 0 [ 215.281272][ T5745] workingset_restore_anon 0 [ 215.281272][ T5745] workingset_restore_file 0 [ 215.281272][ T5745] workingset_nodereclaim 0 [ 215.281272][ T5745] pgscan 831 [ 215.281272][ T5745] pgsteal 2 [ 215.281272][ T5745] pgscan_kswapd 0 [ 215.281272][ T5745] pgscan_direct 831 [ 215.281272][ T5745] pgscan_khugepaged 0 [ 215.281272][ T5745] pgsteal_kswapd 0 [ 215.281272][ T5745] pgsteal_direct 2 [ 215.281272][ T5745] pgsteal_khugepaged 0 [ 215.281272][ T5745] pgfault 21 [ 215.281272][ T5745] pgmajfault 0 [ 215.281272][ T5745] pgrefill 830 [ 215.281272][ T5745] pgactivate 829 [ 215.281272][ T5745] pgdeactivate 830 [ 215.281272][ T5745] pglazyfree 0 [ 215.281272][ T5745] pglazyfreed 0 [pid 5749] write(6, "0x000000000000040e", 18 [pid 5745] <... write resumed>) = 18 [ 215.281272][ T5745] zswpin 0 [ 215.281272][ T5745] zswpout 0 [ 215.281272][ T5745] thp_fault_alloc 0 [ 215.281272][ T5745] thp_collapse_alloc 0 [ 215.476256][ T5745] Tasks state (memory values in pages): [ 215.483162][ T5745] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 215.493520][ T5745] Out of memory and no killable processes... [pid 5745] close(3) = 0 [pid 5745] close(4) = 0 [ 215.500070][ T5746] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 215.511243][ T5746] CPU: 1 PID: 5746 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 215.521199][ T5746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 215.531271][ T5746] Call Trace: [ 215.534563][ T5746] [ 215.537508][ T5746] dump_stack_lvl+0x136/0x150 [ 215.542214][ T5746] dump_header+0x10a/0xd70 [ 215.546653][ T5746] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 215.552782][ T5746] out_of_memory+0xd64/0x1660 [ 215.557522][ T5746] ? oom_killer_disable+0x2b0/0x2b0 [ 215.562776][ T5746] ? find_held_lock+0x2d/0x110 [ 215.567586][ T5746] mem_cgroup_out_of_memory+0x206/0x270 [ 215.573164][ T5746] ? mem_cgroup_margin+0x130/0x130 [ 215.578313][ T5746] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 215.584159][ T5746] memory_max_write+0x2f9/0x3c0 [ 215.589055][ T5746] ? mem_cgroup_force_empty_write+0x160/0x160 [ 215.595161][ T5746] ? lock_sync+0x190/0x190 [ 215.599648][ T5746] cgroup_file_write+0x1e2/0x7b0 [ 215.604638][ T5746] ? mem_cgroup_force_empty_write+0x160/0x160 [ 215.610792][ T5746] ? kill_css+0x3b0/0x3b0 [ 215.615160][ T5746] ? lock_acquire+0x32/0xc0 [ 215.619701][ T5746] ? kill_css+0x3b0/0x3b0 [ 215.624166][ T5746] kernfs_fop_write_iter+0x3f1/0x600 [ 215.629487][ T5746] vfs_write+0x9ed/0xe10 [ 215.633787][ T5746] ? kernel_write+0x670/0x670 [ 215.638497][ T5746] ? find_held_lock+0x2d/0x110 [ 215.643296][ T5746] ? __fget_light+0x20a/0x270 [ 215.648007][ T5746] ksys_write+0x12b/0x250 [ 215.652383][ T5746] ? __ia32_sys_read+0xb0/0xb0 [ 215.657206][ T5746] ? lockdep_hardirqs_on+0x7d/0x100 [ 215.662431][ T5746] ? _raw_spin_unlock_irq+0x2e/0x50 [ 215.667656][ T5746] ? ptrace_notify+0xfe/0x140 [ 215.672361][ T5746] do_syscall_64+0x39/0xb0 [ 215.676811][ T5746] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 215.682724][ T5746] RIP: 0033:0x7faecf034129 [ 215.687156][ T5746] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 215.706791][ T5746] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 215.715239][ T5746] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 215.723224][ T5746] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 215.731238][ T5746] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 215.739218][ T5746] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 215.747200][ T5746] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002a [pid 5745] close(5) = 0 [pid 5745] close(6) = 0 [pid 5745] close(7) = -1 EBADF (Bad file descriptor) [pid 5745] close(8) = -1 EBADF (Bad file descriptor) [pid 5745] close(9) = -1 EBADF (Bad file descriptor) [pid 5745] close(10) = -1 EBADF (Bad file descriptor) [pid 5745] close(11) = -1 EBADF (Bad file descriptor) [pid 5745] close(12) = -1 EBADF (Bad file descriptor) [pid 5745] close(13) = -1 EBADF (Bad file descriptor) [pid 5745] close(14) = -1 EBADF (Bad file descriptor) [pid 5745] close(15) = -1 EBADF (Bad file descriptor) [pid 5745] close(16) = -1 EBADF (Bad file descriptor) [pid 5745] close(17) = -1 EBADF (Bad file descriptor) [pid 5745] close(18) = -1 EBADF (Bad file descriptor) [pid 5745] close(19) = -1 EBADF (Bad file descriptor) [pid 5745] close(20) = -1 EBADF (Bad file descriptor) [pid 5745] close(21) = -1 EBADF (Bad file descriptor) [pid 5745] close(22) = -1 EBADF (Bad file descriptor) [pid 5745] close(23) = -1 EBADF (Bad file descriptor) [ 215.755234][ T5746] [ 215.764341][ T5746] memory: usage 8kB, limit 0kB, failcnt 36 [ 215.770771][ T5746] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 215.786199][ T5746] Memory cgroup stats for /syz1: [ 215.786501][ T5746] anon 0 [ 215.786501][ T5746] file 0 [ 215.786501][ T5746] kernel 8192 [ 215.786501][ T5746] kernel_stack 0 [pid 5745] close(24) = -1 EBADF (Bad file descriptor) [pid 5745] close(25) = -1 EBADF (Bad file descriptor) [pid 5745] close(26) = -1 EBADF (Bad file descriptor) [pid 5745] close(27) = -1 EBADF (Bad file descriptor) [pid 5745] close(28) = -1 EBADF (Bad file descriptor) [pid 5745] close(29) = -1 EBADF (Bad file descriptor) [pid 5745] exit_group(0) = ? [pid 5745] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./43/binderfs") = 0 [pid 5089] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./43/cgroup") = 0 [pid 5089] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./43/cgroup.net") = 0 [ 215.786501][ T5746] pagetables 0 [ 215.786501][ T5746] sec_pagetables 0 [ 215.786501][ T5746] percpu 0 [ 215.786501][ T5746] sock 0 [ 215.786501][ T5746] vmalloc 0 [ 215.786501][ T5746] shmem 0 [ 215.786501][ T5746] zswap 0 [ 215.786501][ T5746] zswapped 0 [ 215.786501][ T5746] file_mapped 0 [ 215.786501][ T5746] file_dirty 0 [ 215.786501][ T5746] file_writeback 0 [ 215.786501][ T5746] swapcached 0 [ 215.786501][ T5746] anon_thp 0 [ 215.786501][ T5746] file_thp 0 [ 215.786501][ T5746] shmem_thp 0 [ 215.786501][ T5746] inactive_anon 0 [ 215.786501][ T5746] active_anon 0 [ 215.786501][ T5746] inactive_file 0 [ 215.786501][ T5746] active_file 0 [ 215.786501][ T5746] unevictable 0 [ 215.786501][ T5746] slab_reclaimable 6752 [ 215.786501][ T5746] slab_unreclaimable 0 [ 215.786501][ T5746] slab 6752 [ 215.786501][ T5746] workingset_refault_anon 0 [ 215.786501][ T5746] workingset_refault_file 0 [ 215.786501][ T5746] workingset_activate_anon 0 [ 215.786501][ T5746] workingset_activate_file 0 [ 215.786501][ T5746] workingset_restore_anon 0 [ 215.786501][ T5746] workingset_restore_file 0 [ 215.786501][ T5746] workingset_nodereclaim 0 [ 215.786501][ T5746] pgscan 831 [ 215.786501][ T5746] pgsteal 2 [ 215.786501][ T5746] pgscan_kswapd 0 [ 215.786501][ T5746] pgscan_direct 831 [ 215.786501][ T5746] pgscan_khugepaged 0 [ 215.786501][ T5746] pgsteal_kswapd 0 [ 215.786501][ T5746] pgsteal_direct 2 [ 215.786501][ T5746] pgsteal_khugepaged 0 [ 215.786501][ T5746] pgfault 21 [ 215.786501][ T5746] pgmajfault 0 [ 215.786501][ T5746] pgrefill 830 [ 215.786501][ T5746] pgactivate 829 [ 215.786501][ T5746] pgdeactivate 830 [ 215.786501][ T5746] pglazyfree 0 [pid 5089] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./43/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./43/file0") = 0 [pid 5089] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./43/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./43") = 0 [pid 5089] mkdir("./44", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5750 attached [ 215.786501][ T5746] pglazyfreed 0 [ 215.786501][ T5746] zswpin 0 [ 215.786501][ T5746] zswpout 0 [ 215.786501][ T5746] thp_fault_alloc 0 [ 215.786501][ T5746] thp_collapse_alloc 0 [ 215.986410][ T5746] Tasks state (memory values in pages): [pid 5750] chdir("./44" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 46 [pid 5750] <... chdir resumed>) = 0 [pid 5750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5750] setpgid(0, 0) = 0 [pid 5750] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5750] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5750] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5750] write(3, "1000", 4) = 4 [pid 5750] close(3) = 0 [pid 5750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5750] mkdir("./file0", 000) = 0 [pid 5750] open("./file0", O_RDONLY) = 3 [pid 5750] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5750] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5750] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5750] openat(5, "memory.max", O_RDWR) = 6 [pid 5746] <... write resumed>) = 18 [pid 5746] close(3) = 0 [pid 5746] close(4) = 0 [pid 5746] close(5) = 0 [pid 5746] close(6) = 0 [pid 5746] close(7) = -1 EBADF (Bad file descriptor) [pid 5746] close(8) = -1 EBADF (Bad file descriptor) [pid 5746] close(9) = -1 EBADF (Bad file descriptor) [pid 5746] close(10) = -1 EBADF (Bad file descriptor) [pid 5746] close(11) = -1 EBADF (Bad file descriptor) [pid 5746] close(12) = -1 EBADF (Bad file descriptor) [pid 5746] close(13) = -1 EBADF (Bad file descriptor) [pid 5746] close(14) = -1 EBADF (Bad file descriptor) [pid 5746] close(15) = -1 EBADF (Bad file descriptor) [pid 5746] close(16 [ 216.002396][ T5746] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 216.022256][ T5746] Out of memory and no killable processes... [ 216.029451][ T5748] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 216.042239][ T5748] CPU: 1 PID: 5748 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5750] write(6, "0x000000000000040e", 18 [pid 5746] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5746] close(17) = -1 EBADF (Bad file descriptor) [pid 5746] close(18) = -1 EBADF (Bad file descriptor) [pid 5746] close(19) = -1 EBADF (Bad file descriptor) [pid 5746] close(20) = -1 EBADF (Bad file descriptor) [pid 5746] close(21) = -1 EBADF (Bad file descriptor) [pid 5746] close(22) = -1 EBADF (Bad file descriptor) [pid 5746] close(23) = -1 EBADF (Bad file descriptor) [pid 5746] close(24) = -1 EBADF (Bad file descriptor) [pid 5746] close(25) = -1 EBADF (Bad file descriptor) [pid 5746] close(26) = -1 EBADF (Bad file descriptor) [pid 5746] close(27) = -1 EBADF (Bad file descriptor) [pid 5746] close(28) = -1 EBADF (Bad file descriptor) [pid 5746] close(29) = -1 EBADF (Bad file descriptor) [pid 5746] exit_group(0) = ? [pid 5746] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./42/binderfs") = 0 [pid 5087] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./42/cgroup") = 0 [pid 5087] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./42/cgroup.net") = 0 [ 216.052572][ T5748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 216.062682][ T5748] Call Trace: [ 216.066007][ T5748] [ 216.068987][ T5748] dump_stack_lvl+0x136/0x150 [ 216.073736][ T5748] dump_header+0x10a/0xd70 [ 216.078220][ T5748] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 216.084391][ T5748] out_of_memory+0xd64/0x1660 [ 216.089148][ T5748] ? oom_killer_disable+0x2b0/0x2b0 [ 216.094437][ T5748] mem_cgroup_out_of_memory+0x206/0x270 [ 216.100051][ T5748] ? mem_cgroup_margin+0x130/0x130 [ 216.105237][ T5748] memory_max_write+0x2f9/0x3c0 [ 216.110161][ T5748] ? mem_cgroup_force_empty_write+0x160/0x160 [ 216.116292][ T5748] ? lock_sync+0x190/0x190 [ 216.120779][ T5748] cgroup_file_write+0x1e2/0x7b0 [ 216.125795][ T5748] ? mem_cgroup_force_empty_write+0x160/0x160 [ 216.131948][ T5748] ? kill_css+0x3b0/0x3b0 [ 216.136358][ T5748] ? lock_acquire+0x32/0xc0 [ 216.140944][ T5748] ? kill_css+0x3b0/0x3b0 [ 216.145364][ T5748] kernfs_fop_write_iter+0x3f1/0x600 [ 216.150731][ T5748] vfs_write+0x9ed/0xe10 [ 216.155147][ T5748] ? kernel_write+0x670/0x670 [ 216.159891][ T5748] ? find_held_lock+0x2d/0x110 [ 216.164713][ T5748] ? __fget_light+0x20a/0x270 [ 216.169477][ T5748] ksys_write+0x12b/0x250 [ 216.173895][ T5748] ? __ia32_sys_read+0xb0/0xb0 [ 216.178709][ T5748] ? lockdep_hardirqs_on+0x7d/0x100 [ 216.183973][ T5748] ? _raw_spin_unlock_irq+0x2e/0x50 [ 216.189246][ T5748] ? ptrace_notify+0xfe/0x140 [ 216.194005][ T5748] do_syscall_64+0x39/0xb0 [ 216.198495][ T5748] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 216.204456][ T5748] RIP: 0033:0x7faecf034129 [ 216.208927][ T5748] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 216.228593][ T5748] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 216.237067][ T5748] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 216.245091][ T5748] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5087] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [ 216.253111][ T5748] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 216.261121][ T5748] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 216.269124][ T5748] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000028 [ 216.277135][ T5748] [ 216.292073][ T5748] memory: usage 8kB, limit 0kB, failcnt 36 [ 216.298096][ T5748] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5087] rmdir("./42/file0") = 0 [pid 5087] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./42/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./42") = 0 [pid 5087] mkdir("./43", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 45 [ 216.305764][ T5748] Memory cgroup stats for /syz1: [ 216.306070][ T5748] anon 0 [ 216.306070][ T5748] file 0 [ 216.306070][ T5748] kernel 8192 [ 216.306070][ T5748] kernel_stack 0 [ 216.306070][ T5748] pagetables 0 [ 216.306070][ T5748] sec_pagetables 0 [ 216.306070][ T5748] percpu 0 [ 216.306070][ T5748] sock 0 [ 216.306070][ T5748] vmalloc 0 [ 216.306070][ T5748] shmem 0 [ 216.306070][ T5748] zswap 0 [ 216.306070][ T5748] zswapped 0 [ 216.306070][ T5748] file_mapped 0 [ 216.306070][ T5748] file_dirty 0 [ 216.306070][ T5748] file_writeback 0 ./strace-static-x86_64: Process 5751 attached [pid 5751] chdir("./43") = 0 [pid 5751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5751] setpgid(0, 0) = 0 [pid 5751] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5751] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5751] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5751] write(3, "1000", 4) = 4 [pid 5751] close(3) = 0 [pid 5751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5751] mkdir("./file0", 000) = 0 [pid 5751] open("./file0", O_RDONLY) = 3 [ 216.306070][ T5748] swapcached 0 [ 216.306070][ T5748] anon_thp 0 [ 216.306070][ T5748] file_thp 0 [ 216.306070][ T5748] shmem_thp 0 [ 216.306070][ T5748] inactive_anon 0 [ 216.306070][ T5748] active_anon 0 [ 216.306070][ T5748] inactive_file 0 [ 216.306070][ T5748] active_file 0 [ 216.306070][ T5748] unevictable 0 [ 216.306070][ T5748] slab_reclaimable 6752 [ 216.306070][ T5748] slab_unreclaimable 0 [ 216.306070][ T5748] slab 6752 [ 216.306070][ T5748] workingset_refault_anon 0 [ 216.306070][ T5748] workingset_refault_file 0 [pid 5751] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5751] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5751] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5751] openat(5, "memory.max", O_RDWR) = 6 [ 216.306070][ T5748] workingset_activate_anon 0 [ 216.306070][ T5748] workingset_activate_file 0 [ 216.306070][ T5748] workingset_restore_anon 0 [ 216.306070][ T5748] workingset_restore_file 0 [ 216.306070][ T5748] workingset_nodereclaim 0 [ 216.306070][ T5748] pgscan 831 [ 216.306070][ T5748] pgsteal 2 [ 216.306070][ T5748] pgscan_kswapd 0 [ 216.306070][ T5748] pgscan_direct 831 [ 216.306070][ T5748] pgscan_khugepaged 0 [ 216.306070][ T5748] pgsteal_kswapd 0 [ 216.306070][ T5748] pgsteal_direct 2 [ 216.306070][ T5748] pgsteal_khugepaged 0 [ 216.306070][ T5748] pgfault 21 [ 216.306070][ T5748] pgmajfault 0 [ 216.306070][ T5748] pgrefill 830 [ 216.306070][ T5748] pgactivate 829 [ 216.306070][ T5748] pgdeactivate 830 [ 216.306070][ T5748] pglazyfree 0 [ 216.306070][ T5748] pglazyfreed 0 [ 216.306070][ T5748] zswpin 0 [ 216.306070][ T5748] zswpout 0 [ 216.306070][ T5748] thp_fault_alloc 0 [ 216.306070][ T5748] thp_collapse_alloc 0 [ 216.493929][ T5748] Tasks state (memory values in pages): [pid 5751] write(6, "0x000000000000040e", 18 [pid 5748] <... write resumed>) = 18 [pid 5748] close(3) = 0 [pid 5748] close(4) = 0 [pid 5748] close(5) = 0 [pid 5748] close(6) = 0 [pid 5748] close(7) = -1 EBADF (Bad file descriptor) [pid 5748] close(8) = -1 EBADF (Bad file descriptor) [pid 5748] close(9) = -1 EBADF (Bad file descriptor) [pid 5748] close(10) = -1 EBADF (Bad file descriptor) [pid 5748] close(11) = -1 EBADF (Bad file descriptor) [pid 5748] close(12) = -1 EBADF (Bad file descriptor) [pid 5748] close(13) = -1 EBADF (Bad file descriptor) [pid 5748] close(14) = -1 EBADF (Bad file descriptor) [pid 5748] close(15) = -1 EBADF (Bad file descriptor) [pid 5748] close(16) = -1 EBADF (Bad file descriptor) [pid 5748] close(17) = -1 EBADF (Bad file descriptor) [pid 5748] close(18) = -1 EBADF (Bad file descriptor) [pid 5748] close(19) = -1 EBADF (Bad file descriptor) [pid 5748] close(20) = -1 EBADF (Bad file descriptor) [pid 5748] close(21) = -1 EBADF (Bad file descriptor) [pid 5748] close(22) = -1 EBADF (Bad file descriptor) [pid 5748] close(23) = -1 EBADF (Bad file descriptor) [pid 5748] close(24) = -1 EBADF (Bad file descriptor) [pid 5748] close(25) = -1 EBADF (Bad file descriptor) [pid 5748] close(26) = -1 EBADF (Bad file descriptor) [pid 5748] close(27) = -1 EBADF (Bad file descriptor) [pid 5748] close(28) = -1 EBADF (Bad file descriptor) [pid 5748] close(29) = -1 EBADF (Bad file descriptor) [pid 5748] exit_group(0) = ? [pid 5748] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 216.499905][ T5748] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 216.520021][ T5748] Out of memory and no killable processes... [ 216.526262][ T5747] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5085] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./40/binderfs") = 0 [pid 5085] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./40/cgroup") = 0 [pid 5085] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./40/cgroup.net") = 0 [ 216.568689][ T5747] CPU: 0 PID: 5747 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 216.578683][ T5747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 216.588799][ T5747] Call Trace: [ 216.592120][ T5747] [ 216.595093][ T5747] dump_stack_lvl+0x136/0x150 [ 216.599852][ T5747] dump_header+0x10a/0xd70 [ 216.604344][ T5747] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 216.610499][ T5747] out_of_memory+0xd64/0x1660 [ 216.615253][ T5747] ? oom_killer_disable+0x2b0/0x2b0 [ 216.620537][ T5747] mem_cgroup_out_of_memory+0x206/0x270 [ 216.626152][ T5747] ? mem_cgroup_margin+0x130/0x130 [ 216.631360][ T5747] memory_max_write+0x2f9/0x3c0 [ 216.636292][ T5747] ? mem_cgroup_force_empty_write+0x160/0x160 [ 216.642441][ T5747] ? lock_sync+0x190/0x190 [ 216.646931][ T5747] cgroup_file_write+0x1e2/0x7b0 [ 216.652035][ T5747] ? mem_cgroup_force_empty_write+0x160/0x160 [ 216.658181][ T5747] ? kill_css+0x3b0/0x3b0 [ 216.662588][ T5747] ? lock_acquire+0x32/0xc0 [ 216.667166][ T5747] ? kill_css+0x3b0/0x3b0 [ 216.671567][ T5747] kernfs_fop_write_iter+0x3f1/0x600 [ 216.676933][ T5747] vfs_write+0x9ed/0xe10 [ 216.681268][ T5747] ? kernel_write+0x670/0x670 [ 216.686032][ T5747] ? find_held_lock+0x2d/0x110 [ 216.690881][ T5747] ? __fget_light+0x20a/0x270 [ 216.695649][ T5747] ksys_write+0x12b/0x250 [ 216.700062][ T5747] ? __ia32_sys_read+0xb0/0xb0 [ 216.704903][ T5747] ? lockdep_hardirqs_on+0x7d/0x100 [ 216.710170][ T5747] ? _raw_spin_unlock_irq+0x2e/0x50 [ 216.715442][ T5747] ? ptrace_notify+0xfe/0x140 [ 216.720196][ T5747] do_syscall_64+0x39/0xb0 [ 216.724691][ T5747] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 216.730652][ T5747] RIP: 0033:0x7faecf034129 [ 216.735119][ T5747] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 216.754800][ T5747] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5085] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 216.763284][ T5747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 216.771309][ T5747] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 216.779348][ T5747] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 216.787374][ T5747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 216.795409][ T5747] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002c [ 216.803468][ T5747] [ 216.808190][ T5747] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5085] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./40/file0") = 0 [pid 5085] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./40/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./40") = 0 [pid 5085] mkdir("./41", 0777) = 0 [ 216.814506][ T5747] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 216.823015][ T5747] Memory cgroup stats for /syz1: [ 216.823320][ T5747] anon 0 [ 216.823320][ T5747] file 0 [ 216.823320][ T5747] kernel 8192 [ 216.823320][ T5747] kernel_stack 0 [ 216.823320][ T5747] pagetables 0 [ 216.823320][ T5747] sec_pagetables 0 [ 216.823320][ T5747] percpu 0 [ 216.823320][ T5747] sock 0 [ 216.823320][ T5747] vmalloc 0 [ 216.823320][ T5747] shmem 0 [ 216.823320][ T5747] zswap 0 [ 216.823320][ T5747] zswapped 0 [ 216.823320][ T5747] file_mapped 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 43 ./strace-static-x86_64: Process 5752 attached [pid 5752] chdir("./41") = 0 [pid 5752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5752] setpgid(0, 0) = 0 [pid 5752] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5752] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5752] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 216.823320][ T5747] file_dirty 0 [ 216.823320][ T5747] file_writeback 0 [ 216.823320][ T5747] swapcached 0 [ 216.823320][ T5747] anon_thp 0 [ 216.823320][ T5747] file_thp 0 [ 216.823320][ T5747] shmem_thp 0 [ 216.823320][ T5747] inactive_anon 0 [ 216.823320][ T5747] active_anon 0 [ 216.823320][ T5747] inactive_file 0 [ 216.823320][ T5747] active_file 0 [ 216.823320][ T5747] unevictable 0 [ 216.823320][ T5747] slab_reclaimable 6752 [ 216.823320][ T5747] slab_unreclaimable 0 [ 216.823320][ T5747] slab 6752 [ 216.823320][ T5747] workingset_refault_anon 0 [pid 5752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5752] write(3, "1000", 4) = 4 [pid 5752] close(3) = 0 [pid 5752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5752] mkdir("./file0", 000) = 0 [pid 5752] open("./file0", O_RDONLY) = 3 [pid 5752] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5752] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5752] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5752] openat(5, "memory.max", O_RDWR) = 6 [ 216.823320][ T5747] workingset_refault_file 0 [ 216.823320][ T5747] workingset_activate_anon 0 [ 216.823320][ T5747] workingset_activate_file 0 [ 216.823320][ T5747] workingset_restore_anon 0 [ 216.823320][ T5747] workingset_restore_file 0 [ 216.823320][ T5747] workingset_nodereclaim 0 [ 216.823320][ T5747] pgscan 831 [ 216.823320][ T5747] pgsteal 2 [ 216.823320][ T5747] pgscan_kswapd 0 [ 216.823320][ T5747] pgscan_direct 831 [ 216.823320][ T5747] pgscan_khugepaged 0 [ 216.823320][ T5747] pgsteal_kswapd 0 [ 216.823320][ T5747] pgsteal_direct 2 [ 216.823320][ T5747] pgsteal_khugepaged 0 [ 216.823320][ T5747] pgfault 21 [ 216.823320][ T5747] pgmajfault 0 [ 216.823320][ T5747] pgrefill 830 [ 216.823320][ T5747] pgactivate 829 [ 216.823320][ T5747] pgdeactivate 830 [ 216.823320][ T5747] pglazyfree 0 [ 216.823320][ T5747] pglazyfreed 0 [ 216.823320][ T5747] zswpin 0 [ 216.823320][ T5747] zswpout 0 [ 216.823320][ T5747] thp_fault_alloc 0 [ 216.823320][ T5747] thp_collapse_alloc 0 [pid 5752] write(6, "0x000000000000040e", 18 [pid 5747] <... write resumed>) = 18 [pid 5747] close(3) = 0 [pid 5747] close(4) = 0 [pid 5747] close(5) = 0 [pid 5747] close(6) = 0 [pid 5747] close(7) = -1 EBADF (Bad file descriptor) [ 217.018011][ T5747] Tasks state (memory values in pages): [ 217.025325][ T5747] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 217.035328][ T5747] Out of memory and no killable processes... [ 217.041423][ T5749] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 217.057851][ T5749] CPU: 1 PID: 5749 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5747] close(8) = -1 EBADF (Bad file descriptor) [pid 5747] close(9) = -1 EBADF (Bad file descriptor) [pid 5747] close(10) = -1 EBADF (Bad file descriptor) [pid 5747] close(11) = -1 EBADF (Bad file descriptor) [pid 5747] close(12) = -1 EBADF (Bad file descriptor) [pid 5747] close(13) = -1 EBADF (Bad file descriptor) [pid 5747] close(14) = -1 EBADF (Bad file descriptor) [pid 5747] close(15) = -1 EBADF (Bad file descriptor) [pid 5747] close(16) = -1 EBADF (Bad file descriptor) [pid 5747] close(17) = -1 EBADF (Bad file descriptor) [pid 5747] close(18) = -1 EBADF (Bad file descriptor) [pid 5747] close(19) = -1 EBADF (Bad file descriptor) [pid 5747] close(20) = -1 EBADF (Bad file descriptor) [pid 5747] close(21) = -1 EBADF (Bad file descriptor) [pid 5747] close(22) = -1 EBADF (Bad file descriptor) [pid 5747] close(23) = -1 EBADF (Bad file descriptor) [pid 5747] close(24) = -1 EBADF (Bad file descriptor) [pid 5747] close(25) = -1 EBADF (Bad file descriptor) [pid 5747] close(26) = -1 EBADF (Bad file descriptor) [pid 5747] close(27) = -1 EBADF (Bad file descriptor) [pid 5747] close(28) = -1 EBADF (Bad file descriptor) [pid 5747] close(29) = -1 EBADF (Bad file descriptor) [pid 5747] exit_group(0) = ? [pid 5747] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./44/binderfs") = 0 [pid 5090] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./44/cgroup") = 0 [pid 5090] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./44/cgroup.net") = 0 [ 217.067830][ T5749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 217.077942][ T5749] Call Trace: [ 217.081268][ T5749] [ 217.084249][ T5749] dump_stack_lvl+0x136/0x150 [ 217.089000][ T5749] dump_header+0x10a/0xd70 [ 217.093482][ T5749] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 217.099651][ T5749] out_of_memory+0xd64/0x1660 [ 217.104425][ T5749] ? oom_killer_disable+0x2b0/0x2b0 [ 217.109719][ T5749] mem_cgroup_out_of_memory+0x206/0x270 [ 217.115338][ T5749] ? mem_cgroup_margin+0x130/0x130 [ 217.120519][ T5749] memory_max_write+0x2f9/0x3c0 [ 217.125419][ T5749] ? mem_cgroup_force_empty_write+0x160/0x160 [ 217.131543][ T5749] ? lock_sync+0x190/0x190 [ 217.136007][ T5749] cgroup_file_write+0x1e2/0x7b0 [ 217.140995][ T5749] ? mem_cgroup_force_empty_write+0x160/0x160 [ 217.147104][ T5749] ? kill_css+0x3b0/0x3b0 [ 217.151478][ T5749] ? lock_acquire+0x32/0xc0 [ 217.156026][ T5749] ? kill_css+0x3b0/0x3b0 [ 217.160400][ T5749] kernfs_fop_write_iter+0x3f1/0x600 [ 217.165734][ T5749] vfs_write+0x9ed/0xe10 [ 217.170028][ T5749] ? kernel_write+0x670/0x670 [ 217.174753][ T5749] ? find_held_lock+0x2d/0x110 [ 217.179559][ T5749] ? __fget_light+0x20a/0x270 [ 217.184295][ T5749] ksys_write+0x12b/0x250 [ 217.188676][ T5749] ? __ia32_sys_read+0xb0/0xb0 [ 217.193487][ T5749] ? lockdep_hardirqs_on+0x7d/0x100 [ 217.198721][ T5749] ? _raw_spin_unlock_irq+0x2e/0x50 [ 217.203957][ T5749] ? ptrace_notify+0xfe/0x140 [ 217.208677][ T5749] do_syscall_64+0x39/0xb0 [ 217.213139][ T5749] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 217.219072][ T5749] RIP: 0033:0x7faecf034129 [ 217.223511][ T5749] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 217.243158][ T5749] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 217.251604][ T5749] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 217.259600][ T5749] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5090] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 217.267600][ T5749] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 217.275595][ T5749] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 217.283593][ T5749] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000029 [ 217.291616][ T5749] [ 217.301769][ T5749] memory: usage 8kB, limit 0kB, failcnt 36 [ 217.309680][ T5749] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./44/file0") = 0 [pid 5090] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./44/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./44") = 0 [pid 5090] mkdir("./45", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 47 [ 217.318155][ T5749] Memory cgroup stats for /syz1: [ 217.318442][ T5749] anon 0 [ 217.318442][ T5749] file 0 [ 217.318442][ T5749] kernel 8192 [ 217.318442][ T5749] kernel_stack 0 [ 217.318442][ T5749] pagetables 0 [ 217.318442][ T5749] sec_pagetables 0 [ 217.318442][ T5749] percpu 0 [ 217.318442][ T5749] sock 0 [ 217.318442][ T5749] vmalloc 0 [ 217.318442][ T5749] shmem 0 [ 217.318442][ T5749] zswap 0 [ 217.318442][ T5749] zswapped 0 [ 217.318442][ T5749] file_mapped 0 [ 217.318442][ T5749] file_dirty 0 [ 217.318442][ T5749] file_writeback 0 [ 217.318442][ T5749] swapcached 0 [ 217.318442][ T5749] anon_thp 0 [ 217.318442][ T5749] file_thp 0 [ 217.318442][ T5749] shmem_thp 0 [ 217.318442][ T5749] inactive_anon 0 [ 217.318442][ T5749] active_anon 0 [ 217.318442][ T5749] inactive_file 0 [ 217.318442][ T5749] active_file 0 [ 217.318442][ T5749] unevictable 0 [ 217.318442][ T5749] slab_reclaimable 6752 [ 217.318442][ T5749] slab_unreclaimable 0 [ 217.318442][ T5749] slab 6752 [ 217.318442][ T5749] workingset_refault_anon 0 [ 217.318442][ T5749] workingset_refault_file 0 ./strace-static-x86_64: Process 5753 attached [pid 5753] chdir("./45") = 0 [pid 5753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5753] setpgid(0, 0) = 0 [pid 5753] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5753] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5753] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 217.318442][ T5749] workingset_activate_anon 0 [ 217.318442][ T5749] workingset_activate_file 0 [ 217.318442][ T5749] workingset_restore_anon 0 [ 217.318442][ T5749] workingset_restore_file 0 [ 217.318442][ T5749] workingset_nodereclaim 0 [ 217.318442][ T5749] pgscan 831 [ 217.318442][ T5749] pgsteal 2 [ 217.318442][ T5749] pgscan_kswapd 0 [ 217.318442][ T5749] pgscan_direct 831 [ 217.318442][ T5749] pgscan_khugepaged 0 [ 217.318442][ T5749] pgsteal_kswapd 0 [ 217.318442][ T5749] pgsteal_direct 2 [ 217.318442][ T5749] pgsteal_khugepaged 0 [ 217.318442][ T5749] pgfault 21 [pid 5753] write(3, "1000", 4) = 4 [pid 5753] close(3) = 0 [pid 5753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5753] mkdir("./file0", 000) = 0 [pid 5753] open("./file0", O_RDONLY) = 3 [pid 5753] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5753] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5753] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5753] openat(5, "memory.max", O_RDWR) = 6 [ 217.318442][ T5749] pgmajfault 0 [ 217.318442][ T5749] pgrefill 830 [ 217.318442][ T5749] pgactivate 829 [ 217.318442][ T5749] pgdeactivate 830 [ 217.318442][ T5749] pglazyfree 0 [ 217.318442][ T5749] pglazyfreed 0 [ 217.318442][ T5749] zswpin 0 [ 217.318442][ T5749] zswpout 0 [ 217.318442][ T5749] thp_fault_alloc 0 [ 217.318442][ T5749] thp_collapse_alloc 0 [ 217.517564][ T5749] Tasks state (memory values in pages): [pid 5753] write(6, "0x000000000000040e", 18 [pid 5749] <... write resumed>) = 18 [pid 5749] close(3) = 0 [pid 5749] close(4) = 0 [pid 5749] close(5) = 0 [pid 5749] close(6) = 0 [pid 5749] close(7) = -1 EBADF (Bad file descriptor) [pid 5749] close(8) = -1 EBADF (Bad file descriptor) [pid 5749] close(9) = -1 EBADF (Bad file descriptor) [pid 5749] close(10) = -1 EBADF (Bad file descriptor) [pid 5749] close(11) = -1 EBADF (Bad file descriptor) [pid 5749] close(12) = -1 EBADF (Bad file descriptor) [pid 5749] close(13) = -1 EBADF (Bad file descriptor) [pid 5749] close(14) = -1 EBADF (Bad file descriptor) [ 217.527006][ T5749] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 217.537092][ T5749] Out of memory and no killable processes... [ 217.550842][ T5750] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 217.562409][ T5750] CPU: 0 PID: 5750 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5749] close(15) = -1 EBADF (Bad file descriptor) [pid 5749] close(16) = -1 EBADF (Bad file descriptor) [pid 5749] close(17) = -1 EBADF (Bad file descriptor) [pid 5749] close(18) = -1 EBADF (Bad file descriptor) [pid 5749] close(19) = -1 EBADF (Bad file descriptor) [pid 5749] close(20) = -1 EBADF (Bad file descriptor) [pid 5749] close(21) = -1 EBADF (Bad file descriptor) [pid 5749] close(22) = -1 EBADF (Bad file descriptor) [pid 5749] close(23) = -1 EBADF (Bad file descriptor) [pid 5749] close(24) = -1 EBADF (Bad file descriptor) [pid 5749] close(25) = -1 EBADF (Bad file descriptor) [pid 5749] close(26) = -1 EBADF (Bad file descriptor) [pid 5749] close(27) = -1 EBADF (Bad file descriptor) [pid 5749] close(28) = -1 EBADF (Bad file descriptor) [pid 5749] close(29) = -1 EBADF (Bad file descriptor) [pid 5749] exit_group(0) = ? [pid 5749] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 217.572394][ T5750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 217.582514][ T5750] Call Trace: [ 217.585847][ T5750] [ 217.588832][ T5750] dump_stack_lvl+0x136/0x150 [ 217.593589][ T5750] dump_header+0x10a/0xd70 [ 217.598080][ T5750] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 217.604254][ T5750] out_of_memory+0xd64/0x1660 [ 217.609037][ T5750] ? oom_killer_disable+0x2b0/0x2b0 [ 217.614326][ T5750] ? find_held_lock+0x2d/0x110 [ 217.619175][ T5750] mem_cgroup_out_of_memory+0x206/0x270 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./41/binderfs") = 0 [ 217.624811][ T5750] ? mem_cgroup_margin+0x130/0x130 [ 217.630018][ T5750] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 217.635919][ T5750] memory_max_write+0x2f9/0x3c0 [ 217.640861][ T5750] ? mem_cgroup_force_empty_write+0x160/0x160 [ 217.647024][ T5750] ? lock_sync+0x190/0x190 [ 217.651506][ T5750] cgroup_file_write+0x1e2/0x7b0 [ 217.656510][ T5750] ? mem_cgroup_force_empty_write+0x160/0x160 [ 217.662625][ T5750] ? kill_css+0x3b0/0x3b0 [ 217.667002][ T5750] ? lock_acquire+0x32/0xc0 [ 217.671560][ T5750] ? kill_css+0x3b0/0x3b0 [pid 5086] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./41/cgroup") = 0 [pid 5086] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./41/cgroup.net") = 0 [ 217.675947][ T5750] kernfs_fop_write_iter+0x3f1/0x600 [ 217.681288][ T5750] vfs_write+0x9ed/0xe10 [ 217.685582][ T5750] ? kernel_write+0x670/0x670 [ 217.690309][ T5750] ? find_held_lock+0x2d/0x110 [ 217.695123][ T5750] ? __fget_light+0x20a/0x270 [ 217.699852][ T5750] ksys_write+0x12b/0x250 [ 217.704242][ T5750] ? __ia32_sys_read+0xb0/0xb0 [ 217.709066][ T5750] ? lockdep_hardirqs_on+0x7d/0x100 [ 217.714299][ T5750] ? _raw_spin_unlock_irq+0x2e/0x50 [ 217.719536][ T5750] ? ptrace_notify+0xfe/0x140 [ 217.724257][ T5750] do_syscall_64+0x39/0xb0 [ 217.728721][ T5750] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 217.734654][ T5750] RIP: 0033:0x7faecf034129 [ 217.739095][ T5750] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 217.758738][ T5750] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 217.767186][ T5750] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5086] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./41/file0") = 0 [pid 5086] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./41/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [ 217.775183][ T5750] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 217.783179][ T5750] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 217.791184][ T5750] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 217.799181][ T5750] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002c [ 217.807214][ T5750] [pid 5086] rmdir("./41") = 0 [pid 5086] mkdir("./42", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5754 attached [pid 5754] chdir("./42" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 44 [pid 5754] <... chdir resumed>) = 0 [pid 5754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5754] setpgid(0, 0) = 0 [pid 5754] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5754] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5754] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5754] write(3, "1000", 4) = 4 [pid 5754] close(3) = 0 [pid 5754] symlink("/dev/binderfs", "./binderfs") = 0 [ 217.853523][ T5750] memory: usage 8kB, limit 0kB, failcnt 36 [ 217.861432][ T5750] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 217.870496][ T5750] Memory cgroup stats for /syz1: [ 217.870783][ T5750] anon 0 [ 217.870783][ T5750] file 0 [ 217.870783][ T5750] kernel 8192 [ 217.870783][ T5750] kernel_stack 0 [ 217.870783][ T5750] pagetables 0 [ 217.870783][ T5750] sec_pagetables 0 [ 217.870783][ T5750] percpu 0 [ 217.870783][ T5750] sock 0 [ 217.870783][ T5750] vmalloc 0 [pid 5754] mkdir("./file0", 000) = 0 [pid 5754] open("./file0", O_RDONLY) = 3 [pid 5754] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5754] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5754] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5754] openat(5, "memory.max", O_RDWR) = 6 [ 217.870783][ T5750] shmem 0 [ 217.870783][ T5750] zswap 0 [ 217.870783][ T5750] zswapped 0 [ 217.870783][ T5750] file_mapped 0 [ 217.870783][ T5750] file_dirty 0 [ 217.870783][ T5750] file_writeback 0 [ 217.870783][ T5750] swapcached 0 [ 217.870783][ T5750] anon_thp 0 [ 217.870783][ T5750] file_thp 0 [ 217.870783][ T5750] shmem_thp 0 [ 217.870783][ T5750] inactive_anon 0 [ 217.870783][ T5750] active_anon 0 [ 217.870783][ T5750] inactive_file 0 [ 217.870783][ T5750] active_file 0 [ 217.870783][ T5750] unevictable 0 [ 217.870783][ T5750] slab_reclaimable 6752 [ 217.870783][ T5750] slab_unreclaimable 0 [ 217.870783][ T5750] slab 6752 [ 217.870783][ T5750] workingset_refault_anon 0 [ 217.870783][ T5750] workingset_refault_file 0 [ 217.870783][ T5750] workingset_activate_anon 0 [ 217.870783][ T5750] workingset_activate_file 0 [ 217.870783][ T5750] workingset_restore_anon 0 [ 217.870783][ T5750] workingset_restore_file 0 [ 217.870783][ T5750] workingset_nodereclaim 0 [ 217.870783][ T5750] pgscan 831 [ 217.870783][ T5750] pgsteal 2 [ 217.870783][ T5750] pgscan_kswapd 0 [ 217.870783][ T5750] pgscan_direct 831 [ 217.870783][ T5750] pgscan_khugepaged 0 [ 217.870783][ T5750] pgsteal_kswapd 0 [ 217.870783][ T5750] pgsteal_direct 2 [ 217.870783][ T5750] pgsteal_khugepaged 0 [ 217.870783][ T5750] pgfault 21 [ 217.870783][ T5750] pgmajfault 0 [ 217.870783][ T5750] pgrefill 830 [ 217.870783][ T5750] pgactivate 829 [ 217.870783][ T5750] pgdeactivate 830 [ 217.870783][ T5750] pglazyfree 0 [ 217.870783][ T5750] pglazyfreed 0 [ 217.870783][ T5750] zswpin 0 [ 217.870783][ T5750] zswpout 0 [ 217.870783][ T5750] thp_fault_alloc 0 [pid 5754] write(6, "0x000000000000040e", 18 [pid 5750] <... write resumed>) = 18 [pid 5750] close(3) = 0 [pid 5750] close(4) = 0 [pid 5750] close(5) = 0 [pid 5750] close(6) = 0 [ 217.870783][ T5750] thp_collapse_alloc 0 [ 218.058497][ T5750] Tasks state (memory values in pages): [ 218.066266][ T5750] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 218.078300][ T5750] Out of memory and no killable processes... [ 218.087698][ T5751] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5750] close(7) = -1 EBADF (Bad file descriptor) [pid 5750] close(8) = -1 EBADF (Bad file descriptor) [pid 5750] close(9) = -1 EBADF (Bad file descriptor) [pid 5750] close(10) = -1 EBADF (Bad file descriptor) [pid 5750] close(11) = -1 EBADF (Bad file descriptor) [pid 5750] close(12) = -1 EBADF (Bad file descriptor) [pid 5750] close(13) = -1 EBADF (Bad file descriptor) [pid 5750] close(14) = -1 EBADF (Bad file descriptor) [pid 5750] close(15) = -1 EBADF (Bad file descriptor) [pid 5750] close(16) = -1 EBADF (Bad file descriptor) [pid 5750] close(17) = -1 EBADF (Bad file descriptor) [pid 5750] close(18) = -1 EBADF (Bad file descriptor) [pid 5750] close(19) = -1 EBADF (Bad file descriptor) [pid 5750] close(20) = -1 EBADF (Bad file descriptor) [pid 5750] close(21) = -1 EBADF (Bad file descriptor) [pid 5750] close(22) = -1 EBADF (Bad file descriptor) [pid 5750] close(23) = -1 EBADF (Bad file descriptor) [pid 5750] close(24) = -1 EBADF (Bad file descriptor) [pid 5750] close(25) = -1 EBADF (Bad file descriptor) [pid 5750] close(26) = -1 EBADF (Bad file descriptor) [pid 5750] close(27) = -1 EBADF (Bad file descriptor) [pid 5750] close(28) = -1 EBADF (Bad file descriptor) [pid 5750] close(29) = -1 EBADF (Bad file descriptor) [pid 5750] exit_group(0) = ? [ 218.099091][ T5751] CPU: 0 PID: 5751 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 218.109067][ T5751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 218.119183][ T5751] Call Trace: [ 218.122510][ T5751] [ 218.125495][ T5751] dump_stack_lvl+0x136/0x150 [ 218.130259][ T5751] dump_header+0x10a/0xd70 [ 218.134751][ T5751] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 218.140920][ T5751] out_of_memory+0xd64/0x1660 [ 218.145686][ T5751] ? oom_killer_disable+0x2b0/0x2b0 [pid 5750] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 218.150984][ T5751] mem_cgroup_out_of_memory+0x206/0x270 [ 218.156612][ T5751] ? mem_cgroup_margin+0x130/0x130 [ 218.161820][ T5751] memory_max_write+0x2f9/0x3c0 [ 218.166815][ T5751] ? mem_cgroup_force_empty_write+0x160/0x160 [ 218.172972][ T5751] ? lock_sync+0x190/0x190 [ 218.177470][ T5751] cgroup_file_write+0x1e2/0x7b0 [ 218.182495][ T5751] ? mem_cgroup_force_empty_write+0x160/0x160 [ 218.188654][ T5751] ? kill_css+0x3b0/0x3b0 [ 218.193059][ T5751] ? lock_acquire+0x32/0xc0 [ 218.197636][ T5751] ? kill_css+0x3b0/0x3b0 [ 218.202033][ T5751] kernfs_fop_write_iter+0x3f1/0x600 [ 218.207396][ T5751] vfs_write+0x9ed/0xe10 [ 218.211697][ T5751] ? kernel_write+0x670/0x670 [ 218.216456][ T5751] ? find_held_lock+0x2d/0x110 [ 218.221297][ T5751] ? __fget_light+0x20a/0x270 [ 218.226052][ T5751] ksys_write+0x12b/0x250 [ 218.230486][ T5751] ? __ia32_sys_read+0xb0/0xb0 [ 218.235334][ T5751] ? lockdep_hardirqs_on+0x7d/0x100 [ 218.240689][ T5751] ? _raw_spin_unlock_irq+0x2e/0x50 [ 218.245966][ T5751] ? ptrace_notify+0xfe/0x140 [ 218.250712][ T5751] do_syscall_64+0x39/0xb0 [ 218.255208][ T5751] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 218.261174][ T5751] RIP: 0033:0x7faecf034129 [ 218.265666][ T5751] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 218.285341][ T5751] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 218.293823][ T5751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5089] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./44/binderfs") = 0 [pid 5089] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./44/cgroup") = 0 [pid 5089] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./44/cgroup.net") = 0 [pid 5089] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 218.301844][ T5751] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 218.309864][ T5751] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 218.317884][ T5751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 218.325903][ T5751] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002b [ 218.333954][ T5751] [ 218.346154][ T5751] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5089] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./44/file0") = 0 [pid 5089] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./44/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./44") = 0 [pid 5089] mkdir("./45", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 47 [ 218.352711][ T5751] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 218.359970][ T5751] Memory cgroup stats for /syz1: [ 218.360253][ T5751] anon 0 [ 218.360253][ T5751] file 0 [ 218.360253][ T5751] kernel 8192 [ 218.360253][ T5751] kernel_stack 0 [ 218.360253][ T5751] pagetables 0 [ 218.360253][ T5751] sec_pagetables 0 [ 218.360253][ T5751] percpu 0 [ 218.360253][ T5751] sock 0 [ 218.360253][ T5751] vmalloc 0 [ 218.360253][ T5751] shmem 0 [ 218.360253][ T5751] zswap 0 [ 218.360253][ T5751] zswapped 0 [ 218.360253][ T5751] file_mapped 0 ./strace-static-x86_64: Process 5755 attached [pid 5755] chdir("./45") = 0 [pid 5755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5755] setpgid(0, 0) = 0 [pid 5755] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5755] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5755] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5755] write(3, "1000", 4) = 4 [pid 5755] close(3) = 0 [pid 5755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5755] mkdir("./file0", 000) = 0 [ 218.360253][ T5751] file_dirty 0 [ 218.360253][ T5751] file_writeback 0 [ 218.360253][ T5751] swapcached 0 [ 218.360253][ T5751] anon_thp 0 [ 218.360253][ T5751] file_thp 0 [ 218.360253][ T5751] shmem_thp 0 [ 218.360253][ T5751] inactive_anon 0 [ 218.360253][ T5751] active_anon 0 [ 218.360253][ T5751] inactive_file 0 [ 218.360253][ T5751] active_file 0 [ 218.360253][ T5751] unevictable 0 [ 218.360253][ T5751] slab_reclaimable 6752 [ 218.360253][ T5751] slab_unreclaimable 0 [ 218.360253][ T5751] slab 6752 [ 218.360253][ T5751] workingset_refault_anon 0 [pid 5755] open("./file0", O_RDONLY) = 3 [pid 5755] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5755] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 218.360253][ T5751] workingset_refault_file 0 [ 218.360253][ T5751] workingset_activate_anon 0 [ 218.360253][ T5751] workingset_activate_file 0 [ 218.360253][ T5751] workingset_restore_anon 0 [ 218.360253][ T5751] workingset_restore_file 0 [ 218.360253][ T5751] workingset_nodereclaim 0 [ 218.360253][ T5751] pgscan 831 [ 218.360253][ T5751] pgsteal 2 [ 218.360253][ T5751] pgscan_kswapd 0 [ 218.360253][ T5751] pgscan_direct 831 [ 218.360253][ T5751] pgscan_khugepaged 0 [ 218.360253][ T5751] pgsteal_kswapd 0 [ 218.360253][ T5751] pgsteal_direct 2 [ 218.360253][ T5751] pgsteal_khugepaged 0 [ 218.360253][ T5751] pgfault 21 [ 218.360253][ T5751] pgmajfault 0 [ 218.360253][ T5751] pgrefill 830 [ 218.360253][ T5751] pgactivate 829 [ 218.360253][ T5751] pgdeactivate 830 [ 218.360253][ T5751] pglazyfree 0 [ 218.360253][ T5751] pglazyfreed 0 [ 218.360253][ T5751] zswpin 0 [ 218.360253][ T5751] zswpout 0 [ 218.360253][ T5751] thp_fault_alloc 0 [ 218.360253][ T5751] thp_collapse_alloc 0 [pid 5755] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5755] openat(5, "memory.max", O_RDWR) = 6 [ 218.552005][ T5751] Tasks state (memory values in pages): [ 218.558031][ T5751] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 218.569103][ T5751] Out of memory and no killable processes... [ 218.578593][ T5752] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 218.589730][ T5752] CPU: 1 PID: 5752 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 218.599689][ T5752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 218.609782][ T5752] Call Trace: [ 218.613084][ T5752] [ 218.616039][ T5752] dump_stack_lvl+0x136/0x150 [ 218.620751][ T5752] dump_header+0x10a/0xd70 [ 218.625206][ T5752] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 218.631322][ T5752] out_of_memory+0xd64/0x1660 [ 218.636049][ T5752] ? oom_killer_disable+0x2b0/0x2b0 [ 218.641301][ T5752] mem_cgroup_out_of_memory+0x206/0x270 [ 218.646890][ T5752] ? mem_cgroup_margin+0x130/0x130 [ 218.652064][ T5752] memory_max_write+0x2f9/0x3c0 [ 218.656964][ T5752] ? mem_cgroup_force_empty_write+0x160/0x160 [ 218.663087][ T5752] ? lock_sync+0x190/0x190 [ 218.667548][ T5752] cgroup_file_write+0x1e2/0x7b0 [ 218.672541][ T5752] ? mem_cgroup_force_empty_write+0x160/0x160 [ 218.678657][ T5752] ? kill_css+0x3b0/0x3b0 [ 218.683054][ T5752] ? lock_acquire+0x32/0xc0 [ 218.687620][ T5752] ? kill_css+0x3b0/0x3b0 [ 218.691999][ T5752] kernfs_fop_write_iter+0x3f1/0x600 [ 218.697346][ T5752] vfs_write+0x9ed/0xe10 [ 218.701638][ T5752] ? kernel_write+0x670/0x670 [ 218.706370][ T5752] ? find_held_lock+0x2d/0x110 [ 218.711176][ T5752] ? __fget_light+0x20a/0x270 [ 218.715905][ T5752] ksys_write+0x12b/0x250 [ 218.720279][ T5752] ? __ia32_sys_read+0xb0/0xb0 [ 218.725091][ T5752] ? lockdep_hardirqs_on+0x7d/0x100 [ 218.730323][ T5752] ? _raw_spin_unlock_irq+0x2e/0x50 [ 218.735562][ T5752] ? ptrace_notify+0xfe/0x140 [ 218.740282][ T5752] do_syscall_64+0x39/0xb0 [ 218.744751][ T5752] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 218.750688][ T5752] RIP: 0033:0x7faecf034129 [ 218.755128][ T5752] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 218.774769][ T5752] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 218.783217][ T5752] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 218.791216][ T5752] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 218.799211][ T5752] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5755] write(6, "0x000000000000040e", 18 [pid 5751] <... write resumed>) = 18 [pid 5751] close(3) = 0 [pid 5751] close(4) = 0 [pid 5751] close(5) = 0 [pid 5751] close(6) = 0 [pid 5751] close(7) = -1 EBADF (Bad file descriptor) [pid 5751] close(8) = -1 EBADF (Bad file descriptor) [pid 5751] close(9) = -1 EBADF (Bad file descriptor) [pid 5751] close(10) = -1 EBADF (Bad file descriptor) [pid 5751] close(11) = -1 EBADF (Bad file descriptor) [pid 5751] close(12) = -1 EBADF (Bad file descriptor) [pid 5751] close(13) = -1 EBADF (Bad file descriptor) [pid 5751] close(14) = -1 EBADF (Bad file descriptor) [pid 5751] close(15) = -1 EBADF (Bad file descriptor) [pid 5751] close(16) = -1 EBADF (Bad file descriptor) [pid 5751] close(17) = -1 EBADF (Bad file descriptor) [pid 5751] close(18) = -1 EBADF (Bad file descriptor) [pid 5751] close(19) = -1 EBADF (Bad file descriptor) [pid 5751] close(20) = -1 EBADF (Bad file descriptor) [pid 5751] close(21) = -1 EBADF (Bad file descriptor) [pid 5751] close(22) = -1 EBADF (Bad file descriptor) [pid 5751] close(23) = -1 EBADF (Bad file descriptor) [pid 5751] close(24) = -1 EBADF (Bad file descriptor) [pid 5751] close(25) = -1 EBADF (Bad file descriptor) [pid 5751] close(26) = -1 EBADF (Bad file descriptor) [pid 5751] close(27) = -1 EBADF (Bad file descriptor) [pid 5751] close(28) = -1 EBADF (Bad file descriptor) [pid 5751] close(29) = -1 EBADF (Bad file descriptor) [pid 5751] exit_group(0) = ? [pid 5751] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./43/binderfs") = 0 [pid 5087] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 218.807210][ T5752] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 218.815204][ T5752] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000029 [ 218.823222][ T5752] [ 218.842528][ T5752] memory: usage 8kB, limit 0kB, failcnt 36 [ 218.848624][ T5752] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5087] unlink("./43/cgroup") = 0 [pid 5087] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./43/cgroup.net") = 0 [ 218.856231][ T5752] Memory cgroup stats for /syz1: [ 218.856572][ T5752] anon 0 [ 218.856572][ T5752] file 0 [ 218.856572][ T5752] kernel 8192 [ 218.856572][ T5752] kernel_stack 0 [ 218.856572][ T5752] pagetables 0 [ 218.856572][ T5752] sec_pagetables 0 [ 218.856572][ T5752] percpu 0 [ 218.856572][ T5752] sock 0 [ 218.856572][ T5752] vmalloc 0 [ 218.856572][ T5752] shmem 0 [ 218.856572][ T5752] zswap 0 [ 218.856572][ T5752] zswapped 0 [ 218.856572][ T5752] file_mapped 0 [ 218.856572][ T5752] file_dirty 0 [ 218.856572][ T5752] file_writeback 0 [ 218.856572][ T5752] swapcached 0 [ 218.856572][ T5752] anon_thp 0 [ 218.856572][ T5752] file_thp 0 [ 218.856572][ T5752] shmem_thp 0 [ 218.856572][ T5752] inactive_anon 0 [ 218.856572][ T5752] active_anon 0 [ 218.856572][ T5752] inactive_file 0 [ 218.856572][ T5752] active_file 0 [ 218.856572][ T5752] unevictable 0 [ 218.856572][ T5752] slab_reclaimable 6752 [ 218.856572][ T5752] slab_unreclaimable 0 [ 218.856572][ T5752] slab 6752 [ 218.856572][ T5752] workingset_refault_anon 0 [ 218.856572][ T5752] workingset_refault_file 0 [ 218.856572][ T5752] workingset_activate_anon 0 [ 218.856572][ T5752] workingset_activate_file 0 [ 218.856572][ T5752] workingset_restore_anon 0 [ 218.856572][ T5752] workingset_restore_file 0 [ 218.856572][ T5752] workingset_nodereclaim 0 [ 218.856572][ T5752] pgscan 831 [ 218.856572][ T5752] pgsteal 2 [ 218.856572][ T5752] pgscan_kswapd 0 [ 218.856572][ T5752] pgscan_direct 831 [ 218.856572][ T5752] pgscan_khugepaged 0 [ 218.856572][ T5752] pgsteal_kswapd 0 [ 218.856572][ T5752] pgsteal_direct 2 [ 218.856572][ T5752] pgsteal_khugepaged 0 [pid 5087] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./43/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 218.856572][ T5752] pgfault 21 [ 218.856572][ T5752] pgmajfault 0 [ 218.856572][ T5752] pgrefill 830 [ 218.856572][ T5752] pgactivate 829 [ 218.856572][ T5752] pgdeactivate 830 [ 218.856572][ T5752] pglazyfree 0 [ 218.856572][ T5752] pglazyfreed 0 [ 218.856572][ T5752] zswpin 0 [ 218.856572][ T5752] zswpout 0 [ 218.856572][ T5752] thp_fault_alloc 0 [ 218.856572][ T5752] thp_collapse_alloc 0 [ 219.048300][ T5752] Tasks state (memory values in pages): [pid 5087] close(4) = 0 [pid 5087] rmdir("./43/file0") = 0 [pid 5087] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./43/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./43") = 0 [pid 5087] mkdir("./44", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5756 attached [pid 5756] chdir("./44" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 46 [pid 5756] <... chdir resumed>) = 0 [pid 5756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5756] setpgid(0, 0) = 0 [pid 5756] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5756] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5756] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5752] <... write resumed>) = 18 [ 219.063044][ T5752] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 219.079413][ T5752] Out of memory and no killable processes... [ 219.087317][ T5753] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5756] write(3, "1000", 4) = 4 [pid 5756] close(3) = 0 [pid 5756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5756] mkdir("./file0", 000) = 0 [pid 5756] open("./file0", O_RDONLY) = 3 [pid 5756] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5756] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5756] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5756] openat(5, "memory.max", O_RDWR) = 6 [pid 5756] write(6, "0x000000000000040e", 18 [pid 5752] close(3) = 0 [pid 5752] close(4) = 0 [pid 5752] close(5) = 0 [pid 5752] close(6) = 0 [pid 5752] close(7) = -1 EBADF (Bad file descriptor) [pid 5752] close(8) = -1 EBADF (Bad file descriptor) [pid 5752] close(9) = -1 EBADF (Bad file descriptor) [ 219.109896][ T5753] CPU: 1 PID: 5753 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 219.119892][ T5753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 219.130003][ T5753] Call Trace: [ 219.133328][ T5753] [ 219.136309][ T5753] dump_stack_lvl+0x136/0x150 [ 219.141062][ T5753] dump_header+0x10a/0xd70 [ 219.145885][ T5753] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 219.152037][ T5753] out_of_memory+0xd64/0x1660 [ 219.156802][ T5753] ? oom_killer_disable+0x2b0/0x2b0 [pid 5752] close(10) = -1 EBADF (Bad file descriptor) [pid 5752] close(11) = -1 EBADF (Bad file descriptor) [pid 5752] close(12) = -1 EBADF (Bad file descriptor) [pid 5752] close(13) = -1 EBADF (Bad file descriptor) [pid 5752] close(14) = -1 EBADF (Bad file descriptor) [pid 5752] close(15) = -1 EBADF (Bad file descriptor) [pid 5752] close(16) = -1 EBADF (Bad file descriptor) [pid 5752] close(17) = -1 EBADF (Bad file descriptor) [pid 5752] close(18) = -1 EBADF (Bad file descriptor) [pid 5752] close(19) = -1 EBADF (Bad file descriptor) [pid 5752] close(20) = -1 EBADF (Bad file descriptor) [pid 5752] close(21) = -1 EBADF (Bad file descriptor) [pid 5752] close(22) = -1 EBADF (Bad file descriptor) [pid 5752] close(23) = -1 EBADF (Bad file descriptor) [pid 5752] close(24) = -1 EBADF (Bad file descriptor) [pid 5752] close(25) = -1 EBADF (Bad file descriptor) [pid 5752] close(26) = -1 EBADF (Bad file descriptor) [pid 5752] close(27) = -1 EBADF (Bad file descriptor) [pid 5752] close(28) = -1 EBADF (Bad file descriptor) [pid 5752] close(29) = -1 EBADF (Bad file descriptor) [pid 5752] exit_group(0) = ? [pid 5752] +++ exited with 0 +++ [ 219.162077][ T5753] ? find_held_lock+0x2d/0x110 [ 219.166913][ T5753] mem_cgroup_out_of_memory+0x206/0x270 [ 219.172532][ T5753] ? mem_cgroup_margin+0x130/0x130 [ 219.177735][ T5753] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 219.183631][ T5753] memory_max_write+0x2f9/0x3c0 [ 219.188571][ T5753] ? mem_cgroup_force_empty_write+0x160/0x160 [ 219.194725][ T5753] ? lock_sync+0x190/0x190 [ 219.199223][ T5753] cgroup_file_write+0x1e2/0x7b0 [ 219.204245][ T5753] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./41/binderfs") = 0 [pid 5085] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./41/cgroup") = 0 [pid 5085] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./41/cgroup.net") = 0 [ 219.210426][ T5753] ? kill_css+0x3b0/0x3b0 [ 219.214829][ T5753] ? lock_acquire+0x32/0xc0 [ 219.219417][ T5753] ? kill_css+0x3b0/0x3b0 [ 219.223828][ T5753] kernfs_fop_write_iter+0x3f1/0x600 [ 219.229206][ T5753] vfs_write+0x9ed/0xe10 [ 219.233544][ T5753] ? kernel_write+0x670/0x670 [ 219.238318][ T5753] ? find_held_lock+0x2d/0x110 [ 219.243161][ T5753] ? __fget_light+0x20a/0x270 [ 219.247935][ T5753] ksys_write+0x12b/0x250 [ 219.252359][ T5753] ? __ia32_sys_read+0xb0/0xb0 [ 219.257198][ T5753] ? lockdep_hardirqs_on+0x7d/0x100 [ 219.262521][ T5753] ? _raw_spin_unlock_irq+0x2e/0x50 [ 219.267765][ T5753] ? ptrace_notify+0xfe/0x140 [ 219.272482][ T5753] do_syscall_64+0x39/0xb0 [ 219.276979][ T5753] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 219.282928][ T5753] RIP: 0033:0x7faecf034129 [ 219.287368][ T5753] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 219.307023][ T5753] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 219.315467][ T5753] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 219.323467][ T5753] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 219.331462][ T5753] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 219.339456][ T5753] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 219.347453][ T5753] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002d [ 219.355474][ T5753] [pid 5085] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./41/file0") = 0 [pid 5085] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./41/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./41") = 0 [pid 5085] mkdir("./42", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5757 attached [ 219.359828][ T5753] memory: usage 8kB, limit 0kB, failcnt 36 [ 219.367123][ T5753] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 219.374277][ T5753] Memory cgroup stats for /syz1: [ 219.374561][ T5753] anon 0 [ 219.374561][ T5753] file 0 [ 219.374561][ T5753] kernel 8192 [ 219.374561][ T5753] kernel_stack 0 [ 219.374561][ T5753] pagetables 0 [ 219.374561][ T5753] sec_pagetables 0 [ 219.374561][ T5753] percpu 0 [ 219.374561][ T5753] sock 0 [ 219.374561][ T5753] vmalloc 0 [ 219.374561][ T5753] shmem 0 [ 219.374561][ T5753] zswap 0 [pid 5757] chdir("./42" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 44 [pid 5757] <... chdir resumed>) = 0 [pid 5757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5757] setpgid(0, 0) = 0 [pid 5757] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5757] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5757] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5757] write(3, "1000", 4) = 4 [pid 5757] close(3) = 0 [pid 5757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5757] mkdir("./file0", 000) = 0 [pid 5757] open("./file0", O_RDONLY) = 3 [pid 5757] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5757] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5757] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5757] openat(5, "memory.max", O_RDWR) = 6 [ 219.374561][ T5753] zswapped 0 [ 219.374561][ T5753] file_mapped 0 [ 219.374561][ T5753] file_dirty 0 [ 219.374561][ T5753] file_writeback 0 [ 219.374561][ T5753] swapcached 0 [ 219.374561][ T5753] anon_thp 0 [ 219.374561][ T5753] file_thp 0 [ 219.374561][ T5753] shmem_thp 0 [ 219.374561][ T5753] inactive_anon 0 [ 219.374561][ T5753] active_anon 0 [ 219.374561][ T5753] inactive_file 0 [ 219.374561][ T5753] active_file 0 [ 219.374561][ T5753] unevictable 0 [ 219.374561][ T5753] slab_reclaimable 6752 [ 219.374561][ T5753] slab_unreclaimable 0 [ 219.374561][ T5753] slab 6752 [ 219.374561][ T5753] workingset_refault_anon 0 [ 219.374561][ T5753] workingset_refault_file 0 [ 219.374561][ T5753] workingset_activate_anon 0 [ 219.374561][ T5753] workingset_activate_file 0 [ 219.374561][ T5753] workingset_restore_anon 0 [ 219.374561][ T5753] workingset_restore_file 0 [ 219.374561][ T5753] workingset_nodereclaim 0 [ 219.374561][ T5753] pgscan 831 [ 219.374561][ T5753] pgsteal 2 [ 219.374561][ T5753] pgscan_kswapd 0 [ 219.374561][ T5753] pgscan_direct 831 [ 219.374561][ T5753] pgscan_khugepaged 0 [ 219.374561][ T5753] pgsteal_kswapd 0 [ 219.374561][ T5753] pgsteal_direct 2 [ 219.374561][ T5753] pgsteal_khugepaged 0 [ 219.374561][ T5753] pgfault 21 [ 219.374561][ T5753] pgmajfault 0 [ 219.374561][ T5753] pgrefill 830 [ 219.374561][ T5753] pgactivate 829 [ 219.374561][ T5753] pgdeactivate 830 [ 219.374561][ T5753] pglazyfree 0 [ 219.374561][ T5753] pglazyfreed 0 [ 219.374561][ T5753] zswpin 0 [ 219.374561][ T5753] zswpout 0 [ 219.374561][ T5753] thp_fault_alloc 0 [ 219.374561][ T5753] thp_collapse_alloc 0 [pid 5757] write(6, "0x000000000000040e", 18 [pid 5753] <... write resumed>) = 18 [pid 5753] close(3) = 0 [ 219.563069][ T5753] Tasks state (memory values in pages): [ 219.569016][ T5753] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 219.581526][ T5753] Out of memory and no killable processes... [pid 5753] close(4) = 0 [pid 5753] close(5) = 0 [pid 5753] close(6) = 0 [pid 5753] close(7) = -1 EBADF (Bad file descriptor) [pid 5753] close(8) = -1 EBADF (Bad file descriptor) [pid 5753] close(9) = -1 EBADF (Bad file descriptor) [pid 5753] close(10) = -1 EBADF (Bad file descriptor) [pid 5753] close(11) = -1 EBADF (Bad file descriptor) [pid 5753] close(12) = -1 EBADF (Bad file descriptor) [pid 5753] close(13) = -1 EBADF (Bad file descriptor) [pid 5753] close(14) = -1 EBADF (Bad file descriptor) [pid 5753] close(15) = -1 EBADF (Bad file descriptor) [pid 5753] close(16) = -1 EBADF (Bad file descriptor) [pid 5753] close(17) = -1 EBADF (Bad file descriptor) [pid 5753] close(18) = -1 EBADF (Bad file descriptor) [pid 5753] close(19) = -1 EBADF (Bad file descriptor) [pid 5753] close(20) = -1 EBADF (Bad file descriptor) [pid 5753] close(21) = -1 EBADF (Bad file descriptor) [pid 5753] close(22) = -1 EBADF (Bad file descriptor) [pid 5753] close(23) = -1 EBADF (Bad file descriptor) [pid 5753] close(24) = -1 EBADF (Bad file descriptor) [ 219.606097][ T5754] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 219.631667][ T5754] CPU: 1 PID: 5754 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 219.641659][ T5754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 219.651781][ T5754] Call Trace: [ 219.655118][ T5754] [ 219.658116][ T5754] dump_stack_lvl+0x136/0x150 [pid 5753] close(25) = -1 EBADF (Bad file descriptor) [pid 5753] close(26) = -1 EBADF (Bad file descriptor) [pid 5753] close(27) = -1 EBADF (Bad file descriptor) [pid 5753] close(28) = -1 EBADF (Bad file descriptor) [pid 5753] close(29) = -1 EBADF (Bad file descriptor) [pid 5753] exit_group(0) = ? [pid 5753] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./45/binderfs") = 0 [pid 5090] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./45/cgroup") = 0 [pid 5090] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 219.662887][ T5754] dump_header+0x10a/0xd70 [ 219.667404][ T5754] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 219.673593][ T5754] out_of_memory+0xd64/0x1660 [ 219.678362][ T5754] ? oom_killer_disable+0x2b0/0x2b0 [ 219.683655][ T5754] mem_cgroup_out_of_memory+0x206/0x270 [ 219.689294][ T5754] ? mem_cgroup_margin+0x130/0x130 [ 219.694522][ T5754] memory_max_write+0x2f9/0x3c0 [ 219.699472][ T5754] ? mem_cgroup_force_empty_write+0x160/0x160 [ 219.705637][ T5754] ? lock_sync+0x190/0x190 [ 219.710263][ T5754] cgroup_file_write+0x1e2/0x7b0 [pid 5090] unlink("./45/cgroup.net") = 0 [ 219.715293][ T5754] ? mem_cgroup_force_empty_write+0x160/0x160 [ 219.721446][ T5754] ? kill_css+0x3b0/0x3b0 [ 219.725857][ T5754] ? lock_acquire+0x32/0xc0 [ 219.730430][ T5754] ? kill_css+0x3b0/0x3b0 [ 219.734808][ T5754] kernfs_fop_write_iter+0x3f1/0x600 [ 219.740183][ T5754] vfs_write+0x9ed/0xe10 [ 219.744514][ T5754] ? kernel_write+0x670/0x670 [ 219.749262][ T5754] ? find_held_lock+0x2d/0x110 [ 219.754085][ T5754] ? __fget_light+0x20a/0x270 [ 219.758859][ T5754] ksys_write+0x12b/0x250 [ 219.763259][ T5754] ? __ia32_sys_read+0xb0/0xb0 [ 219.768075][ T5754] ? lockdep_hardirqs_on+0x7d/0x100 [ 219.773349][ T5754] ? _raw_spin_unlock_irq+0x2e/0x50 [ 219.778626][ T5754] ? ptrace_notify+0xfe/0x140 [ 219.783379][ T5754] do_syscall_64+0x39/0xb0 [ 219.787874][ T5754] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 219.793857][ T5754] RIP: 0033:0x7faecf034129 [ 219.798326][ T5754] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 219.818078][ T5754] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 219.826567][ T5754] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 219.834592][ T5754] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 219.842615][ T5754] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 219.850644][ T5754] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 219.858671][ T5754] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002a [pid 5090] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./45/file0") = 0 [pid 5090] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 219.866727][ T5754] [ 219.882260][ T5754] memory: usage 8kB, limit 0kB, failcnt 36 [ 219.888152][ T5754] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 219.895773][ T5754] Memory cgroup stats for /syz1: [ 219.896087][ T5754] anon 0 [ 219.896087][ T5754] file 0 [ 219.896087][ T5754] kernel 8192 [ 219.896087][ T5754] kernel_stack 0 [ 219.896087][ T5754] pagetables 0 [pid 5090] unlink("./45/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./45") = 0 [pid 5090] mkdir("./46", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 48 ./strace-static-x86_64: Process 5758 attached [pid 5758] chdir("./46") = 0 [pid 5758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5758] setpgid(0, 0) = 0 [pid 5758] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5758] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5758] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [ 219.896087][ T5754] sec_pagetables 0 [ 219.896087][ T5754] percpu 0 [ 219.896087][ T5754] sock 0 [ 219.896087][ T5754] vmalloc 0 [ 219.896087][ T5754] shmem 0 [ 219.896087][ T5754] zswap 0 [ 219.896087][ T5754] zswapped 0 [ 219.896087][ T5754] file_mapped 0 [ 219.896087][ T5754] file_dirty 0 [ 219.896087][ T5754] file_writeback 0 [ 219.896087][ T5754] swapcached 0 [ 219.896087][ T5754] anon_thp 0 [ 219.896087][ T5754] file_thp 0 [ 219.896087][ T5754] shmem_thp 0 [ 219.896087][ T5754] inactive_anon 0 [ 219.896087][ T5754] active_anon 0 [pid 5758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5758] write(3, "1000", 4) = 4 [pid 5758] close(3) = 0 [pid 5758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5758] mkdir("./file0", 000) = 0 [pid 5758] open("./file0", O_RDONLY) = 3 [pid 5758] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5758] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5758] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5758] openat(5, "memory.max", O_RDWR) = 6 [ 219.896087][ T5754] inactive_file 0 [ 219.896087][ T5754] active_file 0 [ 219.896087][ T5754] unevictable 0 [ 219.896087][ T5754] slab_reclaimable 6752 [ 219.896087][ T5754] slab_unreclaimable 0 [ 219.896087][ T5754] slab 6752 [ 219.896087][ T5754] workingset_refault_anon 0 [ 219.896087][ T5754] workingset_refault_file 0 [ 219.896087][ T5754] workingset_activate_anon 0 [ 219.896087][ T5754] workingset_activate_file 0 [ 219.896087][ T5754] workingset_restore_anon 0 [ 219.896087][ T5754] workingset_restore_file 0 [ 219.896087][ T5754] workingset_nodereclaim 0 [ 219.896087][ T5754] pgscan 831 [ 219.896087][ T5754] pgsteal 2 [ 219.896087][ T5754] pgscan_kswapd 0 [ 219.896087][ T5754] pgscan_direct 831 [ 219.896087][ T5754] pgscan_khugepaged 0 [ 219.896087][ T5754] pgsteal_kswapd 0 [ 219.896087][ T5754] pgsteal_direct 2 [ 219.896087][ T5754] pgsteal_khugepaged 0 [ 219.896087][ T5754] pgfault 21 [ 219.896087][ T5754] pgmajfault 0 [ 219.896087][ T5754] pgrefill 830 [ 219.896087][ T5754] pgactivate 829 [ 219.896087][ T5754] pgdeactivate 830 [ 219.896087][ T5754] pglazyfree 0 [pid 5758] write(6, "0x000000000000040e", 18 [pid 5754] <... write resumed>) = 18 [pid 5754] close(3) = 0 [pid 5754] close(4) = 0 [ 219.896087][ T5754] pglazyfreed 0 [ 219.896087][ T5754] zswpin 0 [ 219.896087][ T5754] zswpout 0 [ 219.896087][ T5754] thp_fault_alloc 0 [ 219.896087][ T5754] thp_collapse_alloc 0 [ 220.084404][ T5754] Tasks state (memory values in pages): [ 220.092308][ T5754] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 220.104992][ T5754] Out of memory and no killable processes... [pid 5754] close(5) = 0 [pid 5754] close(6) = 0 [pid 5754] close(7) = -1 EBADF (Bad file descriptor) [pid 5754] close(8) = -1 EBADF (Bad file descriptor) [pid 5754] close(9) = -1 EBADF (Bad file descriptor) [pid 5754] close(10) = -1 EBADF (Bad file descriptor) [pid 5754] close(11) = -1 EBADF (Bad file descriptor) [pid 5754] close(12) = -1 EBADF (Bad file descriptor) [pid 5754] close(13) = -1 EBADF (Bad file descriptor) [pid 5754] close(14) = -1 EBADF (Bad file descriptor) [pid 5754] close(15) = -1 EBADF (Bad file descriptor) [pid 5754] close(16) = -1 EBADF (Bad file descriptor) [pid 5754] close(17) = -1 EBADF (Bad file descriptor) [pid 5754] close(18) = -1 EBADF (Bad file descriptor) [pid 5754] close(19) = -1 EBADF (Bad file descriptor) [pid 5754] close(20) = -1 EBADF (Bad file descriptor) [pid 5754] close(21) = -1 EBADF (Bad file descriptor) [pid 5754] close(22) = -1 EBADF (Bad file descriptor) [pid 5754] close(23) = -1 EBADF (Bad file descriptor) [pid 5754] close(24) = -1 EBADF (Bad file descriptor) [pid 5754] close(25) = -1 EBADF (Bad file descriptor) [pid 5754] close(26) = -1 EBADF (Bad file descriptor) [pid 5754] close(27) = -1 EBADF (Bad file descriptor) [pid 5754] close(28) = -1 EBADF (Bad file descriptor) [pid 5754] close(29) = -1 EBADF (Bad file descriptor) [pid 5754] exit_group(0) = ? [pid 5754] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 220.113856][ T5755] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 220.135040][ T5755] CPU: 1 PID: 5755 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 220.145052][ T5755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 220.155165][ T5755] Call Trace: [ 220.158487][ T5755] [ 220.161473][ T5755] dump_stack_lvl+0x136/0x150 [pid 5086] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./42/binderfs") = 0 [pid 5086] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./42/cgroup") = 0 [pid 5086] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./42/cgroup.net") = 0 [ 220.166241][ T5755] dump_header+0x10a/0xd70 [ 220.170726][ T5755] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 220.176889][ T5755] out_of_memory+0xd64/0x1660 [ 220.181652][ T5755] ? oom_killer_disable+0x2b0/0x2b0 [ 220.186924][ T5755] ? find_held_lock+0x2d/0x110 [ 220.191753][ T5755] mem_cgroup_out_of_memory+0x206/0x270 [ 220.197367][ T5755] ? mem_cgroup_margin+0x130/0x130 [ 220.202539][ T5755] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 220.208396][ T5755] memory_max_write+0x2f9/0x3c0 [ 220.213298][ T5755] ? mem_cgroup_force_empty_write+0x160/0x160 [ 220.219413][ T5755] ? lock_sync+0x190/0x190 [ 220.223873][ T5755] cgroup_file_write+0x1e2/0x7b0 [ 220.228859][ T5755] ? mem_cgroup_force_empty_write+0x160/0x160 [ 220.234979][ T5755] ? kill_css+0x3b0/0x3b0 [ 220.239383][ T5755] ? lock_acquire+0x32/0xc0 [ 220.243932][ T5755] ? kill_css+0x3b0/0x3b0 [ 220.248305][ T5755] kernfs_fop_write_iter+0x3f1/0x600 [ 220.253639][ T5755] vfs_write+0x9ed/0xe10 [ 220.257935][ T5755] ? kernel_write+0x670/0x670 [ 220.262665][ T5755] ? find_held_lock+0x2d/0x110 [ 220.267471][ T5755] ? __fget_light+0x20a/0x270 [ 220.272206][ T5755] ksys_write+0x12b/0x250 [ 220.276600][ T5755] ? __ia32_sys_read+0xb0/0xb0 [ 220.281422][ T5755] ? lockdep_hardirqs_on+0x7d/0x100 [ 220.286682][ T5755] ? _raw_spin_unlock_irq+0x2e/0x50 [ 220.291923][ T5755] ? ptrace_notify+0xfe/0x140 [ 220.296641][ T5755] do_syscall_64+0x39/0xb0 [ 220.301104][ T5755] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 220.307037][ T5755] RIP: 0033:0x7faecf034129 [ 220.311477][ T5755] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 220.331126][ T5755] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 220.339655][ T5755] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 220.347654][ T5755] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 220.355648][ T5755] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5086] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 220.363642][ T5755] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 220.371637][ T5755] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002d [ 220.379674][ T5755] [ 220.384382][ T5755] memory: usage 8kB, limit 0kB, failcnt 36 [ 220.390253][ T5755] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 220.411869][ T5755] Memory cgroup stats for /syz1: [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./42/file0") = 0 [pid 5086] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./42/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./42") = 0 [pid 5086] mkdir("./43", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 45 [ 220.412172][ T5755] anon 0 [ 220.412172][ T5755] file 0 [ 220.412172][ T5755] kernel 8192 [ 220.412172][ T5755] kernel_stack 0 [ 220.412172][ T5755] pagetables 0 [ 220.412172][ T5755] sec_pagetables 0 [ 220.412172][ T5755] percpu 0 [ 220.412172][ T5755] sock 0 [ 220.412172][ T5755] vmalloc 0 [ 220.412172][ T5755] shmem 0 [ 220.412172][ T5755] zswap 0 [ 220.412172][ T5755] zswapped 0 [ 220.412172][ T5755] file_mapped 0 [ 220.412172][ T5755] file_dirty 0 [ 220.412172][ T5755] file_writeback 0 [ 220.412172][ T5755] swapcached 0 [ 220.412172][ T5755] anon_thp 0 ./strace-static-x86_64: Process 5760 attached [pid 5760] chdir("./43") = 0 [pid 5760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5760] setpgid(0, 0) = 0 [pid 5760] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5760] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5760] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5760] write(3, "1000", 4) = 4 [pid 5760] close(3) = 0 [pid 5760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5760] mkdir("./file0", 000) = 0 [pid 5760] open("./file0", O_RDONLY) = 3 [pid 5760] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5760] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 220.412172][ T5755] file_thp 0 [ 220.412172][ T5755] shmem_thp 0 [ 220.412172][ T5755] inactive_anon 0 [ 220.412172][ T5755] active_anon 0 [ 220.412172][ T5755] inactive_file 0 [ 220.412172][ T5755] active_file 0 [ 220.412172][ T5755] unevictable 0 [ 220.412172][ T5755] slab_reclaimable 6752 [ 220.412172][ T5755] slab_unreclaimable 0 [ 220.412172][ T5755] slab 6752 [ 220.412172][ T5755] workingset_refault_anon 0 [ 220.412172][ T5755] workingset_refault_file 0 [ 220.412172][ T5755] workingset_activate_anon 0 [pid 5760] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5760] openat(5, "memory.max", O_RDWR) = 6 [ 220.412172][ T5755] workingset_activate_file 0 [ 220.412172][ T5755] workingset_restore_anon 0 [ 220.412172][ T5755] workingset_restore_file 0 [ 220.412172][ T5755] workingset_nodereclaim 0 [ 220.412172][ T5755] pgscan 831 [ 220.412172][ T5755] pgsteal 2 [ 220.412172][ T5755] pgscan_kswapd 0 [ 220.412172][ T5755] pgscan_direct 831 [ 220.412172][ T5755] pgscan_khugepaged 0 [ 220.412172][ T5755] pgsteal_kswapd 0 [ 220.412172][ T5755] pgsteal_direct 2 [ 220.412172][ T5755] pgsteal_khugepaged 0 [ 220.412172][ T5755] pgfault 21 [ 220.412172][ T5755] pgmajfault 0 [ 220.412172][ T5755] pgrefill 830 [ 220.412172][ T5755] pgactivate 829 [ 220.412172][ T5755] pgdeactivate 830 [ 220.412172][ T5755] pglazyfree 0 [ 220.412172][ T5755] pglazyfreed 0 [ 220.412172][ T5755] zswpin 0 [ 220.412172][ T5755] zswpout 0 [ 220.412172][ T5755] thp_fault_alloc 0 [ 220.412172][ T5755] thp_collapse_alloc 0 [ 220.604724][ T5755] Tasks state (memory values in pages): [ 220.610337][ T5755] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 220.620527][ T5755] Out of memory and no killable processes... [ 220.628698][ T5756] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 220.639509][ T5756] CPU: 0 PID: 5756 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 220.649466][ T5756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 220.659571][ T5756] Call Trace: [ 220.662896][ T5756] [ 220.665892][ T5756] dump_stack_lvl+0x136/0x150 [pid 5760] write(6, "0x000000000000040e", 18 [pid 5755] <... write resumed>) = 18 [ 220.670637][ T5756] dump_header+0x10a/0xd70 [ 220.675116][ T5756] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 220.681270][ T5756] out_of_memory+0xd64/0x1660 [ 220.686030][ T5756] ? oom_killer_disable+0x2b0/0x2b0 [ 220.691300][ T5756] ? find_held_lock+0x2d/0x110 [ 220.696129][ T5756] mem_cgroup_out_of_memory+0x206/0x270 [ 220.701741][ T5756] ? mem_cgroup_margin+0x130/0x130 [ 220.706934][ T5756] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 220.712830][ T5756] memory_max_write+0x2f9/0x3c0 [pid 5755] close(3) = 0 [pid 5755] close(4) = 0 [pid 5755] close(5) = 0 [pid 5755] close(6) = 0 [pid 5755] close(7) = -1 EBADF (Bad file descriptor) [pid 5755] close(8) = -1 EBADF (Bad file descriptor) [pid 5755] close(9) = -1 EBADF (Bad file descriptor) [pid 5755] close(10) = -1 EBADF (Bad file descriptor) [pid 5755] close(11) = -1 EBADF (Bad file descriptor) [pid 5755] close(12) = -1 EBADF (Bad file descriptor) [pid 5755] close(13) = -1 EBADF (Bad file descriptor) [ 220.717762][ T5756] ? mem_cgroup_force_empty_write+0x160/0x160 [ 220.723913][ T5756] ? lock_sync+0x190/0x190 [ 220.728406][ T5756] cgroup_file_write+0x1e2/0x7b0 [ 220.733421][ T5756] ? mem_cgroup_force_empty_write+0x160/0x160 [ 220.739583][ T5756] ? kill_css+0x3b0/0x3b0 [ 220.743989][ T5756] ? lock_acquire+0x32/0xc0 [ 220.748567][ T5756] ? kill_css+0x3b0/0x3b0 [ 220.752983][ T5756] kernfs_fop_write_iter+0x3f1/0x600 [ 220.758354][ T5756] vfs_write+0x9ed/0xe10 [ 220.762694][ T5756] ? kernel_write+0x670/0x670 [pid 5755] close(14) = -1 EBADF (Bad file descriptor) [pid 5755] close(15) = -1 EBADF (Bad file descriptor) [pid 5755] close(16) = -1 EBADF (Bad file descriptor) [pid 5755] close(17) = -1 EBADF (Bad file descriptor) [pid 5755] close(18) = -1 EBADF (Bad file descriptor) [pid 5755] close(19) = -1 EBADF (Bad file descriptor) [pid 5755] close(20) = -1 EBADF (Bad file descriptor) [pid 5755] close(21) = -1 EBADF (Bad file descriptor) [pid 5755] close(22) = -1 EBADF (Bad file descriptor) [ 220.767457][ T5756] ? find_held_lock+0x2d/0x110 [ 220.772303][ T5756] ? __fget_light+0x20a/0x270 [ 220.777058][ T5756] ksys_write+0x12b/0x250 [ 220.781459][ T5756] ? __ia32_sys_read+0xb0/0xb0 [ 220.786297][ T5756] ? lockdep_hardirqs_on+0x7d/0x100 [ 220.791558][ T5756] ? _raw_spin_unlock_irq+0x2e/0x50 [ 220.796822][ T5756] ? ptrace_notify+0xfe/0x140 [ 220.801569][ T5756] do_syscall_64+0x39/0xb0 [ 220.806057][ T5756] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 220.812022][ T5756] RIP: 0033:0x7faecf034129 [ 220.816485][ T5756] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 220.836152][ T5756] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 220.844718][ T5756] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 220.852747][ T5756] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 220.860766][ T5756] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5755] close(23) = -1 EBADF (Bad file descriptor) [pid 5755] close(24) = -1 EBADF (Bad file descriptor) [pid 5755] close(25) = -1 EBADF (Bad file descriptor) [pid 5755] close(26) = -1 EBADF (Bad file descriptor) [pid 5755] close(27) = -1 EBADF (Bad file descriptor) [pid 5755] close(28) = -1 EBADF (Bad file descriptor) [pid 5755] close(29) = -1 EBADF (Bad file descriptor) [pid 5755] exit_group(0) = ? [pid 5755] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5089] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./45/binderfs") = 0 [pid 5089] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./45/cgroup") = 0 [pid 5089] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./45/cgroup.net") = 0 [pid 5089] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./45/file0") = 0 [pid 5089] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 220.868791][ T5756] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 220.876812][ T5756] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002c [ 220.884863][ T5756] [ 220.898457][ T5756] memory: usage 8kB, limit 0kB, failcnt 36 [ 220.905051][ T5756] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 220.912811][ T5756] Memory cgroup stats for /syz1: [ 220.913062][ T5756] anon 0 [pid 5089] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./45/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./45") = 0 [pid 5089] mkdir("./46", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 48 ./strace-static-x86_64: Process 5761 attached [pid 5761] chdir("./46") = 0 [pid 5761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5761] setpgid(0, 0) = 0 [pid 5761] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5761] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 220.913062][ T5756] file 0 [ 220.913062][ T5756] kernel 8192 [ 220.913062][ T5756] kernel_stack 0 [ 220.913062][ T5756] pagetables 0 [ 220.913062][ T5756] sec_pagetables 0 [ 220.913062][ T5756] percpu 0 [ 220.913062][ T5756] sock 0 [ 220.913062][ T5756] vmalloc 0 [ 220.913062][ T5756] shmem 0 [ 220.913062][ T5756] zswap 0 [ 220.913062][ T5756] zswapped 0 [ 220.913062][ T5756] file_mapped 0 [ 220.913062][ T5756] file_dirty 0 [ 220.913062][ T5756] file_writeback 0 [ 220.913062][ T5756] swapcached 0 [ 220.913062][ T5756] anon_thp 0 [pid 5761] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5761] write(3, "1000", 4) = 4 [pid 5761] close(3) = 0 [pid 5761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5761] mkdir("./file0", 000) = 0 [pid 5761] open("./file0", O_RDONLY) = 3 [pid 5761] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5761] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5761] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 220.913062][ T5756] file_thp 0 [ 220.913062][ T5756] shmem_thp 0 [ 220.913062][ T5756] inactive_anon 0 [ 220.913062][ T5756] active_anon 0 [ 220.913062][ T5756] inactive_file 0 [ 220.913062][ T5756] active_file 0 [ 220.913062][ T5756] unevictable 0 [ 220.913062][ T5756] slab_reclaimable 6752 [ 220.913062][ T5756] slab_unreclaimable 0 [ 220.913062][ T5756] slab 6752 [ 220.913062][ T5756] workingset_refault_anon 0 [ 220.913062][ T5756] workingset_refault_file 0 [ 220.913062][ T5756] workingset_activate_anon 0 [ 220.913062][ T5756] workingset_activate_file 0 [pid 5761] openat(5, "memory.max", O_RDWR) = 6 [ 220.913062][ T5756] workingset_restore_anon 0 [ 220.913062][ T5756] workingset_restore_file 0 [ 220.913062][ T5756] workingset_nodereclaim 0 [ 220.913062][ T5756] pgscan 831 [ 220.913062][ T5756] pgsteal 2 [ 220.913062][ T5756] pgscan_kswapd 0 [ 220.913062][ T5756] pgscan_direct 831 [ 220.913062][ T5756] pgscan_khugepaged 0 [ 220.913062][ T5756] pgsteal_kswapd 0 [ 220.913062][ T5756] pgsteal_direct 2 [ 220.913062][ T5756] pgsteal_khugepaged 0 [ 220.913062][ T5756] pgfault 21 [ 220.913062][ T5756] pgmajfault 0 [ 220.913062][ T5756] pgrefill 830 [ 220.913062][ T5756] pgactivate 829 [ 220.913062][ T5756] pgdeactivate 830 [ 220.913062][ T5756] pglazyfree 0 [ 220.913062][ T5756] pglazyfreed 0 [ 220.913062][ T5756] zswpin 0 [ 220.913062][ T5756] zswpout 0 [ 220.913062][ T5756] thp_fault_alloc 0 [ 220.913062][ T5756] thp_collapse_alloc 0 [pid 5761] write(6, "0x000000000000040e", 18 [pid 5756] <... write resumed>) = 18 [ 221.118039][ T5756] Tasks state (memory values in pages): [ 221.123757][ T5756] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 221.133467][ T5756] Out of memory and no killable processes... [ 221.139550][ T5757] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 221.150091][ T5757] CPU: 0 PID: 5757 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 221.160044][ T5757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 221.170128][ T5757] Call Trace: [ 221.173426][ T5757] [ 221.176381][ T5757] dump_stack_lvl+0x136/0x150 [ 221.181104][ T5757] dump_header+0x10a/0xd70 [ 221.185557][ T5757] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 221.191682][ T5757] out_of_memory+0xd64/0x1660 [ 221.196411][ T5757] ? oom_killer_disable+0x2b0/0x2b0 [ 221.201665][ T5757] mem_cgroup_out_of_memory+0x206/0x270 [ 221.207261][ T5757] ? mem_cgroup_margin+0x130/0x130 [ 221.212436][ T5757] memory_max_write+0x2f9/0x3c0 [ 221.217339][ T5757] ? mem_cgroup_force_empty_write+0x160/0x160 [ 221.223463][ T5757] ? lock_sync+0x190/0x190 [ 221.227925][ T5757] cgroup_file_write+0x1e2/0x7b0 [ 221.232922][ T5757] ? mem_cgroup_force_empty_write+0x160/0x160 [ 221.239046][ T5757] ? kill_css+0x3b0/0x3b0 [ 221.243422][ T5757] ? lock_acquire+0x32/0xc0 [ 221.247976][ T5757] ? kill_css+0x3b0/0x3b0 [ 221.252356][ T5757] kernfs_fop_write_iter+0x3f1/0x600 [ 221.257699][ T5757] vfs_write+0x9ed/0xe10 [ 221.262001][ T5757] ? kernel_write+0x670/0x670 [ 221.266731][ T5757] ? find_held_lock+0x2d/0x110 [ 221.271543][ T5757] ? __fget_light+0x20a/0x270 [ 221.276291][ T5757] ksys_write+0x12b/0x250 [ 221.280672][ T5757] ? __ia32_sys_read+0xb0/0xb0 [ 221.285482][ T5757] ? lockdep_hardirqs_on+0x7d/0x100 [ 221.290717][ T5757] ? _raw_spin_unlock_irq+0x2e/0x50 [ 221.295963][ T5757] ? ptrace_notify+0xfe/0x140 [ 221.300687][ T5757] do_syscall_64+0x39/0xb0 [ 221.305156][ T5757] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 221.311095][ T5757] RIP: 0033:0x7faecf034129 [ 221.315542][ T5757] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 221.335183][ T5757] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 221.343629][ T5757] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 221.351630][ T5757] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 221.359655][ T5757] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5756] close(3) = 0 [pid 5756] close(4) = 0 [pid 5756] close(5) = 0 [pid 5756] close(6) = 0 [pid 5756] close(7) = -1 EBADF (Bad file descriptor) [pid 5756] close(8) = -1 EBADF (Bad file descriptor) [pid 5756] close(9) = -1 EBADF (Bad file descriptor) [pid 5756] close(10) = -1 EBADF (Bad file descriptor) [pid 5756] close(11) = -1 EBADF (Bad file descriptor) [pid 5756] close(12) = -1 EBADF (Bad file descriptor) [pid 5756] close(13) = -1 EBADF (Bad file descriptor) [pid 5756] close(14) = -1 EBADF (Bad file descriptor) [pid 5756] close(15) = -1 EBADF (Bad file descriptor) [pid 5756] close(16) = -1 EBADF (Bad file descriptor) [pid 5756] close(17) = -1 EBADF (Bad file descriptor) [pid 5756] close(18) = -1 EBADF (Bad file descriptor) [pid 5756] close(19) = -1 EBADF (Bad file descriptor) [pid 5756] close(20) = -1 EBADF (Bad file descriptor) [pid 5756] close(21) = -1 EBADF (Bad file descriptor) [pid 5756] close(22) = -1 EBADF (Bad file descriptor) [pid 5756] close(23) = -1 EBADF (Bad file descriptor) [pid 5756] close(24) = -1 EBADF (Bad file descriptor) [pid 5756] close(25) = -1 EBADF (Bad file descriptor) [pid 5756] close(26) = -1 EBADF (Bad file descriptor) [pid 5756] close(27) = -1 EBADF (Bad file descriptor) [pid 5756] close(28) = -1 EBADF (Bad file descriptor) [pid 5756] close(29) = -1 EBADF (Bad file descriptor) [pid 5756] exit_group(0) = ? [pid 5756] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5087] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 221.367674][ T5757] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 221.375691][ T5757] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002a [ 221.383735][ T5757] [ 221.401746][ T5757] memory: usage 8kB, limit 0kB, failcnt 36 [ 221.409943][ T5757] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 221.418060][ T5757] Memory cgroup stats for /syz1: [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./44/binderfs") = 0 [pid 5087] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./44/cgroup") = 0 [pid 5087] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./44/cgroup.net") = 0 [ 221.418484][ T5757] anon 0 [ 221.418484][ T5757] file 0 [ 221.418484][ T5757] kernel 8192 [ 221.418484][ T5757] kernel_stack 0 [ 221.418484][ T5757] pagetables 0 [ 221.418484][ T5757] sec_pagetables 0 [ 221.418484][ T5757] percpu 0 [ 221.418484][ T5757] sock 0 [ 221.418484][ T5757] vmalloc 0 [ 221.418484][ T5757] shmem 0 [ 221.418484][ T5757] zswap 0 [ 221.418484][ T5757] zswapped 0 [ 221.418484][ T5757] file_mapped 0 [ 221.418484][ T5757] file_dirty 0 [ 221.418484][ T5757] file_writeback 0 [ 221.418484][ T5757] swapcached 0 [ 221.418484][ T5757] anon_thp 0 [ 221.418484][ T5757] file_thp 0 [ 221.418484][ T5757] shmem_thp 0 [ 221.418484][ T5757] inactive_anon 0 [ 221.418484][ T5757] active_anon 0 [ 221.418484][ T5757] inactive_file 0 [ 221.418484][ T5757] active_file 0 [ 221.418484][ T5757] unevictable 0 [ 221.418484][ T5757] slab_reclaimable 6752 [ 221.418484][ T5757] slab_unreclaimable 0 [ 221.418484][ T5757] slab 6752 [ 221.418484][ T5757] workingset_refault_anon 0 [ 221.418484][ T5757] workingset_refault_file 0 [ 221.418484][ T5757] workingset_activate_anon 0 [ 221.418484][ T5757] workingset_activate_file 0 [ 221.418484][ T5757] workingset_restore_anon 0 [ 221.418484][ T5757] workingset_restore_file 0 [ 221.418484][ T5757] workingset_nodereclaim 0 [ 221.418484][ T5757] pgscan 831 [ 221.418484][ T5757] pgsteal 2 [ 221.418484][ T5757] pgscan_kswapd 0 [ 221.418484][ T5757] pgscan_direct 831 [ 221.418484][ T5757] pgscan_khugepaged 0 [ 221.418484][ T5757] pgsteal_kswapd 0 [ 221.418484][ T5757] pgsteal_direct 2 [ 221.418484][ T5757] pgsteal_khugepaged 0 [ 221.418484][ T5757] pgfault 21 [ 221.418484][ T5757] pgmajfault 0 [pid 5087] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 221.418484][ T5757] pgrefill 830 [ 221.418484][ T5757] pgactivate 829 [ 221.418484][ T5757] pgdeactivate 830 [ 221.418484][ T5757] pglazyfree 0 [ 221.418484][ T5757] pglazyfreed 0 [ 221.418484][ T5757] zswpin 0 [ 221.418484][ T5757] zswpout 0 [ 221.418484][ T5757] thp_fault_alloc 0 [ 221.418484][ T5757] thp_collapse_alloc 0 [ 221.610034][ T5757] Tasks state (memory values in pages): [ 221.615852][ T5757] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5087] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5757] <... write resumed>) = 18 [pid 5087] getdents64(4, [pid 5757] close(3) = 0 [pid 5757] close(4) = 0 [pid 5757] close(5) = 0 [pid 5757] close(6) = 0 [pid 5757] close(7) = -1 EBADF (Bad file descriptor) [pid 5757] close(8) = -1 EBADF (Bad file descriptor) [pid 5757] close(9) = -1 EBADF (Bad file descriptor) [pid 5757] close(10) = -1 EBADF (Bad file descriptor) [pid 5757] close(11) = -1 EBADF (Bad file descriptor) [pid 5757] close(12) = -1 EBADF (Bad file descriptor) [pid 5757] close(13) = -1 EBADF (Bad file descriptor) [pid 5757] close(14) = -1 EBADF (Bad file descriptor) [pid 5757] close(15) = -1 EBADF (Bad file descriptor) [pid 5757] close(16) = -1 EBADF (Bad file descriptor) [pid 5757] close(17) = -1 EBADF (Bad file descriptor) [pid 5757] close(18) = -1 EBADF (Bad file descriptor) [pid 5757] close(19) = -1 EBADF (Bad file descriptor) [pid 5757] close(20) = -1 EBADF (Bad file descriptor) [pid 5757] close(21) = -1 EBADF (Bad file descriptor) [pid 5757] close(22) = -1 EBADF (Bad file descriptor) [pid 5757] close(23) = -1 EBADF (Bad file descriptor) [pid 5757] close(24) = -1 EBADF (Bad file descriptor) [pid 5757] close(25) = -1 EBADF (Bad file descriptor) [pid 5757] close(26) = -1 EBADF (Bad file descriptor) [pid 5757] close(27) = -1 EBADF (Bad file descriptor) [pid 5757] close(28) = -1 EBADF (Bad file descriptor) [pid 5757] close(29) = -1 EBADF (Bad file descriptor) [pid 5757] exit_group(0 [pid 5087] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5757] <... exit_group resumed>) = ? [pid 5757] +++ exited with 0 +++ [pid 5087] close(4) = 0 [pid 5087] rmdir("./44/file0") = 0 [pid 5087] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./44/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [ 221.625798][ T5757] Out of memory and no killable processes... [ 221.632075][ T5758] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 221.644808][ T5758] CPU: 0 PID: 5758 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 221.654786][ T5758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 221.664897][ T5758] Call Trace: [ 221.668214][ T5758] [ 221.671183][ T5758] dump_stack_lvl+0x136/0x150 [pid 5087] rmdir("./44") = 0 [pid 5087] mkdir("./45", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 47 [ 221.675935][ T5758] dump_header+0x10a/0xd70 [ 221.680427][ T5758] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 221.686602][ T5758] out_of_memory+0xd64/0x1660 [ 221.691366][ T5758] ? oom_killer_disable+0x2b0/0x2b0 [ 221.696656][ T5758] ? find_held_lock+0x2d/0x110 [ 221.701493][ T5758] mem_cgroup_out_of_memory+0x206/0x270 [ 221.707108][ T5758] ? mem_cgroup_margin+0x130/0x130 [ 221.712316][ T5758] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 221.718207][ T5758] memory_max_write+0x2f9/0x3c0 [ 221.723143][ T5758] ? mem_cgroup_force_empty_write+0x160/0x160 [ 221.729299][ T5758] ? lock_sync+0x190/0x190 [ 221.733784][ T5758] cgroup_file_write+0x1e2/0x7b0 [ 221.738797][ T5758] ? mem_cgroup_force_empty_write+0x160/0x160 [ 221.744944][ T5758] ? kill_css+0x3b0/0x3b0 [ 221.749345][ T5758] ? lock_acquire+0x32/0xc0 [ 221.753931][ T5758] ? kill_css+0x3b0/0x3b0 [ 221.758351][ T5758] kernfs_fop_write_iter+0x3f1/0x600 [ 221.763732][ T5758] vfs_write+0x9ed/0xe10 [ 221.768064][ T5758] ? kernel_write+0x670/0x670 [ 221.772826][ T5758] ? find_held_lock+0x2d/0x110 [ 221.777678][ T5758] ? __fget_light+0x20a/0x270 [ 221.782529][ T5758] ksys_write+0x12b/0x250 [ 221.786938][ T5758] ? __ia32_sys_read+0xb0/0xb0 [ 221.791778][ T5758] ? lockdep_hardirqs_on+0x7d/0x100 [ 221.797042][ T5758] ? _raw_spin_unlock_irq+0x2e/0x50 [ 221.802320][ T5758] ? ptrace_notify+0xfe/0x140 [ 221.807088][ T5758] do_syscall_64+0x39/0xb0 [ 221.811587][ T5758] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 221.817546][ T5758] RIP: 0033:0x7faecf034129 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5085] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 221.822020][ T5758] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 221.841689][ T5758] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 221.850173][ T5758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 221.858197][ T5758] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 221.866222][ T5758] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5085] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./42/binderfs") = 0 [pid 5085] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./42/cgroup", ./strace-static-x86_64: Process 5762 attached {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./42/cgroup") = 0 [pid 5085] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./42/cgroup.net" [pid 5762] chdir("./45" [pid 5085] <... unlink resumed>) = 0 [pid 5762] <... chdir resumed>) = 0 [pid 5085] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./42/file0", [pid 5762] setpgid(0, 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5762] <... setpgid resumed>) = 0 [pid 5085] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 221.874251][ T5758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 221.882286][ T5758] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002e [ 221.890338][ T5758] [ 221.908976][ T5758] memory: usage 8kB, limit 0kB, failcnt 36 [ 221.915750][ T5758] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5085] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./42/file0") = 0 [pid 5085] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./42/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./42") = 0 [pid 5085] mkdir("./43", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5763 attached [pid 5763] chdir("./43" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 45 [pid 5763] <... chdir resumed>) = 0 [pid 5763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5763] setpgid(0, 0) = 0 [pid 5763] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5763] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5763] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 221.923893][ T5758] Memory cgroup stats for /syz1: [ 221.924348][ T5758] anon 0 [ 221.924348][ T5758] file 0 [ 221.924348][ T5758] kernel 8192 [ 221.924348][ T5758] kernel_stack 0 [ 221.924348][ T5758] pagetables 0 [ 221.924348][ T5758] sec_pagetables 0 [ 221.924348][ T5758] percpu 0 [ 221.924348][ T5758] sock 0 [ 221.924348][ T5758] vmalloc 0 [ 221.924348][ T5758] shmem 0 [ 221.924348][ T5758] zswap 0 [ 221.924348][ T5758] zswapped 0 [ 221.924348][ T5758] file_mapped 0 [ 221.924348][ T5758] file_dirty 0 [ 221.924348][ T5758] file_writeback 0 [pid 5763] write(3, "1000", 4) = 4 [pid 5763] close(3) = 0 [pid 5763] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5763] mkdir("./file0", 000) = 0 [pid 5763] open("./file0", O_RDONLY) = 3 [pid 5763] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5763] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5763] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5763] openat(5, "memory.max", O_RDWR) = 6 [ 221.924348][ T5758] swapcached 0 [ 221.924348][ T5758] anon_thp 0 [ 221.924348][ T5758] file_thp 0 [ 221.924348][ T5758] shmem_thp 0 [ 221.924348][ T5758] inactive_anon 0 [ 221.924348][ T5758] active_anon 0 [ 221.924348][ T5758] inactive_file 0 [ 221.924348][ T5758] active_file 0 [ 221.924348][ T5758] unevictable 0 [ 221.924348][ T5758] slab_reclaimable 6752 [ 221.924348][ T5758] slab_unreclaimable 0 [ 221.924348][ T5758] slab 6752 [ 221.924348][ T5758] workingset_refault_anon 0 [ 221.924348][ T5758] workingset_refault_file 0 [ 221.924348][ T5758] workingset_activate_anon 0 [ 221.924348][ T5758] workingset_activate_file 0 [ 221.924348][ T5758] workingset_restore_anon 0 [ 221.924348][ T5758] workingset_restore_file 0 [ 221.924348][ T5758] workingset_nodereclaim 0 [ 221.924348][ T5758] pgscan 831 [ 221.924348][ T5758] pgsteal 2 [ 221.924348][ T5758] pgscan_kswapd 0 [ 221.924348][ T5758] pgscan_direct 831 [ 221.924348][ T5758] pgscan_khugepaged 0 [ 221.924348][ T5758] pgsteal_kswapd 0 [ 221.924348][ T5758] pgsteal_direct 2 [ 221.924348][ T5758] pgsteal_khugepaged 0 [ 221.924348][ T5758] pgfault 21 [pid 5763] write(6, "0x000000000000040e", 18 [pid 5762] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5762] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5762] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5762] write(3, "1000", 4) = 4 [pid 5762] close(3) = 0 [pid 5762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5762] mkdir("./file0", 000) = 0 [pid 5762] open("./file0", O_RDONLY) = 3 [pid 5762] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 221.924348][ T5758] pgmajfault 0 [ 221.924348][ T5758] pgrefill 830 [ 221.924348][ T5758] pgactivate 829 [ 221.924348][ T5758] pgdeactivate 830 [ 221.924348][ T5758] pglazyfree 0 [ 221.924348][ T5758] pglazyfreed 0 [ 221.924348][ T5758] zswpin 0 [ 221.924348][ T5758] zswpout 0 [ 221.924348][ T5758] thp_fault_alloc 0 [ 221.924348][ T5758] thp_collapse_alloc 0 [pid 5762] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5762] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5762] openat(5, "memory.max", O_RDWR) = 6 [ 222.126048][ T5758] Tasks state (memory values in pages): [ 222.132798][ T5758] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 222.152256][ T5758] Out of memory and no killable processes... [ 222.160573][ T5760] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5762] write(6, "0x000000000000040e", 18 [pid 5758] <... write resumed>) = 18 [pid 5758] close(3) = 0 [pid 5758] close(4) = 0 [pid 5758] close(5) = 0 [pid 5758] close(6) = 0 [pid 5758] close(7) = -1 EBADF (Bad file descriptor) [pid 5758] close(8) = -1 EBADF (Bad file descriptor) [pid 5758] close(9) = -1 EBADF (Bad file descriptor) [pid 5758] close(10) = -1 EBADF (Bad file descriptor) [pid 5758] close(11) = -1 EBADF (Bad file descriptor) [pid 5758] close(12) = -1 EBADF (Bad file descriptor) [pid 5758] close(13) = -1 EBADF (Bad file descriptor) [pid 5758] close(14) = -1 EBADF (Bad file descriptor) [pid 5758] close(15) = -1 EBADF (Bad file descriptor) [pid 5758] close(16) = -1 EBADF (Bad file descriptor) [pid 5758] close(17) = -1 EBADF (Bad file descriptor) [pid 5758] close(18) = -1 EBADF (Bad file descriptor) [pid 5758] close(19) = -1 EBADF (Bad file descriptor) [pid 5758] close(20) = -1 EBADF (Bad file descriptor) [pid 5758] close(21) = -1 EBADF (Bad file descriptor) [pid 5758] close(22) = -1 EBADF (Bad file descriptor) [pid 5758] close(23) = -1 EBADF (Bad file descriptor) [pid 5758] close(24) = -1 EBADF (Bad file descriptor) [pid 5758] close(25) = -1 EBADF (Bad file descriptor) [ 222.171796][ T5760] CPU: 0 PID: 5760 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 222.181769][ T5760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 222.191883][ T5760] Call Trace: [ 222.195240][ T5760] [ 222.198221][ T5760] dump_stack_lvl+0x136/0x150 [ 222.202972][ T5760] dump_header+0x10a/0xd70 [ 222.207453][ T5760] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 222.213605][ T5760] out_of_memory+0xd64/0x1660 [ 222.218371][ T5760] ? oom_killer_disable+0x2b0/0x2b0 [pid 5758] close(26) = -1 EBADF (Bad file descriptor) [pid 5758] close(27) = -1 EBADF (Bad file descriptor) [pid 5758] close(28) = -1 EBADF (Bad file descriptor) [pid 5758] close(29) = -1 EBADF (Bad file descriptor) [pid 5758] exit_group(0) = ? [pid 5758] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5090] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./46/binderfs") = 0 [ 222.223670][ T5760] mem_cgroup_out_of_memory+0x206/0x270 [ 222.229299][ T5760] ? mem_cgroup_margin+0x130/0x130 [ 222.234514][ T5760] memory_max_write+0x2f9/0x3c0 [ 222.239447][ T5760] ? mem_cgroup_force_empty_write+0x160/0x160 [ 222.245598][ T5760] ? lock_sync+0x190/0x190 [ 222.250091][ T5760] cgroup_file_write+0x1e2/0x7b0 [ 222.255113][ T5760] ? mem_cgroup_force_empty_write+0x160/0x160 [ 222.261259][ T5760] ? kill_css+0x3b0/0x3b0 [ 222.265670][ T5760] ? lock_acquire+0x32/0xc0 [ 222.270259][ T5760] ? kill_css+0x3b0/0x3b0 [ 222.274674][ T5760] kernfs_fop_write_iter+0x3f1/0x600 [ 222.280034][ T5760] vfs_write+0x9ed/0xe10 [ 222.284358][ T5760] ? kernel_write+0x670/0x670 [ 222.289129][ T5760] ? find_held_lock+0x2d/0x110 [ 222.293974][ T5760] ? __fget_light+0x20a/0x270 [ 222.298733][ T5760] ksys_write+0x12b/0x250 [ 222.303145][ T5760] ? __ia32_sys_read+0xb0/0xb0 [ 222.307983][ T5760] ? lockdep_hardirqs_on+0x7d/0x100 [ 222.313252][ T5760] ? _raw_spin_unlock_irq+0x2e/0x50 [ 222.318521][ T5760] ? ptrace_notify+0xfe/0x140 [ 222.323270][ T5760] do_syscall_64+0x39/0xb0 [pid 5090] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./46/cgroup") = 0 [pid 5090] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./46/cgroup.net") = 0 [ 222.327754][ T5760] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 222.333690][ T5760] RIP: 0033:0x7faecf034129 [ 222.338153][ T5760] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 222.357823][ T5760] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 222.366301][ T5760] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5090] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 222.374338][ T5760] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 222.382366][ T5760] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 222.390390][ T5760] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 222.398487][ T5760] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002b [ 222.406551][ T5760] [pid 5090] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./46/file0") = 0 [pid 5090] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 222.427294][ T5760] memory: usage 8kB, limit 0kB, failcnt 36 [ 222.441689][ T5760] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 222.449051][ T5760] Memory cgroup stats for /syz1: [ 222.449338][ T5760] anon 0 [ 222.449338][ T5760] file 0 [ 222.449338][ T5760] kernel 8192 [ 222.449338][ T5760] kernel_stack 0 [ 222.449338][ T5760] pagetables 0 [ 222.449338][ T5760] sec_pagetables 0 [ 222.449338][ T5760] percpu 0 [ 222.449338][ T5760] sock 0 [ 222.449338][ T5760] vmalloc 0 [ 222.449338][ T5760] shmem 0 [ 222.449338][ T5760] zswap 0 [ 222.449338][ T5760] zswapped 0 [ 222.449338][ T5760] file_mapped 0 [ 222.449338][ T5760] file_dirty 0 [ 222.449338][ T5760] file_writeback 0 [ 222.449338][ T5760] swapcached 0 [ 222.449338][ T5760] anon_thp 0 [ 222.449338][ T5760] file_thp 0 [ 222.449338][ T5760] shmem_thp 0 [ 222.449338][ T5760] inactive_anon 0 [ 222.449338][ T5760] active_anon 0 [ 222.449338][ T5760] inactive_file 0 [ 222.449338][ T5760] active_file 0 [ 222.449338][ T5760] unevictable 0 [ 222.449338][ T5760] slab_reclaimable 6752 [ 222.449338][ T5760] slab_unreclaimable 0 [ 222.449338][ T5760] slab 6752 [ 222.449338][ T5760] workingset_refault_anon 0 [ 222.449338][ T5760] workingset_refault_file 0 [ 222.449338][ T5760] workingset_activate_anon 0 [ 222.449338][ T5760] workingset_activate_file 0 [ 222.449338][ T5760] workingset_restore_anon 0 [ 222.449338][ T5760] workingset_restore_file 0 [ 222.449338][ T5760] workingset_nodereclaim 0 [ 222.449338][ T5760] pgscan 831 [ 222.449338][ T5760] pgsteal 2 [ 222.449338][ T5760] pgscan_kswapd 0 [ 222.449338][ T5760] pgscan_direct 831 [ 222.449338][ T5760] pgscan_khugepaged 0 [ 222.449338][ T5760] pgsteal_kswapd 0 [ 222.449338][ T5760] pgsteal_direct 2 [ 222.449338][ T5760] pgsteal_khugepaged 0 [ 222.449338][ T5760] pgfault 21 [ 222.449338][ T5760] pgmajfault 0 [ 222.449338][ T5760] pgrefill 830 [ 222.449338][ T5760] pgactivate 829 [ 222.449338][ T5760] pgdeactivate 830 [ 222.449338][ T5760] pglazyfree 0 [ 222.449338][ T5760] pglazyfreed 0 [ 222.449338][ T5760] zswpin 0 [ 222.449338][ T5760] zswpout 0 [pid 5090] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./46/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./46") = 0 [pid 5090] mkdir("./47", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5765 attached [pid 5765] chdir("./47" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 49 [pid 5765] <... chdir resumed>) = 0 [pid 5765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5765] setpgid(0, 0) = 0 [pid 5765] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [ 222.449338][ T5760] thp_fault_alloc 0 [ 222.449338][ T5760] thp_collapse_alloc 0 [pid 5765] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5765] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5765] write(3, "1000", 4) = 4 [pid 5765] close(3) = 0 [pid 5765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5765] mkdir("./file0", 000) = 0 [pid 5765] open("./file0", O_RDONLY) = 3 [pid 5765] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5765] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5765] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5765] openat(5, "memory.max", O_RDWR) = 6 [ 222.669640][ T5760] Tasks state (memory values in pages): [ 222.685483][ T5760] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 222.709283][ T5760] Out of memory and no killable processes... [pid 5765] write(6, "0x000000000000040e", 18 [pid 5760] <... write resumed>) = 18 [pid 5760] close(3) = 0 [pid 5760] close(4) = 0 [pid 5760] close(5) = 0 [pid 5760] close(6) = 0 [pid 5760] close(7) = -1 EBADF (Bad file descriptor) [pid 5760] close(8) = -1 EBADF (Bad file descriptor) [pid 5760] close(9) = -1 EBADF (Bad file descriptor) [pid 5760] close(10) = -1 EBADF (Bad file descriptor) [pid 5760] close(11) = -1 EBADF (Bad file descriptor) [pid 5760] close(12) = -1 EBADF (Bad file descriptor) [pid 5760] close(13) = -1 EBADF (Bad file descriptor) [pid 5760] close(14) = -1 EBADF (Bad file descriptor) [pid 5760] close(15) = -1 EBADF (Bad file descriptor) [pid 5760] close(16) = -1 EBADF (Bad file descriptor) [pid 5760] close(17) = -1 EBADF (Bad file descriptor) [pid 5760] close(18) = -1 EBADF (Bad file descriptor) [pid 5760] close(19) = -1 EBADF (Bad file descriptor) [pid 5760] close(20) = -1 EBADF (Bad file descriptor) [pid 5760] close(21) = -1 EBADF (Bad file descriptor) [pid 5760] close(22) = -1 EBADF (Bad file descriptor) [pid 5760] close(23) = -1 EBADF (Bad file descriptor) [ 222.716288][ T5761] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 222.726988][ T5761] CPU: 0 PID: 5761 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 222.736978][ T5761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 222.747086][ T5761] Call Trace: [ 222.750426][ T5761] [ 222.753416][ T5761] dump_stack_lvl+0x136/0x150 [ 222.758165][ T5761] dump_header+0x10a/0xd70 [ 222.762653][ T5761] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5760] close(24) = -1 EBADF (Bad file descriptor) [pid 5760] close(25) = -1 EBADF (Bad file descriptor) [pid 5760] close(26) = -1 EBADF (Bad file descriptor) [pid 5760] close(27) = -1 EBADF (Bad file descriptor) [pid 5760] close(28) = -1 EBADF (Bad file descriptor) [pid 5760] close(29) = -1 EBADF (Bad file descriptor) [pid 5760] exit_group(0) = ? [pid 5760] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./43/binderfs") = 0 [pid 5086] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./43/cgroup") = 0 [ 222.768852][ T5761] out_of_memory+0xd64/0x1660 [ 222.773615][ T5761] ? oom_killer_disable+0x2b0/0x2b0 [ 222.778915][ T5761] mem_cgroup_out_of_memory+0x206/0x270 [ 222.784541][ T5761] ? mem_cgroup_margin+0x130/0x130 [ 222.789839][ T5761] memory_max_write+0x2f9/0x3c0 [ 222.794776][ T5761] ? mem_cgroup_force_empty_write+0x160/0x160 [ 222.800946][ T5761] ? lock_sync+0x190/0x190 [ 222.805440][ T5761] cgroup_file_write+0x1e2/0x7b0 [ 222.810466][ T5761] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5086] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./43/cgroup.net") = 0 [ 222.816645][ T5761] ? kill_css+0x3b0/0x3b0 [ 222.821084][ T5761] ? lock_acquire+0x32/0xc0 [ 222.825653][ T5761] ? kill_css+0x3b0/0x3b0 [ 222.830050][ T5761] kernfs_fop_write_iter+0x3f1/0x600 [ 222.835398][ T5761] vfs_write+0x9ed/0xe10 [ 222.839698][ T5761] ? kernel_write+0x670/0x670 [ 222.844428][ T5761] ? find_held_lock+0x2d/0x110 [ 222.849235][ T5761] ? __fget_light+0x20a/0x270 [ 222.853968][ T5761] ksys_write+0x12b/0x250 [ 222.858346][ T5761] ? __ia32_sys_read+0xb0/0xb0 [ 222.863156][ T5761] ? lockdep_hardirqs_on+0x7d/0x100 [ 222.868392][ T5761] ? _raw_spin_unlock_irq+0x2e/0x50 [ 222.873629][ T5761] ? ptrace_notify+0xfe/0x140 [ 222.878342][ T5761] do_syscall_64+0x39/0xb0 [ 222.882825][ T5761] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 222.888762][ T5761] RIP: 0033:0x7faecf034129 [ 222.893206][ T5761] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5086] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 222.912847][ T5761] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 222.921318][ T5761] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 222.929331][ T5761] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 222.937335][ T5761] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 222.945341][ T5761] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 222.953351][ T5761] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002e [ 222.961381][ T5761] [pid 5086] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./43/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 222.981010][ T5761] memory: usage 8kB, limit 0kB, failcnt 36 [ 222.989032][ T5761] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 222.998141][ T5761] Memory cgroup stats for /syz1: [ 222.998386][ T5761] anon 0 [ 222.998386][ T5761] file 0 [ 222.998386][ T5761] kernel 8192 [ 222.998386][ T5761] kernel_stack 0 [ 222.998386][ T5761] pagetables 0 [ 222.998386][ T5761] sec_pagetables 0 [ 222.998386][ T5761] percpu 0 [ 222.998386][ T5761] sock 0 [ 222.998386][ T5761] vmalloc 0 [ 222.998386][ T5761] shmem 0 [ 222.998386][ T5761] zswap 0 [ 222.998386][ T5761] zswapped 0 [ 222.998386][ T5761] file_mapped 0 [ 222.998386][ T5761] file_dirty 0 [ 222.998386][ T5761] file_writeback 0 [ 222.998386][ T5761] swapcached 0 [ 222.998386][ T5761] anon_thp 0 [ 222.998386][ T5761] file_thp 0 [ 222.998386][ T5761] shmem_thp 0 [ 222.998386][ T5761] inactive_anon 0 [ 222.998386][ T5761] active_anon 0 [ 222.998386][ T5761] inactive_file 0 [ 222.998386][ T5761] active_file 0 [ 222.998386][ T5761] unevictable 0 [ 222.998386][ T5761] slab_reclaimable 6752 [ 222.998386][ T5761] slab_unreclaimable 0 [ 222.998386][ T5761] slab 6752 [ 222.998386][ T5761] workingset_refault_anon 0 [ 222.998386][ T5761] workingset_refault_file 0 [ 222.998386][ T5761] workingset_activate_anon 0 [ 222.998386][ T5761] workingset_activate_file 0 [ 222.998386][ T5761] workingset_restore_anon 0 [ 222.998386][ T5761] workingset_restore_file 0 [ 222.998386][ T5761] workingset_nodereclaim 0 [ 222.998386][ T5761] pgscan 831 [ 222.998386][ T5761] pgsteal 2 [ 222.998386][ T5761] pgscan_kswapd 0 [ 222.998386][ T5761] pgscan_direct 831 [ 222.998386][ T5761] pgscan_khugepaged 0 [ 222.998386][ T5761] pgsteal_kswapd 0 [ 222.998386][ T5761] pgsteal_direct 2 [ 222.998386][ T5761] pgsteal_khugepaged 0 [ 222.998386][ T5761] pgfault 21 [ 222.998386][ T5761] pgmajfault 0 [ 222.998386][ T5761] pgrefill 830 [ 222.998386][ T5761] pgactivate 829 [ 222.998386][ T5761] pgdeactivate 830 [ 222.998386][ T5761] pglazyfree 0 [ 222.998386][ T5761] pglazyfreed 0 [ 222.998386][ T5761] zswpin 0 [ 222.998386][ T5761] zswpout 0 [ 222.998386][ T5761] thp_fault_alloc 0 [pid 5086] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./43/file0") = 0 [pid 5086] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./43/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [ 222.998386][ T5761] thp_collapse_alloc 0 [pid 5086] rmdir("./43") = 0 [pid 5086] mkdir("./44", 0777) = 0 [pid 5761] <... write resumed>) = 18 [pid 5761] close(3) = 0 [pid 5761] close(4) = 0 [pid 5761] close(5) = 0 [pid 5761] close(6) = 0 [pid 5761] close(7) = -1 EBADF (Bad file descriptor) [pid 5761] close(8) = -1 EBADF (Bad file descriptor) [pid 5761] close(9) = -1 EBADF (Bad file descriptor) [pid 5761] close(10) = -1 EBADF (Bad file descriptor) [pid 5761] close(11) = -1 EBADF (Bad file descriptor) [pid 5761] close(12) = -1 EBADF (Bad file descriptor) [pid 5761] close(13) = -1 EBADF (Bad file descriptor) [pid 5761] close(14) = -1 EBADF (Bad file descriptor) [pid 5761] close(15) = -1 EBADF (Bad file descriptor) [pid 5761] close(16) = -1 EBADF (Bad file descriptor) [pid 5761] close(17) = -1 EBADF (Bad file descriptor) [pid 5761] close(18) = -1 EBADF (Bad file descriptor) [pid 5761] close(19) = -1 EBADF (Bad file descriptor) [pid 5761] close(20) = -1 EBADF (Bad file descriptor) [pid 5761] close(21) = -1 EBADF (Bad file descriptor) [pid 5761] close(22) = -1 EBADF (Bad file descriptor) [pid 5761] close(23) = -1 EBADF (Bad file descriptor) [pid 5761] close(24) = -1 EBADF (Bad file descriptor) [pid 5761] close(25) = -1 EBADF (Bad file descriptor) [pid 5761] close(26) = -1 EBADF (Bad file descriptor) [pid 5761] close(27) = -1 EBADF (Bad file descriptor) [pid 5761] close(28) = -1 EBADF (Bad file descriptor) [pid 5761] close(29) = -1 EBADF (Bad file descriptor) [pid 5761] exit_group(0) = ? [pid 5761] +++ exited with 0 +++ [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 223.213032][ T5761] Tasks state (memory values in pages): [ 223.220699][ T5761] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 223.230948][ T5761] Out of memory and no killable processes... [ 223.238463][ T5763] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 223.250939][ T5763] CPU: 0 PID: 5763 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 46 [pid 5089] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./46/binderfs") = 0 [pid 5089] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./46/cgroup") = 0 [pid 5089] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./46/cgroup.net") = 0 [ 223.260922][ T5763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 223.271042][ T5763] Call Trace: [ 223.274379][ T5763] [ 223.277378][ T5763] dump_stack_lvl+0x136/0x150 [ 223.282135][ T5763] dump_header+0x10a/0xd70 [ 223.286629][ T5763] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 223.292809][ T5763] out_of_memory+0xd64/0x1660 [ 223.297584][ T5763] ? oom_killer_disable+0x2b0/0x2b0 [ 223.302886][ T5763] mem_cgroup_out_of_memory+0x206/0x270 [ 223.308524][ T5763] ? mem_cgroup_margin+0x130/0x130 [pid 5089] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5766 attached [pid 5766] chdir("./44") = 0 [pid 5766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5766] setpgid(0, 0) = 0 [pid 5766] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5766] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5766] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5766] write(3, "1000", 4) = 4 [pid 5766] close(3) = 0 [pid 5766] symlink("/dev/binderfs", "./binderfs") = 0 [ 223.313744][ T5763] memory_max_write+0x2f9/0x3c0 [ 223.318677][ T5763] ? mem_cgroup_force_empty_write+0x160/0x160 [ 223.324832][ T5763] ? lock_sync+0x190/0x190 [ 223.329332][ T5763] cgroup_file_write+0x1e2/0x7b0 [ 223.334376][ T5763] ? mem_cgroup_force_empty_write+0x160/0x160 [ 223.340536][ T5763] ? kill_css+0x3b0/0x3b0 [ 223.344959][ T5763] ? lock_acquire+0x32/0xc0 [ 223.349542][ T5763] ? kill_css+0x3b0/0x3b0 [ 223.353924][ T5763] kernfs_fop_write_iter+0x3f1/0x600 [ 223.359264][ T5763] vfs_write+0x9ed/0xe10 [ 223.363569][ T5763] ? kernel_write+0x670/0x670 [ 223.368301][ T5763] ? find_held_lock+0x2d/0x110 [ 223.373137][ T5763] ? __fget_light+0x20a/0x270 [ 223.377867][ T5763] ksys_write+0x12b/0x250 [ 223.382276][ T5763] ? __ia32_sys_read+0xb0/0xb0 [ 223.387093][ T5763] ? lockdep_hardirqs_on+0x7d/0x100 [ 223.392331][ T5763] ? _raw_spin_unlock_irq+0x2e/0x50 [ 223.397588][ T5763] ? ptrace_notify+0xfe/0x140 [ 223.402316][ T5763] do_syscall_64+0x39/0xb0 [ 223.406809][ T5763] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 223.412760][ T5763] RIP: 0033:0x7faecf034129 [ 223.417230][ T5763] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 223.436888][ T5763] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 223.445340][ T5763] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 223.453342][ T5763] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5766] mkdir("./file0", 000 [pid 5089] <... umount2 resumed>) = 0 [pid 5766] <... mkdir resumed>) = 0 [ 223.461350][ T5763] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 223.469380][ T5763] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 223.477400][ T5763] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002b [ 223.485430][ T5763] [ 223.503076][ T5763] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5089] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5766] open("./file0", O_RDONLY [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 223.509691][ T5763] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 223.518596][ T5763] Memory cgroup stats for /syz1: [ 223.518999][ T5763] anon 0 [ 223.518999][ T5763] file 0 [ 223.518999][ T5763] kernel 8192 [ 223.518999][ T5763] kernel_stack 0 [ 223.518999][ T5763] pagetables 0 [ 223.518999][ T5763] sec_pagetables 0 [ 223.518999][ T5763] percpu 0 [ 223.518999][ T5763] sock 0 [ 223.518999][ T5763] vmalloc 0 [ 223.518999][ T5763] shmem 0 [ 223.518999][ T5763] zswap 0 [ 223.518999][ T5763] zswapped 0 [ 223.518999][ T5763] file_mapped 0 [ 223.518999][ T5763] file_dirty 0 [ 223.518999][ T5763] file_writeback 0 [ 223.518999][ T5763] swapcached 0 [ 223.518999][ T5763] anon_thp 0 [ 223.518999][ T5763] file_thp 0 [ 223.518999][ T5763] shmem_thp 0 [ 223.518999][ T5763] inactive_anon 0 [ 223.518999][ T5763] active_anon 0 [ 223.518999][ T5763] inactive_file 0 [ 223.518999][ T5763] active_file 0 [ 223.518999][ T5763] unevictable 0 [ 223.518999][ T5763] slab_reclaimable 6752 [ 223.518999][ T5763] slab_unreclaimable 0 [ 223.518999][ T5763] slab 6752 [ 223.518999][ T5763] workingset_refault_anon 0 [ 223.518999][ T5763] workingset_refault_file 0 [ 223.518999][ T5763] workingset_activate_anon 0 [ 223.518999][ T5763] workingset_activate_file 0 [ 223.518999][ T5763] workingset_restore_anon 0 [ 223.518999][ T5763] workingset_restore_file 0 [ 223.518999][ T5763] workingset_nodereclaim 0 [ 223.518999][ T5763] pgscan 831 [ 223.518999][ T5763] pgsteal 2 [ 223.518999][ T5763] pgscan_kswapd 0 [ 223.518999][ T5763] pgscan_direct 831 [ 223.518999][ T5763] pgscan_khugepaged 0 [ 223.518999][ T5763] pgsteal_kswapd 0 [ 223.518999][ T5763] pgsteal_direct 2 [pid 5766] <... open resumed>) = 3 [pid 5089] lstat("./46/file0", [pid 5766] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5089] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5766] <... mount resumed>) = 0 [pid 5766] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5089] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5766] <... openat resumed>) = 4 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5766] openat(4, "syz1", O_RDWR|O_PATH [pid 5089] <... openat resumed>) = 4 [pid 5766] <... openat resumed>) = 5 [pid 5089] fstat(4, [pid 5766] openat(5, "memory.max", O_RDWR [pid 5089] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 223.518999][ T5763] pgsteal_khugepaged 0 [ 223.518999][ T5763] pgfault 21 [ 223.518999][ T5763] pgmajfault 0 [ 223.518999][ T5763] pgrefill 830 [ 223.518999][ T5763] pgactivate 829 [ 223.518999][ T5763] pgdeactivate 830 [ 223.518999][ T5763] pglazyfree 0 [ 223.518999][ T5763] pglazyfreed 0 [ 223.518999][ T5763] zswpin 0 [ 223.518999][ T5763] zswpout 0 [ 223.518999][ T5763] thp_fault_alloc 0 [ 223.518999][ T5763] thp_collapse_alloc 0 [pid 5766] <... openat resumed>) = 6 [pid 5089] getdents64(4, [pid 5766] write(6, "0x000000000000040e", 18 [pid 5089] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./46/file0") = 0 [pid 5089] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5763] <... write resumed>) = 18 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5763] close(3) = 0 [pid 5763] close(4) = 0 [pid 5763] close(5) = 0 [pid 5763] close(6) = 0 [pid 5763] close(7) = -1 EBADF (Bad file descriptor) [pid 5763] close(8) = -1 EBADF (Bad file descriptor) [pid 5763] close(9) = -1 EBADF (Bad file descriptor) [pid 5763] close(10) = -1 EBADF (Bad file descriptor) [pid 5763] close(11) = -1 EBADF (Bad file descriptor) [pid 5763] close(12) = -1 EBADF (Bad file descriptor) [pid 5763] close(13) = -1 EBADF (Bad file descriptor) [pid 5763] close(14) = -1 EBADF (Bad file descriptor) [pid 5763] close(15) = -1 EBADF (Bad file descriptor) [pid 5763] close(16) = -1 EBADF (Bad file descriptor) [pid 5763] close(17) = -1 EBADF (Bad file descriptor) [pid 5763] close(18) = -1 EBADF (Bad file descriptor) [pid 5763] close(19) = -1 EBADF (Bad file descriptor) [pid 5763] close(20) = -1 EBADF (Bad file descriptor) [pid 5763] close(21) = -1 EBADF (Bad file descriptor) [pid 5763] close(22) = -1 EBADF (Bad file descriptor) [pid 5763] close(23) = -1 EBADF (Bad file descriptor) [pid 5763] close(24) = -1 EBADF (Bad file descriptor) [pid 5763] close(25) = -1 EBADF (Bad file descriptor) [pid 5763] close(26) = -1 EBADF (Bad file descriptor) [pid 5763] close(27) = -1 EBADF (Bad file descriptor) [pid 5763] close(28) = -1 EBADF (Bad file descriptor) [pid 5763] close(29) = -1 EBADF (Bad file descriptor) [pid 5763] exit_group(0) = ? [pid 5089] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./46/cgroup.cpu" [pid 5763] +++ exited with 0 +++ [pid 5089] <... unlink resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 223.719764][ T5763] Tasks state (memory values in pages): [ 223.726351][ T5763] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 223.738291][ T5763] Out of memory and no killable processes... [ 223.746352][ T5762] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5089] close(3) = 0 [pid 5089] rmdir("./46") = 0 [pid 5089] mkdir("./47", 0777 [pid 5085] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... mkdir resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 49 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./43/binderfs") = 0 [pid 5085] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 223.762737][ T5762] CPU: 0 PID: 5762 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 223.772729][ T5762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 223.782841][ T5762] Call Trace: [ 223.786164][ T5762] [ 223.789143][ T5762] dump_stack_lvl+0x136/0x150 [ 223.793895][ T5762] dump_header+0x10a/0xd70 [ 223.798384][ T5762] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 223.804553][ T5762] out_of_memory+0xd64/0x1660 [ 223.809325][ T5762] ? oom_killer_disable+0x2b0/0x2b0 [ 223.814606][ T5762] ? find_held_lock+0x2d/0x110 [pid 5085] unlink("./43/cgroup") = 0 [pid 5085] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./43/cgroup.net") = 0 [ 223.819448][ T5762] mem_cgroup_out_of_memory+0x206/0x270 [ 223.825089][ T5762] ? mem_cgroup_margin+0x130/0x130 [ 223.830290][ T5762] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 223.836185][ T5762] memory_max_write+0x2f9/0x3c0 [ 223.841126][ T5762] ? mem_cgroup_force_empty_write+0x160/0x160 [ 223.847283][ T5762] ? lock_sync+0x190/0x190 [ 223.851783][ T5762] cgroup_file_write+0x1e2/0x7b0 [ 223.856802][ T5762] ? mem_cgroup_force_empty_write+0x160/0x160 [ 223.862952][ T5762] ? kill_css+0x3b0/0x3b0 [ 223.867361][ T5762] ? lock_acquire+0x32/0xc0 [ 223.871945][ T5762] ? kill_css+0x3b0/0x3b0 [ 223.876356][ T5762] kernfs_fop_write_iter+0x3f1/0x600 [ 223.881726][ T5762] vfs_write+0x9ed/0xe10 [ 223.886060][ T5762] ? kernel_write+0x670/0x670 [ 223.890822][ T5762] ? find_held_lock+0x2d/0x110 [ 223.895668][ T5762] ? __fget_light+0x20a/0x270 [ 223.900431][ T5762] ksys_write+0x12b/0x250 [ 223.904838][ T5762] ? __ia32_sys_read+0xb0/0xb0 [ 223.909708][ T5762] ? lockdep_hardirqs_on+0x7d/0x100 [ 223.914975][ T5762] ? _raw_spin_unlock_irq+0x2e/0x50 [ 223.920244][ T5762] ? ptrace_notify+0xfe/0x140 [ 223.924997][ T5762] do_syscall_64+0x39/0xb0 [ 223.929497][ T5762] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 223.935458][ T5762] RIP: 0033:0x7faecf034129 [ 223.939931][ T5762] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 223.959606][ T5762] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5085] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5767 attached ) = 0 [pid 5767] chdir("./47" [pid 5085] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5767] <... chdir resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./43/file0", [pid 5767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 223.968085][ T5762] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 223.976153][ T5762] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 223.984184][ T5762] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 223.992218][ T5762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 224.000244][ T5762] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002d [ 224.008307][ T5762] [pid 5767] setpgid(0, 0 [pid 5085] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5767] <... setpgid resumed>) = 0 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, [pid 5767] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5085] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./43/file0") = 0 [pid 5085] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./43/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./43") = 0 [pid 5085] mkdir("./44", 0777) = 0 [ 224.027609][ T5762] memory: usage 8kB, limit 0kB, failcnt 36 [ 224.034404][ T5762] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 224.043046][ T5762] Memory cgroup stats for /syz1: [ 224.043471][ T5762] anon 0 [ 224.043471][ T5762] file 0 [ 224.043471][ T5762] kernel 8192 [ 224.043471][ T5762] kernel_stack 0 [ 224.043471][ T5762] pagetables 0 [ 224.043471][ T5762] sec_pagetables 0 [ 224.043471][ T5762] percpu 0 [ 224.043471][ T5762] sock 0 [ 224.043471][ T5762] vmalloc 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 46 [pid 5767] <... symlink resumed>) = 0 [pid 5767] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5767] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [ 224.043471][ T5762] shmem 0 [ 224.043471][ T5762] zswap 0 [ 224.043471][ T5762] zswapped 0 [ 224.043471][ T5762] file_mapped 0 [ 224.043471][ T5762] file_dirty 0 [ 224.043471][ T5762] file_writeback 0 [ 224.043471][ T5762] swapcached 0 [ 224.043471][ T5762] anon_thp 0 [ 224.043471][ T5762] file_thp 0 [ 224.043471][ T5762] shmem_thp 0 [ 224.043471][ T5762] inactive_anon 0 [ 224.043471][ T5762] active_anon 0 [ 224.043471][ T5762] inactive_file 0 [ 224.043471][ T5762] active_file 0 [ 224.043471][ T5762] unevictable 0 [ 224.043471][ T5762] slab_reclaimable 6752 [pid 5767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5767] write(3, "1000", 4) = 4 [pid 5767] close(3) = 0 [ 224.043471][ T5762] slab_unreclaimable 0 [ 224.043471][ T5762] slab 6752 [ 224.043471][ T5762] workingset_refault_anon 0 [ 224.043471][ T5762] workingset_refault_file 0 [ 224.043471][ T5762] workingset_activate_anon 0 [ 224.043471][ T5762] workingset_activate_file 0 [ 224.043471][ T5762] workingset_restore_anon 0 [ 224.043471][ T5762] workingset_restore_file 0 [ 224.043471][ T5762] workingset_nodereclaim 0 [ 224.043471][ T5762] pgscan 831 [ 224.043471][ T5762] pgsteal 2 [ 224.043471][ T5762] pgscan_kswapd 0 [ 224.043471][ T5762] pgscan_direct 831 [ 224.043471][ T5762] pgscan_khugepaged 0 [ 224.043471][ T5762] pgsteal_kswapd 0 [ 224.043471][ T5762] pgsteal_direct 2 [ 224.043471][ T5762] pgsteal_khugepaged 0 [ 224.043471][ T5762] pgfault 21 [ 224.043471][ T5762] pgmajfault 0 [ 224.043471][ T5762] pgrefill 830 [ 224.043471][ T5762] pgactivate 829 [ 224.043471][ T5762] pgdeactivate 830 [ 224.043471][ T5762] pglazyfree 0 [ 224.043471][ T5762] pglazyfreed 0 [ 224.043471][ T5762] zswpin 0 [ 224.043471][ T5762] zswpout 0 [ 224.043471][ T5762] thp_fault_alloc 0 ./strace-static-x86_64: Process 5768 attached [pid 5768] chdir("./44" [pid 5767] symlink("/dev/binderfs", "./binderfs" [pid 5768] <... chdir resumed>) = 0 [pid 5768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5768] setpgid(0, 0) = 0 [pid 5768] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5767] <... symlink resumed>) = 0 [pid 5768] <... symlink resumed>) = 0 [pid 5768] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5768] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5768] write(3, "1000", 4) = 4 [pid 5768] close(3) = 0 [pid 5768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5768] mkdir("./file0", 000) = 0 [pid 5768] open("./file0", O_RDONLY) = 3 [ 224.043471][ T5762] thp_collapse_alloc 0 [ 224.235381][ T5762] Tasks state (memory values in pages): [ 224.240998][ T5762] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 224.251229][ T5762] Out of memory and no killable processes... [ 224.260505][ T5765] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 224.272532][ T5765] CPU: 1 PID: 5765 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 224.282500][ T5765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 224.292602][ T5765] Call Trace: [ 224.295922][ T5765] [ 224.298876][ T5765] dump_stack_lvl+0x136/0x150 [ 224.303598][ T5765] dump_header+0x10a/0xd70 [ 224.308051][ T5765] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 224.314174][ T5765] out_of_memory+0xd64/0x1660 [ 224.318910][ T5765] ? oom_killer_disable+0x2b0/0x2b0 [ 224.324164][ T5765] mem_cgroup_out_of_memory+0x206/0x270 [ 224.329756][ T5765] ? mem_cgroup_margin+0x130/0x130 [ 224.334954][ T5765] memory_max_write+0x2f9/0x3c0 [ 224.339857][ T5765] ? mem_cgroup_force_empty_write+0x160/0x160 [ 224.345993][ T5765] ? lock_sync+0x190/0x190 [ 224.350450][ T5765] cgroup_file_write+0x1e2/0x7b0 [ 224.355433][ T5765] ? mem_cgroup_force_empty_write+0x160/0x160 [ 224.361543][ T5765] ? kill_css+0x3b0/0x3b0 [ 224.365923][ T5765] ? lock_acquire+0x32/0xc0 [ 224.370468][ T5765] ? kill_css+0x3b0/0x3b0 [ 224.374840][ T5765] kernfs_fop_write_iter+0x3f1/0x600 [ 224.380171][ T5765] vfs_write+0x9ed/0xe10 [ 224.384483][ T5765] ? kernel_write+0x670/0x670 [ 224.389213][ T5765] ? find_held_lock+0x2d/0x110 [ 224.394018][ T5765] ? __fget_light+0x20a/0x270 [ 224.398749][ T5765] ksys_write+0x12b/0x250 [ 224.403129][ T5765] ? __ia32_sys_read+0xb0/0xb0 [ 224.407941][ T5765] ? lockdep_hardirqs_on+0x7d/0x100 [ 224.413174][ T5765] ? _raw_spin_unlock_irq+0x2e/0x50 [ 224.418418][ T5765] ? ptrace_notify+0xfe/0x140 [ 224.423140][ T5765] do_syscall_64+0x39/0xb0 [ 224.427611][ T5765] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 224.433547][ T5765] RIP: 0033:0x7faecf034129 [ 224.438009][ T5765] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 224.457671][ T5765] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 224.466119][ T5765] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5768] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5767] mkdir("./file0", 000 [pid 5762] <... write resumed>) = 18 [pid 5768] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5768] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5768] openat(5, "memory.max", O_RDWR) = 6 [pid 5768] write(6, "0x000000000000040e", 18 [pid 5767] <... mkdir resumed>) = 0 [pid 5767] open("./file0", O_RDONLY [pid 5762] close(3) = 0 [pid 5762] close(4) = 0 [pid 5767] <... open resumed>) = 3 [pid 5767] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5767] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5762] close(5) = 0 [pid 5767] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5767] openat(5, "memory.max", O_RDWR) = 6 [ 224.474134][ T5765] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 224.482150][ T5765] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 224.490180][ T5765] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 224.498269][ T5765] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002f [ 224.506302][ T5765] [ 224.519163][ T5765] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5767] write(6, "0x000000000000040e", 18 [pid 5762] close(6) = 0 [pid 5762] close(7) = -1 EBADF (Bad file descriptor) [pid 5762] close(8) = -1 EBADF (Bad file descriptor) [pid 5762] close(9) = -1 EBADF (Bad file descriptor) [pid 5762] close(10) = -1 EBADF (Bad file descriptor) [pid 5762] close(11) = -1 EBADF (Bad file descriptor) [ 224.525565][ T5765] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 224.533814][ T5765] Memory cgroup stats for /syz1: [ 224.534097][ T5765] anon 0 [ 224.534097][ T5765] file 0 [ 224.534097][ T5765] kernel 8192 [ 224.534097][ T5765] kernel_stack 0 [ 224.534097][ T5765] pagetables 0 [ 224.534097][ T5765] sec_pagetables 0 [ 224.534097][ T5765] percpu 0 [ 224.534097][ T5765] sock 0 [ 224.534097][ T5765] vmalloc 0 [ 224.534097][ T5765] shmem 0 [ 224.534097][ T5765] zswap 0 [ 224.534097][ T5765] zswapped 0 [ 224.534097][ T5765] file_mapped 0 [pid 5762] close(12) = -1 EBADF (Bad file descriptor) [pid 5762] close(13) = -1 EBADF (Bad file descriptor) [pid 5762] close(14) = -1 EBADF (Bad file descriptor) [pid 5762] close(15) = -1 EBADF (Bad file descriptor) [pid 5762] close(16) = -1 EBADF (Bad file descriptor) [pid 5762] close(17) = -1 EBADF (Bad file descriptor) [pid 5762] close(18) = -1 EBADF (Bad file descriptor) [pid 5762] close(19) = -1 EBADF (Bad file descriptor) [pid 5762] close(20) = -1 EBADF (Bad file descriptor) [pid 5762] close(21) = -1 EBADF (Bad file descriptor) [pid 5762] close(22) = -1 EBADF (Bad file descriptor) [pid 5762] close(23) = -1 EBADF (Bad file descriptor) [pid 5762] close(24) = -1 EBADF (Bad file descriptor) [pid 5762] close(25) = -1 EBADF (Bad file descriptor) [pid 5762] close(26) = -1 EBADF (Bad file descriptor) [pid 5762] close(27) = -1 EBADF (Bad file descriptor) [pid 5762] close(28) = -1 EBADF (Bad file descriptor) [pid 5762] close(29) = -1 EBADF (Bad file descriptor) [pid 5762] exit_group(0) = ? [pid 5762] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5087] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 224.534097][ T5765] file_dirty 0 [ 224.534097][ T5765] file_writeback 0 [ 224.534097][ T5765] swapcached 0 [ 224.534097][ T5765] anon_thp 0 [ 224.534097][ T5765] file_thp 0 [ 224.534097][ T5765] shmem_thp 0 [ 224.534097][ T5765] inactive_anon 0 [ 224.534097][ T5765] active_anon 0 [ 224.534097][ T5765] inactive_file 0 [ 224.534097][ T5765] active_file 0 [ 224.534097][ T5765] unevictable 0 [ 224.534097][ T5765] slab_reclaimable 6752 [ 224.534097][ T5765] slab_unreclaimable 0 [ 224.534097][ T5765] slab 6752 [ 224.534097][ T5765] workingset_refault_anon 0 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./45/binderfs") = 0 [pid 5087] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./45/cgroup") = 0 [pid 5087] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./45/cgroup.net") = 0 [ 224.534097][ T5765] workingset_refault_file 0 [ 224.534097][ T5765] workingset_activate_anon 0 [ 224.534097][ T5765] workingset_activate_file 0 [ 224.534097][ T5765] workingset_restore_anon 0 [ 224.534097][ T5765] workingset_restore_file 0 [ 224.534097][ T5765] workingset_nodereclaim 0 [ 224.534097][ T5765] pgscan 831 [ 224.534097][ T5765] pgsteal 2 [ 224.534097][ T5765] pgscan_kswapd 0 [ 224.534097][ T5765] pgscan_direct 831 [ 224.534097][ T5765] pgscan_khugepaged 0 [ 224.534097][ T5765] pgsteal_kswapd 0 [ 224.534097][ T5765] pgsteal_direct 2 [pid 5087] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [ 224.534097][ T5765] pgsteal_khugepaged 0 [ 224.534097][ T5765] pgfault 21 [ 224.534097][ T5765] pgmajfault 0 [ 224.534097][ T5765] pgrefill 830 [ 224.534097][ T5765] pgactivate 829 [ 224.534097][ T5765] pgdeactivate 830 [ 224.534097][ T5765] pglazyfree 0 [ 224.534097][ T5765] pglazyfreed 0 [ 224.534097][ T5765] zswpin 0 [ 224.534097][ T5765] zswpout 0 [ 224.534097][ T5765] thp_fault_alloc 0 [ 224.534097][ T5765] thp_collapse_alloc 0 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./45/file0") = 0 [pid 5087] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./45/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./45") = 0 [pid 5087] mkdir("./46", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5769 attached [pid 5769] chdir("./46" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 48 [pid 5769] <... chdir resumed>) = 0 [pid 5769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5769] setpgid(0, 0) = 0 [pid 5769] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5769] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5769] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [ 224.750055][ T5765] Tasks state (memory values in pages): [ 224.765803][ T5765] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 224.779145][ T5765] Out of memory and no killable processes... [pid 5769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "1000", 4) = 4 [pid 5769] close(3) = 0 [pid 5769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5769] mkdir("./file0", 000) = 0 [pid 5765] <... write resumed>) = 18 [pid 5769] open("./file0", O_RDONLY) = 3 [pid 5769] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5769] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5769] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5769] openat(5, "memory.max", O_RDWR) = 6 [ 224.801695][ T5766] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 224.812619][ T5766] CPU: 1 PID: 5766 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 224.822587][ T5766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 224.832728][ T5766] Call Trace: [ 224.836045][ T5766] [ 224.839015][ T5766] dump_stack_lvl+0x136/0x150 [ 224.843765][ T5766] dump_header+0x10a/0xd70 [pid 5769] write(6, "0x000000000000040e", 18 [pid 5765] close(3) = 0 [pid 5765] close(4) = 0 [pid 5765] close(5) = 0 [pid 5765] close(6) = 0 [pid 5765] close(7) = -1 EBADF (Bad file descriptor) [pid 5765] close(8) = -1 EBADF (Bad file descriptor) [pid 5765] close(9) = -1 EBADF (Bad file descriptor) [pid 5765] close(10) = -1 EBADF (Bad file descriptor) [pid 5765] close(11) = -1 EBADF (Bad file descriptor) [pid 5765] close(12) = -1 EBADF (Bad file descriptor) [pid 5765] close(13) = -1 EBADF (Bad file descriptor) [pid 5765] close(14) = -1 EBADF (Bad file descriptor) [pid 5765] close(15) = -1 EBADF (Bad file descriptor) [pid 5765] close(16) = -1 EBADF (Bad file descriptor) [pid 5765] close(17) = -1 EBADF (Bad file descriptor) [pid 5765] close(18) = -1 EBADF (Bad file descriptor) [pid 5765] close(19) = -1 EBADF (Bad file descriptor) [pid 5765] close(20) = -1 EBADF (Bad file descriptor) [ 224.848264][ T5766] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 224.854425][ T5766] out_of_memory+0xd64/0x1660 [ 224.859188][ T5766] ? oom_killer_disable+0x2b0/0x2b0 [ 224.864485][ T5766] mem_cgroup_out_of_memory+0x206/0x270 [ 224.870108][ T5766] ? mem_cgroup_margin+0x130/0x130 [ 224.875324][ T5766] memory_max_write+0x2f9/0x3c0 [ 224.880263][ T5766] ? mem_cgroup_force_empty_write+0x160/0x160 [ 224.886413][ T5766] ? lock_sync+0x190/0x190 [ 224.890904][ T5766] cgroup_file_write+0x1e2/0x7b0 [ 224.895927][ T5766] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5765] close(21) = -1 EBADF (Bad file descriptor) [pid 5765] close(22) = -1 EBADF (Bad file descriptor) [pid 5765] close(23) = -1 EBADF (Bad file descriptor) [pid 5765] close(24) = -1 EBADF (Bad file descriptor) [pid 5765] close(25) = -1 EBADF (Bad file descriptor) [pid 5765] close(26) = -1 EBADF (Bad file descriptor) [pid 5765] close(27) = -1 EBADF (Bad file descriptor) [pid 5765] close(28) = -1 EBADF (Bad file descriptor) [pid 5765] close(29) = -1 EBADF (Bad file descriptor) [pid 5765] exit_group(0) = ? [pid 5765] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 224.902073][ T5766] ? kill_css+0x3b0/0x3b0 [ 224.906504][ T5766] ? lock_acquire+0x32/0xc0 [ 224.911119][ T5766] ? kill_css+0x3b0/0x3b0 [ 224.915533][ T5766] kernfs_fop_write_iter+0x3f1/0x600 [ 224.920908][ T5766] vfs_write+0x9ed/0xe10 [ 224.925246][ T5766] ? kernel_write+0x670/0x670 [ 224.930003][ T5766] ? find_held_lock+0x2d/0x110 [ 224.934846][ T5766] ? __fget_light+0x20a/0x270 [ 224.939615][ T5766] ksys_write+0x12b/0x250 [ 224.944033][ T5766] ? __ia32_sys_read+0xb0/0xb0 [pid 5090] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./47/binderfs") = 0 [pid 5090] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./47/cgroup") = 0 [pid 5090] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./47/cgroup.net") = 0 [ 224.948881][ T5766] ? lockdep_hardirqs_on+0x7d/0x100 [ 224.954148][ T5766] ? _raw_spin_unlock_irq+0x2e/0x50 [ 224.959426][ T5766] ? ptrace_notify+0xfe/0x140 [ 224.964182][ T5766] do_syscall_64+0x39/0xb0 [ 224.968681][ T5766] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 224.974655][ T5766] RIP: 0033:0x7faecf034129 [ 224.979113][ T5766] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 224.998773][ T5766] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 225.007212][ T5766] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 225.015213][ T5766] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 225.023221][ T5766] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 225.031242][ T5766] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 225.039261][ T5766] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002c [ 225.047316][ T5766] [pid 5090] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./47/file0") = 0 [pid 5090] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./47/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./47") = 0 [pid 5090] mkdir("./48", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5770 attached [pid 5770] chdir("./48" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 50 [pid 5770] <... chdir resumed>) = 0 [pid 5770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 225.060305][ T5766] memory: usage 8kB, limit 0kB, failcnt 36 [ 225.066399][ T5766] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 225.073854][ T5766] Memory cgroup stats for /syz1: [ 225.074129][ T5766] anon 0 [ 225.074129][ T5766] file 0 [ 225.074129][ T5766] kernel 8192 [ 225.074129][ T5766] kernel_stack 0 [ 225.074129][ T5766] pagetables 0 [ 225.074129][ T5766] sec_pagetables 0 [ 225.074129][ T5766] percpu 0 [ 225.074129][ T5766] sock 0 [ 225.074129][ T5766] vmalloc 0 [ 225.074129][ T5766] shmem 0 [pid 5770] setpgid(0, 0) = 0 [pid 5770] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5770] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5770] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5770] write(3, "1000", 4) = 4 [pid 5770] close(3) = 0 [pid 5770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5770] mkdir("./file0", 000) = 0 [pid 5770] open("./file0", O_RDONLY) = 3 [pid 5770] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5770] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5770] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5770] openat(5, "memory.max", O_RDWR) = 6 [ 225.074129][ T5766] zswap 0 [ 225.074129][ T5766] zswapped 0 [ 225.074129][ T5766] file_mapped 0 [ 225.074129][ T5766] file_dirty 0 [ 225.074129][ T5766] file_writeback 0 [ 225.074129][ T5766] swapcached 0 [ 225.074129][ T5766] anon_thp 0 [ 225.074129][ T5766] file_thp 0 [ 225.074129][ T5766] shmem_thp 0 [ 225.074129][ T5766] inactive_anon 0 [ 225.074129][ T5766] active_anon 0 [ 225.074129][ T5766] inactive_file 0 [ 225.074129][ T5766] active_file 0 [ 225.074129][ T5766] unevictable 0 [ 225.074129][ T5766] slab_reclaimable 6752 [ 225.074129][ T5766] slab_unreclaimable 0 [ 225.074129][ T5766] slab 6752 [ 225.074129][ T5766] workingset_refault_anon 0 [ 225.074129][ T5766] workingset_refault_file 0 [ 225.074129][ T5766] workingset_activate_anon 0 [ 225.074129][ T5766] workingset_activate_file 0 [ 225.074129][ T5766] workingset_restore_anon 0 [ 225.074129][ T5766] workingset_restore_file 0 [ 225.074129][ T5766] workingset_nodereclaim 0 [ 225.074129][ T5766] pgscan 831 [ 225.074129][ T5766] pgsteal 2 [ 225.074129][ T5766] pgscan_kswapd 0 [ 225.074129][ T5766] pgscan_direct 831 [ 225.074129][ T5766] pgscan_khugepaged 0 [ 225.074129][ T5766] pgsteal_kswapd 0 [ 225.074129][ T5766] pgsteal_direct 2 [ 225.074129][ T5766] pgsteal_khugepaged 0 [ 225.074129][ T5766] pgfault 21 [ 225.074129][ T5766] pgmajfault 0 [ 225.074129][ T5766] pgrefill 830 [ 225.074129][ T5766] pgactivate 829 [ 225.074129][ T5766] pgdeactivate 830 [ 225.074129][ T5766] pglazyfree 0 [ 225.074129][ T5766] pglazyfreed 0 [ 225.074129][ T5766] zswpin 0 [ 225.074129][ T5766] zswpout 0 [ 225.074129][ T5766] thp_fault_alloc 0 [ 225.074129][ T5766] thp_collapse_alloc 0 [pid 5770] write(6, "0x000000000000040e", 18 [pid 5766] <... write resumed>) = 18 [pid 5766] close(3) = 0 [pid 5766] close(4) = 0 [pid 5766] close(5) = 0 [pid 5766] close(6) = 0 [pid 5766] close(7) = -1 EBADF (Bad file descriptor) [pid 5766] close(8) = -1 EBADF (Bad file descriptor) [pid 5766] close(9) = -1 EBADF (Bad file descriptor) [pid 5766] close(10) = -1 EBADF (Bad file descriptor) [pid 5766] close(11) = -1 EBADF (Bad file descriptor) [pid 5766] close(12) = -1 EBADF (Bad file descriptor) [pid 5766] close(13) = -1 EBADF (Bad file descriptor) [pid 5766] close(14) = -1 EBADF (Bad file descriptor) [pid 5766] close(15) = -1 EBADF (Bad file descriptor) [pid 5766] close(16) = -1 EBADF (Bad file descriptor) [pid 5766] close(17) = -1 EBADF (Bad file descriptor) [pid 5766] close(18) = -1 EBADF (Bad file descriptor) [pid 5766] close(19) = -1 EBADF (Bad file descriptor) [pid 5766] close(20) = -1 EBADF (Bad file descriptor) [pid 5766] close(21) = -1 EBADF (Bad file descriptor) [pid 5766] close(22) = -1 EBADF (Bad file descriptor) [pid 5766] close(23) = -1 EBADF (Bad file descriptor) [pid 5766] close(24) = -1 EBADF (Bad file descriptor) [pid 5766] close(25) = -1 EBADF (Bad file descriptor) [pid 5766] close(26) = -1 EBADF (Bad file descriptor) [pid 5766] close(27) = -1 EBADF (Bad file descriptor) [pid 5766] close(28) = -1 EBADF (Bad file descriptor) [pid 5766] close(29) = -1 EBADF (Bad file descriptor) [pid 5766] exit_group(0) = ? [pid 5766] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 225.274032][ T5766] Tasks state (memory values in pages): [ 225.279631][ T5766] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 225.290804][ T5766] Out of memory and no killable processes... [ 225.298604][ T5768] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 225.311841][ T5768] CPU: 1 PID: 5768 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5086] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./44/binderfs") = 0 [pid 5086] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./44/cgroup") = 0 [pid 5086] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./44/cgroup.net") = 0 [ 225.321815][ T5768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 225.331922][ T5768] Call Trace: [ 225.335247][ T5768] [ 225.338234][ T5768] dump_stack_lvl+0x136/0x150 [ 225.342989][ T5768] dump_header+0x10a/0xd70 [ 225.347476][ T5768] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 225.353637][ T5768] out_of_memory+0xd64/0x1660 [ 225.358411][ T5768] ? oom_killer_disable+0x2b0/0x2b0 [ 225.363707][ T5768] mem_cgroup_out_of_memory+0x206/0x270 [ 225.369350][ T5768] ? mem_cgroup_margin+0x130/0x130 [ 225.374552][ T5768] memory_max_write+0x2f9/0x3c0 [ 225.379472][ T5768] ? mem_cgroup_force_empty_write+0x160/0x160 [ 225.385617][ T5768] ? lock_sync+0x190/0x190 [ 225.390091][ T5768] cgroup_file_write+0x1e2/0x7b0 [ 225.395117][ T5768] ? mem_cgroup_force_empty_write+0x160/0x160 [ 225.401249][ T5768] ? kill_css+0x3b0/0x3b0 [ 225.405622][ T5768] ? lock_acquire+0x32/0xc0 [ 225.410205][ T5768] ? kill_css+0x3b0/0x3b0 [ 225.414601][ T5768] kernfs_fop_write_iter+0x3f1/0x600 [ 225.419958][ T5768] vfs_write+0x9ed/0xe10 [ 225.424249][ T5768] ? kernel_write+0x670/0x670 [ 225.428980][ T5768] ? find_held_lock+0x2d/0x110 [ 225.433792][ T5768] ? __fget_light+0x20a/0x270 [ 225.438523][ T5768] ksys_write+0x12b/0x250 [ 225.442899][ T5768] ? __ia32_sys_read+0xb0/0xb0 [ 225.447709][ T5768] ? lockdep_hardirqs_on+0x7d/0x100 [ 225.452959][ T5768] ? _raw_spin_unlock_irq+0x2e/0x50 [ 225.458239][ T5768] ? ptrace_notify+0xfe/0x140 [ 225.462982][ T5768] do_syscall_64+0x39/0xb0 [ 225.467468][ T5768] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 225.473419][ T5768] RIP: 0033:0x7faecf034129 [ 225.477861][ T5768] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 225.497510][ T5768] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 225.505964][ T5768] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 225.513971][ T5768] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5086] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 225.521984][ T5768] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 225.529982][ T5768] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 225.537977][ T5768] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002c [ 225.545998][ T5768] [ 225.560935][ T5768] memory: usage 8kB, limit 0kB, failcnt 36 [ 225.566940][ T5768] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./44/file0") = 0 [pid 5086] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./44/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./44") = 0 [pid 5086] mkdir("./45", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5771 attached [pid 5771] chdir("./45" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 47 [pid 5771] <... chdir resumed>) = 0 [pid 5771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5771] setpgid(0, 0) = 0 [pid 5771] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5771] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5771] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5771] write(3, "1000", 4) = 4 [pid 5771] close(3) = 0 [pid 5771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5771] mkdir("./file0", 000) = 0 [ 225.576297][ T5768] Memory cgroup stats for /syz1: [ 225.576670][ T5768] anon 0 [ 225.576670][ T5768] file 0 [ 225.576670][ T5768] kernel 8192 [ 225.576670][ T5768] kernel_stack 0 [ 225.576670][ T5768] pagetables 0 [ 225.576670][ T5768] sec_pagetables 0 [ 225.576670][ T5768] percpu 0 [ 225.576670][ T5768] sock 0 [ 225.576670][ T5768] vmalloc 0 [ 225.576670][ T5768] shmem 0 [ 225.576670][ T5768] zswap 0 [ 225.576670][ T5768] zswapped 0 [ 225.576670][ T5768] file_mapped 0 [ 225.576670][ T5768] file_dirty 0 [pid 5771] open("./file0", O_RDONLY) = 3 [pid 5771] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5771] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5771] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5771] openat(5, "memory.max", O_RDWR) = 6 [ 225.576670][ T5768] file_writeback 0 [ 225.576670][ T5768] swapcached 0 [ 225.576670][ T5768] anon_thp 0 [ 225.576670][ T5768] file_thp 0 [ 225.576670][ T5768] shmem_thp 0 [ 225.576670][ T5768] inactive_anon 0 [ 225.576670][ T5768] active_anon 0 [ 225.576670][ T5768] inactive_file 0 [ 225.576670][ T5768] active_file 0 [ 225.576670][ T5768] unevictable 0 [ 225.576670][ T5768] slab_reclaimable 6752 [ 225.576670][ T5768] slab_unreclaimable 0 [ 225.576670][ T5768] slab 6752 [ 225.576670][ T5768] workingset_refault_anon 0 [ 225.576670][ T5768] workingset_refault_file 0 [ 225.576670][ T5768] workingset_activate_anon 0 [ 225.576670][ T5768] workingset_activate_file 0 [ 225.576670][ T5768] workingset_restore_anon 0 [ 225.576670][ T5768] workingset_restore_file 0 [ 225.576670][ T5768] workingset_nodereclaim 0 [ 225.576670][ T5768] pgscan 831 [ 225.576670][ T5768] pgsteal 2 [ 225.576670][ T5768] pgscan_kswapd 0 [ 225.576670][ T5768] pgscan_direct 831 [ 225.576670][ T5768] pgscan_khugepaged 0 [ 225.576670][ T5768] pgsteal_kswapd 0 [ 225.576670][ T5768] pgsteal_direct 2 [ 225.576670][ T5768] pgsteal_khugepaged 0 [ 225.576670][ T5768] pgfault 21 [ 225.576670][ T5768] pgmajfault 0 [ 225.576670][ T5768] pgrefill 830 [ 225.576670][ T5768] pgactivate 829 [ 225.576670][ T5768] pgdeactivate 830 [ 225.576670][ T5768] pglazyfree 0 [ 225.576670][ T5768] pglazyfreed 0 [ 225.576670][ T5768] zswpin 0 [ 225.576670][ T5768] zswpout 0 [ 225.576670][ T5768] thp_fault_alloc 0 [ 225.576670][ T5768] thp_collapse_alloc 0 [ 225.768159][ T5768] Tasks state (memory values in pages): [pid 5771] write(6, "0x000000000000040e", 18 [pid 5768] <... write resumed>) = 18 [pid 5768] close(3) = 0 [pid 5768] close(4) = 0 [pid 5768] close(5) = 0 [pid 5768] close(6) = 0 [pid 5768] close(7) = -1 EBADF (Bad file descriptor) [pid 5768] close(8) = -1 EBADF (Bad file descriptor) [pid 5768] close(9) = -1 EBADF (Bad file descriptor) [pid 5768] close(10) = -1 EBADF (Bad file descriptor) [pid 5768] close(11) = -1 EBADF (Bad file descriptor) [pid 5768] close(12) = -1 EBADF (Bad file descriptor) [pid 5768] close(13) = -1 EBADF (Bad file descriptor) [pid 5768] close(14) = -1 EBADF (Bad file descriptor) [pid 5768] close(15) = -1 EBADF (Bad file descriptor) [pid 5768] close(16) = -1 EBADF (Bad file descriptor) [pid 5768] close(17) = -1 EBADF (Bad file descriptor) [pid 5768] close(18) = -1 EBADF (Bad file descriptor) [pid 5768] close(19) = -1 EBADF (Bad file descriptor) [pid 5768] close(20) = -1 EBADF (Bad file descriptor) [pid 5768] close(21) = -1 EBADF (Bad file descriptor) [pid 5768] close(22) = -1 EBADF (Bad file descriptor) [pid 5768] close(23) = -1 EBADF (Bad file descriptor) [pid 5768] close(24) = -1 EBADF (Bad file descriptor) [pid 5768] close(25) = -1 EBADF (Bad file descriptor) [pid 5768] close(26) = -1 EBADF (Bad file descriptor) [pid 5768] close(27) = -1 EBADF (Bad file descriptor) [pid 5768] close(28) = -1 EBADF (Bad file descriptor) [pid 5768] close(29) = -1 EBADF (Bad file descriptor) [pid 5768] exit_group(0) = ? [pid 5768] +++ exited with 0 +++ [ 225.773978][ T5768] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 225.783586][ T5768] Out of memory and no killable processes... [ 225.789665][ T5767] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 225.801642][ T5767] CPU: 1 PID: 5767 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 225.811614][ T5767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 225.821727][ T5767] Call Trace: [ 225.825019][ T5767] [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5085] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 225.827981][ T5767] dump_stack_lvl+0x136/0x150 [ 225.832702][ T5767] dump_header+0x10a/0xd70 [ 225.837142][ T5767] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 225.843252][ T5767] out_of_memory+0xd64/0x1660 [ 225.847961][ T5767] ? oom_killer_disable+0x2b0/0x2b0 [ 225.853217][ T5767] mem_cgroup_out_of_memory+0x206/0x270 [ 225.858828][ T5767] ? mem_cgroup_margin+0x130/0x130 [ 225.864032][ T5767] memory_max_write+0x2f9/0x3c0 [ 225.868983][ T5767] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5085] unlink("./44/binderfs") = 0 [pid 5085] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./44/cgroup") = 0 [pid 5085] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./44/cgroup.net") = 0 [ 225.875148][ T5767] ? lock_sync+0x190/0x190 [ 225.879648][ T5767] cgroup_file_write+0x1e2/0x7b0 [ 225.884677][ T5767] ? mem_cgroup_force_empty_write+0x160/0x160 [ 225.890829][ T5767] ? kill_css+0x3b0/0x3b0 [ 225.895242][ T5767] ? lock_acquire+0x32/0xc0 [ 225.899832][ T5767] ? kill_css+0x3b0/0x3b0 [ 225.904230][ T5767] kernfs_fop_write_iter+0x3f1/0x600 [ 225.909564][ T5767] vfs_write+0x9ed/0xe10 [ 225.913857][ T5767] ? kernel_write+0x670/0x670 [ 225.918587][ T5767] ? find_held_lock+0x2d/0x110 [ 225.923398][ T5767] ? __fget_light+0x20a/0x270 [ 225.928142][ T5767] ksys_write+0x12b/0x250 [ 225.932535][ T5767] ? __ia32_sys_read+0xb0/0xb0 [ 225.937355][ T5767] ? lockdep_hardirqs_on+0x7d/0x100 [ 225.942610][ T5767] ? _raw_spin_unlock_irq+0x2e/0x50 [ 225.947862][ T5767] ? ptrace_notify+0xfe/0x140 [ 225.952585][ T5767] do_syscall_64+0x39/0xb0 [ 225.957050][ T5767] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 225.962983][ T5767] RIP: 0033:0x7faecf034129 [ 225.967429][ T5767] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 225.987069][ T5767] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 225.995518][ T5767] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 226.003515][ T5767] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 226.011508][ T5767] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 226.019510][ T5767] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 226.027505][ T5767] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002f [ 226.035525][ T5767] [ 226.039917][ T5767] memory: usage 8kB, limit 0kB, failcnt 36 [ 226.046032][ T5767] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 226.058106][ T5767] Memory cgroup stats for /syz1: [ 226.058382][ T5767] anon 0 [ 226.058382][ T5767] file 0 [ 226.058382][ T5767] kernel 8192 [ 226.058382][ T5767] kernel_stack 0 [ 226.058382][ T5767] pagetables 0 [ 226.058382][ T5767] sec_pagetables 0 [ 226.058382][ T5767] percpu 0 [ 226.058382][ T5767] sock 0 [ 226.058382][ T5767] vmalloc 0 [ 226.058382][ T5767] shmem 0 [ 226.058382][ T5767] zswap 0 [ 226.058382][ T5767] zswapped 0 [ 226.058382][ T5767] file_mapped 0 [ 226.058382][ T5767] file_dirty 0 [ 226.058382][ T5767] file_writeback 0 [ 226.058382][ T5767] swapcached 0 [ 226.058382][ T5767] anon_thp 0 [ 226.058382][ T5767] file_thp 0 [ 226.058382][ T5767] shmem_thp 0 [ 226.058382][ T5767] inactive_anon 0 [ 226.058382][ T5767] active_anon 0 [ 226.058382][ T5767] inactive_file 0 [ 226.058382][ T5767] active_file 0 [ 226.058382][ T5767] unevictable 0 [ 226.058382][ T5767] slab_reclaimable 6752 [ 226.058382][ T5767] slab_unreclaimable 0 [ 226.058382][ T5767] slab 6752 [ 226.058382][ T5767] workingset_refault_anon 0 [ 226.058382][ T5767] workingset_refault_file 0 [ 226.058382][ T5767] workingset_activate_anon 0 [ 226.058382][ T5767] workingset_activate_file 0 [ 226.058382][ T5767] workingset_restore_anon 0 [ 226.058382][ T5767] workingset_restore_file 0 [ 226.058382][ T5767] workingset_nodereclaim 0 [ 226.058382][ T5767] pgscan 831 [ 226.058382][ T5767] pgsteal 2 [ 226.058382][ T5767] pgscan_kswapd 0 [ 226.058382][ T5767] pgscan_direct 831 [ 226.058382][ T5767] pgscan_khugepaged 0 [ 226.058382][ T5767] pgsteal_kswapd 0 [ 226.058382][ T5767] pgsteal_direct 2 [ 226.058382][ T5767] pgsteal_khugepaged 0 [ 226.058382][ T5767] pgfault 21 [ 226.058382][ T5767] pgmajfault 0 [ 226.058382][ T5767] pgrefill 830 [ 226.058382][ T5767] pgactivate 829 [ 226.058382][ T5767] pgdeactivate 830 [ 226.058382][ T5767] pglazyfree 0 [pid 5085] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./44/file0") = 0 [pid 5085] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./44/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./44") = 0 [pid 5085] mkdir("./45", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 47 ./strace-static-x86_64: Process 5772 attached [pid 5772] chdir("./45") = 0 [pid 5772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 226.058382][ T5767] pglazyfreed 0 [ 226.058382][ T5767] zswpin 0 [ 226.058382][ T5767] zswpout 0 [ 226.058382][ T5767] thp_fault_alloc 0 [ 226.058382][ T5767] thp_collapse_alloc 0 [ 226.251868][ T5767] Tasks state (memory values in pages): [ 226.258100][ T5767] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 226.269278][ T5767] Out of memory and no killable processes... [pid 5772] setpgid(0, 0 [pid 5767] <... write resumed>) = 18 [pid 5772] <... setpgid resumed>) = 0 [pid 5772] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5772] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5772] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5772] write(3, "1000", 4) = 4 [pid 5772] close(3) = 0 [ 226.276332][ T5769] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 226.287408][ T5769] CPU: 0 PID: 5769 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 226.297376][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 226.307490][ T5769] Call Trace: [ 226.310816][ T5769] [ 226.313797][ T5769] dump_stack_lvl+0x136/0x150 [ 226.318538][ T5769] dump_header+0x10a/0xd70 [ 226.323015][ T5769] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5772] mkdir("./file0", 000) = 0 [pid 5772] open("./file0", O_RDONLY) = 3 [pid 5772] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5772] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5772] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5772] openat(5, "memory.max", O_RDWR) = 6 [ 226.329194][ T5769] out_of_memory+0xd64/0x1660 [ 226.333974][ T5769] ? oom_killer_disable+0x2b0/0x2b0 [ 226.339253][ T5769] ? find_held_lock+0x2d/0x110 [ 226.344107][ T5769] mem_cgroup_out_of_memory+0x206/0x270 [ 226.349733][ T5769] ? mem_cgroup_margin+0x130/0x130 [ 226.354940][ T5769] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 226.360827][ T5769] memory_max_write+0x2f9/0x3c0 [ 226.365761][ T5769] ? mem_cgroup_force_empty_write+0x160/0x160 [ 226.371910][ T5769] ? lock_sync+0x190/0x190 [ 226.376396][ T5769] cgroup_file_write+0x1e2/0x7b0 [ 226.381418][ T5769] ? mem_cgroup_force_empty_write+0x160/0x160 [ 226.387564][ T5769] ? kill_css+0x3b0/0x3b0 [ 226.391969][ T5769] ? lock_acquire+0x32/0xc0 [ 226.396561][ T5769] ? kill_css+0x3b0/0x3b0 [ 226.400968][ T5769] kernfs_fop_write_iter+0x3f1/0x600 [ 226.406347][ T5769] vfs_write+0x9ed/0xe10 [ 226.410683][ T5769] ? kernel_write+0x670/0x670 [ 226.415440][ T5769] ? find_held_lock+0x2d/0x110 [ 226.420280][ T5769] ? __fget_light+0x20a/0x270 [ 226.425038][ T5769] ksys_write+0x12b/0x250 [ 226.429443][ T5769] ? __ia32_sys_read+0xb0/0xb0 [ 226.434277][ T5769] ? lockdep_hardirqs_on+0x7d/0x100 [ 226.439536][ T5769] ? _raw_spin_unlock_irq+0x2e/0x50 [ 226.444822][ T5769] ? ptrace_notify+0xfe/0x140 [ 226.449567][ T5769] do_syscall_64+0x39/0xb0 [ 226.454072][ T5769] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 226.460050][ T5769] RIP: 0033:0x7faecf034129 [ 226.464543][ T5769] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 226.484233][ T5769] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 226.492728][ T5769] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 226.500750][ T5769] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 226.508778][ T5769] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 226.516809][ T5769] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5772] write(6, "0x000000000000040e", 18 [pid 5767] close(3) = 0 [pid 5767] close(4) = 0 [pid 5767] close(5) = 0 [pid 5767] close(6) = 0 [pid 5767] close(7) = -1 EBADF (Bad file descriptor) [pid 5767] close(8) = -1 EBADF (Bad file descriptor) [pid 5767] close(9) = -1 EBADF (Bad file descriptor) [pid 5767] close(10) = -1 EBADF (Bad file descriptor) [pid 5767] close(11) = -1 EBADF (Bad file descriptor) [pid 5767] close(12) = -1 EBADF (Bad file descriptor) [pid 5767] close(13) = -1 EBADF (Bad file descriptor) [pid 5767] close(14) = -1 EBADF (Bad file descriptor) [pid 5767] close(15) = -1 EBADF (Bad file descriptor) [pid 5767] close(16) = -1 EBADF (Bad file descriptor) [pid 5767] close(17) = -1 EBADF (Bad file descriptor) [pid 5767] close(18) = -1 EBADF (Bad file descriptor) [pid 5767] close(19) = -1 EBADF (Bad file descriptor) [pid 5767] close(20) = -1 EBADF (Bad file descriptor) [pid 5767] close(21) = -1 EBADF (Bad file descriptor) [pid 5767] close(22) = -1 EBADF (Bad file descriptor) [pid 5767] close(23) = -1 EBADF (Bad file descriptor) [pid 5767] close(24) = -1 EBADF (Bad file descriptor) [pid 5767] close(25) = -1 EBADF (Bad file descriptor) [pid 5767] close(26) = -1 EBADF (Bad file descriptor) [pid 5767] close(27) = -1 EBADF (Bad file descriptor) [pid 5767] close(28) = -1 EBADF (Bad file descriptor) [pid 5767] close(29) = -1 EBADF (Bad file descriptor) [pid 5767] exit_group(0) = ? [pid 5767] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./47/binderfs") = 0 [pid 5089] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./47/cgroup") = 0 [pid 5089] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./47/cgroup.net") = 0 [pid 5089] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 226.524832][ T5769] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002e [ 226.532906][ T5769] [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./47/file0") = 0 [pid 5089] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./47/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./47") = 0 [pid 5089] mkdir("./48", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5773 attached [pid 5773] chdir("./48" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 50 [pid 5773] <... chdir resumed>) = 0 [pid 5773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5773] setpgid(0, 0) = 0 [ 226.556639][ T5769] memory: usage 8kB, limit 0kB, failcnt 36 [ 226.563566][ T5769] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 226.571007][ T5769] Memory cgroup stats for /syz1: [ 226.571277][ T5769] anon 0 [ 226.571277][ T5769] file 0 [ 226.571277][ T5769] kernel 8192 [ 226.571277][ T5769] kernel_stack 0 [ 226.571277][ T5769] pagetables 0 [ 226.571277][ T5769] sec_pagetables 0 [ 226.571277][ T5769] percpu 0 [ 226.571277][ T5769] sock 0 [ 226.571277][ T5769] vmalloc 0 [ 226.571277][ T5769] shmem 0 [pid 5773] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5773] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5773] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5773] write(3, "1000", 4) = 4 [pid 5773] close(3) = 0 [pid 5773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5773] mkdir("./file0", 000) = 0 [pid 5773] open("./file0", O_RDONLY) = 3 [ 226.571277][ T5769] zswap 0 [ 226.571277][ T5769] zswapped 0 [ 226.571277][ T5769] file_mapped 0 [ 226.571277][ T5769] file_dirty 0 [ 226.571277][ T5769] file_writeback 0 [ 226.571277][ T5769] swapcached 0 [ 226.571277][ T5769] anon_thp 0 [ 226.571277][ T5769] file_thp 0 [ 226.571277][ T5769] shmem_thp 0 [ 226.571277][ T5769] inactive_anon 0 [ 226.571277][ T5769] active_anon 0 [ 226.571277][ T5769] inactive_file 0 [ 226.571277][ T5769] active_file 0 [ 226.571277][ T5769] unevictable 0 [ 226.571277][ T5769] slab_reclaimable 6752 [ 226.571277][ T5769] slab_unreclaimable 0 [ 226.571277][ T5769] slab 6752 [ 226.571277][ T5769] workingset_refault_anon 0 [ 226.571277][ T5769] workingset_refault_file 0 [ 226.571277][ T5769] workingset_activate_anon 0 [ 226.571277][ T5769] workingset_activate_file 0 [ 226.571277][ T5769] workingset_restore_anon 0 [ 226.571277][ T5769] workingset_restore_file 0 [ 226.571277][ T5769] workingset_nodereclaim 0 [ 226.571277][ T5769] pgscan 831 [ 226.571277][ T5769] pgsteal 2 [ 226.571277][ T5769] pgscan_kswapd 0 [ 226.571277][ T5769] pgscan_direct 831 [pid 5773] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5773] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5773] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5773] openat(5, "memory.max", O_RDWR) = 6 [ 226.571277][ T5769] pgscan_khugepaged 0 [ 226.571277][ T5769] pgsteal_kswapd 0 [ 226.571277][ T5769] pgsteal_direct 2 [ 226.571277][ T5769] pgsteal_khugepaged 0 [ 226.571277][ T5769] pgfault 21 [ 226.571277][ T5769] pgmajfault 0 [ 226.571277][ T5769] pgrefill 830 [ 226.571277][ T5769] pgactivate 829 [ 226.571277][ T5769] pgdeactivate 830 [ 226.571277][ T5769] pglazyfree 0 [ 226.571277][ T5769] pglazyfreed 0 [ 226.571277][ T5769] zswpin 0 [ 226.571277][ T5769] zswpout 0 [ 226.571277][ T5769] thp_fault_alloc 0 [ 226.571277][ T5769] thp_collapse_alloc 0 [pid 5773] write(6, "0x000000000000040e", 18 [pid 5769] <... write resumed>) = 18 [pid 5769] close(3) = 0 [pid 5769] close(4) = 0 [pid 5769] close(5) = 0 [pid 5769] close(6) = 0 [pid 5769] close(7) = -1 EBADF (Bad file descriptor) [pid 5769] close(8) = -1 EBADF (Bad file descriptor) [ 226.763801][ T5769] Tasks state (memory values in pages): [ 226.772013][ T5769] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 226.784307][ T5769] Out of memory and no killable processes... [ 226.792651][ T5770] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5769] close(9) = -1 EBADF (Bad file descriptor) [pid 5769] close(10) = -1 EBADF (Bad file descriptor) [pid 5769] close(11) = -1 EBADF (Bad file descriptor) [pid 5769] close(12) = -1 EBADF (Bad file descriptor) [pid 5769] close(13) = -1 EBADF (Bad file descriptor) [pid 5769] close(14) = -1 EBADF (Bad file descriptor) [pid 5769] close(15) = -1 EBADF (Bad file descriptor) [pid 5769] close(16) = -1 EBADF (Bad file descriptor) [pid 5769] close(17) = -1 EBADF (Bad file descriptor) [pid 5769] close(18) = -1 EBADF (Bad file descriptor) [pid 5769] close(19) = -1 EBADF (Bad file descriptor) [pid 5769] close(20) = -1 EBADF (Bad file descriptor) [pid 5769] close(21) = -1 EBADF (Bad file descriptor) [pid 5769] close(22) = -1 EBADF (Bad file descriptor) [pid 5769] close(23) = -1 EBADF (Bad file descriptor) [pid 5769] close(24) = -1 EBADF (Bad file descriptor) [pid 5769] close(25) = -1 EBADF (Bad file descriptor) [pid 5769] close(26) = -1 EBADF (Bad file descriptor) [pid 5769] close(27) = -1 EBADF (Bad file descriptor) [pid 5769] close(28) = -1 EBADF (Bad file descriptor) [pid 5769] close(29) = -1 EBADF (Bad file descriptor) [pid 5769] exit_group(0) = ? [pid 5769] +++ exited with 0 +++ [ 226.811668][ T5770] CPU: 0 PID: 5770 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 226.821639][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 226.831752][ T5770] Call Trace: [ 226.835076][ T5770] [ 226.838066][ T5770] dump_stack_lvl+0x136/0x150 [ 226.842823][ T5770] dump_header+0x10a/0xd70 [ 226.847308][ T5770] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 226.853469][ T5770] out_of_memory+0xd64/0x1660 [ 226.858238][ T5770] ? oom_killer_disable+0x2b0/0x2b0 [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 226.863523][ T5770] ? find_held_lock+0x2d/0x110 [ 226.868372][ T5770] mem_cgroup_out_of_memory+0x206/0x270 [ 226.873988][ T5770] ? mem_cgroup_margin+0x130/0x130 [ 226.879154][ T5770] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 226.885026][ T5770] memory_max_write+0x2f9/0x3c0 [ 226.889925][ T5770] ? mem_cgroup_force_empty_write+0x160/0x160 [ 226.896042][ T5770] ? lock_sync+0x190/0x190 [ 226.900511][ T5770] cgroup_file_write+0x1e2/0x7b0 [ 226.905507][ T5770] ? mem_cgroup_force_empty_write+0x160/0x160 [ 226.911625][ T5770] ? kill_css+0x3b0/0x3b0 [ 226.916004][ T5770] ? lock_acquire+0x32/0xc0 [ 226.920559][ T5770] ? kill_css+0x3b0/0x3b0 [ 226.924933][ T5770] kernfs_fop_write_iter+0x3f1/0x600 [ 226.930271][ T5770] vfs_write+0x9ed/0xe10 [ 226.934568][ T5770] ? kernel_write+0x670/0x670 [ 226.939298][ T5770] ? find_held_lock+0x2d/0x110 [ 226.944114][ T5770] ? __fget_light+0x20a/0x270 [ 226.948844][ T5770] ksys_write+0x12b/0x250 [ 226.953233][ T5770] ? __ia32_sys_read+0xb0/0xb0 [ 226.958050][ T5770] ? lockdep_hardirqs_on+0x7d/0x100 [ 226.963287][ T5770] ? _raw_spin_unlock_irq+0x2e/0x50 [ 226.968545][ T5770] ? ptrace_notify+0xfe/0x140 [ 226.973264][ T5770] do_syscall_64+0x39/0xb0 [ 226.977742][ T5770] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 226.983687][ T5770] RIP: 0033:0x7faecf034129 [ 226.988131][ T5770] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 227.007769][ T5770] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 227.016211][ T5770] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 227.024208][ T5770] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 227.032209][ T5770] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 227.040210][ T5770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 227.048206][ T5770] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000030 [ 227.056226][ T5770] [pid 5087] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./46/binderfs") = 0 [pid 5087] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./46/cgroup") = 0 [pid 5087] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./46/cgroup.net") = 0 [ 227.071926][ T5770] memory: usage 8kB, limit 0kB, failcnt 36 [ 227.079046][ T5770] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 227.097094][ T5770] Memory cgroup stats for /syz1: [ 227.097378][ T5770] anon 0 [ 227.097378][ T5770] file 0 [ 227.097378][ T5770] kernel 8192 [ 227.097378][ T5770] kernel_stack 0 [ 227.097378][ T5770] pagetables 0 [ 227.097378][ T5770] sec_pagetables 0 [ 227.097378][ T5770] percpu 0 [ 227.097378][ T5770] sock 0 [ 227.097378][ T5770] vmalloc 0 [ 227.097378][ T5770] shmem 0 [ 227.097378][ T5770] zswap 0 [ 227.097378][ T5770] zswapped 0 [ 227.097378][ T5770] file_mapped 0 [ 227.097378][ T5770] file_dirty 0 [ 227.097378][ T5770] file_writeback 0 [ 227.097378][ T5770] swapcached 0 [ 227.097378][ T5770] anon_thp 0 [ 227.097378][ T5770] file_thp 0 [ 227.097378][ T5770] shmem_thp 0 [ 227.097378][ T5770] inactive_anon 0 [ 227.097378][ T5770] active_anon 0 [ 227.097378][ T5770] inactive_file 0 [ 227.097378][ T5770] active_file 0 [ 227.097378][ T5770] unevictable 0 [ 227.097378][ T5770] slab_reclaimable 6752 [ 227.097378][ T5770] slab_unreclaimable 0 [ 227.097378][ T5770] slab 6752 [ 227.097378][ T5770] workingset_refault_anon 0 [ 227.097378][ T5770] workingset_refault_file 0 [ 227.097378][ T5770] workingset_activate_anon 0 [ 227.097378][ T5770] workingset_activate_file 0 [ 227.097378][ T5770] workingset_restore_anon 0 [ 227.097378][ T5770] workingset_restore_file 0 [ 227.097378][ T5770] workingset_nodereclaim 0 [ 227.097378][ T5770] pgscan 831 [ 227.097378][ T5770] pgsteal 2 [ 227.097378][ T5770] pgscan_kswapd 0 [ 227.097378][ T5770] pgscan_direct 831 [ 227.097378][ T5770] pgscan_khugepaged 0 [ 227.097378][ T5770] pgsteal_kswapd 0 [ 227.097378][ T5770] pgsteal_direct 2 [ 227.097378][ T5770] pgsteal_khugepaged 0 [ 227.097378][ T5770] pgfault 21 [ 227.097378][ T5770] pgmajfault 0 [ 227.097378][ T5770] pgrefill 830 [ 227.097378][ T5770] pgactivate 829 [ 227.097378][ T5770] pgdeactivate 830 [ 227.097378][ T5770] pglazyfree 0 [ 227.097378][ T5770] pglazyfreed 0 [ 227.097378][ T5770] zswpin 0 [pid 5087] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./46/file0") = 0 [pid 5087] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./46/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./46") = 0 [ 227.097378][ T5770] zswpout 0 [ 227.097378][ T5770] thp_fault_alloc 0 [ 227.097378][ T5770] thp_collapse_alloc 0 [ 227.296559][ T5770] Tasks state (memory values in pages): [ 227.307132][ T5770] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5087] mkdir("./47", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 49 ./strace-static-x86_64: Process 5774 attached [pid 5770] <... write resumed>) = 18 [pid 5770] close(3) = 0 [pid 5774] chdir("./47" [pid 5770] close(4) = 0 [pid 5770] close(5) = 0 [pid 5770] close(6) = 0 [pid 5770] close(7) = -1 EBADF (Bad file descriptor) [pid 5770] close(8) = -1 EBADF (Bad file descriptor) [pid 5770] close(9) = -1 EBADF (Bad file descriptor) [pid 5770] close(10) = -1 EBADF (Bad file descriptor) [pid 5770] close(11) = -1 EBADF (Bad file descriptor) [pid 5770] close(12) = -1 EBADF (Bad file descriptor) [ 227.323702][ T5770] Out of memory and no killable processes... [ 227.330698][ T5771] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 227.349287][ T5771] CPU: 0 PID: 5771 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 227.359278][ T5771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 227.369395][ T5771] Call Trace: [pid 5770] close(13) = -1 EBADF (Bad file descriptor) [pid 5770] close(14) = -1 EBADF (Bad file descriptor) [pid 5770] close(15) = -1 EBADF (Bad file descriptor) [pid 5770] close(16) = -1 EBADF (Bad file descriptor) [pid 5770] close(17) = -1 EBADF (Bad file descriptor) [pid 5770] close(18) = -1 EBADF (Bad file descriptor) [pid 5770] close(19) = -1 EBADF (Bad file descriptor) [pid 5770] close(20) = -1 EBADF (Bad file descriptor) [pid 5770] close(21) = -1 EBADF (Bad file descriptor) [pid 5770] close(22) = -1 EBADF (Bad file descriptor) [pid 5770] close(23) = -1 EBADF (Bad file descriptor) [pid 5770] close(24) = -1 EBADF (Bad file descriptor) [pid 5770] close(25) = -1 EBADF (Bad file descriptor) [pid 5770] close(26) = -1 EBADF (Bad file descriptor) [pid 5770] close(27) = -1 EBADF (Bad file descriptor) [pid 5770] close(28) = -1 EBADF (Bad file descriptor) [pid 5770] close(29) = -1 EBADF (Bad file descriptor) [pid 5770] exit_group(0) = ? [pid 5770] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 227.372740][ T5771] [ 227.375727][ T5771] dump_stack_lvl+0x136/0x150 [ 227.380483][ T5771] dump_header+0x10a/0xd70 [ 227.384977][ T5771] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 227.391143][ T5771] out_of_memory+0xd64/0x1660 [ 227.395906][ T5771] ? oom_killer_disable+0x2b0/0x2b0 [ 227.401196][ T5771] mem_cgroup_out_of_memory+0x206/0x270 [ 227.406827][ T5771] ? mem_cgroup_margin+0x130/0x130 [ 227.412046][ T5771] memory_max_write+0x2f9/0x3c0 [ 227.416992][ T5771] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./48/binderfs") = 0 [pid 5090] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./48/cgroup") = 0 [pid 5090] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./48/cgroup.net") = 0 [pid 5090] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5774] <... chdir resumed>) = 0 [ 227.423171][ T5771] ? lock_sync+0x190/0x190 [ 227.427669][ T5771] cgroup_file_write+0x1e2/0x7b0 [ 227.432706][ T5771] ? mem_cgroup_force_empty_write+0x160/0x160 [ 227.438860][ T5771] ? kill_css+0x3b0/0x3b0 [ 227.443276][ T5771] ? lock_acquire+0x32/0xc0 [ 227.447867][ T5771] ? kill_css+0x3b0/0x3b0 [ 227.452280][ T5771] kernfs_fop_write_iter+0x3f1/0x600 [ 227.457651][ T5771] vfs_write+0x9ed/0xe10 [ 227.461984][ T5771] ? kernel_write+0x670/0x670 [ 227.466750][ T5771] ? find_held_lock+0x2d/0x110 [ 227.471596][ T5771] ? __fget_light+0x20a/0x270 [ 227.476388][ T5771] ksys_write+0x12b/0x250 [ 227.480795][ T5771] ? __ia32_sys_read+0xb0/0xb0 [ 227.485632][ T5771] ? lockdep_hardirqs_on+0x7d/0x100 [ 227.490889][ T5771] ? _raw_spin_unlock_irq+0x2e/0x50 [ 227.496155][ T5771] ? ptrace_notify+0xfe/0x140 [ 227.500893][ T5771] do_syscall_64+0x39/0xb0 [ 227.505377][ T5771] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 227.511334][ T5771] RIP: 0033:0x7faecf034129 [ 227.515787][ T5771] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 227.535517][ T5771] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 227.543964][ T5771] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 227.551963][ T5771] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 227.559958][ T5771] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5774] setpgid(0, 0) = 0 [pid 5774] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5774] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5774] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5774] write(3, "1000", 4) = 4 [pid 5774] close(3) = 0 [pid 5774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5774] mkdir("./file0", 000) = 0 [pid 5774] open("./file0", O_RDONLY) = 3 [pid 5774] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5774] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5774] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5774] openat(5, "memory.max", O_RDWR) = 6 [pid 5774] write(6, "0x000000000000040e", 18 [pid 5090] <... umount2 resumed>) = 0 [pid 5090] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 227.567954][ T5771] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 227.575946][ T5771] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002d [ 227.583965][ T5771] [ 227.597097][ T5771] memory: usage 8kB, limit 0kB, failcnt 36 [ 227.607293][ T5771] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 227.616325][ T5771] Memory cgroup stats for /syz1: [ 227.616702][ T5771] anon 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./48/file0") = 0 [pid 5090] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./48/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./48") = 0 [pid 5090] mkdir("./49", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5775 attached [pid 5775] chdir("./49" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 51 [pid 5775] <... chdir resumed>) = 0 [pid 5775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5775] setpgid(0, 0) = 0 [pid 5775] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5775] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5775] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5775] write(3, "1000", 4) = 4 [pid 5775] close(3) = 0 [pid 5775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5775] mkdir("./file0", 000) = 0 [pid 5775] open("./file0", O_RDONLY) = 3 [pid 5775] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 227.616702][ T5771] file 0 [ 227.616702][ T5771] kernel 8192 [ 227.616702][ T5771] kernel_stack 0 [ 227.616702][ T5771] pagetables 0 [ 227.616702][ T5771] sec_pagetables 0 [ 227.616702][ T5771] percpu 0 [ 227.616702][ T5771] sock 0 [ 227.616702][ T5771] vmalloc 0 [ 227.616702][ T5771] shmem 0 [ 227.616702][ T5771] zswap 0 [ 227.616702][ T5771] zswapped 0 [ 227.616702][ T5771] file_mapped 0 [ 227.616702][ T5771] file_dirty 0 [ 227.616702][ T5771] file_writeback 0 [ 227.616702][ T5771] swapcached 0 [ 227.616702][ T5771] anon_thp 0 [pid 5775] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5775] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5775] openat(5, "memory.max", O_RDWR) = 6 [ 227.616702][ T5771] file_thp 0 [ 227.616702][ T5771] shmem_thp 0 [ 227.616702][ T5771] inactive_anon 0 [ 227.616702][ T5771] active_anon 0 [ 227.616702][ T5771] inactive_file 0 [ 227.616702][ T5771] active_file 0 [ 227.616702][ T5771] unevictable 0 [ 227.616702][ T5771] slab_reclaimable 6752 [ 227.616702][ T5771] slab_unreclaimable 0 [ 227.616702][ T5771] slab 6752 [ 227.616702][ T5771] workingset_refault_anon 0 [ 227.616702][ T5771] workingset_refault_file 0 [ 227.616702][ T5771] workingset_activate_anon 0 [ 227.616702][ T5771] workingset_activate_file 0 [ 227.616702][ T5771] workingset_restore_anon 0 [ 227.616702][ T5771] workingset_restore_file 0 [ 227.616702][ T5771] workingset_nodereclaim 0 [ 227.616702][ T5771] pgscan 831 [ 227.616702][ T5771] pgsteal 2 [ 227.616702][ T5771] pgscan_kswapd 0 [ 227.616702][ T5771] pgscan_direct 831 [ 227.616702][ T5771] pgscan_khugepaged 0 [ 227.616702][ T5771] pgsteal_kswapd 0 [ 227.616702][ T5771] pgsteal_direct 2 [ 227.616702][ T5771] pgsteal_khugepaged 0 [ 227.616702][ T5771] pgfault 21 [ 227.616702][ T5771] pgmajfault 0 [ 227.616702][ T5771] pgrefill 830 [ 227.616702][ T5771] pgactivate 829 [ 227.616702][ T5771] pgdeactivate 830 [ 227.616702][ T5771] pglazyfree 0 [ 227.616702][ T5771] pglazyfreed 0 [ 227.616702][ T5771] zswpin 0 [ 227.616702][ T5771] zswpout 0 [ 227.616702][ T5771] thp_fault_alloc 0 [ 227.616702][ T5771] thp_collapse_alloc 0 [ 227.810085][ T5771] Tasks state (memory values in pages): [pid 5775] write(6, "0x000000000000040e", 18 [pid 5771] <... write resumed>) = 18 [pid 5771] close(3) = 0 [pid 5771] close(4) = 0 [pid 5771] close(5) = 0 [pid 5771] close(6) = 0 [pid 5771] close(7) = -1 EBADF (Bad file descriptor) [pid 5771] close(8) = -1 EBADF (Bad file descriptor) [pid 5771] close(9) = -1 EBADF (Bad file descriptor) [pid 5771] close(10) = -1 EBADF (Bad file descriptor) [pid 5771] close(11) = -1 EBADF (Bad file descriptor) [pid 5771] close(12) = -1 EBADF (Bad file descriptor) [pid 5771] close(13) = -1 EBADF (Bad file descriptor) [pid 5771] close(14) = -1 EBADF (Bad file descriptor) [pid 5771] close(15) = -1 EBADF (Bad file descriptor) [pid 5771] close(16) = -1 EBADF (Bad file descriptor) [pid 5771] close(17) = -1 EBADF (Bad file descriptor) [pid 5771] close(18) = -1 EBADF (Bad file descriptor) [pid 5771] close(19) = -1 EBADF (Bad file descriptor) [pid 5771] close(20) = -1 EBADF (Bad file descriptor) [pid 5771] close(21) = -1 EBADF (Bad file descriptor) [pid 5771] close(22) = -1 EBADF (Bad file descriptor) [pid 5771] close(23) = -1 EBADF (Bad file descriptor) [pid 5771] close(24) = -1 EBADF (Bad file descriptor) [pid 5771] close(25) = -1 EBADF (Bad file descriptor) [pid 5771] close(26) = -1 EBADF (Bad file descriptor) [pid 5771] close(27) = -1 EBADF (Bad file descriptor) [pid 5771] close(28) = -1 EBADF (Bad file descriptor) [pid 5771] close(29) = -1 EBADF (Bad file descriptor) [pid 5771] exit_group(0) = ? [pid 5771] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5086] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./45/binderfs") = 0 [pid 5086] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 227.817851][ T5771] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 227.827760][ T5771] Out of memory and no killable processes... [ 227.834057][ T5772] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 227.845455][ T5772] CPU: 1 PID: 5772 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 227.855415][ T5772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 227.865523][ T5772] Call Trace: [ 227.868848][ T5772] [ 227.871829][ T5772] dump_stack_lvl+0x136/0x150 [pid 5086] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./45/cgroup") = 0 [pid 5086] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./45/cgroup.net") = 0 [ 227.876600][ T5772] dump_header+0x10a/0xd70 [ 227.881125][ T5772] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 227.887280][ T5772] out_of_memory+0xd64/0x1660 [ 227.892043][ T5772] ? oom_killer_disable+0x2b0/0x2b0 [ 227.897330][ T5772] mem_cgroup_out_of_memory+0x206/0x270 [ 227.902956][ T5772] ? mem_cgroup_margin+0x130/0x130 [ 227.908166][ T5772] memory_max_write+0x2f9/0x3c0 [ 227.913097][ T5772] ? mem_cgroup_force_empty_write+0x160/0x160 [ 227.919237][ T5772] ? lock_sync+0x190/0x190 [ 227.923716][ T5772] cgroup_file_write+0x1e2/0x7b0 [ 227.928736][ T5772] ? mem_cgroup_force_empty_write+0x160/0x160 [ 227.934890][ T5772] ? kill_css+0x3b0/0x3b0 [ 227.939287][ T5772] ? lock_acquire+0x32/0xc0 [ 227.943863][ T5772] ? kill_css+0x3b0/0x3b0 [ 227.948261][ T5772] kernfs_fop_write_iter+0x3f1/0x600 [ 227.953632][ T5772] vfs_write+0x9ed/0xe10 [ 227.957960][ T5772] ? kernel_write+0x670/0x670 [ 227.962720][ T5772] ? find_held_lock+0x2d/0x110 [ 227.967567][ T5772] ? __fget_light+0x20a/0x270 [ 227.972314][ T5772] ksys_write+0x12b/0x250 [ 227.976697][ T5772] ? __ia32_sys_read+0xb0/0xb0 [ 227.981558][ T5772] ? lockdep_hardirqs_on+0x7d/0x100 [ 227.986823][ T5772] ? _raw_spin_unlock_irq+0x2e/0x50 [ 227.992086][ T5772] ? ptrace_notify+0xfe/0x140 [ 227.996817][ T5772] do_syscall_64+0x39/0xb0 [ 228.001315][ T5772] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 228.007279][ T5772] RIP: 0033:0x7faecf034129 [ 228.011757][ T5772] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 228.031395][ T5772] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 228.039864][ T5772] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 228.047878][ T5772] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 228.055908][ T5772] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 228.063930][ T5772] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5086] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./45/file0") = 0 [pid 5086] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 228.071945][ T5772] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002d [ 228.079961][ T5772] [ 228.094279][ T5772] memory: usage 8kB, limit 0kB, failcnt 36 [ 228.100161][ T5772] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 228.107658][ T5772] Memory cgroup stats for /syz1: [ 228.107942][ T5772] anon 0 [ 228.107942][ T5772] file 0 [ 228.107942][ T5772] kernel 8192 [ 228.107942][ T5772] kernel_stack 0 [pid 5086] unlink("./45/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./45") = 0 [pid 5086] mkdir("./46", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 48 ./strace-static-x86_64: Process 5776 attached [pid 5776] chdir("./46") = 0 [pid 5776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5776] setpgid(0, 0) = 0 [pid 5776] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5776] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [ 228.107942][ T5772] pagetables 0 [ 228.107942][ T5772] sec_pagetables 0 [ 228.107942][ T5772] percpu 0 [ 228.107942][ T5772] sock 0 [ 228.107942][ T5772] vmalloc 0 [ 228.107942][ T5772] shmem 0 [ 228.107942][ T5772] zswap 0 [ 228.107942][ T5772] zswapped 0 [ 228.107942][ T5772] file_mapped 0 [ 228.107942][ T5772] file_dirty 0 [ 228.107942][ T5772] file_writeback 0 [ 228.107942][ T5772] swapcached 0 [ 228.107942][ T5772] anon_thp 0 [ 228.107942][ T5772] file_thp 0 [ 228.107942][ T5772] shmem_thp 0 [ 228.107942][ T5772] inactive_anon 0 [pid 5776] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5776] write(3, "1000", 4) = 4 [pid 5776] close(3) = 0 [pid 5776] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5776] mkdir("./file0", 000) = 0 [pid 5776] open("./file0", O_RDONLY) = 3 [pid 5776] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5776] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5776] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5776] openat(5, "memory.max", O_RDWR) = 6 [ 228.107942][ T5772] active_anon 0 [ 228.107942][ T5772] inactive_file 0 [ 228.107942][ T5772] active_file 0 [ 228.107942][ T5772] unevictable 0 [ 228.107942][ T5772] slab_reclaimable 6752 [ 228.107942][ T5772] slab_unreclaimable 0 [ 228.107942][ T5772] slab 6752 [ 228.107942][ T5772] workingset_refault_anon 0 [ 228.107942][ T5772] workingset_refault_file 0 [ 228.107942][ T5772] workingset_activate_anon 0 [ 228.107942][ T5772] workingset_activate_file 0 [ 228.107942][ T5772] workingset_restore_anon 0 [ 228.107942][ T5772] workingset_restore_file 0 [ 228.107942][ T5772] workingset_nodereclaim 0 [ 228.107942][ T5772] pgscan 831 [ 228.107942][ T5772] pgsteal 2 [ 228.107942][ T5772] pgscan_kswapd 0 [ 228.107942][ T5772] pgscan_direct 831 [ 228.107942][ T5772] pgscan_khugepaged 0 [ 228.107942][ T5772] pgsteal_kswapd 0 [ 228.107942][ T5772] pgsteal_direct 2 [ 228.107942][ T5772] pgsteal_khugepaged 0 [ 228.107942][ T5772] pgfault 21 [ 228.107942][ T5772] pgmajfault 0 [ 228.107942][ T5772] pgrefill 830 [ 228.107942][ T5772] pgactivate 829 [ 228.107942][ T5772] pgdeactivate 830 [ 228.107942][ T5772] pglazyfree 0 [ 228.107942][ T5772] pglazyfreed 0 [ 228.107942][ T5772] zswpin 0 [ 228.107942][ T5772] zswpout 0 [ 228.107942][ T5772] thp_fault_alloc 0 [ 228.107942][ T5772] thp_collapse_alloc 0 [ 228.300034][ T5772] Tasks state (memory values in pages): [ 228.306969][ T5772] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 228.316984][ T5772] Out of memory and no killable processes... [pid 5776] write(6, "0x000000000000040e", 18 [pid 5772] <... write resumed>) = 18 [pid 5772] close(3) = 0 [pid 5772] close(4) = 0 [pid 5772] close(5) = 0 [pid 5772] close(6) = 0 [pid 5772] close(7) = -1 EBADF (Bad file descriptor) [pid 5772] close(8) = -1 EBADF (Bad file descriptor) [pid 5772] close(9) = -1 EBADF (Bad file descriptor) [pid 5772] close(10) = -1 EBADF (Bad file descriptor) [pid 5772] close(11) = -1 EBADF (Bad file descriptor) [pid 5772] close(12) = -1 EBADF (Bad file descriptor) [ 228.323513][ T5773] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 228.334312][ T5773] CPU: 1 PID: 5773 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 228.344276][ T5773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 228.354376][ T5773] Call Trace: [ 228.357693][ T5773] [ 228.360671][ T5773] dump_stack_lvl+0x136/0x150 [ 228.365436][ T5773] dump_header+0x10a/0xd70 [ 228.369940][ T5773] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5772] close(13) = -1 EBADF (Bad file descriptor) [pid 5772] close(14) = -1 EBADF (Bad file descriptor) [pid 5772] close(15) = -1 EBADF (Bad file descriptor) [pid 5772] close(16) = -1 EBADF (Bad file descriptor) [pid 5772] close(17) = -1 EBADF (Bad file descriptor) [pid 5772] close(18) = -1 EBADF (Bad file descriptor) [pid 5772] close(19) = -1 EBADF (Bad file descriptor) [pid 5772] close(20) = -1 EBADF (Bad file descriptor) [pid 5772] close(21) = -1 EBADF (Bad file descriptor) [pid 5772] close(22) = -1 EBADF (Bad file descriptor) [pid 5772] close(23) = -1 EBADF (Bad file descriptor) [pid 5772] close(24) = -1 EBADF (Bad file descriptor) [pid 5772] close(25) = -1 EBADF (Bad file descriptor) [pid 5772] close(26) = -1 EBADF (Bad file descriptor) [pid 5772] close(27) = -1 EBADF (Bad file descriptor) [pid 5772] close(28) = -1 EBADF (Bad file descriptor) [pid 5772] close(29) = -1 EBADF (Bad file descriptor) [pid 5772] exit_group(0) = ? [pid 5772] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 228.376107][ T5773] out_of_memory+0xd64/0x1660 [ 228.380876][ T5773] ? oom_killer_disable+0x2b0/0x2b0 [ 228.386163][ T5773] ? find_held_lock+0x2d/0x110 [ 228.391006][ T5773] mem_cgroup_out_of_memory+0x206/0x270 [ 228.396628][ T5773] ? mem_cgroup_margin+0x130/0x130 [ 228.401821][ T5773] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 228.407719][ T5773] memory_max_write+0x2f9/0x3c0 [ 228.412660][ T5773] ? mem_cgroup_force_empty_write+0x160/0x160 [ 228.418817][ T5773] ? lock_sync+0x190/0x190 [ 228.423315][ T5773] cgroup_file_write+0x1e2/0x7b0 [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./45/binderfs") = 0 [pid 5085] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./45/cgroup") = 0 [pid 5085] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./45/cgroup.net") = 0 [ 228.428336][ T5773] ? mem_cgroup_force_empty_write+0x160/0x160 [ 228.434488][ T5773] ? kill_css+0x3b0/0x3b0 [ 228.438902][ T5773] ? lock_acquire+0x32/0xc0 [ 228.443496][ T5773] ? kill_css+0x3b0/0x3b0 [ 228.447893][ T5773] kernfs_fop_write_iter+0x3f1/0x600 [ 228.453261][ T5773] vfs_write+0x9ed/0xe10 [ 228.457594][ T5773] ? kernel_write+0x670/0x670 [ 228.462369][ T5773] ? find_held_lock+0x2d/0x110 [ 228.467234][ T5773] ? __fget_light+0x20a/0x270 [ 228.472002][ T5773] ksys_write+0x12b/0x250 [ 228.476410][ T5773] ? __ia32_sys_read+0xb0/0xb0 [ 228.481254][ T5773] ? lockdep_hardirqs_on+0x7d/0x100 [ 228.486519][ T5773] ? _raw_spin_unlock_irq+0x2e/0x50 [ 228.491794][ T5773] ? ptrace_notify+0xfe/0x140 [ 228.496537][ T5773] do_syscall_64+0x39/0xb0 [ 228.501029][ T5773] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 228.506998][ T5773] RIP: 0033:0x7faecf034129 [ 228.511471][ T5773] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 228.531138][ T5773] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 228.539586][ T5773] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 228.547593][ T5773] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 228.555617][ T5773] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 228.563659][ T5773] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 228.571671][ T5773] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000030 [pid 5085] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./45/file0") = 0 [pid 5085] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 228.579684][ T5773] [ 228.592345][ T5773] memory: usage 8kB, limit 0kB, failcnt 36 [ 228.598225][ T5773] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 228.605212][ T5773] Memory cgroup stats for /syz1: [ 228.605481][ T5773] anon 0 [ 228.605481][ T5773] file 0 [ 228.605481][ T5773] kernel 8192 [ 228.605481][ T5773] kernel_stack 0 [ 228.605481][ T5773] pagetables 0 [ 228.605481][ T5773] sec_pagetables 0 [pid 5085] unlink("./45/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./45") = 0 [pid 5085] mkdir("./46", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 48 ./strace-static-x86_64: Process 5777 attached [pid 5777] chdir("./46") = 0 [pid 5777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5777] setpgid(0, 0) = 0 [pid 5777] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 228.605481][ T5773] percpu 0 [ 228.605481][ T5773] sock 0 [ 228.605481][ T5773] vmalloc 0 [ 228.605481][ T5773] shmem 0 [ 228.605481][ T5773] zswap 0 [ 228.605481][ T5773] zswapped 0 [ 228.605481][ T5773] file_mapped 0 [ 228.605481][ T5773] file_dirty 0 [ 228.605481][ T5773] file_writeback 0 [ 228.605481][ T5773] swapcached 0 [ 228.605481][ T5773] anon_thp 0 [ 228.605481][ T5773] file_thp 0 [ 228.605481][ T5773] shmem_thp 0 [ 228.605481][ T5773] inactive_anon 0 [ 228.605481][ T5773] active_anon 0 [ 228.605481][ T5773] inactive_file 0 [pid 5777] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5777] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5777] write(3, "1000", 4) = 4 [pid 5777] close(3) = 0 [pid 5777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5777] mkdir("./file0", 000) = 0 [pid 5777] open("./file0", O_RDONLY) = 3 [pid 5777] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5777] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5777] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 228.605481][ T5773] active_file 0 [ 228.605481][ T5773] unevictable 0 [ 228.605481][ T5773] slab_reclaimable 6752 [ 228.605481][ T5773] slab_unreclaimable 0 [ 228.605481][ T5773] slab 6752 [ 228.605481][ T5773] workingset_refault_anon 0 [ 228.605481][ T5773] workingset_refault_file 0 [ 228.605481][ T5773] workingset_activate_anon 0 [ 228.605481][ T5773] workingset_activate_file 0 [ 228.605481][ T5773] workingset_restore_anon 0 [ 228.605481][ T5773] workingset_restore_file 0 [ 228.605481][ T5773] workingset_nodereclaim 0 [ 228.605481][ T5773] pgscan 831 [ 228.605481][ T5773] pgsteal 2 [ 228.605481][ T5773] pgscan_kswapd 0 [ 228.605481][ T5773] pgscan_direct 831 [ 228.605481][ T5773] pgscan_khugepaged 0 [ 228.605481][ T5773] pgsteal_kswapd 0 [ 228.605481][ T5773] pgsteal_direct 2 [ 228.605481][ T5773] pgsteal_khugepaged 0 [ 228.605481][ T5773] pgfault 21 [ 228.605481][ T5773] pgmajfault 0 [ 228.605481][ T5773] pgrefill 830 [ 228.605481][ T5773] pgactivate 829 [ 228.605481][ T5773] pgdeactivate 830 [ 228.605481][ T5773] pglazyfree 0 [ 228.605481][ T5773] pglazyfreed 0 [ 228.605481][ T5773] zswpin 0 [pid 5777] openat(5, "memory.max", O_RDWR) = 6 [ 228.605481][ T5773] zswpout 0 [ 228.605481][ T5773] thp_fault_alloc 0 [ 228.605481][ T5773] thp_collapse_alloc 0 [ 228.802724][ T5773] Tasks state (memory values in pages): [ 228.808348][ T5773] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 228.818029][ T5773] Out of memory and no killable processes... [pid 5777] write(6, "0x000000000000040e", 18 [pid 5773] <... write resumed>) = 18 [pid 5773] close(3) = 0 [pid 5773] close(4) = 0 [pid 5773] close(5) = 0 [pid 5773] close(6) = 0 [pid 5773] close(7) = -1 EBADF (Bad file descriptor) [pid 5773] close(8) = -1 EBADF (Bad file descriptor) [pid 5773] close(9) = -1 EBADF (Bad file descriptor) [pid 5773] close(10) = -1 EBADF (Bad file descriptor) [pid 5773] close(11) = -1 EBADF (Bad file descriptor) [pid 5773] close(12) = -1 EBADF (Bad file descriptor) [pid 5773] close(13) = -1 EBADF (Bad file descriptor) [pid 5773] close(14) = -1 EBADF (Bad file descriptor) [pid 5773] close(15) = -1 EBADF (Bad file descriptor) [pid 5773] close(16) = -1 EBADF (Bad file descriptor) [pid 5773] close(17) = -1 EBADF (Bad file descriptor) [pid 5773] close(18) = -1 EBADF (Bad file descriptor) [pid 5773] close(19) = -1 EBADF (Bad file descriptor) [pid 5773] close(20) = -1 EBADF (Bad file descriptor) [pid 5773] close(21) = -1 EBADF (Bad file descriptor) [pid 5773] close(22) = -1 EBADF (Bad file descriptor) [pid 5773] close(23) = -1 EBADF (Bad file descriptor) [pid 5773] close(24) = -1 EBADF (Bad file descriptor) [pid 5773] close(25) = -1 EBADF (Bad file descriptor) [pid 5773] close(26) = -1 EBADF (Bad file descriptor) [pid 5773] close(27) = -1 EBADF (Bad file descriptor) [pid 5773] close(28) = -1 EBADF (Bad file descriptor) [pid 5773] close(29) = -1 EBADF (Bad file descriptor) [pid 5773] exit_group(0) = ? [pid 5773] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5089] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./48/binderfs") = 0 [pid 5089] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./48/cgroup") = 0 [pid 5089] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./48/cgroup.net") = 0 [ 228.824572][ T5774] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 228.847303][ T5774] CPU: 1 PID: 5774 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 228.857275][ T5774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 228.867384][ T5774] Call Trace: [ 228.870721][ T5774] [ 228.873704][ T5774] dump_stack_lvl+0x136/0x150 [ 228.878456][ T5774] dump_header+0x10a/0xd70 [ 228.882945][ T5774] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 228.889121][ T5774] out_of_memory+0xd64/0x1660 [ 228.893892][ T5774] ? oom_killer_disable+0x2b0/0x2b0 [ 228.899184][ T5774] mem_cgroup_out_of_memory+0x206/0x270 [ 228.904816][ T5774] ? mem_cgroup_margin+0x130/0x130 [ 228.910027][ T5774] memory_max_write+0x2f9/0x3c0 [ 228.914957][ T5774] ? mem_cgroup_force_empty_write+0x160/0x160 [ 228.921115][ T5774] ? lock_sync+0x190/0x190 [ 228.925606][ T5774] cgroup_file_write+0x1e2/0x7b0 [ 228.930633][ T5774] ? mem_cgroup_force_empty_write+0x160/0x160 [ 228.936779][ T5774] ? kill_css+0x3b0/0x3b0 [ 228.941187][ T5774] ? lock_acquire+0x32/0xc0 [ 228.945757][ T5774] ? kill_css+0x3b0/0x3b0 [ 228.950135][ T5774] kernfs_fop_write_iter+0x3f1/0x600 [ 228.955497][ T5774] vfs_write+0x9ed/0xe10 [ 228.959813][ T5774] ? kernel_write+0x670/0x670 [ 228.964548][ T5774] ? find_held_lock+0x2d/0x110 [ 228.969358][ T5774] ? __fget_light+0x20a/0x270 [ 228.974088][ T5774] ksys_write+0x12b/0x250 [ 228.978464][ T5774] ? __ia32_sys_read+0xb0/0xb0 [ 228.983274][ T5774] ? lockdep_hardirqs_on+0x7d/0x100 [ 228.988516][ T5774] ? _raw_spin_unlock_irq+0x2e/0x50 [ 228.993761][ T5774] ? ptrace_notify+0xfe/0x140 [ 228.998480][ T5774] do_syscall_64+0x39/0xb0 [ 229.002944][ T5774] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 229.008875][ T5774] RIP: 0033:0x7faecf034129 [ 229.013322][ T5774] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 229.032980][ T5774] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 229.041427][ T5774] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 229.049425][ T5774] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 229.057417][ T5774] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 229.065429][ T5774] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 229.073438][ T5774] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002f [pid 5089] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 229.081472][ T5774] [ 229.094620][ T5774] memory: usage 8kB, limit 0kB, failcnt 36 [ 229.100630][ T5774] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 229.110066][ T5774] Memory cgroup stats for /syz1: [ 229.112173][ T5774] anon 0 [ 229.112173][ T5774] file 0 [ 229.112173][ T5774] kernel 8192 [ 229.112173][ T5774] kernel_stack 0 [ 229.112173][ T5774] pagetables 0 [ 229.112173][ T5774] sec_pagetables 0 [ 229.112173][ T5774] percpu 0 [ 229.112173][ T5774] sock 0 [ 229.112173][ T5774] vmalloc 0 [ 229.112173][ T5774] shmem 0 [ 229.112173][ T5774] zswap 0 [ 229.112173][ T5774] zswapped 0 [ 229.112173][ T5774] file_mapped 0 [ 229.112173][ T5774] file_dirty 0 [ 229.112173][ T5774] file_writeback 0 [ 229.112173][ T5774] swapcached 0 [ 229.112173][ T5774] anon_thp 0 [ 229.112173][ T5774] file_thp 0 [ 229.112173][ T5774] shmem_thp 0 [ 229.112173][ T5774] inactive_anon 0 [ 229.112173][ T5774] active_anon 0 [ 229.112173][ T5774] inactive_file 0 [ 229.112173][ T5774] active_file 0 [ 229.112173][ T5774] unevictable 0 [ 229.112173][ T5774] slab_reclaimable 6752 [ 229.112173][ T5774] slab_unreclaimable 0 [ 229.112173][ T5774] slab 6752 [ 229.112173][ T5774] workingset_refault_anon 0 [ 229.112173][ T5774] workingset_refault_file 0 [ 229.112173][ T5774] workingset_activate_anon 0 [ 229.112173][ T5774] workingset_activate_file 0 [ 229.112173][ T5774] workingset_restore_anon 0 [ 229.112173][ T5774] workingset_restore_file 0 [ 229.112173][ T5774] workingset_nodereclaim 0 [ 229.112173][ T5774] pgscan 831 [ 229.112173][ T5774] pgsteal 2 [ 229.112173][ T5774] pgscan_kswapd 0 [ 229.112173][ T5774] pgscan_direct 831 [ 229.112173][ T5774] pgscan_khugepaged 0 [ 229.112173][ T5774] pgsteal_kswapd 0 [ 229.112173][ T5774] pgsteal_direct 2 [ 229.112173][ T5774] pgsteal_khugepaged 0 [ 229.112173][ T5774] pgfault 21 [ 229.112173][ T5774] pgmajfault 0 [ 229.112173][ T5774] pgrefill 830 [ 229.112173][ T5774] pgactivate 829 [ 229.112173][ T5774] pgdeactivate 830 [ 229.112173][ T5774] pglazyfree 0 [pid 5089] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./48/file0") = 0 [pid 5089] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./48/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./48") = 0 [pid 5089] mkdir("./49", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5778 attached [pid 5778] chdir("./49" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 51 [pid 5778] <... chdir resumed>) = 0 [pid 5778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 229.112173][ T5774] pglazyfreed 0 [ 229.112173][ T5774] zswpin 0 [ 229.112173][ T5774] zswpout 0 [ 229.112173][ T5774] thp_fault_alloc 0 [ 229.112173][ T5774] thp_collapse_alloc 0 [ 229.313977][ T5774] Tasks state (memory values in pages): [ 229.320676][ T5774] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5778] setpgid(0, 0) = 0 [pid 5778] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5778] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5778] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5778] write(3, "1000", 4) = 4 [pid 5778] close(3) = 0 [pid 5778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5778] mkdir("./file0", 000) = 0 [pid 5778] open("./file0", O_RDONLY) = 3 [pid 5778] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5778] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5778] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5778] openat(5, "memory.max", O_RDWR) = 6 [pid 5778] write(6, "0x000000000000040e", 18 [pid 5774] <... write resumed>) = 18 [pid 5774] close(3) = 0 [pid 5774] close(4) = 0 [pid 5774] close(5) = 0 [ 229.339934][ T5774] Out of memory and no killable processes... [ 229.361652][ T5775] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 229.380143][ T5775] CPU: 0 PID: 5775 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 229.390136][ T5775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 229.400249][ T5775] Call Trace: [ 229.403593][ T5775] [ 229.406586][ T5775] dump_stack_lvl+0x136/0x150 [ 229.411330][ T5775] dump_header+0x10a/0xd70 [ 229.415822][ T5775] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 229.421987][ T5775] out_of_memory+0xd64/0x1660 [ 229.426754][ T5775] ? oom_killer_disable+0x2b0/0x2b0 [ 229.432027][ T5775] ? find_held_lock+0x2d/0x110 [pid 5774] close(6) = 0 [pid 5774] close(7) = -1 EBADF (Bad file descriptor) [pid 5774] close(8) = -1 EBADF (Bad file descriptor) [pid 5774] close(9) = -1 EBADF (Bad file descriptor) [pid 5774] close(10) = -1 EBADF (Bad file descriptor) [pid 5774] close(11) = -1 EBADF (Bad file descriptor) [pid 5774] close(12) = -1 EBADF (Bad file descriptor) [pid 5774] close(13) = -1 EBADF (Bad file descriptor) [pid 5774] close(14) = -1 EBADF (Bad file descriptor) [pid 5774] close(15) = -1 EBADF (Bad file descriptor) [pid 5774] close(16) = -1 EBADF (Bad file descriptor) [pid 5774] close(17) = -1 EBADF (Bad file descriptor) [pid 5774] close(18) = -1 EBADF (Bad file descriptor) [pid 5774] close(19) = -1 EBADF (Bad file descriptor) [pid 5774] close(20) = -1 EBADF (Bad file descriptor) [pid 5774] close(21) = -1 EBADF (Bad file descriptor) [pid 5774] close(22) = -1 EBADF (Bad file descriptor) [pid 5774] close(23) = -1 EBADF (Bad file descriptor) [pid 5774] close(24) = -1 EBADF (Bad file descriptor) [pid 5774] close(25) = -1 EBADF (Bad file descriptor) [pid 5774] close(26) = -1 EBADF (Bad file descriptor) [ 229.436857][ T5775] mem_cgroup_out_of_memory+0x206/0x270 [ 229.442500][ T5775] ? mem_cgroup_margin+0x130/0x130 [ 229.447708][ T5775] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 229.453606][ T5775] memory_max_write+0x2f9/0x3c0 [ 229.458542][ T5775] ? mem_cgroup_force_empty_write+0x160/0x160 [ 229.464704][ T5775] ? lock_sync+0x190/0x190 [ 229.469202][ T5775] cgroup_file_write+0x1e2/0x7b0 [ 229.474222][ T5775] ? mem_cgroup_force_empty_write+0x160/0x160 [ 229.480368][ T5775] ? kill_css+0x3b0/0x3b0 [ 229.484772][ T5775] ? lock_acquire+0x32/0xc0 [pid 5774] close(27) = -1 EBADF (Bad file descriptor) [pid 5774] close(28) = -1 EBADF (Bad file descriptor) [pid 5774] close(29) = -1 EBADF (Bad file descriptor) [pid 5774] exit_group(0) = ? [pid 5774] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 229.489342][ T5775] ? kill_css+0x3b0/0x3b0 [ 229.493748][ T5775] kernfs_fop_write_iter+0x3f1/0x600 [ 229.499115][ T5775] vfs_write+0x9ed/0xe10 [ 229.503548][ T5775] ? kernel_write+0x670/0x670 [ 229.508320][ T5775] ? find_held_lock+0x2d/0x110 [ 229.513174][ T5775] ? __fget_light+0x20a/0x270 [ 229.517943][ T5775] ksys_write+0x12b/0x250 [ 229.522407][ T5775] ? __ia32_sys_read+0xb0/0xb0 [ 229.527254][ T5775] ? lockdep_hardirqs_on+0x7d/0x100 [ 229.532518][ T5775] ? _raw_spin_unlock_irq+0x2e/0x50 [ 229.537793][ T5775] ? ptrace_notify+0xfe/0x140 [ 229.542553][ T5775] do_syscall_64+0x39/0xb0 [ 229.547049][ T5775] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 229.553016][ T5775] RIP: 0033:0x7faecf034129 [ 229.557486][ T5775] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 229.577157][ T5775] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5087] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./47/binderfs") = 0 [pid 5087] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./47/cgroup") = 0 [pid 5087] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./47/cgroup.net") = 0 [pid 5087] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 229.585638][ T5775] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 229.593659][ T5775] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 229.601680][ T5775] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 229.609712][ T5775] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 229.617735][ T5775] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000031 [ 229.625788][ T5775] [ 229.633419][ T5775] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5087] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./47/file0") = 0 [pid 5087] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./47/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./47") = 0 [pid 5087] mkdir("./48", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 50 [ 229.639713][ T5775] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 229.647478][ T5775] Memory cgroup stats for /syz1: [ 229.648030][ T5775] anon 0 [ 229.648030][ T5775] file 0 [ 229.648030][ T5775] kernel 8192 [ 229.648030][ T5775] kernel_stack 0 [ 229.648030][ T5775] pagetables 0 [ 229.648030][ T5775] sec_pagetables 0 [ 229.648030][ T5775] percpu 0 [ 229.648030][ T5775] sock 0 [ 229.648030][ T5775] vmalloc 0 [ 229.648030][ T5775] shmem 0 [ 229.648030][ T5775] zswap 0 [ 229.648030][ T5775] zswapped 0 ./strace-static-x86_64: Process 5779 attached [pid 5779] chdir("./48") = 0 [pid 5779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5779] setpgid(0, 0) = 0 [pid 5779] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5779] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5779] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5779] write(3, "1000", 4) = 4 [pid 5779] close(3) = 0 [ 229.648030][ T5775] file_mapped 0 [ 229.648030][ T5775] file_dirty 0 [ 229.648030][ T5775] file_writeback 0 [ 229.648030][ T5775] swapcached 0 [ 229.648030][ T5775] anon_thp 0 [ 229.648030][ T5775] file_thp 0 [ 229.648030][ T5775] shmem_thp 0 [ 229.648030][ T5775] inactive_anon 0 [ 229.648030][ T5775] active_anon 0 [ 229.648030][ T5775] inactive_file 0 [ 229.648030][ T5775] active_file 0 [ 229.648030][ T5775] unevictable 0 [ 229.648030][ T5775] slab_reclaimable 6752 [ 229.648030][ T5775] slab_unreclaimable 0 [ 229.648030][ T5775] slab 6752 [pid 5779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5779] mkdir("./file0", 000) = 0 [ 229.648030][ T5775] workingset_refault_anon 0 [ 229.648030][ T5775] workingset_refault_file 0 [ 229.648030][ T5775] workingset_activate_anon 0 [ 229.648030][ T5775] workingset_activate_file 0 [ 229.648030][ T5775] workingset_restore_anon 0 [ 229.648030][ T5775] workingset_restore_file 0 [ 229.648030][ T5775] workingset_nodereclaim 0 [ 229.648030][ T5775] pgscan 831 [ 229.648030][ T5775] pgsteal 2 [ 229.648030][ T5775] pgscan_kswapd 0 [ 229.648030][ T5775] pgscan_direct 831 [ 229.648030][ T5775] pgscan_khugepaged 0 [ 229.648030][ T5775] pgsteal_kswapd 0 [pid 5779] open("./file0", O_RDONLY) = 3 [pid 5779] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5779] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5779] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5779] openat(5, "memory.max", O_RDWR) = 6 [ 229.648030][ T5775] pgsteal_direct 2 [ 229.648030][ T5775] pgsteal_khugepaged 0 [ 229.648030][ T5775] pgfault 21 [ 229.648030][ T5775] pgmajfault 0 [ 229.648030][ T5775] pgrefill 830 [ 229.648030][ T5775] pgactivate 829 [ 229.648030][ T5775] pgdeactivate 830 [ 229.648030][ T5775] pglazyfree 0 [ 229.648030][ T5775] pglazyfreed 0 [ 229.648030][ T5775] zswpin 0 [ 229.648030][ T5775] zswpout 0 [ 229.648030][ T5775] thp_fault_alloc 0 [ 229.648030][ T5775] thp_collapse_alloc 0 [pid 5779] write(6, "0x000000000000040e", 18 [pid 5775] <... write resumed>) = 18 [pid 5775] close(3) = 0 [pid 5775] close(4) = 0 [pid 5775] close(5) = 0 [pid 5775] close(6) = 0 [pid 5775] close(7) = -1 EBADF (Bad file descriptor) [pid 5775] close(8) = -1 EBADF (Bad file descriptor) [pid 5775] close(9) = -1 EBADF (Bad file descriptor) [pid 5775] close(10) = -1 EBADF (Bad file descriptor) [pid 5775] close(11) = -1 EBADF (Bad file descriptor) [ 229.856877][ T5775] Tasks state (memory values in pages): [ 229.862907][ T5775] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 229.872601][ T5775] Out of memory and no killable processes... [ 229.878683][ T5776] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 229.891258][ T5776] CPU: 0 PID: 5776 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5775] close(12) = -1 EBADF (Bad file descriptor) [pid 5775] close(13) = -1 EBADF (Bad file descriptor) [pid 5775] close(14) = -1 EBADF (Bad file descriptor) [pid 5775] close(15) = -1 EBADF (Bad file descriptor) [pid 5775] close(16) = -1 EBADF (Bad file descriptor) [pid 5775] close(17) = -1 EBADF (Bad file descriptor) [pid 5775] close(18) = -1 EBADF (Bad file descriptor) [pid 5775] close(19) = -1 EBADF (Bad file descriptor) [pid 5775] close(20) = -1 EBADF (Bad file descriptor) [pid 5775] close(21) = -1 EBADF (Bad file descriptor) [pid 5775] close(22) = -1 EBADF (Bad file descriptor) [pid 5775] close(23) = -1 EBADF (Bad file descriptor) [pid 5775] close(24) = -1 EBADF (Bad file descriptor) [pid 5775] close(25) = -1 EBADF (Bad file descriptor) [pid 5775] close(26) = -1 EBADF (Bad file descriptor) [pid 5775] close(27) = -1 EBADF (Bad file descriptor) [pid 5775] close(28) = -1 EBADF (Bad file descriptor) [ 229.901246][ T5776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 229.911365][ T5776] Call Trace: [ 229.914706][ T5776] [ 229.917704][ T5776] dump_stack_lvl+0x136/0x150 [ 229.922462][ T5776] dump_header+0x10a/0xd70 [ 229.926942][ T5776] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 229.933104][ T5776] out_of_memory+0xd64/0x1660 [ 229.937882][ T5776] ? oom_killer_disable+0x2b0/0x2b0 [ 229.943174][ T5776] mem_cgroup_out_of_memory+0x206/0x270 [ 229.948795][ T5776] ? mem_cgroup_margin+0x130/0x130 [ 229.953994][ T5776] memory_max_write+0x2f9/0x3c0 [ 229.958908][ T5776] ? mem_cgroup_force_empty_write+0x160/0x160 [ 229.965029][ T5776] ? lock_sync+0x190/0x190 [ 229.969489][ T5776] cgroup_file_write+0x1e2/0x7b0 [ 229.974475][ T5776] ? mem_cgroup_force_empty_write+0x160/0x160 [ 229.980590][ T5776] ? kill_css+0x3b0/0x3b0 [ 229.984967][ T5776] ? lock_acquire+0x32/0xc0 [ 229.989517][ T5776] ? kill_css+0x3b0/0x3b0 [ 229.993894][ T5776] kernfs_fop_write_iter+0x3f1/0x600 [ 229.999234][ T5776] vfs_write+0x9ed/0xe10 [pid 5775] close(29) = -1 EBADF (Bad file descriptor) [ 230.003529][ T5776] ? kernel_write+0x670/0x670 [ 230.008261][ T5776] ? find_held_lock+0x2d/0x110 [ 230.013075][ T5776] ? __fget_light+0x20a/0x270 [ 230.017806][ T5776] ksys_write+0x12b/0x250 [ 230.022206][ T5776] ? __ia32_sys_read+0xb0/0xb0 [ 230.027086][ T5776] ? lockdep_hardirqs_on+0x7d/0x100 [ 230.032339][ T5776] ? _raw_spin_unlock_irq+0x2e/0x50 [ 230.037588][ T5776] ? ptrace_notify+0xfe/0x140 [ 230.042338][ T5776] do_syscall_64+0x39/0xb0 [ 230.046819][ T5776] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 230.052745][ T5776] RIP: 0033:0x7faecf034129 [ 230.057191][ T5776] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 230.076915][ T5776] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 230.085478][ T5776] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 230.093617][ T5776] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5775] exit_group(0) = ? [pid 5775] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 230.101633][ T5776] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 230.109642][ T5776] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 230.117641][ T5776] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002e [ 230.125663][ T5776] [ 230.133485][ T5776] memory: usage 8kB, limit 0kB, failcnt 36 [ 230.139382][ T5776] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 230.146480][ T5776] Memory cgroup stats for /syz1: [pid 5090] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./49/binderfs") = 0 [pid 5090] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./49/cgroup") = 0 [pid 5090] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./49/cgroup.net") = 0 [ 230.150414][ T5776] anon 0 [ 230.150414][ T5776] file 0 [ 230.150414][ T5776] kernel 8192 [ 230.150414][ T5776] kernel_stack 0 [ 230.150414][ T5776] pagetables 0 [ 230.150414][ T5776] sec_pagetables 0 [ 230.150414][ T5776] percpu 0 [ 230.150414][ T5776] sock 0 [ 230.150414][ T5776] vmalloc 0 [ 230.150414][ T5776] shmem 0 [ 230.150414][ T5776] zswap 0 [ 230.150414][ T5776] zswapped 0 [ 230.150414][ T5776] file_mapped 0 [ 230.150414][ T5776] file_dirty 0 [ 230.150414][ T5776] file_writeback 0 [ 230.150414][ T5776] swapcached 0 [ 230.150414][ T5776] anon_thp 0 [ 230.150414][ T5776] file_thp 0 [ 230.150414][ T5776] shmem_thp 0 [ 230.150414][ T5776] inactive_anon 0 [ 230.150414][ T5776] active_anon 0 [ 230.150414][ T5776] inactive_file 0 [ 230.150414][ T5776] active_file 0 [ 230.150414][ T5776] unevictable 0 [ 230.150414][ T5776] slab_reclaimable 6752 [ 230.150414][ T5776] slab_unreclaimable 0 [ 230.150414][ T5776] slab 6752 [ 230.150414][ T5776] workingset_refault_anon 0 [ 230.150414][ T5776] workingset_refault_file 0 [ 230.150414][ T5776] workingset_activate_anon 0 [ 230.150414][ T5776] workingset_activate_file 0 [ 230.150414][ T5776] workingset_restore_anon 0 [ 230.150414][ T5776] workingset_restore_file 0 [ 230.150414][ T5776] workingset_nodereclaim 0 [ 230.150414][ T5776] pgscan 831 [ 230.150414][ T5776] pgsteal 2 [ 230.150414][ T5776] pgscan_kswapd 0 [ 230.150414][ T5776] pgscan_direct 831 [ 230.150414][ T5776] pgscan_khugepaged 0 [ 230.150414][ T5776] pgsteal_kswapd 0 [ 230.150414][ T5776] pgsteal_direct 2 [ 230.150414][ T5776] pgsteal_khugepaged 0 [ 230.150414][ T5776] pgfault 21 [ 230.150414][ T5776] pgmajfault 0 [pid 5090] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [ 230.150414][ T5776] pgrefill 830 [ 230.150414][ T5776] pgactivate 829 [ 230.150414][ T5776] pgdeactivate 830 [ 230.150414][ T5776] pglazyfree 0 [ 230.150414][ T5776] pglazyfreed 0 [ 230.150414][ T5776] zswpin 0 [ 230.150414][ T5776] zswpout 0 [ 230.150414][ T5776] thp_fault_alloc 0 [ 230.150414][ T5776] thp_collapse_alloc 0 [ 230.350922][ T5776] Tasks state (memory values in pages): [pid 5090] rmdir("./49/file0") = 0 [pid 5090] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./49/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./49") = 0 [pid 5090] mkdir("./50", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 52 [pid 5776] <... write resumed>) = 18 [pid 5776] close(3) = 0 [pid 5776] close(4) = 0 [ 230.356649][ T5776] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 230.375142][ T5776] Out of memory and no killable processes... [ 230.381258][ T5777] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 230.392544][ T5777] CPU: 0 PID: 5777 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 230.402516][ T5777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 230.412626][ T5777] Call Trace: [ 230.415955][ T5777] [ 230.418927][ T5777] dump_stack_lvl+0x136/0x150 [ 230.423673][ T5777] dump_header+0x10a/0xd70 [ 230.428144][ T5777] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 230.434287][ T5777] out_of_memory+0xd64/0x1660 [ 230.439062][ T5777] ? oom_killer_disable+0x2b0/0x2b0 [ 230.444359][ T5777] mem_cgroup_out_of_memory+0x206/0x270 [ 230.449979][ T5777] ? mem_cgroup_margin+0x130/0x130 [ 230.455175][ T5777] memory_max_write+0x2f9/0x3c0 [ 230.460092][ T5777] ? mem_cgroup_force_empty_write+0x160/0x160 [ 230.466206][ T5777] ? lock_sync+0x190/0x190 [ 230.470657][ T5777] cgroup_file_write+0x1e2/0x7b0 [ 230.475640][ T5777] ? mem_cgroup_force_empty_write+0x160/0x160 [ 230.481751][ T5777] ? kill_css+0x3b0/0x3b0 [ 230.486130][ T5777] ? lock_acquire+0x32/0xc0 [ 230.490677][ T5777] ? kill_css+0x3b0/0x3b0 [ 230.495054][ T5777] kernfs_fop_write_iter+0x3f1/0x600 [ 230.500408][ T5777] vfs_write+0x9ed/0xe10 [ 230.504706][ T5777] ? kernel_write+0x670/0x670 [ 230.509448][ T5777] ? find_held_lock+0x2d/0x110 [ 230.514258][ T5777] ? __fget_light+0x20a/0x270 [ 230.518986][ T5777] ksys_write+0x12b/0x250 [ 230.523365][ T5777] ? __ia32_sys_read+0xb0/0xb0 [ 230.528181][ T5777] ? lockdep_hardirqs_on+0x7d/0x100 [ 230.533430][ T5777] ? _raw_spin_unlock_irq+0x2e/0x50 [ 230.538669][ T5777] ? ptrace_notify+0xfe/0x140 [ 230.543392][ T5777] do_syscall_64+0x39/0xb0 [ 230.547863][ T5777] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 230.553793][ T5777] RIP: 0033:0x7faecf034129 [ 230.558238][ T5777] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 230.577890][ T5777] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 230.586345][ T5777] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 230.594345][ T5777] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 230.602380][ T5777] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5776] close(5./strace-static-x86_64: Process 5780 attached [pid 5780] chdir("./50") = 0 [pid 5780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5780] setpgid(0, 0) = 0 [pid 5780] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5780] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5780] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5780] write(3, "1000", 4) = 4 [pid 5780] close(3) = 0 [pid 5780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5780] mkdir("./file0", 000) = 0 [pid 5780] open("./file0", O_RDONLY) = 3 [pid 5780] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5780] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5780] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5780] openat(5, "memory.max", O_RDWR) = 6 [pid 5780] write(6, "0x000000000000040e", 18 [pid 5776] <... close resumed>) = 0 [pid 5776] close(6) = 0 [pid 5776] close(7) = -1 EBADF (Bad file descriptor) [pid 5776] close(8) = -1 EBADF (Bad file descriptor) [pid 5776] close(9) = -1 EBADF (Bad file descriptor) [pid 5776] close(10) = -1 EBADF (Bad file descriptor) [pid 5776] close(11) = -1 EBADF (Bad file descriptor) [pid 5776] close(12) = -1 EBADF (Bad file descriptor) [pid 5776] close(13) = -1 EBADF (Bad file descriptor) [pid 5776] close(14) = -1 EBADF (Bad file descriptor) [pid 5776] close(15) = -1 EBADF (Bad file descriptor) [pid 5776] close(16) = -1 EBADF (Bad file descriptor) [pid 5776] close(17) = -1 EBADF (Bad file descriptor) [ 230.610378][ T5777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 230.618375][ T5777] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002e [ 230.626400][ T5777] [ 230.635011][ T5777] memory: usage 8kB, limit 0kB, failcnt 36 [ 230.641069][ T5777] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 230.648238][ T5777] Memory cgroup stats for /syz1: [ 230.648517][ T5777] anon 0 [ 230.648517][ T5777] file 0 [pid 5776] close(18) = -1 EBADF (Bad file descriptor) [pid 5776] close(19) = -1 EBADF (Bad file descriptor) [pid 5776] close(20) = -1 EBADF (Bad file descriptor) [pid 5776] close(21) = -1 EBADF (Bad file descriptor) [pid 5776] close(22) = -1 EBADF (Bad file descriptor) [pid 5776] close(23) = -1 EBADF (Bad file descriptor) [pid 5776] close(24) = -1 EBADF (Bad file descriptor) [pid 5776] close(25) = -1 EBADF (Bad file descriptor) [pid 5776] close(26) = -1 EBADF (Bad file descriptor) [pid 5776] close(27) = -1 EBADF (Bad file descriptor) [pid 5776] close(28) = -1 EBADF (Bad file descriptor) [pid 5776] close(29) = -1 EBADF (Bad file descriptor) [pid 5776] exit_group(0) = ? [pid 5776] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5086] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 230.648517][ T5777] kernel 8192 [ 230.648517][ T5777] kernel_stack 0 [ 230.648517][ T5777] pagetables 0 [ 230.648517][ T5777] sec_pagetables 0 [ 230.648517][ T5777] percpu 0 [ 230.648517][ T5777] sock 0 [ 230.648517][ T5777] vmalloc 0 [ 230.648517][ T5777] shmem 0 [ 230.648517][ T5777] zswap 0 [ 230.648517][ T5777] zswapped 0 [ 230.648517][ T5777] file_mapped 0 [ 230.648517][ T5777] file_dirty 0 [ 230.648517][ T5777] file_writeback 0 [ 230.648517][ T5777] swapcached 0 [ 230.648517][ T5777] anon_thp 0 [ 230.648517][ T5777] file_thp 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./46/binderfs") = 0 [pid 5086] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./46/cgroup") = 0 [pid 5086] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./46/cgroup.net") = 0 [ 230.648517][ T5777] shmem_thp 0 [ 230.648517][ T5777] inactive_anon 0 [ 230.648517][ T5777] active_anon 0 [ 230.648517][ T5777] inactive_file 0 [ 230.648517][ T5777] active_file 0 [ 230.648517][ T5777] unevictable 0 [ 230.648517][ T5777] slab_reclaimable 6752 [ 230.648517][ T5777] slab_unreclaimable 0 [ 230.648517][ T5777] slab 6752 [ 230.648517][ T5777] workingset_refault_anon 0 [ 230.648517][ T5777] workingset_refault_file 0 [ 230.648517][ T5777] workingset_activate_anon 0 [ 230.648517][ T5777] workingset_activate_file 0 [ 230.648517][ T5777] workingset_restore_anon 0 [ 230.648517][ T5777] workingset_restore_file 0 [ 230.648517][ T5777] workingset_nodereclaim 0 [ 230.648517][ T5777] pgscan 831 [ 230.648517][ T5777] pgsteal 2 [ 230.648517][ T5777] pgscan_kswapd 0 [ 230.648517][ T5777] pgscan_direct 831 [ 230.648517][ T5777] pgscan_khugepaged 0 [ 230.648517][ T5777] pgsteal_kswapd 0 [ 230.648517][ T5777] pgsteal_direct 2 [ 230.648517][ T5777] pgsteal_khugepaged 0 [ 230.648517][ T5777] pgfault 21 [ 230.648517][ T5777] pgmajfault 0 [ 230.648517][ T5777] pgrefill 830 [ 230.648517][ T5777] pgactivate 829 [pid 5086] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./46/file0") = 0 [pid 5086] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 230.648517][ T5777] pgdeactivate 830 [ 230.648517][ T5777] pglazyfree 0 [ 230.648517][ T5777] pglazyfreed 0 [ 230.648517][ T5777] zswpin 0 [ 230.648517][ T5777] zswpout 0 [ 230.648517][ T5777] thp_fault_alloc 0 [ 230.648517][ T5777] thp_collapse_alloc 0 [ 230.840154][ T5777] Tasks state (memory values in pages): [ 230.846207][ T5777] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5086] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./46/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3 [pid 5777] <... write resumed>) = 18 [pid 5086] <... close resumed>) = 0 [pid 5086] rmdir("./46") = 0 [pid 5086] mkdir("./47", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 49 [ 230.856036][ T5777] Out of memory and no killable processes... [ 230.863256][ T5778] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 230.873973][ T5778] CPU: 1 PID: 5778 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 230.883932][ T5778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 230.894045][ T5778] Call Trace: [ 230.897371][ T5778] [ 230.900352][ T5778] dump_stack_lvl+0x136/0x150 [ 230.905099][ T5778] dump_header+0x10a/0xd70 [ 230.909577][ T5778] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 230.915724][ T5778] out_of_memory+0xd64/0x1660 [ 230.920448][ T5778] ? oom_killer_disable+0x2b0/0x2b0 [ 230.925701][ T5778] mem_cgroup_out_of_memory+0x206/0x270 [ 230.931293][ T5778] ? mem_cgroup_margin+0x130/0x130 [ 230.936474][ T5778] memory_max_write+0x2f9/0x3c0 [ 230.941379][ T5778] ? mem_cgroup_force_empty_write+0x160/0x160 [ 230.947501][ T5778] ? lock_sync+0x190/0x190 [ 230.951966][ T5778] cgroup_file_write+0x1e2/0x7b0 [ 230.956975][ T5778] ? mem_cgroup_force_empty_write+0x160/0x160 [ 230.963116][ T5778] ? kill_css+0x3b0/0x3b0 [ 230.967506][ T5778] ? lock_acquire+0x32/0xc0 [ 230.972059][ T5778] ? kill_css+0x3b0/0x3b0 [ 230.976433][ T5778] kernfs_fop_write_iter+0x3f1/0x600 [ 230.981791][ T5778] vfs_write+0x9ed/0xe10 [ 230.986113][ T5778] ? kernel_write+0x670/0x670 [ 230.990868][ T5778] ? find_held_lock+0x2d/0x110 [ 230.995679][ T5778] ? __fget_light+0x20a/0x270 [ 231.000405][ T5778] ksys_write+0x12b/0x250 [ 231.004784][ T5778] ? __ia32_sys_read+0xb0/0xb0 [ 231.009591][ T5778] ? lockdep_hardirqs_on+0x7d/0x100 [ 231.014833][ T5778] ? _raw_spin_unlock_irq+0x2e/0x50 [ 231.020073][ T5778] ? ptrace_notify+0xfe/0x140 [ 231.024793][ T5778] do_syscall_64+0x39/0xb0 [ 231.029258][ T5778] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 231.035195][ T5778] RIP: 0033:0x7faecf034129 [ 231.039642][ T5778] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 231.059379][ T5778] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 231.067851][ T5778] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 231.075865][ T5778] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 231.083874][ T5778] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 231.091867][ T5778] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 231.099868][ T5778] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000031 [ 231.107885][ T5778] ./strace-static-x86_64: Process 5781 attached [ 231.116349][ T5778] memory: usage 8kB, limit 0kB, failcnt 36 [ 231.122447][ T5778] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 231.129838][ T5778] Memory cgroup stats for /syz1: [ 231.130124][ T5778] anon 0 [ 231.130124][ T5778] file 0 [ 231.130124][ T5778] kernel 8192 [ 231.130124][ T5778] kernel_stack 0 [ 231.130124][ T5778] pagetables 0 [ 231.130124][ T5778] sec_pagetables 0 [ 231.130124][ T5778] percpu 0 [ 231.130124][ T5778] sock 0 [ 231.130124][ T5778] vmalloc 0 [ 231.130124][ T5778] shmem 0 [pid 5781] chdir("./47" [pid 5777] close(3) = 0 [pid 5777] close(4) = 0 [pid 5777] close(5) = 0 [pid 5777] close(6) = 0 [pid 5777] close(7) = -1 EBADF (Bad file descriptor) [pid 5777] close(8) = -1 EBADF (Bad file descriptor) [pid 5777] close(9) = -1 EBADF (Bad file descriptor) [ 231.130124][ T5778] zswap 0 [ 231.130124][ T5778] zswapped 0 [ 231.130124][ T5778] file_mapped 0 [ 231.130124][ T5778] file_dirty 0 [ 231.130124][ T5778] file_writeback 0 [ 231.130124][ T5778] swapcached 0 [ 231.130124][ T5778] anon_thp 0 [ 231.130124][ T5778] file_thp 0 [ 231.130124][ T5778] shmem_thp 0 [ 231.130124][ T5778] inactive_anon 0 [ 231.130124][ T5778] active_anon 0 [ 231.130124][ T5778] inactive_file 0 [ 231.130124][ T5778] active_file 0 [ 231.130124][ T5778] unevictable 0 [ 231.130124][ T5778] slab_reclaimable 6752 [pid 5777] close(10) = -1 EBADF (Bad file descriptor) [pid 5777] close(11) = -1 EBADF (Bad file descriptor) [pid 5777] close(12) = -1 EBADF (Bad file descriptor) [pid 5777] close(13) = -1 EBADF (Bad file descriptor) [pid 5777] close(14) = -1 EBADF (Bad file descriptor) [pid 5777] close(15) = -1 EBADF (Bad file descriptor) [pid 5777] close(16) = -1 EBADF (Bad file descriptor) [pid 5777] close(17) = -1 EBADF (Bad file descriptor) [pid 5777] close(18) = -1 EBADF (Bad file descriptor) [pid 5777] close(19) = -1 EBADF (Bad file descriptor) [pid 5777] close(20) = -1 EBADF (Bad file descriptor) [pid 5777] close(21) = -1 EBADF (Bad file descriptor) [pid 5777] close(22) = -1 EBADF (Bad file descriptor) [pid 5777] close(23) = -1 EBADF (Bad file descriptor) [pid 5777] close(24) = -1 EBADF (Bad file descriptor) [pid 5777] close(25) = -1 EBADF (Bad file descriptor) [pid 5777] close(26) = -1 EBADF (Bad file descriptor) [ 231.130124][ T5778] slab_unreclaimable 0 [ 231.130124][ T5778] slab 6752 [ 231.130124][ T5778] workingset_refault_anon 0 [ 231.130124][ T5778] workingset_refault_file 0 [ 231.130124][ T5778] workingset_activate_anon 0 [ 231.130124][ T5778] workingset_activate_file 0 [ 231.130124][ T5778] workingset_restore_anon 0 [ 231.130124][ T5778] workingset_restore_file 0 [ 231.130124][ T5778] workingset_nodereclaim 0 [ 231.130124][ T5778] pgscan 831 [ 231.130124][ T5778] pgsteal 2 [ 231.130124][ T5778] pgscan_kswapd 0 [ 231.130124][ T5778] pgscan_direct 831 [pid 5777] close(27) = -1 EBADF (Bad file descriptor) [pid 5777] close(28) = -1 EBADF (Bad file descriptor) [pid 5777] close(29) = -1 EBADF (Bad file descriptor) [pid 5777] exit_group(0) = ? [pid 5777] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5085] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5781] <... chdir resumed>) = 0 [pid 5085] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5781] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5781] <... prctl resumed>) = 0 [pid 5085] lstat("./46/binderfs", [pid 5781] setpgid(0, 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5781] <... setpgid resumed>) = 0 [pid 5085] unlink("./46/binderfs" [pid 5781] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5085] <... unlink resumed>) = 0 [pid 5781] <... symlink resumed>) = 0 [pid 5085] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [ 231.130124][ T5778] pgscan_khugepaged 0 [ 231.130124][ T5778] pgsteal_kswapd 0 [ 231.130124][ T5778] pgsteal_direct 2 [ 231.130124][ T5778] pgsteal_khugepaged 0 [ 231.130124][ T5778] pgfault 21 [ 231.130124][ T5778] pgmajfault 0 [ 231.130124][ T5778] pgrefill 830 [ 231.130124][ T5778] pgactivate 829 [ 231.130124][ T5778] pgdeactivate 830 [ 231.130124][ T5778] pglazyfree 0 [ 231.130124][ T5778] pglazyfreed 0 [ 231.130124][ T5778] zswpin 0 [ 231.130124][ T5778] zswpout 0 [ 231.130124][ T5778] thp_fault_alloc 0 [ 231.130124][ T5778] thp_collapse_alloc 0 [pid 5781] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5781] <... symlink resumed>) = 0 [pid 5085] lstat("./46/cgroup", [pid 5781] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5781] <... symlink resumed>) = 0 [pid 5085] unlink("./46/cgroup" [pid 5781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5085] <... unlink resumed>) = 0 [pid 5781] <... openat resumed>) = 3 [pid 5085] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5781] write(3, "1000", 4 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5781] <... write resumed>) = 4 [pid 5085] lstat("./46/cgroup.net", [pid 5781] close(3 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5781] <... close resumed>) = 0 [pid 5085] unlink("./46/cgroup.net" [pid 5781] symlink("/dev/binderfs", "./binderfs" [pid 5085] <... unlink resumed>) = 0 [pid 5781] <... symlink resumed>) = 0 [pid 5085] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5781] mkdir("./file0", 000 [pid 5778] <... write resumed>) = 18 [pid 5085] <... umount2 resumed>) = 0 [pid 5781] <... mkdir resumed>) = 0 [pid 5778] close(3 [pid 5085] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5781] open("./file0", O_RDONLY [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5781] <... open resumed>) = 3 [pid 5085] lstat("./46/file0", [pid 5781] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5781] <... mount resumed>) = 0 [pid 5085] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 231.320883][ T5778] Tasks state (memory values in pages): [ 231.326916][ T5778] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 231.336856][ T5778] Out of memory and no killable processes... [ 231.343565][ T5779] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 231.357938][ T5779] CPU: 1 PID: 5779 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5781] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5781] <... openat resumed>) = 4 [pid 5085] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5781] openat(4, "syz1", O_RDWR|O_PATH [pid 5085] <... openat resumed>) = 4 [pid 5781] <... openat resumed>) = 5 [pid 5085] fstat(4, [pid 5781] openat(5, "memory.max", O_RDWR [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5781] <... openat resumed>) = 6 [pid 5085] getdents64(4, [pid 5781] write(6, "0x000000000000040e", 18 [pid 5085] <... getdents64 resumed>0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./46/file0") = 0 [pid 5085] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./46/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./46") = 0 [pid 5085] mkdir("./47", 0777) = 0 [ 231.367916][ T5779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 231.378034][ T5779] Call Trace: [ 231.381364][ T5779] [ 231.384353][ T5779] dump_stack_lvl+0x136/0x150 [ 231.389120][ T5779] dump_header+0x10a/0xd70 [ 231.393615][ T5779] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 231.399798][ T5779] out_of_memory+0xd64/0x1660 [ 231.404576][ T5779] ? oom_killer_disable+0x2b0/0x2b0 [ 231.409865][ T5779] ? find_held_lock+0x2d/0x110 [ 231.414708][ T5779] mem_cgroup_out_of_memory+0x206/0x270 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 49 [pid 5778] <... close resumed>) = 0 [pid 5778] close(4) = 0 [pid 5778] close(5) = 0 [pid 5778] close(6) = 0 [pid 5778] close(7) = -1 EBADF (Bad file descriptor) [pid 5778] close(8) = -1 EBADF (Bad file descriptor) [pid 5778] close(9) = -1 EBADF (Bad file descriptor) [pid 5778] close(10) = -1 EBADF (Bad file descriptor) [pid 5778] close(11) = -1 EBADF (Bad file descriptor) [pid 5778] close(12) = -1 EBADF (Bad file descriptor) [pid 5778] close(13) = -1 EBADF (Bad file descriptor) [ 231.420347][ T5779] ? mem_cgroup_margin+0x130/0x130 [ 231.425555][ T5779] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 231.431464][ T5779] memory_max_write+0x2f9/0x3c0 [ 231.436410][ T5779] ? mem_cgroup_force_empty_write+0x160/0x160 [ 231.442576][ T5779] ? lock_sync+0x190/0x190 [ 231.447098][ T5779] cgroup_file_write+0x1e2/0x7b0 [ 231.452135][ T5779] ? mem_cgroup_force_empty_write+0x160/0x160 [ 231.458306][ T5779] ? kill_css+0x3b0/0x3b0 [ 231.462732][ T5779] ? lock_acquire+0x32/0xc0 [ 231.467321][ T5779] ? kill_css+0x3b0/0x3b0 [ 231.471718][ T5779] kernfs_fop_write_iter+0x3f1/0x600 [ 231.477145][ T5779] vfs_write+0x9ed/0xe10 [ 231.481463][ T5779] ? kernel_write+0x670/0x670 [ 231.486233][ T5779] ? find_held_lock+0x2d/0x110 [ 231.491048][ T5779] ? __fget_light+0x20a/0x270 [ 231.495779][ T5779] ksys_write+0x12b/0x250 [ 231.500160][ T5779] ? __ia32_sys_read+0xb0/0xb0 [ 231.504976][ T5779] ? lockdep_hardirqs_on+0x7d/0x100 [ 231.510223][ T5779] ? _raw_spin_unlock_irq+0x2e/0x50 [ 231.515467][ T5779] ? ptrace_notify+0xfe/0x140 [ 231.520186][ T5779] do_syscall_64+0x39/0xb0 [ 231.524657][ T5779] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 231.530594][ T5779] RIP: 0033:0x7faecf034129 [ 231.535038][ T5779] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 231.554690][ T5779] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 231.563138][ T5779] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5778] close(14) = -1 EBADF (Bad file descriptor) [pid 5778] close(15) = -1 EBADF (Bad file descriptor) [pid 5778] close(16./strace-static-x86_64: Process 5782 attached ) = -1 EBADF (Bad file descriptor) [pid 5778] close(17) = -1 EBADF (Bad file descriptor) [pid 5778] close(18 [pid 5782] chdir("./47" [pid 5778] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5782] <... chdir resumed>) = 0 [pid 5778] close(19 [pid 5782] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5778] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5782] <... prctl resumed>) = 0 [pid 5778] close(20 [pid 5782] setpgid(0, 0 [pid 5778] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5782] <... setpgid resumed>) = 0 [pid 5778] close(21 [pid 5782] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5778] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5782] <... symlink resumed>) = 0 [pid 5778] close(22 [pid 5782] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5778] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5782] <... symlink resumed>) = 0 [pid 5778] close(23 [pid 5782] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5778] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5782] <... symlink resumed>) = 0 [pid 5778] close(24 [pid 5782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5778] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5782] <... openat resumed>) = 3 [pid 5778] close(25 [pid 5782] write(3, "1000", 4 [pid 5778] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5782] <... write resumed>) = 4 [ 231.571137][ T5779] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 231.579153][ T5779] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 231.587153][ T5779] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 231.595151][ T5779] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000030 [ 231.603172][ T5779] [pid 5778] close(26 [pid 5782] close(3 [pid 5778] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5778] close(27) = -1 EBADF (Bad file descriptor) [pid 5778] close(28) = -1 EBADF (Bad file descriptor) [pid 5782] <... close resumed>) = 0 [pid 5778] close(29) = -1 EBADF (Bad file descriptor) [pid 5782] symlink("/dev/binderfs", "./binderfs" [pid 5778] exit_group(0) = ? [pid 5778] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5782] <... symlink resumed>) = 0 [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5782] mkdir("./file0", 000 [pid 5089] <... openat resumed>) = 3 [pid 5782] <... mkdir resumed>) = 0 [pid 5089] fstat(3, [pid 5782] open("./file0", O_RDONLY [pid 5089] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5782] <... open resumed>) = 3 [pid 5089] getdents64(3, [pid 5782] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5089] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./49/binderfs") = 0 [pid 5089] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./49/cgroup") = 0 [pid 5089] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 231.649297][ T5779] memory: usage 8kB, limit 0kB, failcnt 36 [ 231.657233][ T5779] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 231.680382][ T5779] Memory cgroup stats for /syz1: [ 231.680685][ T5779] anon 0 [ 231.680685][ T5779] file 0 [ 231.680685][ T5779] kernel 8192 [ 231.680685][ T5779] kernel_stack 0 [pid 5089] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./49/cgroup.net") = 0 [ 231.680685][ T5779] pagetables 0 [ 231.680685][ T5779] sec_pagetables 0 [ 231.680685][ T5779] percpu 0 [ 231.680685][ T5779] sock 0 [ 231.680685][ T5779] vmalloc 0 [ 231.680685][ T5779] shmem 0 [ 231.680685][ T5779] zswap 0 [ 231.680685][ T5779] zswapped 0 [ 231.680685][ T5779] file_mapped 0 [ 231.680685][ T5779] file_dirty 0 [ 231.680685][ T5779] file_writeback 0 [ 231.680685][ T5779] swapcached 0 [ 231.680685][ T5779] anon_thp 0 [ 231.680685][ T5779] file_thp 0 [ 231.680685][ T5779] shmem_thp 0 [ 231.680685][ T5779] inactive_anon 0 [ 231.680685][ T5779] active_anon 0 [ 231.680685][ T5779] inactive_file 0 [ 231.680685][ T5779] active_file 0 [ 231.680685][ T5779] unevictable 0 [ 231.680685][ T5779] slab_reclaimable 6752 [ 231.680685][ T5779] slab_unreclaimable 0 [ 231.680685][ T5779] slab 6752 [ 231.680685][ T5779] workingset_refault_anon 0 [ 231.680685][ T5779] workingset_refault_file 0 [ 231.680685][ T5779] workingset_activate_anon 0 [ 231.680685][ T5779] workingset_activate_file 0 [ 231.680685][ T5779] workingset_restore_anon 0 [ 231.680685][ T5779] workingset_restore_file 0 [ 231.680685][ T5779] workingset_nodereclaim 0 [ 231.680685][ T5779] pgscan 831 [ 231.680685][ T5779] pgsteal 2 [ 231.680685][ T5779] pgscan_kswapd 0 [ 231.680685][ T5779] pgscan_direct 831 [ 231.680685][ T5779] pgscan_khugepaged 0 [ 231.680685][ T5779] pgsteal_kswapd 0 [ 231.680685][ T5779] pgsteal_direct 2 [ 231.680685][ T5779] pgsteal_khugepaged 0 [ 231.680685][ T5779] pgfault 21 [ 231.680685][ T5779] pgmajfault 0 [ 231.680685][ T5779] pgrefill 830 [ 231.680685][ T5779] pgactivate 829 [ 231.680685][ T5779] pgdeactivate 830 [ 231.680685][ T5779] pglazyfree 0 [pid 5089] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5782] <... mount resumed>) = 0 [pid 5089] <... umount2 resumed>) = 0 [pid 5782] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5089] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5782] openat(4, "syz1", O_RDWR|O_PATH [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5782] <... openat resumed>) = 5 [pid 5089] lstat("./49/file0", [pid 5782] openat(5, "memory.max", O_RDWR [pid 5089] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5782] <... openat resumed>) = 6 [pid 5089] <... openat resumed>) = 4 [pid 5089] fstat(4, [pid 5782] write(6, "0x000000000000040e", 18 [pid 5089] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [ 231.680685][ T5779] pglazyfreed 0 [ 231.680685][ T5779] zswpin 0 [ 231.680685][ T5779] zswpout 0 [ 231.680685][ T5779] thp_fault_alloc 0 [ 231.680685][ T5779] thp_collapse_alloc 0 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./49/file0") = 0 [pid 5779] <... write resumed>) = 18 [pid 5089] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./49/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [ 231.894506][ T5779] Tasks state (memory values in pages): [ 231.900550][ T5779] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 231.911952][ T5779] Out of memory and no killable processes... [ 231.918051][ T5780] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 231.928965][ T5780] CPU: 1 PID: 5780 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5089] rmdir("./49") = 0 [pid 5089] mkdir("./50", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 52 [pid 5779] close(3) = 0 [pid 5779] close(4) = 0 [pid 5779] close(5) = 0 [pid 5779] close(6) = 0 [pid 5779] close(7) = -1 EBADF (Bad file descriptor) [pid 5779] close(8) = -1 EBADF (Bad file descriptor) [pid 5779] close(9) = -1 EBADF (Bad file descriptor) [pid 5779] close(10) = -1 EBADF (Bad file descriptor) [pid 5779] close(11) = -1 EBADF (Bad file descriptor) [pid 5779] close(12) = -1 EBADF (Bad file descriptor) [pid 5779] close(13) = -1 EBADF (Bad file descriptor) [pid 5779] close(14) = -1 EBADF (Bad file descriptor) [pid 5779] close(15) = -1 EBADF (Bad file descriptor) [pid 5779] close(16) = -1 EBADF (Bad file descriptor) [ 231.938927][ T5780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 231.949038][ T5780] Call Trace: [ 231.952365][ T5780] [ 231.955352][ T5780] dump_stack_lvl+0x136/0x150 [ 231.960098][ T5780] dump_header+0x10a/0xd70 [ 231.964585][ T5780] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 231.970745][ T5780] out_of_memory+0xd64/0x1660 [ 231.975513][ T5780] ? oom_killer_disable+0x2b0/0x2b0 [ 231.980802][ T5780] mem_cgroup_out_of_memory+0x206/0x270 [ 231.986420][ T5780] ? mem_cgroup_margin+0x130/0x130 [ 231.991611][ T5780] memory_max_write+0x2f9/0x3c0 [ 231.996512][ T5780] ? mem_cgroup_force_empty_write+0x160/0x160 [ 232.002634][ T5780] ? lock_sync+0x190/0x190 [ 232.007108][ T5780] cgroup_file_write+0x1e2/0x7b0 [ 232.012105][ T5780] ? mem_cgroup_force_empty_write+0x160/0x160 [ 232.018228][ T5780] ? kill_css+0x3b0/0x3b0 [ 232.022625][ T5780] ? lock_acquire+0x32/0xc0 [ 232.027185][ T5780] ? kill_css+0x3b0/0x3b0 [ 232.031569][ T5780] kernfs_fop_write_iter+0x3f1/0x600 [ 232.036938][ T5780] vfs_write+0x9ed/0xe10 [ 232.041239][ T5780] ? kernel_write+0x670/0x670 [ 232.045967][ T5780] ? find_held_lock+0x2d/0x110 [ 232.050776][ T5780] ? __fget_light+0x20a/0x270 [ 232.055523][ T5780] ksys_write+0x12b/0x250 [ 232.059894][ T5780] ? __ia32_sys_read+0xb0/0xb0 [ 232.064701][ T5780] ? lockdep_hardirqs_on+0x7d/0x100 [ 232.069933][ T5780] ? _raw_spin_unlock_irq+0x2e/0x50 [ 232.075191][ T5780] ? ptrace_notify+0xfe/0x140 [ 232.079933][ T5780] do_syscall_64+0x39/0xb0 [ 232.084416][ T5780] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 232.090442][ T5780] RIP: 0033:0x7faecf034129 [ 232.094887][ T5780] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 232.114524][ T5780] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 232.122972][ T5780] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 232.130972][ T5780] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 ./strace-static-x86_64: Process 5783 attached [pid 5783] chdir("./50") = 0 [pid 5783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5783] setpgid(0, 0) = 0 [pid 5783] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5783] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5783] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5783] write(3, "1000", 4) = 4 [pid 5783] close(3) = 0 [pid 5783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5783] mkdir("./file0", 000) = 0 [pid 5783] open("./file0", O_RDONLY) = 3 [pid 5783] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5783] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5783] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5783] openat(5, "memory.max", O_RDWR) = 6 [pid 5783] write(6, "0x000000000000040e", 18 [pid 5779] close(17) = -1 EBADF (Bad file descriptor) [pid 5779] close(18) = -1 EBADF (Bad file descriptor) [pid 5779] close(19) = -1 EBADF (Bad file descriptor) [pid 5779] close(20) = -1 EBADF (Bad file descriptor) [pid 5779] close(21) = -1 EBADF (Bad file descriptor) [pid 5779] close(22) = -1 EBADF (Bad file descriptor) [pid 5779] close(23) = -1 EBADF (Bad file descriptor) [pid 5779] close(24) = -1 EBADF (Bad file descriptor) [pid 5779] close(25) = -1 EBADF (Bad file descriptor) [pid 5779] close(26) = -1 EBADF (Bad file descriptor) [pid 5779] close(27) = -1 EBADF (Bad file descriptor) [pid 5779] close(28) = -1 EBADF (Bad file descriptor) [pid 5779] close(29) = -1 EBADF (Bad file descriptor) [ 232.138971][ T5780] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 232.146970][ T5780] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 232.154965][ T5780] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000032 [ 232.162985][ T5780] [ 232.172973][ T5780] memory: usage 8kB, limit 0kB, failcnt 36 [ 232.178862][ T5780] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5779] exit_group(0) = ? [pid 5779] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5087] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./48/binderfs") = 0 [pid 5087] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./48/cgroup") = 0 [pid 5087] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./48/cgroup.net") = 0 [ 232.209991][ T5780] Memory cgroup stats for /syz1: [ 232.210236][ T5780] anon 0 [ 232.210236][ T5780] file 0 [ 232.210236][ T5780] kernel 8192 [ 232.210236][ T5780] kernel_stack 0 [ 232.210236][ T5780] pagetables 0 [ 232.210236][ T5780] sec_pagetables 0 [ 232.210236][ T5780] percpu 0 [ 232.210236][ T5780] sock 0 [ 232.210236][ T5780] vmalloc 0 [ 232.210236][ T5780] shmem 0 [ 232.210236][ T5780] zswap 0 [ 232.210236][ T5780] zswapped 0 [ 232.210236][ T5780] file_mapped 0 [ 232.210236][ T5780] file_dirty 0 [ 232.210236][ T5780] file_writeback 0 [ 232.210236][ T5780] swapcached 0 [ 232.210236][ T5780] anon_thp 0 [ 232.210236][ T5780] file_thp 0 [ 232.210236][ T5780] shmem_thp 0 [ 232.210236][ T5780] inactive_anon 0 [ 232.210236][ T5780] active_anon 0 [ 232.210236][ T5780] inactive_file 0 [ 232.210236][ T5780] active_file 0 [ 232.210236][ T5780] unevictable 0 [ 232.210236][ T5780] slab_reclaimable 6752 [ 232.210236][ T5780] slab_unreclaimable 0 [ 232.210236][ T5780] slab 6752 [ 232.210236][ T5780] workingset_refault_anon 0 [ 232.210236][ T5780] workingset_refault_file 0 [ 232.210236][ T5780] workingset_activate_anon 0 [ 232.210236][ T5780] workingset_activate_file 0 [ 232.210236][ T5780] workingset_restore_anon 0 [ 232.210236][ T5780] workingset_restore_file 0 [ 232.210236][ T5780] workingset_nodereclaim 0 [ 232.210236][ T5780] pgscan 831 [ 232.210236][ T5780] pgsteal 2 [ 232.210236][ T5780] pgscan_kswapd 0 [ 232.210236][ T5780] pgscan_direct 831 [ 232.210236][ T5780] pgscan_khugepaged 0 [ 232.210236][ T5780] pgsteal_kswapd 0 [ 232.210236][ T5780] pgsteal_direct 2 [ 232.210236][ T5780] pgsteal_khugepaged 0 [pid 5087] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 232.210236][ T5780] pgfault 21 [ 232.210236][ T5780] pgmajfault 0 [ 232.210236][ T5780] pgrefill 830 [ 232.210236][ T5780] pgactivate 829 [ 232.210236][ T5780] pgdeactivate 830 [ 232.210236][ T5780] pglazyfree 0 [ 232.210236][ T5780] pglazyfreed 0 [ 232.210236][ T5780] zswpin 0 [ 232.210236][ T5780] zswpout 0 [ 232.210236][ T5780] thp_fault_alloc 0 [ 232.210236][ T5780] thp_collapse_alloc 0 [ 232.401968][ T5780] Tasks state (memory values in pages): [pid 5087] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5780] <... write resumed>) = 18 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./48/file0") = 0 [pid 5087] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5780] close(3 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5780] <... close resumed>) = 0 [pid 5087] lstat("./48/cgroup.cpu", [pid 5780] close(4 [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5780] <... close resumed>) = 0 [pid 5087] unlink("./48/cgroup.cpu" [pid 5780] close(5 [pid 5087] <... unlink resumed>) = 0 [pid 5780] <... close resumed>) = 0 [pid 5087] getdents64(3, [pid 5780] close(6 [pid 5087] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5780] <... close resumed>) = 0 [pid 5087] close(3 [pid 5780] close(7 [pid 5087] <... close resumed>) = 0 [pid 5780] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5087] rmdir("./48" [pid 5780] close(8 [pid 5087] <... rmdir resumed>) = 0 [pid 5780] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5087] mkdir("./49", 0777 [pid 5780] close(9 [pid 5087] <... mkdir resumed>) = 0 [pid 5780] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 232.408120][ T5780] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 232.418275][ T5780] Out of memory and no killable processes... [ 232.424847][ T5781] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 232.436084][ T5781] CPU: 0 PID: 5781 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 232.446058][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 232.456210][ T5781] Call Trace: [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5780] close(10) = -1 EBADF (Bad file descriptor) [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 51 [pid 5780] close(11) = -1 EBADF (Bad file descriptor) [pid 5780] close(12) = -1 EBADF (Bad file descriptor) [pid 5780] close(13) = -1 EBADF (Bad file descriptor) [pid 5780] close(14) = -1 EBADF (Bad file descriptor) [pid 5780] close(15) = -1 EBADF (Bad file descriptor) [pid 5780] close(16) = -1 EBADF (Bad file descriptor) [ 232.459537][ T5781] [ 232.462516][ T5781] dump_stack_lvl+0x136/0x150 [ 232.467267][ T5781] dump_header+0x10a/0xd70 [ 232.471751][ T5781] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 232.477925][ T5781] out_of_memory+0xd64/0x1660 [ 232.482689][ T5781] ? oom_killer_disable+0x2b0/0x2b0 [ 232.487967][ T5781] ? find_held_lock+0x2d/0x110 [ 232.492801][ T5781] mem_cgroup_out_of_memory+0x206/0x270 [ 232.498431][ T5781] ? mem_cgroup_margin+0x130/0x130 [ 232.503633][ T5781] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 232.509529][ T5781] memory_max_write+0x2f9/0x3c0 [ 232.514461][ T5781] ? mem_cgroup_force_empty_write+0x160/0x160 [ 232.520612][ T5781] ? lock_sync+0x190/0x190 [ 232.525107][ T5781] cgroup_file_write+0x1e2/0x7b0 [ 232.530139][ T5781] ? mem_cgroup_force_empty_write+0x160/0x160 [ 232.536299][ T5781] ? kill_css+0x3b0/0x3b0 [ 232.540712][ T5781] ? lock_acquire+0x32/0xc0 [ 232.545296][ T5781] ? kill_css+0x3b0/0x3b0 [ 232.549717][ T5781] kernfs_fop_write_iter+0x3f1/0x600 [ 232.555085][ T5781] vfs_write+0x9ed/0xe10 [ 232.559414][ T5781] ? kernel_write+0x670/0x670 [ 232.564181][ T5781] ? asm_common_interrupt+0x26/0x40 [ 232.569452][ T5781] ? asm_common_interrupt+0x26/0x40 [ 232.574718][ T5781] ? __fget_light+0x20a/0x270 [ 232.579485][ T5781] ksys_write+0x12b/0x250 [ 232.583895][ T5781] ? __ia32_sys_read+0xb0/0xb0 [ 232.588739][ T5781] ? _raw_spin_unlock_irq+0x2e/0x50 [ 232.594008][ T5781] ? ptrace_notify+0xfe/0x140 [ 232.598747][ T5781] do_syscall_64+0x39/0xb0 [ 232.603244][ T5781] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 232.609207][ T5781] RIP: 0033:0x7faecf034129 [ 232.613675][ T5781] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 232.633364][ T5781] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 232.641851][ T5781] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 232.649879][ T5781] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5780] close(17) = -1 EBADF (Bad file descriptor) [pid 5780] close(18) = -1 EBADF (Bad file descriptor) [pid 5780] close(19) = -1 EBADF (Bad file descriptor) [pid 5780] close(20) = -1 EBADF (Bad file descriptor) [pid 5780] close(21) = -1 EBADF (Bad file descriptor) [pid 5780] close(22) = -1 EBADF (Bad file descriptor) [pid 5780] close(23) = -1 EBADF (Bad file descriptor) [pid 5780] close(24) = -1 EBADF (Bad file descriptor) [pid 5780] close(25) = -1 EBADF (Bad file descriptor) [pid 5780] close(26) = -1 EBADF (Bad file descriptor) [pid 5780] close(27) = -1 EBADF (Bad file descriptor) [pid 5780] close(28) = -1 EBADF (Bad file descriptor) [pid 5780] close(29) = -1 EBADF (Bad file descriptor) [pid 5780] exit_group(0) = ? [pid 5780] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5090] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./50/binderfs") = 0 [pid 5090] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./50/cgroup") = 0 [pid 5090] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./50/cgroup.net") = 0 [pid 5090] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5784 attached [pid 5784] chdir("./49") = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5784] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5784] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3) = 0 [pid 5784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5784] mkdir("./file0", 000) = 0 [pid 5784] open("./file0", O_RDONLY) = 3 [pid 5784] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5784] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5784] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5784] openat(5, "memory.max", O_RDWR) = 6 [pid 5784] write(6, "0x000000000000040e", 18 [pid 5090] <... umount2 resumed>) = 0 [pid 5090] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./50/file0") = 0 [pid 5090] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./50/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 232.657902][ T5781] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 232.665922][ T5781] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 232.673940][ T5781] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002f [ 232.682011][ T5781] [ 232.695922][ T5781] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5090] close(3) = 0 [pid 5090] rmdir("./50") = 0 [pid 5090] mkdir("./51", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5785 attached [pid 5785] chdir("./51" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 53 [pid 5785] <... chdir resumed>) = 0 [pid 5785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5785] setpgid(0, 0) = 0 [pid 5785] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5785] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5785] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5785] write(3, "1000", 4) = 4 [pid 5785] close(3) = 0 [pid 5785] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5785] mkdir("./file0", 000) = 0 [pid 5785] open("./file0", O_RDONLY) = 3 [pid 5785] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5785] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5785] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 232.710684][ T5781] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 232.727446][ T5781] Memory cgroup stats for /syz1: [ 232.727733][ T5781] anon 0 [ 232.727733][ T5781] file 0 [ 232.727733][ T5781] kernel 8192 [ 232.727733][ T5781] kernel_stack 0 [ 232.727733][ T5781] pagetables 0 [ 232.727733][ T5781] sec_pagetables 0 [ 232.727733][ T5781] percpu 0 [ 232.727733][ T5781] sock 0 [ 232.727733][ T5781] vmalloc 0 [pid 5785] openat(5, "memory.max", O_RDWR) = 6 [ 232.727733][ T5781] shmem 0 [ 232.727733][ T5781] zswap 0 [ 232.727733][ T5781] zswapped 0 [ 232.727733][ T5781] file_mapped 0 [ 232.727733][ T5781] file_dirty 0 [ 232.727733][ T5781] file_writeback 0 [ 232.727733][ T5781] swapcached 0 [ 232.727733][ T5781] anon_thp 0 [ 232.727733][ T5781] file_thp 0 [ 232.727733][ T5781] shmem_thp 0 [ 232.727733][ T5781] inactive_anon 0 [ 232.727733][ T5781] active_anon 0 [ 232.727733][ T5781] inactive_file 0 [ 232.727733][ T5781] active_file 0 [ 232.727733][ T5781] unevictable 0 [ 232.727733][ T5781] slab_reclaimable 6752 [ 232.727733][ T5781] slab_unreclaimable 0 [ 232.727733][ T5781] slab 6752 [ 232.727733][ T5781] workingset_refault_anon 0 [ 232.727733][ T5781] workingset_refault_file 0 [ 232.727733][ T5781] workingset_activate_anon 0 [ 232.727733][ T5781] workingset_activate_file 0 [ 232.727733][ T5781] workingset_restore_anon 0 [ 232.727733][ T5781] workingset_restore_file 0 [ 232.727733][ T5781] workingset_nodereclaim 0 [ 232.727733][ T5781] pgscan 831 [ 232.727733][ T5781] pgsteal 2 [ 232.727733][ T5781] pgscan_kswapd 0 [ 232.727733][ T5781] pgscan_direct 831 [ 232.727733][ T5781] pgscan_khugepaged 0 [ 232.727733][ T5781] pgsteal_kswapd 0 [ 232.727733][ T5781] pgsteal_direct 2 [ 232.727733][ T5781] pgsteal_khugepaged 0 [ 232.727733][ T5781] pgfault 21 [ 232.727733][ T5781] pgmajfault 0 [ 232.727733][ T5781] pgrefill 830 [ 232.727733][ T5781] pgactivate 829 [ 232.727733][ T5781] pgdeactivate 830 [ 232.727733][ T5781] pglazyfree 0 [ 232.727733][ T5781] pglazyfreed 0 [ 232.727733][ T5781] zswpin 0 [ 232.727733][ T5781] zswpout 0 [ 232.727733][ T5781] thp_fault_alloc 0 [pid 5785] write(6, "0x000000000000040e", 18 [pid 5781] <... write resumed>) = 18 [pid 5781] close(3) = 0 [pid 5781] close(4) = 0 [ 232.727733][ T5781] thp_collapse_alloc 0 [ 232.921275][ T5781] Tasks state (memory values in pages): [ 232.929778][ T5781] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 232.941273][ T5781] Out of memory and no killable processes... [ 232.948804][ T5782] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 232.959795][ T5782] CPU: 1 PID: 5782 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 232.969753][ T5782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 232.979863][ T5782] Call Trace: [ 232.983191][ T5782] [ 232.986167][ T5782] dump_stack_lvl+0x136/0x150 [ 232.990908][ T5782] dump_header+0x10a/0xd70 [ 232.995385][ T5782] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 233.001536][ T5782] out_of_memory+0xd64/0x1660 [ 233.006301][ T5782] ? oom_killer_disable+0x2b0/0x2b0 [pid 5781] close(5) = 0 [pid 5781] close(6) = 0 [pid 5781] close(7) = -1 EBADF (Bad file descriptor) [pid 5781] close(8) = -1 EBADF (Bad file descriptor) [pid 5781] close(9) = -1 EBADF (Bad file descriptor) [pid 5781] close(10) = -1 EBADF (Bad file descriptor) [pid 5781] close(11) = -1 EBADF (Bad file descriptor) [pid 5781] close(12) = -1 EBADF (Bad file descriptor) [pid 5781] close(13) = -1 EBADF (Bad file descriptor) [pid 5781] close(14) = -1 EBADF (Bad file descriptor) [pid 5781] close(15) = -1 EBADF (Bad file descriptor) [pid 5781] close(16) = -1 EBADF (Bad file descriptor) [pid 5781] close(17) = -1 EBADF (Bad file descriptor) [pid 5781] close(18) = -1 EBADF (Bad file descriptor) [pid 5781] close(19) = -1 EBADF (Bad file descriptor) [pid 5781] close(20) = -1 EBADF (Bad file descriptor) [pid 5781] close(21) = -1 EBADF (Bad file descriptor) [pid 5781] close(22) = -1 EBADF (Bad file descriptor) [pid 5781] close(23) = -1 EBADF (Bad file descriptor) [pid 5781] close(24) = -1 EBADF (Bad file descriptor) [pid 5781] close(25) = -1 EBADF (Bad file descriptor) [pid 5781] close(26) = -1 EBADF (Bad file descriptor) [pid 5781] close(27) = -1 EBADF (Bad file descriptor) [pid 5781] close(28) = -1 EBADF (Bad file descriptor) [pid 5781] close(29) = -1 EBADF (Bad file descriptor) [pid 5781] exit_group(0) = ? [pid 5781] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./47/binderfs") = 0 [pid 5086] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./47/cgroup") = 0 [pid 5086] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./47/cgroup.net") = 0 [ 233.011587][ T5782] mem_cgroup_out_of_memory+0x206/0x270 [ 233.017232][ T5782] ? mem_cgroup_margin+0x130/0x130 [ 233.022440][ T5782] memory_max_write+0x2f9/0x3c0 [ 233.027388][ T5782] ? mem_cgroup_force_empty_write+0x160/0x160 [ 233.033541][ T5782] ? lock_sync+0x190/0x190 [ 233.038037][ T5782] cgroup_file_write+0x1e2/0x7b0 [ 233.043057][ T5782] ? mem_cgroup_force_empty_write+0x160/0x160 [ 233.049253][ T5782] ? kill_css+0x3b0/0x3b0 [ 233.053648][ T5782] ? lock_acquire+0x32/0xc0 [ 233.058212][ T5782] ? kill_css+0x3b0/0x3b0 [ 233.062618][ T5782] kernfs_fop_write_iter+0x3f1/0x600 [ 233.067991][ T5782] vfs_write+0x9ed/0xe10 [ 233.072328][ T5782] ? kernel_write+0x670/0x670 [ 233.077099][ T5782] ? find_held_lock+0x2d/0x110 [ 233.081947][ T5782] ? __fget_light+0x20a/0x270 [ 233.086698][ T5782] ksys_write+0x12b/0x250 [ 233.091085][ T5782] ? __ia32_sys_read+0xb0/0xb0 [ 233.095927][ T5782] ? lockdep_hardirqs_on+0x7d/0x100 [ 233.101197][ T5782] ? _raw_spin_unlock_irq+0x2e/0x50 [ 233.106469][ T5782] ? ptrace_notify+0xfe/0x140 [ 233.111205][ T5782] do_syscall_64+0x39/0xb0 [ 233.115673][ T5782] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 233.121634][ T5782] RIP: 0033:0x7faecf034129 [ 233.126100][ T5782] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 233.145768][ T5782] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 233.154248][ T5782] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 233.162286][ T5782] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 233.170341][ T5782] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 233.178361][ T5782] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 233.186388][ T5782] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000002f [ 233.194446][ T5782] [ 233.203143][ T5782] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5086] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./47/file0") = 0 [pid 5086] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./47/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./47") = 0 [ 233.209030][ T5782] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 233.216057][ T5782] Memory cgroup stats for /syz1: [ 233.216341][ T5782] anon 0 [ 233.216341][ T5782] file 0 [ 233.216341][ T5782] kernel 8192 [ 233.216341][ T5782] kernel_stack 0 [ 233.216341][ T5782] pagetables 0 [ 233.216341][ T5782] sec_pagetables 0 [ 233.216341][ T5782] percpu 0 [ 233.216341][ T5782] sock 0 [ 233.216341][ T5782] vmalloc 0 [ 233.216341][ T5782] shmem 0 [ 233.216341][ T5782] zswap 0 [ 233.216341][ T5782] zswapped 0 [ 233.216341][ T5782] file_mapped 0 [ 233.216341][ T5782] file_dirty 0 [pid 5086] mkdir("./48", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 50 [ 233.216341][ T5782] file_writeback 0 [ 233.216341][ T5782] swapcached 0 [ 233.216341][ T5782] anon_thp 0 [ 233.216341][ T5782] file_thp 0 [ 233.216341][ T5782] shmem_thp 0 [ 233.216341][ T5782] inactive_anon 0 [ 233.216341][ T5782] active_anon 0 [ 233.216341][ T5782] inactive_file 0 [ 233.216341][ T5782] active_file 0 [ 233.216341][ T5782] unevictable 0 [ 233.216341][ T5782] slab_reclaimable 6752 [ 233.216341][ T5782] slab_unreclaimable 0 [ 233.216341][ T5782] slab 6752 [ 233.216341][ T5782] workingset_refault_anon 0 [ 233.216341][ T5782] workingset_refault_file 0 [ 233.216341][ T5782] workingset_activate_anon 0 [ 233.216341][ T5782] workingset_activate_file 0 [ 233.216341][ T5782] workingset_restore_anon 0 [ 233.216341][ T5782] workingset_restore_file 0 [ 233.216341][ T5782] workingset_nodereclaim 0 [ 233.216341][ T5782] pgscan 831 [ 233.216341][ T5782] pgsteal 2 [ 233.216341][ T5782] pgscan_kswapd 0 [ 233.216341][ T5782] pgscan_direct 831 [ 233.216341][ T5782] pgscan_khugepaged 0 [ 233.216341][ T5782] pgsteal_kswapd 0 [ 233.216341][ T5782] pgsteal_direct 2 ./strace-static-x86_64: Process 5786 attached [pid 5786] chdir("./48") = 0 [pid 5786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5786] setpgid(0, 0) = 0 [pid 5786] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5786] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5786] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5786] write(3, "1000", 4) = 4 [pid 5786] close(3) = 0 [pid 5786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5786] mkdir("./file0", 000) = 0 [pid 5786] open("./file0", O_RDONLY) = 3 [pid 5786] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5786] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5786] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5786] openat(5, "memory.max", O_RDWR) = 6 [ 233.216341][ T5782] pgsteal_khugepaged 0 [ 233.216341][ T5782] pgfault 21 [ 233.216341][ T5782] pgmajfault 0 [ 233.216341][ T5782] pgrefill 830 [ 233.216341][ T5782] pgactivate 829 [ 233.216341][ T5782] pgdeactivate 830 [ 233.216341][ T5782] pglazyfree 0 [ 233.216341][ T5782] pglazyfreed 0 [ 233.216341][ T5782] zswpin 0 [ 233.216341][ T5782] zswpout 0 [ 233.216341][ T5782] thp_fault_alloc 0 [ 233.216341][ T5782] thp_collapse_alloc 0 [pid 5786] write(6, "0x000000000000040e", 18 [pid 5782] <... write resumed>) = 18 [pid 5782] close(3) = 0 [pid 5782] close(4) = 0 [pid 5782] close(5) = 0 [pid 5782] close(6) = 0 [pid 5782] close(7) = -1 EBADF (Bad file descriptor) [pid 5782] close(8) = -1 EBADF (Bad file descriptor) [pid 5782] close(9) = -1 EBADF (Bad file descriptor) [pid 5782] close(10) = -1 EBADF (Bad file descriptor) [pid 5782] close(11) = -1 EBADF (Bad file descriptor) [pid 5782] close(12) = -1 EBADF (Bad file descriptor) [pid 5782] close(13) = -1 EBADF (Bad file descriptor) [pid 5782] close(14) = -1 EBADF (Bad file descriptor) [pid 5782] close(15) = -1 EBADF (Bad file descriptor) [pid 5782] close(16) = -1 EBADF (Bad file descriptor) [pid 5782] close(17) = -1 EBADF (Bad file descriptor) [pid 5782] close(18) = -1 EBADF (Bad file descriptor) [pid 5782] close(19) = -1 EBADF (Bad file descriptor) [pid 5782] close(20) = -1 EBADF (Bad file descriptor) [pid 5782] close(21) = -1 EBADF (Bad file descriptor) [pid 5782] close(22) = -1 EBADF (Bad file descriptor) [pid 5782] close(23) = -1 EBADF (Bad file descriptor) [pid 5782] close(24) = -1 EBADF (Bad file descriptor) [pid 5782] close(25) = -1 EBADF (Bad file descriptor) [pid 5782] close(26) = -1 EBADF (Bad file descriptor) [pid 5782] close(27) = -1 EBADF (Bad file descriptor) [pid 5782] close(28) = -1 EBADF (Bad file descriptor) [pid 5782] close(29) = -1 EBADF (Bad file descriptor) [pid 5782] exit_group(0) = ? [pid 5782] +++ exited with 0 +++ [ 233.430541][ T5782] Tasks state (memory values in pages): [ 233.442926][ T5782] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 233.452908][ T5782] Out of memory and no killable processes... [ 233.458999][ T5783] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 233.469532][ T5783] CPU: 0 PID: 5783 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./47/binderfs") = 0 [pid 5085] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./47/cgroup") = 0 [pid 5085] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./47/cgroup.net") = 0 [ 233.479516][ T5783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 233.489626][ T5783] Call Trace: [ 233.492958][ T5783] [ 233.495945][ T5783] dump_stack_lvl+0x136/0x150 [ 233.500722][ T5783] dump_header+0x10a/0xd70 [ 233.505178][ T5783] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 233.511298][ T5783] out_of_memory+0xd64/0x1660 [ 233.516036][ T5783] ? oom_killer_disable+0x2b0/0x2b0 [ 233.521303][ T5783] mem_cgroup_out_of_memory+0x206/0x270 [ 233.526891][ T5783] ? mem_cgroup_margin+0x130/0x130 [ 233.532051][ T5783] memory_max_write+0x2f9/0x3c0 [ 233.536938][ T5783] ? mem_cgroup_force_empty_write+0x160/0x160 [ 233.543051][ T5783] ? lock_sync+0x190/0x190 [ 233.547496][ T5783] cgroup_file_write+0x1e2/0x7b0 [ 233.552487][ T5783] ? mem_cgroup_force_empty_write+0x160/0x160 [ 233.558588][ T5783] ? kill_css+0x3b0/0x3b0 [ 233.562964][ T5783] ? lock_acquire+0x32/0xc0 [ 233.567503][ T5783] ? kill_css+0x3b0/0x3b0 [ 233.571867][ T5783] kernfs_fop_write_iter+0x3f1/0x600 [ 233.577197][ T5783] vfs_write+0x9ed/0xe10 [ 233.581478][ T5783] ? kernel_write+0x670/0x670 [ 233.586200][ T5783] ? find_held_lock+0x2d/0x110 [ 233.590996][ T5783] ? __fget_light+0x20a/0x270 [ 233.595715][ T5783] ksys_write+0x12b/0x250 [ 233.600082][ T5783] ? __ia32_sys_read+0xb0/0xb0 [ 233.604883][ T5783] ? lockdep_hardirqs_on+0x7d/0x100 [ 233.610109][ T5783] ? _raw_spin_unlock_irq+0x2e/0x50 [ 233.615346][ T5783] ? ptrace_notify+0xfe/0x140 [ 233.620053][ T5783] do_syscall_64+0x39/0xb0 [ 233.624524][ T5783] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 233.630472][ T5783] RIP: 0033:0x7faecf034129 [ 233.634906][ T5783] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 233.654533][ T5783] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 233.662984][ T5783] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 233.671002][ T5783] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5085] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./47/file0") = 0 [ 233.679024][ T5783] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 233.687011][ T5783] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 233.695001][ T5783] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000032 [ 233.703021][ T5783] [ 233.709963][ T5783] memory: usage 8kB, limit 0kB, failcnt 36 [ 233.716983][ T5783] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 233.725127][ T5783] Memory cgroup stats for /syz1: [ 233.725593][ T5783] anon 0 [ 233.725593][ T5783] file 0 [ 233.725593][ T5783] kernel 8192 [ 233.725593][ T5783] kernel_stack 0 [ 233.725593][ T5783] pagetables 0 [ 233.725593][ T5783] sec_pagetables 0 [ 233.725593][ T5783] percpu 0 [ 233.725593][ T5783] sock 0 [ 233.725593][ T5783] vmalloc 0 [ 233.725593][ T5783] shmem 0 [ 233.725593][ T5783] zswap 0 [ 233.725593][ T5783] zswapped 0 [ 233.725593][ T5783] file_mapped 0 [ 233.725593][ T5783] file_dirty 0 [ 233.725593][ T5783] file_writeback 0 [ 233.725593][ T5783] swapcached 0 [ 233.725593][ T5783] anon_thp 0 [ 233.725593][ T5783] file_thp 0 [ 233.725593][ T5783] shmem_thp 0 [ 233.725593][ T5783] inactive_anon 0 [ 233.725593][ T5783] active_anon 0 [ 233.725593][ T5783] inactive_file 0 [ 233.725593][ T5783] active_file 0 [ 233.725593][ T5783] unevictable 0 [ 233.725593][ T5783] slab_reclaimable 6752 [ 233.725593][ T5783] slab_unreclaimable 0 [ 233.725593][ T5783] slab 6752 [ 233.725593][ T5783] workingset_refault_anon 0 [ 233.725593][ T5783] workingset_refault_file 0 [ 233.725593][ T5783] workingset_activate_anon 0 [ 233.725593][ T5783] workingset_activate_file 0 [ 233.725593][ T5783] workingset_restore_anon 0 [ 233.725593][ T5783] workingset_restore_file 0 [ 233.725593][ T5783] workingset_nodereclaim 0 [ 233.725593][ T5783] pgscan 831 [ 233.725593][ T5783] pgsteal 2 [ 233.725593][ T5783] pgscan_kswapd 0 [ 233.725593][ T5783] pgscan_direct 831 [ 233.725593][ T5783] pgscan_khugepaged 0 [ 233.725593][ T5783] pgsteal_kswapd 0 [ 233.725593][ T5783] pgsteal_direct 2 [ 233.725593][ T5783] pgsteal_khugepaged 0 [ 233.725593][ T5783] pgfault 21 [ 233.725593][ T5783] pgmajfault 0 [pid 5085] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./47/cgroup.cpu") = 0 [ 233.725593][ T5783] pgrefill 830 [ 233.725593][ T5783] pgactivate 829 [ 233.725593][ T5783] pgdeactivate 830 [ 233.725593][ T5783] pglazyfree 0 [ 233.725593][ T5783] pglazyfreed 0 [ 233.725593][ T5783] zswpin 0 [ 233.725593][ T5783] zswpout 0 [ 233.725593][ T5783] thp_fault_alloc 0 [ 233.725593][ T5783] thp_collapse_alloc 0 [ 233.915319][ T5783] Tasks state (memory values in pages): [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./47") = 0 [pid 5085] mkdir("./48", 0777 [pid 5783] <... write resumed>) = 18 [pid 5783] close(3) = 0 [pid 5783] close(4) = 0 [pid 5783] close(5) = 0 [pid 5783] close(6) = 0 [pid 5783] close(7) = -1 EBADF (Bad file descriptor) [pid 5783] close(8) = -1 EBADF (Bad file descriptor) [pid 5783] close(9 [pid 5085] <... mkdir resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5783] close(10 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5783] close(11) = -1 EBADF (Bad file descriptor) [pid 5783] close(12) = -1 EBADF (Bad file descriptor) [pid 5783] close(13./strace-static-x86_64: Process 5787 attached ) = -1 EBADF (Bad file descriptor) [pid 5787] chdir("./48" [pid 5783] close(14 [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 50 [pid 5787] <... chdir resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5783] close(15 [pid 5787] <... prctl resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] setpgid(0, 0 [pid 5783] close(16 [pid 5787] <... setpgid resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5783] close(17 [pid 5787] <... symlink resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5783] close(18 [pid 5787] <... symlink resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5783] close(19 [pid 5787] <... symlink resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5783] close(20 [pid 5787] <... openat resumed>) = 3 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 233.924339][ T5783] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 233.937045][ T5783] Out of memory and no killable processes... [ 233.946513][ T5784] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 233.991669][ T5784] CPU: 1 PID: 5784 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 234.001668][ T5784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 234.011781][ T5784] Call Trace: [ 234.015104][ T5784] [ 234.018079][ T5784] dump_stack_lvl+0x136/0x150 [ 234.022824][ T5784] dump_header+0x10a/0xd70 [ 234.027290][ T5784] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 234.033413][ T5784] out_of_memory+0xd64/0x1660 [ 234.038140][ T5784] ? oom_killer_disable+0x2b0/0x2b0 [ 234.043392][ T5784] mem_cgroup_out_of_memory+0x206/0x270 [ 234.048982][ T5784] ? mem_cgroup_margin+0x130/0x130 [ 234.054179][ T5784] memory_max_write+0x2f9/0x3c0 [ 234.059128][ T5784] ? mem_cgroup_force_empty_write+0x160/0x160 [ 234.065264][ T5784] ? lock_sync+0x190/0x190 [ 234.069727][ T5784] cgroup_file_write+0x1e2/0x7b0 [ 234.074715][ T5784] ? mem_cgroup_force_empty_write+0x160/0x160 [ 234.080837][ T5784] ? kill_css+0x3b0/0x3b0 [ 234.085246][ T5784] ? lock_acquire+0x32/0xc0 [ 234.089796][ T5784] ? kill_css+0x3b0/0x3b0 [ 234.094169][ T5784] kernfs_fop_write_iter+0x3f1/0x600 [ 234.099534][ T5784] vfs_write+0x9ed/0xe10 [ 234.103830][ T5784] ? kernel_write+0x670/0x670 [ 234.108556][ T5784] ? find_held_lock+0x2d/0x110 [ 234.113366][ T5784] ? __fget_light+0x20a/0x270 [ 234.118163][ T5784] ksys_write+0x12b/0x250 [ 234.122549][ T5784] ? __ia32_sys_read+0xb0/0xb0 [ 234.127361][ T5784] ? lockdep_hardirqs_on+0x7d/0x100 [ 234.132597][ T5784] ? _raw_spin_unlock_irq+0x2e/0x50 [ 234.137835][ T5784] ? ptrace_notify+0xfe/0x140 [ 234.142549][ T5784] do_syscall_64+0x39/0xb0 [ 234.147034][ T5784] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 234.152985][ T5784] RIP: 0033:0x7faecf034129 [ 234.157425][ T5784] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 234.177062][ T5784] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5787] write(3, "1000", 4 [pid 5783] close(21 [pid 5787] <... write resumed>) = 4 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] close(3 [pid 5783] close(22 [pid 5787] <... close resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] symlink("/dev/binderfs", "./binderfs" [pid 5783] close(23 [pid 5787] <... symlink resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] mkdir("./file0", 000 [pid 5783] close(24 [pid 5787] <... mkdir resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] open("./file0", O_RDONLY [pid 5783] close(25 [pid 5787] <... open resumed>) = 3 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5783] close(26 [pid 5787] <... mount resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5783] close(27 [pid 5787] <... openat resumed>) = 4 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] openat(4, "syz1", O_RDWR|O_PATH [pid 5783] close(28 [pid 5787] <... openat resumed>) = 5 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] openat(5, "memory.max", O_RDWR [pid 5783] close(29 [pid 5787] <... openat resumed>) = 6 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] write(6, "0x000000000000040e", 18 [pid 5783] exit_group(0) = ? [pid 5783] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./50/binderfs") = 0 [pid 5089] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./50/cgroup") = 0 [pid 5089] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./50/cgroup.net") = 0 [pid 5089] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./50/file0") = 0 [pid 5089] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./50/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./50") = 0 [pid 5089] mkdir("./51", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5788 attached [pid 5788] chdir("./51" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 53 [pid 5788] <... chdir resumed>) = 0 [ 234.185512][ T5784] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 234.193512][ T5784] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 234.201519][ T5784] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 234.209541][ T5784] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 234.217535][ T5784] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000031 [ 234.225557][ T5784] [pid 5788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5788] setpgid(0, 0) = 0 [pid 5788] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5788] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5788] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5788] write(3, "1000", 4) = 4 [pid 5788] close(3) = 0 [pid 5788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5788] mkdir("./file0", 000) = 0 [pid 5788] open("./file0", O_RDONLY) = 3 [pid 5788] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5788] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5788] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5788] openat(5, "memory.max", O_RDWR) = 6 [ 234.278278][ T5784] memory: usage 8kB, limit 0kB, failcnt 36 [ 234.290559][ T5784] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 234.310717][ T5784] Memory cgroup stats for /syz1: [ 234.310932][ T5784] anon 0 [ 234.310932][ T5784] file 0 [ 234.310932][ T5784] kernel 8192 [ 234.310932][ T5784] kernel_stack 0 [ 234.310932][ T5784] pagetables 0 [ 234.310932][ T5784] sec_pagetables 0 [ 234.310932][ T5784] percpu 0 [ 234.310932][ T5784] sock 0 [ 234.310932][ T5784] vmalloc 0 [ 234.310932][ T5784] shmem 0 [ 234.310932][ T5784] zswap 0 [ 234.310932][ T5784] zswapped 0 [ 234.310932][ T5784] file_mapped 0 [ 234.310932][ T5784] file_dirty 0 [ 234.310932][ T5784] file_writeback 0 [ 234.310932][ T5784] swapcached 0 [ 234.310932][ T5784] anon_thp 0 [ 234.310932][ T5784] file_thp 0 [ 234.310932][ T5784] shmem_thp 0 [ 234.310932][ T5784] inactive_anon 0 [ 234.310932][ T5784] active_anon 0 [ 234.310932][ T5784] inactive_file 0 [ 234.310932][ T5784] active_file 0 [ 234.310932][ T5784] unevictable 0 [ 234.310932][ T5784] slab_reclaimable 6752 [ 234.310932][ T5784] slab_unreclaimable 0 [ 234.310932][ T5784] slab 6752 [ 234.310932][ T5784] workingset_refault_anon 0 [ 234.310932][ T5784] workingset_refault_file 0 [ 234.310932][ T5784] workingset_activate_anon 0 [ 234.310932][ T5784] workingset_activate_file 0 [ 234.310932][ T5784] workingset_restore_anon 0 [ 234.310932][ T5784] workingset_restore_file 0 [ 234.310932][ T5784] workingset_nodereclaim 0 [ 234.310932][ T5784] pgscan 831 [ 234.310932][ T5784] pgsteal 2 [ 234.310932][ T5784] pgscan_kswapd 0 [ 234.310932][ T5784] pgscan_direct 831 [ 234.310932][ T5784] pgscan_khugepaged 0 [ 234.310932][ T5784] pgsteal_kswapd 0 [ 234.310932][ T5784] pgsteal_direct 2 [ 234.310932][ T5784] pgsteal_khugepaged 0 [ 234.310932][ T5784] pgfault 21 [ 234.310932][ T5784] pgmajfault 0 [ 234.310932][ T5784] pgrefill 830 [ 234.310932][ T5784] pgactivate 829 [ 234.310932][ T5784] pgdeactivate 830 [ 234.310932][ T5784] pglazyfree 0 [ 234.310932][ T5784] pglazyfreed 0 [ 234.310932][ T5784] zswpin 0 [ 234.310932][ T5784] zswpout 0 [ 234.310932][ T5784] thp_fault_alloc 0 [ 234.310932][ T5784] thp_collapse_alloc 0 [ 234.503694][ T5784] Tasks state (memory values in pages): [ 234.509305][ T5784] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 234.519231][ T5784] Out of memory and no killable processes... [pid 5788] write(6, "0x000000000000040e", 18 [pid 5784] <... write resumed>) = 18 [pid 5784] close(3) = 0 [pid 5784] close(4) = 0 [pid 5784] close(5) = 0 [pid 5784] close(6) = 0 [pid 5784] close(7) = -1 EBADF (Bad file descriptor) [pid 5784] close(8) = -1 EBADF (Bad file descriptor) [pid 5784] close(9) = -1 EBADF (Bad file descriptor) [pid 5784] close(10) = -1 EBADF (Bad file descriptor) [ 234.526422][ T5785] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 234.555647][ T5785] CPU: 1 PID: 5785 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 234.565663][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 234.575769][ T5785] Call Trace: [pid 5784] close(11) = -1 EBADF (Bad file descriptor) [pid 5784] close(12) = -1 EBADF (Bad file descriptor) [pid 5784] close(13) = -1 EBADF (Bad file descriptor) [pid 5784] close(14) = -1 EBADF (Bad file descriptor) [pid 5784] close(15) = -1 EBADF (Bad file descriptor) [pid 5784] close(16) = -1 EBADF (Bad file descriptor) [pid 5784] close(17) = -1 EBADF (Bad file descriptor) [pid 5784] close(18) = -1 EBADF (Bad file descriptor) [pid 5784] close(19) = -1 EBADF (Bad file descriptor) [pid 5784] close(20) = -1 EBADF (Bad file descriptor) [pid 5784] close(21) = -1 EBADF (Bad file descriptor) [pid 5784] close(22) = -1 EBADF (Bad file descriptor) [pid 5784] close(23) = -1 EBADF (Bad file descriptor) [pid 5784] close(24) = -1 EBADF (Bad file descriptor) [pid 5784] close(25) = -1 EBADF (Bad file descriptor) [pid 5784] close(26) = -1 EBADF (Bad file descriptor) [pid 5784] close(27) = -1 EBADF (Bad file descriptor) [pid 5784] close(28) = -1 EBADF (Bad file descriptor) [pid 5784] close(29) = -1 EBADF (Bad file descriptor) [pid 5784] exit_group(0) = ? [pid 5784] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5087] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./49/binderfs") = 0 [pid 5087] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./49/cgroup") = 0 [pid 5087] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./49/cgroup.net") = 0 [ 234.579095][ T5785] [ 234.582078][ T5785] dump_stack_lvl+0x136/0x150 [ 234.586834][ T5785] dump_header+0x10a/0xd70 [ 234.591318][ T5785] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 234.597487][ T5785] out_of_memory+0xd64/0x1660 [ 234.602256][ T5785] ? oom_killer_disable+0x2b0/0x2b0 [ 234.607548][ T5785] mem_cgroup_out_of_memory+0x206/0x270 [ 234.613176][ T5785] ? mem_cgroup_margin+0x130/0x130 [ 234.618382][ T5785] memory_max_write+0x2f9/0x3c0 [ 234.623310][ T5785] ? mem_cgroup_force_empty_write+0x160/0x160 [ 234.629479][ T5785] ? lock_sync+0x190/0x190 [ 234.633961][ T5785] cgroup_file_write+0x1e2/0x7b0 [ 234.638945][ T5785] ? mem_cgroup_force_empty_write+0x160/0x160 [ 234.645053][ T5785] ? kill_css+0x3b0/0x3b0 [ 234.649434][ T5785] ? lock_acquire+0x32/0xc0 [ 234.654016][ T5785] ? kill_css+0x3b0/0x3b0 [ 234.658414][ T5785] kernfs_fop_write_iter+0x3f1/0x600 [ 234.663755][ T5785] vfs_write+0x9ed/0xe10 [ 234.668064][ T5785] ? kernel_write+0x670/0x670 [ 234.672795][ T5785] ? find_held_lock+0x2d/0x110 [ 234.677602][ T5785] ? __fget_light+0x20a/0x270 [ 234.682328][ T5785] ksys_write+0x12b/0x250 [ 234.686704][ T5785] ? __ia32_sys_read+0xb0/0xb0 [ 234.691508][ T5785] ? lockdep_hardirqs_on+0x7d/0x100 [ 234.696745][ T5785] ? _raw_spin_unlock_irq+0x2e/0x50 [ 234.701993][ T5785] ? ptrace_notify+0xfe/0x140 [ 234.706728][ T5785] do_syscall_64+0x39/0xb0 [ 234.711203][ T5785] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 234.717134][ T5785] RIP: 0033:0x7faecf034129 [ 234.721580][ T5785] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 234.741219][ T5785] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 234.749665][ T5785] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 234.757678][ T5785] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 234.765689][ T5785] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5087] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./49/file0") = 0 [ 234.773681][ T5785] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 234.781676][ T5785] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000033 [ 234.789697][ T5785] [ 234.794275][ T5785] memory: usage 8kB, limit 0kB, failcnt 36 [ 234.800941][ T5785] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 234.813513][ T5785] Memory cgroup stats for /syz1: [ 234.813802][ T5785] anon 0 [ 234.813802][ T5785] file 0 [ 234.813802][ T5785] kernel 8192 [ 234.813802][ T5785] kernel_stack 0 [pid 5087] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./49/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./49") = 0 [pid 5087] mkdir("./50", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5789 attached [pid 5789] chdir("./50" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 52 [pid 5789] <... chdir resumed>) = 0 [pid 5789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5789] setpgid(0, 0) = 0 [pid 5789] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5789] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5789] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5789] write(3, "1000", 4) = 4 [pid 5789] close(3) = 0 [pid 5789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5789] mkdir("./file0", 000) = 0 [ 234.813802][ T5785] pagetables 0 [ 234.813802][ T5785] sec_pagetables 0 [ 234.813802][ T5785] percpu 0 [ 234.813802][ T5785] sock 0 [ 234.813802][ T5785] vmalloc 0 [ 234.813802][ T5785] shmem 0 [ 234.813802][ T5785] zswap 0 [ 234.813802][ T5785] zswapped 0 [ 234.813802][ T5785] file_mapped 0 [ 234.813802][ T5785] file_dirty 0 [ 234.813802][ T5785] file_writeback 0 [ 234.813802][ T5785] swapcached 0 [ 234.813802][ T5785] anon_thp 0 [ 234.813802][ T5785] file_thp 0 [ 234.813802][ T5785] shmem_thp 0 [ 234.813802][ T5785] inactive_anon 0 [pid 5789] open("./file0", O_RDONLY) = 3 [pid 5789] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5789] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5789] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5789] openat(5, "memory.max", O_RDWR) = 6 [ 234.813802][ T5785] active_anon 0 [ 234.813802][ T5785] inactive_file 0 [ 234.813802][ T5785] active_file 0 [ 234.813802][ T5785] unevictable 0 [ 234.813802][ T5785] slab_reclaimable 6752 [ 234.813802][ T5785] slab_unreclaimable 0 [ 234.813802][ T5785] slab 6752 [ 234.813802][ T5785] workingset_refault_anon 0 [ 234.813802][ T5785] workingset_refault_file 0 [ 234.813802][ T5785] workingset_activate_anon 0 [ 234.813802][ T5785] workingset_activate_file 0 [ 234.813802][ T5785] workingset_restore_anon 0 [ 234.813802][ T5785] workingset_restore_file 0 [ 234.813802][ T5785] workingset_nodereclaim 0 [ 234.813802][ T5785] pgscan 831 [ 234.813802][ T5785] pgsteal 2 [ 234.813802][ T5785] pgscan_kswapd 0 [ 234.813802][ T5785] pgscan_direct 831 [ 234.813802][ T5785] pgscan_khugepaged 0 [ 234.813802][ T5785] pgsteal_kswapd 0 [ 234.813802][ T5785] pgsteal_direct 2 [ 234.813802][ T5785] pgsteal_khugepaged 0 [ 234.813802][ T5785] pgfault 21 [ 234.813802][ T5785] pgmajfault 0 [ 234.813802][ T5785] pgrefill 830 [ 234.813802][ T5785] pgactivate 829 [ 234.813802][ T5785] pgdeactivate 830 [ 234.813802][ T5785] pglazyfree 0 [ 234.813802][ T5785] pglazyfreed 0 [ 234.813802][ T5785] zswpin 0 [ 234.813802][ T5785] zswpout 0 [ 234.813802][ T5785] thp_fault_alloc 0 [ 234.813802][ T5785] thp_collapse_alloc 0 [ 235.012448][ T5785] Tasks state (memory values in pages): [ 235.020523][ T5785] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5789] write(6, "0x000000000000040e", 18 [pid 5785] <... write resumed>) = 18 [ 235.032507][ T5785] Out of memory and no killable processes... [ 235.038615][ T5786] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 235.049333][ T5786] CPU: 1 PID: 5786 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 235.059293][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 235.069402][ T5786] Call Trace: [ 235.072724][ T5786] [ 235.075701][ T5786] dump_stack_lvl+0x136/0x150 [pid 5785] close(3) = 0 [pid 5785] close(4) = 0 [pid 5785] close(5) = 0 [pid 5785] close(6) = 0 [pid 5785] close(7) = -1 EBADF (Bad file descriptor) [pid 5785] close(8) = -1 EBADF (Bad file descriptor) [pid 5785] close(9) = -1 EBADF (Bad file descriptor) [pid 5785] close(10) = -1 EBADF (Bad file descriptor) [pid 5785] close(11) = -1 EBADF (Bad file descriptor) [pid 5785] close(12) = -1 EBADF (Bad file descriptor) [pid 5785] close(13) = -1 EBADF (Bad file descriptor) [pid 5785] close(14) = -1 EBADF (Bad file descriptor) [pid 5785] close(15) = -1 EBADF (Bad file descriptor) [pid 5785] close(16) = -1 EBADF (Bad file descriptor) [pid 5785] close(17) = -1 EBADF (Bad file descriptor) [pid 5785] close(18) = -1 EBADF (Bad file descriptor) [pid 5785] close(19) = -1 EBADF (Bad file descriptor) [pid 5785] close(20) = -1 EBADF (Bad file descriptor) [pid 5785] close(21) = -1 EBADF (Bad file descriptor) [ 235.080463][ T5786] dump_header+0x10a/0xd70 [ 235.084952][ T5786] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 235.091116][ T5786] out_of_memory+0xd64/0x1660 [ 235.095883][ T5786] ? oom_killer_disable+0x2b0/0x2b0 [ 235.101161][ T5786] ? find_held_lock+0x2d/0x110 [ 235.106004][ T5786] mem_cgroup_out_of_memory+0x206/0x270 [ 235.111628][ T5786] ? mem_cgroup_margin+0x130/0x130 [ 235.116829][ T5786] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 235.122724][ T5786] memory_max_write+0x2f9/0x3c0 [pid 5785] close(22) = -1 EBADF (Bad file descriptor) [pid 5785] close(23) = -1 EBADF (Bad file descriptor) [pid 5785] close(24) = -1 EBADF (Bad file descriptor) [pid 5785] close(25) = -1 EBADF (Bad file descriptor) [pid 5785] close(26) = -1 EBADF (Bad file descriptor) [pid 5785] close(27) = -1 EBADF (Bad file descriptor) [pid 5785] close(28) = -1 EBADF (Bad file descriptor) [pid 5785] close(29) = -1 EBADF (Bad file descriptor) [pid 5785] exit_group(0) = ? [pid 5785] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5090] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./51/binderfs") = 0 [pid 5090] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 235.127660][ T5786] ? mem_cgroup_force_empty_write+0x160/0x160 [ 235.133815][ T5786] ? lock_sync+0x190/0x190 [ 235.138309][ T5786] cgroup_file_write+0x1e2/0x7b0 [ 235.143347][ T5786] ? mem_cgroup_force_empty_write+0x160/0x160 [ 235.149497][ T5786] ? kill_css+0x3b0/0x3b0 [ 235.153913][ T5786] ? lock_acquire+0x32/0xc0 [ 235.158493][ T5786] ? kill_css+0x3b0/0x3b0 [ 235.162899][ T5786] kernfs_fop_write_iter+0x3f1/0x600 [ 235.168272][ T5786] vfs_write+0x9ed/0xe10 [ 235.172621][ T5786] ? kernel_write+0x670/0x670 [ 235.177389][ T5786] ? find_held_lock+0x2d/0x110 [pid 5090] unlink("./51/cgroup") = 0 [pid 5090] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./51/cgroup.net") = 0 [ 235.182248][ T5786] ? __fget_light+0x20a/0x270 [ 235.187019][ T5786] ksys_write+0x12b/0x250 [ 235.191430][ T5786] ? __ia32_sys_read+0xb0/0xb0 [ 235.196261][ T5786] ? lockdep_hardirqs_on+0x7d/0x100 [ 235.201491][ T5786] ? _raw_spin_unlock_irq+0x2e/0x50 [ 235.206741][ T5786] ? ptrace_notify+0xfe/0x140 [ 235.211485][ T5786] do_syscall_64+0x39/0xb0 [ 235.215981][ T5786] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 235.221962][ T5786] RIP: 0033:0x7faecf034129 [ 235.226426][ T5786] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 235.246063][ T5786] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 235.254513][ T5786] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 235.262543][ T5786] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 235.270576][ T5786] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5090] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [ 235.278603][ T5786] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 235.286633][ T5786] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000030 [ 235.294706][ T5786] [ 235.305640][ T5786] memory: usage 8kB, limit 0kB, failcnt 36 [ 235.311807][ T5786] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 235.318709][ T5786] Memory cgroup stats for /syz1: [ 235.319042][ T5786] anon 0 [ 235.319042][ T5786] file 0 [ 235.319042][ T5786] kernel 8192 [pid 5090] rmdir("./51/file0") = 0 [pid 5090] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./51/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./51") = 0 [pid 5090] mkdir("./52", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 54 [ 235.319042][ T5786] kernel_stack 0 [ 235.319042][ T5786] pagetables 0 [ 235.319042][ T5786] sec_pagetables 0 [ 235.319042][ T5786] percpu 0 [ 235.319042][ T5786] sock 0 [ 235.319042][ T5786] vmalloc 0 [ 235.319042][ T5786] shmem 0 [ 235.319042][ T5786] zswap 0 [ 235.319042][ T5786] zswapped 0 [ 235.319042][ T5786] file_mapped 0 [ 235.319042][ T5786] file_dirty 0 [ 235.319042][ T5786] file_writeback 0 [ 235.319042][ T5786] swapcached 0 [ 235.319042][ T5786] anon_thp 0 [ 235.319042][ T5786] file_thp 0 [ 235.319042][ T5786] shmem_thp 0 ./strace-static-x86_64: Process 5790 attached [pid 5790] chdir("./52") = 0 [pid 5790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5790] setpgid(0, 0) = 0 [pid 5790] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5790] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5790] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 235.319042][ T5786] inactive_anon 0 [ 235.319042][ T5786] active_anon 0 [ 235.319042][ T5786] inactive_file 0 [ 235.319042][ T5786] active_file 0 [ 235.319042][ T5786] unevictable 0 [ 235.319042][ T5786] slab_reclaimable 6752 [ 235.319042][ T5786] slab_unreclaimable 0 [ 235.319042][ T5786] slab 6752 [ 235.319042][ T5786] workingset_refault_anon 0 [ 235.319042][ T5786] workingset_refault_file 0 [ 235.319042][ T5786] workingset_activate_anon 0 [ 235.319042][ T5786] workingset_activate_file 0 [ 235.319042][ T5786] workingset_restore_anon 0 [ 235.319042][ T5786] workingset_restore_file 0 [ 235.319042][ T5786] workingset_nodereclaim 0 [ 235.319042][ T5786] pgscan 831 [ 235.319042][ T5786] pgsteal 2 [ 235.319042][ T5786] pgscan_kswapd 0 [ 235.319042][ T5786] pgscan_direct 831 [ 235.319042][ T5786] pgscan_khugepaged 0 [ 235.319042][ T5786] pgsteal_kswapd 0 [ 235.319042][ T5786] pgsteal_direct 2 [ 235.319042][ T5786] pgsteal_khugepaged 0 [ 235.319042][ T5786] pgfault 21 [ 235.319042][ T5786] pgmajfault 0 [ 235.319042][ T5786] pgrefill 830 [ 235.319042][ T5786] pgactivate 829 [pid 5790] write(3, "1000", 4) = 4 [pid 5790] close(3) = 0 [ 235.319042][ T5786] pgdeactivate 830 [ 235.319042][ T5786] pglazyfree 0 [ 235.319042][ T5786] pglazyfreed 0 [ 235.319042][ T5786] zswpin 0 [ 235.319042][ T5786] zswpout 0 [ 235.319042][ T5786] thp_fault_alloc 0 [ 235.319042][ T5786] thp_collapse_alloc 0 [ 235.506468][ T5786] Tasks state (memory values in pages): [ 235.512654][ T5786] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 235.525180][ T5786] Out of memory and no killable processes... [pid 5790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5790] mkdir("./file0", 000) = 0 [pid 5790] open("./file0", O_RDONLY) = 3 [pid 5790] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5790] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5790] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5790] openat(5, "memory.max", O_RDWR) = 6 [ 235.532443][ T5787] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 235.544310][ T5787] CPU: 0 PID: 5787 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 235.554278][ T5787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 235.564380][ T5787] Call Trace: [ 235.567680][ T5787] [ 235.570631][ T5787] dump_stack_lvl+0x136/0x150 [ 235.575392][ T5787] dump_header+0x10a/0xd70 [ 235.579845][ T5787] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 235.585972][ T5787] out_of_memory+0xd64/0x1660 [ 235.590701][ T5787] ? oom_killer_disable+0x2b0/0x2b0 [ 235.595945][ T5787] ? find_held_lock+0x2d/0x110 [ 235.600749][ T5787] mem_cgroup_out_of_memory+0x206/0x270 [ 235.606343][ T5787] ? mem_cgroup_margin+0x130/0x130 [ 235.611507][ T5787] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 235.617383][ T5787] memory_max_write+0x2f9/0x3c0 [ 235.622288][ T5787] ? mem_cgroup_force_empty_write+0x160/0x160 [ 235.628408][ T5787] ? lock_sync+0x190/0x190 [ 235.632868][ T5787] cgroup_file_write+0x1e2/0x7b0 [ 235.637857][ T5787] ? mem_cgroup_force_empty_write+0x160/0x160 [ 235.643979][ T5787] ? kill_css+0x3b0/0x3b0 [ 235.648361][ T5787] ? lock_acquire+0x32/0xc0 [ 235.652941][ T5787] ? kill_css+0x3b0/0x3b0 [ 235.657316][ T5787] kernfs_fop_write_iter+0x3f1/0x600 [ 235.662653][ T5787] vfs_write+0x9ed/0xe10 [ 235.666953][ T5787] ? kernel_write+0x670/0x670 [ 235.671684][ T5787] ? find_held_lock+0x2d/0x110 [ 235.676497][ T5787] ? __fget_light+0x20a/0x270 [ 235.681240][ T5787] ksys_write+0x12b/0x250 [ 235.685624][ T5787] ? __ia32_sys_read+0xb0/0xb0 [ 235.690431][ T5787] ? lockdep_hardirqs_on+0x7d/0x100 [ 235.695666][ T5787] ? _raw_spin_unlock_irq+0x2e/0x50 [ 235.700905][ T5787] ? ptrace_notify+0xfe/0x140 [ 235.705641][ T5787] do_syscall_64+0x39/0xb0 [ 235.710107][ T5787] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 235.716047][ T5787] RIP: 0033:0x7faecf034129 [ 235.720493][ T5787] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 235.740327][ T5787] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 235.748776][ T5787] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 235.756776][ T5787] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 235.764775][ T5787] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 235.772779][ T5787] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5790] write(6, "0x000000000000040e", 18 [pid 5786] <... write resumed>) = 18 [pid 5786] close(3) = 0 [pid 5786] close(4) = 0 [pid 5786] close(5) = 0 [pid 5786] close(6) = 0 [pid 5786] close(7) = -1 EBADF (Bad file descriptor) [pid 5786] close(8) = -1 EBADF (Bad file descriptor) [pid 5786] close(9) = -1 EBADF (Bad file descriptor) [pid 5786] close(10) = -1 EBADF (Bad file descriptor) [pid 5786] close(11) = -1 EBADF (Bad file descriptor) [pid 5786] close(12) = -1 EBADF (Bad file descriptor) [pid 5786] close(13) = -1 EBADF (Bad file descriptor) [pid 5786] close(14) = -1 EBADF (Bad file descriptor) [pid 5786] close(15) = -1 EBADF (Bad file descriptor) [pid 5786] close(16) = -1 EBADF (Bad file descriptor) [pid 5786] close(17) = -1 EBADF (Bad file descriptor) [pid 5786] close(18) = -1 EBADF (Bad file descriptor) [pid 5786] close(19) = -1 EBADF (Bad file descriptor) [ 235.780776][ T5787] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000030 [ 235.788796][ T5787] [ 235.810670][ T5787] memory: usage 8kB, limit 0kB, failcnt 36 [ 235.819143][ T5787] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5786] close(20) = -1 EBADF (Bad file descriptor) [pid 5786] close(21) = -1 EBADF (Bad file descriptor) [pid 5786] close(22) = -1 EBADF (Bad file descriptor) [pid 5786] close(23) = -1 EBADF (Bad file descriptor) [pid 5786] close(24) = -1 EBADF (Bad file descriptor) [pid 5786] close(25) = -1 EBADF (Bad file descriptor) [pid 5786] close(26) = -1 EBADF (Bad file descriptor) [pid 5786] close(27) = -1 EBADF (Bad file descriptor) [pid 5786] close(28) = -1 EBADF (Bad file descriptor) [pid 5786] close(29) = -1 EBADF (Bad file descriptor) [pid 5786] exit_group(0) = ? [pid 5786] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 235.836379][ T5787] Memory cgroup stats for /syz1: [ 235.836826][ T5787] anon 0 [ 235.836826][ T5787] file 0 [ 235.836826][ T5787] kernel 8192 [ 235.836826][ T5787] kernel_stack 0 [ 235.836826][ T5787] pagetables 0 [ 235.836826][ T5787] sec_pagetables 0 [ 235.836826][ T5787] percpu 0 [ 235.836826][ T5787] sock 0 [ 235.836826][ T5787] vmalloc 0 [ 235.836826][ T5787] shmem 0 [ 235.836826][ T5787] zswap 0 [ 235.836826][ T5787] zswapped 0 [ 235.836826][ T5787] file_mapped 0 [ 235.836826][ T5787] file_dirty 0 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./48/binderfs") = 0 [pid 5086] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./48/cgroup") = 0 [pid 5086] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 235.836826][ T5787] file_writeback 0 [ 235.836826][ T5787] swapcached 0 [ 235.836826][ T5787] anon_thp 0 [ 235.836826][ T5787] file_thp 0 [ 235.836826][ T5787] shmem_thp 0 [ 235.836826][ T5787] inactive_anon 0 [ 235.836826][ T5787] active_anon 0 [ 235.836826][ T5787] inactive_file 0 [ 235.836826][ T5787] active_file 0 [ 235.836826][ T5787] unevictable 0 [ 235.836826][ T5787] slab_reclaimable 6752 [ 235.836826][ T5787] slab_unreclaimable 0 [ 235.836826][ T5787] slab 6752 [ 235.836826][ T5787] workingset_refault_anon 0 [ 235.836826][ T5787] workingset_refault_file 0 [ 235.836826][ T5787] workingset_activate_anon 0 [ 235.836826][ T5787] workingset_activate_file 0 [ 235.836826][ T5787] workingset_restore_anon 0 [ 235.836826][ T5787] workingset_restore_file 0 [ 235.836826][ T5787] workingset_nodereclaim 0 [ 235.836826][ T5787] pgscan 831 [ 235.836826][ T5787] pgsteal 2 [ 235.836826][ T5787] pgscan_kswapd 0 [ 235.836826][ T5787] pgscan_direct 831 [ 235.836826][ T5787] pgscan_khugepaged 0 [ 235.836826][ T5787] pgsteal_kswapd 0 [ 235.836826][ T5787] pgsteal_direct 2 [ 235.836826][ T5787] pgsteal_khugepaged 0 [pid 5086] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./48/cgroup.net") = 0 [pid 5086] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 235.836826][ T5787] pgfault 21 [ 235.836826][ T5787] pgmajfault 0 [ 235.836826][ T5787] pgrefill 830 [ 235.836826][ T5787] pgactivate 829 [ 235.836826][ T5787] pgdeactivate 830 [ 235.836826][ T5787] pglazyfree 0 [ 235.836826][ T5787] pglazyfreed 0 [ 235.836826][ T5787] zswpin 0 [ 235.836826][ T5787] zswpout 0 [ 235.836826][ T5787] thp_fault_alloc 0 [ 235.836826][ T5787] thp_collapse_alloc 0 [ 236.028142][ T5787] Tasks state (memory values in pages): [pid 5086] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./48/file0") = 0 [pid 5086] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./48/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./48") = 0 [pid 5086] mkdir("./49", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5791 attached [ 236.034454][ T5787] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 236.044971][ T5787] Out of memory and no killable processes... [ 236.051667][ T5788] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5787] <... write resumed>) = 18 [pid 5787] close(3) = 0 [pid 5787] close(4) = 0 [pid 5787] close(5) = 0 [pid 5787] close(6) = 0 [pid 5787] close(7) = -1 EBADF (Bad file descriptor) [pid 5787] close(8) = -1 EBADF (Bad file descriptor) [pid 5787] close(9) = -1 EBADF (Bad file descriptor) [pid 5787] close(10) = -1 EBADF (Bad file descriptor) [pid 5787] close(11) = -1 EBADF (Bad file descriptor) [pid 5787] close(12) = -1 EBADF (Bad file descriptor) [pid 5787] close(13) = -1 EBADF (Bad file descriptor) [pid 5787] close(14) = -1 EBADF (Bad file descriptor) [pid 5787] close(15) = -1 EBADF (Bad file descriptor) [pid 5787] close(16) = -1 EBADF (Bad file descriptor) [pid 5787] close(17) = -1 EBADF (Bad file descriptor) [pid 5787] close(18) = -1 EBADF (Bad file descriptor) [pid 5787] close(19) = -1 EBADF (Bad file descriptor) [pid 5787] close(20) = -1 EBADF (Bad file descriptor) [pid 5787] close(21) = -1 EBADF (Bad file descriptor) [pid 5787] close(22) = -1 EBADF (Bad file descriptor) [pid 5787] close(23) = -1 EBADF (Bad file descriptor) [pid 5787] close(24) = -1 EBADF (Bad file descriptor) [pid 5787] close(25) = -1 EBADF (Bad file descriptor) [pid 5787] close(26) = -1 EBADF (Bad file descriptor) [pid 5787] close(27) = -1 EBADF (Bad file descriptor) [pid 5787] close(28) = -1 EBADF (Bad file descriptor) [pid 5787] close(29) = -1 EBADF (Bad file descriptor) [pid 5787] exit_group(0) = ? [pid 5787] +++ exited with 0 +++ [pid 5791] chdir("./49") = 0 [pid 5791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5791] setpgid(0, 0) = 0 [pid 5791] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5791] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5791] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5791] write(3, "1000", 4) = 4 [pid 5791] close(3) = 0 [pid 5791] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5791] mkdir("./file0", 000) = 0 [pid 5791] open("./file0", O_RDONLY) = 3 [pid 5791] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5791] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5791] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5791] openat(5, "memory.max", O_RDWR) = 6 [pid 5791] write(6, "0x000000000000040e", 18 [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 51 [ 236.082060][ T5788] CPU: 1 PID: 5788 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 236.092051][ T5788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 236.102165][ T5788] Call Trace: [ 236.105494][ T5788] [ 236.108466][ T5788] dump_stack_lvl+0x136/0x150 [ 236.113215][ T5788] dump_header+0x10a/0xd70 [ 236.117702][ T5788] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 236.123860][ T5788] out_of_memory+0xd64/0x1660 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5085] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./48/binderfs") = 0 [pid 5085] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./48/cgroup") = 0 [pid 5085] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./48/cgroup.net") = 0 [ 236.128614][ T5788] ? oom_killer_disable+0x2b0/0x2b0 [ 236.133899][ T5788] mem_cgroup_out_of_memory+0x206/0x270 [ 236.139523][ T5788] ? mem_cgroup_margin+0x130/0x130 [ 236.144749][ T5788] memory_max_write+0x2f9/0x3c0 [ 236.149678][ T5788] ? mem_cgroup_force_empty_write+0x160/0x160 [ 236.155827][ T5788] ? lock_sync+0x190/0x190 [ 236.160323][ T5788] cgroup_file_write+0x1e2/0x7b0 [ 236.165351][ T5788] ? mem_cgroup_force_empty_write+0x160/0x160 [ 236.171506][ T5788] ? kill_css+0x3b0/0x3b0 [ 236.175919][ T5788] ? lock_acquire+0x32/0xc0 [ 236.180507][ T5788] ? kill_css+0x3b0/0x3b0 [ 236.184913][ T5788] kernfs_fop_write_iter+0x3f1/0x600 [ 236.190262][ T5788] vfs_write+0x9ed/0xe10 [ 236.194592][ T5788] ? kernel_write+0x670/0x670 [ 236.199348][ T5788] ? find_held_lock+0x2d/0x110 [ 236.204177][ T5788] ? __fget_light+0x20a/0x270 [ 236.208911][ T5788] ksys_write+0x12b/0x250 [ 236.213322][ T5788] ? __ia32_sys_read+0xb0/0xb0 [ 236.218159][ T5788] ? lockdep_hardirqs_on+0x7d/0x100 [ 236.223405][ T5788] ? _raw_spin_unlock_irq+0x2e/0x50 [ 236.228658][ T5788] ? ptrace_notify+0xfe/0x140 [ 236.233409][ T5788] do_syscall_64+0x39/0xb0 [ 236.237895][ T5788] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 236.243828][ T5788] RIP: 0033:0x7faecf034129 [ 236.248287][ T5788] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 236.268053][ T5788] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5085] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 236.276522][ T5788] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 236.284526][ T5788] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 236.292545][ T5788] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 236.300559][ T5788] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 236.308577][ T5788] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000033 [ 236.316610][ T5788] [ 236.325769][ T5788] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5085] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./48/file0") = 0 [pid 5085] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./48/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./48") = 0 [pid 5085] mkdir("./49", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5792 attached [pid 5792] chdir("./49" [ 236.333965][ T5788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 236.340874][ T5788] Memory cgroup stats for /syz1: [ 236.341155][ T5788] anon 0 [ 236.341155][ T5788] file 0 [ 236.341155][ T5788] kernel 8192 [ 236.341155][ T5788] kernel_stack 0 [ 236.341155][ T5788] pagetables 0 [ 236.341155][ T5788] sec_pagetables 0 [ 236.341155][ T5788] percpu 0 [ 236.341155][ T5788] sock 0 [ 236.341155][ T5788] vmalloc 0 [ 236.341155][ T5788] shmem 0 [ 236.341155][ T5788] zswap 0 [ 236.341155][ T5788] zswapped 0 [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 51 [pid 5792] <... chdir resumed>) = 0 [pid 5792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5792] setpgid(0, 0) = 0 [pid 5792] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5792] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5792] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5792] write(3, "1000", 4) = 4 [pid 5792] close(3) = 0 [pid 5792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5792] mkdir("./file0", 000) = 0 [pid 5792] open("./file0", O_RDONLY) = 3 [pid 5792] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5792] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 236.341155][ T5788] file_mapped 0 [ 236.341155][ T5788] file_dirty 0 [ 236.341155][ T5788] file_writeback 0 [ 236.341155][ T5788] swapcached 0 [ 236.341155][ T5788] anon_thp 0 [ 236.341155][ T5788] file_thp 0 [ 236.341155][ T5788] shmem_thp 0 [ 236.341155][ T5788] inactive_anon 0 [ 236.341155][ T5788] active_anon 0 [ 236.341155][ T5788] inactive_file 0 [ 236.341155][ T5788] active_file 0 [ 236.341155][ T5788] unevictable 0 [ 236.341155][ T5788] slab_reclaimable 6752 [ 236.341155][ T5788] slab_unreclaimable 0 [ 236.341155][ T5788] slab 6752 [pid 5792] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5792] openat(5, "memory.max", O_RDWR) = 6 [ 236.341155][ T5788] workingset_refault_anon 0 [ 236.341155][ T5788] workingset_refault_file 0 [ 236.341155][ T5788] workingset_activate_anon 0 [ 236.341155][ T5788] workingset_activate_file 0 [ 236.341155][ T5788] workingset_restore_anon 0 [ 236.341155][ T5788] workingset_restore_file 0 [ 236.341155][ T5788] workingset_nodereclaim 0 [ 236.341155][ T5788] pgscan 831 [ 236.341155][ T5788] pgsteal 2 [ 236.341155][ T5788] pgscan_kswapd 0 [ 236.341155][ T5788] pgscan_direct 831 [ 236.341155][ T5788] pgscan_khugepaged 0 [ 236.341155][ T5788] pgsteal_kswapd 0 [ 236.341155][ T5788] pgsteal_direct 2 [ 236.341155][ T5788] pgsteal_khugepaged 0 [ 236.341155][ T5788] pgfault 21 [ 236.341155][ T5788] pgmajfault 0 [ 236.341155][ T5788] pgrefill 830 [ 236.341155][ T5788] pgactivate 829 [ 236.341155][ T5788] pgdeactivate 830 [ 236.341155][ T5788] pglazyfree 0 [ 236.341155][ T5788] pglazyfreed 0 [ 236.341155][ T5788] zswpin 0 [ 236.341155][ T5788] zswpout 0 [ 236.341155][ T5788] thp_fault_alloc 0 [ 236.341155][ T5788] thp_collapse_alloc 0 [pid 5792] write(6, "0x000000000000040e", 18 [pid 5788] <... write resumed>) = 18 [pid 5788] close(3) = 0 [pid 5788] close(4) = 0 [pid 5788] close(5) = 0 [pid 5788] close(6) = 0 [pid 5788] close(7) = -1 EBADF (Bad file descriptor) [pid 5788] close(8) = -1 EBADF (Bad file descriptor) [pid 5788] close(9) = -1 EBADF (Bad file descriptor) [pid 5788] close(10) = -1 EBADF (Bad file descriptor) [pid 5788] close(11) = -1 EBADF (Bad file descriptor) [pid 5788] close(12) = -1 EBADF (Bad file descriptor) [pid 5788] close(13) = -1 EBADF (Bad file descriptor) [pid 5788] close(14) = -1 EBADF (Bad file descriptor) [pid 5788] close(15) = -1 EBADF (Bad file descriptor) [pid 5788] close(16) = -1 EBADF (Bad file descriptor) [pid 5788] close(17) = -1 EBADF (Bad file descriptor) [pid 5788] close(18) = -1 EBADF (Bad file descriptor) [pid 5788] close(19) = -1 EBADF (Bad file descriptor) [pid 5788] close(20) = -1 EBADF (Bad file descriptor) [pid 5788] close(21) = -1 EBADF (Bad file descriptor) [pid 5788] close(22) = -1 EBADF (Bad file descriptor) [pid 5788] close(23) = -1 EBADF (Bad file descriptor) [pid 5788] close(24) = -1 EBADF (Bad file descriptor) [pid 5788] close(25) = -1 EBADF (Bad file descriptor) [pid 5788] close(26) = -1 EBADF (Bad file descriptor) [pid 5788] close(27) = -1 EBADF (Bad file descriptor) [pid 5788] close(28) = -1 EBADF (Bad file descriptor) [pid 5788] close(29) = -1 EBADF (Bad file descriptor) [pid 5788] exit_group(0) = ? [pid 5788] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 236.530148][ T5788] Tasks state (memory values in pages): [ 236.537871][ T5788] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 236.550104][ T5788] Out of memory and no killable processes... [ 236.559042][ T5789] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 236.573126][ T5789] CPU: 0 PID: 5789 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5089] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./51/binderfs") = 0 [pid 5089] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./51/cgroup") = 0 [pid 5089] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./51/cgroup.net") = 0 [ 236.583099][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 236.593225][ T5789] Call Trace: [ 236.596558][ T5789] [ 236.599543][ T5789] dump_stack_lvl+0x136/0x150 [ 236.604295][ T5789] dump_header+0x10a/0xd70 [ 236.608776][ T5789] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 236.614942][ T5789] out_of_memory+0xd64/0x1660 [ 236.619696][ T5789] ? oom_killer_disable+0x2b0/0x2b0 [ 236.625065][ T5789] mem_cgroup_out_of_memory+0x206/0x270 [ 236.630683][ T5789] ? mem_cgroup_margin+0x130/0x130 [ 236.635893][ T5789] memory_max_write+0x2f9/0x3c0 [ 236.640833][ T5789] ? mem_cgroup_force_empty_write+0x160/0x160 [ 236.646983][ T5789] ? lock_sync+0x190/0x190 [ 236.651475][ T5789] cgroup_file_write+0x1e2/0x7b0 [ 236.656485][ T5789] ? mem_cgroup_force_empty_write+0x160/0x160 [ 236.662603][ T5789] ? kill_css+0x3b0/0x3b0 [ 236.666977][ T5789] ? lock_acquire+0x32/0xc0 [ 236.671531][ T5789] ? kill_css+0x3b0/0x3b0 [ 236.675921][ T5789] kernfs_fop_write_iter+0x3f1/0x600 [ 236.681252][ T5789] vfs_write+0x9ed/0xe10 [ 236.685543][ T5789] ? kernel_write+0x670/0x670 [ 236.690291][ T5789] ? find_held_lock+0x2d/0x110 [ 236.695096][ T5789] ? __fget_light+0x20a/0x270 [ 236.699822][ T5789] ksys_write+0x12b/0x250 [ 236.704199][ T5789] ? __ia32_sys_read+0xb0/0xb0 [ 236.709005][ T5789] ? lockdep_hardirqs_on+0x7d/0x100 [ 236.714238][ T5789] ? _raw_spin_unlock_irq+0x2e/0x50 [ 236.719473][ T5789] ? ptrace_notify+0xfe/0x140 [ 236.724190][ T5789] do_syscall_64+0x39/0xb0 [ 236.728649][ T5789] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 236.734579][ T5789] RIP: 0033:0x7faecf034129 [ 236.739018][ T5789] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 236.758655][ T5789] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 236.767121][ T5789] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 236.775116][ T5789] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5089] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 236.783119][ T5789] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 236.791111][ T5789] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 236.799106][ T5789] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000032 [ 236.807123][ T5789] [ 236.814777][ T5789] memory: usage 8kB, limit 0kB, failcnt 36 [ 236.821492][ T5789] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5089] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./51/file0") = 0 [pid 5089] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./51/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./51") = 0 [pid 5089] mkdir("./52", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 54 ./strace-static-x86_64: Process 5793 attached [pid 5793] chdir("./52") = 0 [pid 5793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5793] setpgid(0, 0) = 0 [ 236.830053][ T5789] Memory cgroup stats for /syz1: [ 236.831942][ T5789] anon 0 [ 236.831942][ T5789] file 0 [ 236.831942][ T5789] kernel 8192 [ 236.831942][ T5789] kernel_stack 0 [ 236.831942][ T5789] pagetables 0 [ 236.831942][ T5789] sec_pagetables 0 [ 236.831942][ T5789] percpu 0 [ 236.831942][ T5789] sock 0 [ 236.831942][ T5789] vmalloc 0 [ 236.831942][ T5789] shmem 0 [ 236.831942][ T5789] zswap 0 [ 236.831942][ T5789] zswapped 0 [ 236.831942][ T5789] file_mapped 0 [ 236.831942][ T5789] file_dirty 0 [ 236.831942][ T5789] file_writeback 0 [ 236.831942][ T5789] swapcached 0 [pid 5793] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5793] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5793] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5793] write(3, "1000", 4) = 4 [pid 5793] close(3) = 0 [pid 5793] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5793] mkdir("./file0", 000) = 0 [pid 5793] open("./file0", O_RDONLY) = 3 [pid 5793] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5793] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5793] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 236.831942][ T5789] anon_thp 0 [ 236.831942][ T5789] file_thp 0 [ 236.831942][ T5789] shmem_thp 0 [ 236.831942][ T5789] inactive_anon 0 [ 236.831942][ T5789] active_anon 0 [ 236.831942][ T5789] inactive_file 0 [ 236.831942][ T5789] active_file 0 [ 236.831942][ T5789] unevictable 0 [ 236.831942][ T5789] slab_reclaimable 6752 [ 236.831942][ T5789] slab_unreclaimable 0 [ 236.831942][ T5789] slab 6752 [ 236.831942][ T5789] workingset_refault_anon 0 [ 236.831942][ T5789] workingset_refault_file 0 [ 236.831942][ T5789] workingset_activate_anon 0 [ 236.831942][ T5789] workingset_activate_file 0 [ 236.831942][ T5789] workingset_restore_anon 0 [ 236.831942][ T5789] workingset_restore_file 0 [ 236.831942][ T5789] workingset_nodereclaim 0 [ 236.831942][ T5789] pgscan 831 [ 236.831942][ T5789] pgsteal 2 [ 236.831942][ T5789] pgscan_kswapd 0 [ 236.831942][ T5789] pgscan_direct 831 [ 236.831942][ T5789] pgscan_khugepaged 0 [ 236.831942][ T5789] pgsteal_kswapd 0 [ 236.831942][ T5789] pgsteal_direct 2 [ 236.831942][ T5789] pgsteal_khugepaged 0 [ 236.831942][ T5789] pgfault 21 [pid 5793] openat(5, "memory.max", O_RDWR) = 6 [ 236.831942][ T5789] pgmajfault 0 [ 236.831942][ T5789] pgrefill 830 [ 236.831942][ T5789] pgactivate 829 [ 236.831942][ T5789] pgdeactivate 830 [ 236.831942][ T5789] pglazyfree 0 [ 236.831942][ T5789] pglazyfreed 0 [ 236.831942][ T5789] zswpin 0 [ 236.831942][ T5789] zswpout 0 [ 236.831942][ T5789] thp_fault_alloc 0 [ 236.831942][ T5789] thp_collapse_alloc 0 [ 237.027237][ T5789] Tasks state (memory values in pages): [pid 5793] write(6, "0x000000000000040e", 18 [pid 5789] <... write resumed>) = 18 [pid 5789] close(3) = 0 [pid 5789] close(4) = 0 [pid 5789] close(5) = 0 [pid 5789] close(6) = 0 [pid 5789] close(7) = -1 EBADF (Bad file descriptor) [pid 5789] close(8) = -1 EBADF (Bad file descriptor) [pid 5789] close(9) = -1 EBADF (Bad file descriptor) [pid 5789] close(10) = -1 EBADF (Bad file descriptor) [pid 5789] close(11) = -1 EBADF (Bad file descriptor) [pid 5789] close(12) = -1 EBADF (Bad file descriptor) [pid 5789] close(13) = -1 EBADF (Bad file descriptor) [pid 5789] close(14) = -1 EBADF (Bad file descriptor) [pid 5789] close(15) = -1 EBADF (Bad file descriptor) [pid 5789] close(16) = -1 EBADF (Bad file descriptor) [pid 5789] close(17) = -1 EBADF (Bad file descriptor) [pid 5789] close(18) = -1 EBADF (Bad file descriptor) [pid 5789] close(19) = -1 EBADF (Bad file descriptor) [pid 5789] close(20) = -1 EBADF (Bad file descriptor) [pid 5789] close(21) = -1 EBADF (Bad file descriptor) [pid 5789] close(22) = -1 EBADF (Bad file descriptor) [pid 5789] close(23) = -1 EBADF (Bad file descriptor) [ 237.037478][ T5789] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 237.049736][ T5789] Out of memory and no killable processes... [ 237.058558][ T5790] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 237.076570][ T5790] CPU: 0 PID: 5790 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5789] close(24) = -1 EBADF (Bad file descriptor) [pid 5789] close(25) = -1 EBADF (Bad file descriptor) [pid 5789] close(26) = -1 EBADF (Bad file descriptor) [pid 5789] close(27) = -1 EBADF (Bad file descriptor) [pid 5789] close(28) = -1 EBADF (Bad file descriptor) [pid 5789] close(29) = -1 EBADF (Bad file descriptor) [pid 5789] exit_group(0) = ? [pid 5789] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5087] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./50/binderfs") = 0 [pid 5087] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 237.086559][ T5790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 237.096676][ T5790] Call Trace: [ 237.100003][ T5790] [ 237.102981][ T5790] dump_stack_lvl+0x136/0x150 [ 237.107732][ T5790] dump_header+0x10a/0xd70 [ 237.112212][ T5790] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 237.118381][ T5790] out_of_memory+0xd64/0x1660 [ 237.123161][ T5790] ? oom_killer_disable+0x2b0/0x2b0 [ 237.128438][ T5790] ? find_held_lock+0x2d/0x110 [pid 5087] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./50/cgroup") = 0 [ 237.133274][ T5790] mem_cgroup_out_of_memory+0x206/0x270 [ 237.138921][ T5790] ? mem_cgroup_margin+0x130/0x130 [ 237.144124][ T5790] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 237.150095][ T5790] memory_max_write+0x2f9/0x3c0 [ 237.154998][ T5790] ? mem_cgroup_force_empty_write+0x160/0x160 [ 237.161119][ T5790] ? lock_sync+0x190/0x190 [ 237.165580][ T5790] cgroup_file_write+0x1e2/0x7b0 [ 237.170578][ T5790] ? mem_cgroup_force_empty_write+0x160/0x160 [ 237.176709][ T5790] ? kill_css+0x3b0/0x3b0 [ 237.181084][ T5790] ? lock_acquire+0x32/0xc0 [ 237.185645][ T5790] ? kill_css+0x3b0/0x3b0 [ 237.190020][ T5790] kernfs_fop_write_iter+0x3f1/0x600 [ 237.195364][ T5790] vfs_write+0x9ed/0xe10 [ 237.199664][ T5790] ? kernel_write+0x670/0x670 [ 237.204392][ T5790] ? find_held_lock+0x2d/0x110 [ 237.209203][ T5790] ? __fget_light+0x20a/0x270 [ 237.213930][ T5790] ksys_write+0x12b/0x250 [ 237.218303][ T5790] ? __ia32_sys_read+0xb0/0xb0 [ 237.223111][ T5790] ? lockdep_hardirqs_on+0x7d/0x100 [ 237.228350][ T5790] ? _raw_spin_unlock_irq+0x2e/0x50 [ 237.233593][ T5790] ? ptrace_notify+0xfe/0x140 [ 237.238312][ T5790] do_syscall_64+0x39/0xb0 [ 237.242777][ T5790] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 237.248708][ T5790] RIP: 0033:0x7faecf034129 [ 237.253151][ T5790] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 237.272792][ T5790] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5087] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 237.281239][ T5790] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 237.289238][ T5790] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 237.297232][ T5790] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 237.305228][ T5790] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 237.313225][ T5790] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000034 [ 237.321243][ T5790] [pid 5087] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./50/cgroup.net") = 0 [ 237.347841][ T5790] memory: usage 8kB, limit 0kB, failcnt 36 [ 237.355206][ T5790] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 237.363486][ T5790] Memory cgroup stats for /syz1: [ 237.364712][ T5790] anon 0 [ 237.364712][ T5790] file 0 [ 237.364712][ T5790] kernel 8192 [ 237.364712][ T5790] kernel_stack 0 [ 237.364712][ T5790] pagetables 0 [ 237.364712][ T5790] sec_pagetables 0 [ 237.364712][ T5790] percpu 0 [ 237.364712][ T5790] sock 0 [ 237.364712][ T5790] vmalloc 0 [ 237.364712][ T5790] shmem 0 [ 237.364712][ T5790] zswap 0 [ 237.364712][ T5790] zswapped 0 [ 237.364712][ T5790] file_mapped 0 [ 237.364712][ T5790] file_dirty 0 [ 237.364712][ T5790] file_writeback 0 [ 237.364712][ T5790] swapcached 0 [ 237.364712][ T5790] anon_thp 0 [ 237.364712][ T5790] file_thp 0 [ 237.364712][ T5790] shmem_thp 0 [ 237.364712][ T5790] inactive_anon 0 [ 237.364712][ T5790] active_anon 0 [ 237.364712][ T5790] inactive_file 0 [ 237.364712][ T5790] active_file 0 [ 237.364712][ T5790] unevictable 0 [ 237.364712][ T5790] slab_reclaimable 6752 [ 237.364712][ T5790] slab_unreclaimable 0 [ 237.364712][ T5790] slab 6752 [ 237.364712][ T5790] workingset_refault_anon 0 [ 237.364712][ T5790] workingset_refault_file 0 [ 237.364712][ T5790] workingset_activate_anon 0 [ 237.364712][ T5790] workingset_activate_file 0 [ 237.364712][ T5790] workingset_restore_anon 0 [ 237.364712][ T5790] workingset_restore_file 0 [ 237.364712][ T5790] workingset_nodereclaim 0 [ 237.364712][ T5790] pgscan 831 [ 237.364712][ T5790] pgsteal 2 [ 237.364712][ T5790] pgscan_kswapd 0 [ 237.364712][ T5790] pgscan_direct 831 [ 237.364712][ T5790] pgscan_khugepaged 0 [ 237.364712][ T5790] pgsteal_kswapd 0 [ 237.364712][ T5790] pgsteal_direct 2 [ 237.364712][ T5790] pgsteal_khugepaged 0 [ 237.364712][ T5790] pgfault 21 [ 237.364712][ T5790] pgmajfault 0 [ 237.364712][ T5790] pgrefill 830 [ 237.364712][ T5790] pgactivate 829 [ 237.364712][ T5790] pgdeactivate 830 [ 237.364712][ T5790] pglazyfree 0 [ 237.364712][ T5790] pglazyfreed 0 [ 237.364712][ T5790] zswpin 0 [ 237.364712][ T5790] zswpout 0 [ 237.364712][ T5790] thp_fault_alloc 0 [pid 5087] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 237.364712][ T5790] thp_collapse_alloc 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./50/file0") = 0 [pid 5087] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./50/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./50") = 0 [pid 5087] mkdir("./51", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5794 attached [pid 5794] chdir("./51" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 53 [pid 5794] <... chdir resumed>) = 0 [pid 5794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5794] setpgid(0, 0) = 0 [pid 5794] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5794] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [ 237.570508][ T5790] Tasks state (memory values in pages): [ 237.577328][ T5790] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 237.597222][ T5790] Out of memory and no killable processes... [pid 5794] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5790] <... write resumed>) = 18 [pid 5794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5790] close(3 [pid 5794] <... openat resumed>) = 3 [pid 5790] <... close resumed>) = 0 [pid 5794] write(3, "1000", 4) = 4 [pid 5790] close(4 [pid 5794] close(3) = 0 [pid 5790] <... close resumed>) = 0 [pid 5794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5790] close(5 [pid 5794] mkdir("./file0", 000 [pid 5790] <... close resumed>) = 0 [pid 5794] <... mkdir resumed>) = 0 [pid 5790] close(6 [pid 5794] open("./file0", O_RDONLY [pid 5790] <... close resumed>) = 0 [pid 5794] <... open resumed>) = 3 [ 237.613072][ T5791] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 237.634690][ T5791] CPU: 0 PID: 5791 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 237.644679][ T5791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 237.654766][ T5791] Call Trace: [ 237.658069][ T5791] [ 237.661022][ T5791] dump_stack_lvl+0x136/0x150 [ 237.665746][ T5791] dump_header+0x10a/0xd70 [ 237.670203][ T5791] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 237.676339][ T5791] out_of_memory+0xd64/0x1660 [ 237.681063][ T5791] ? oom_killer_disable+0x2b0/0x2b0 [ 237.686315][ T5791] mem_cgroup_out_of_memory+0x206/0x270 [ 237.691904][ T5791] ? mem_cgroup_margin+0x130/0x130 [ 237.697089][ T5791] memory_max_write+0x2f9/0x3c0 [ 237.701992][ T5791] ? mem_cgroup_force_empty_write+0x160/0x160 [ 237.708106][ T5791] ? lock_sync+0x190/0x190 [ 237.712565][ T5791] cgroup_file_write+0x1e2/0x7b0 [ 237.717547][ T5791] ? mem_cgroup_force_empty_write+0x160/0x160 [ 237.723655][ T5791] ? kill_css+0x3b0/0x3b0 [ 237.728033][ T5791] ? lock_acquire+0x32/0xc0 [ 237.732586][ T5791] ? kill_css+0x3b0/0x3b0 [ 237.736961][ T5791] kernfs_fop_write_iter+0x3f1/0x600 [ 237.742379][ T5791] vfs_write+0x9ed/0xe10 [ 237.746676][ T5791] ? kernel_write+0x670/0x670 [ 237.751400][ T5791] ? find_held_lock+0x2d/0x110 [ 237.756228][ T5791] ? __fget_light+0x20a/0x270 [ 237.760957][ T5791] ksys_write+0x12b/0x250 [ 237.765331][ T5791] ? __ia32_sys_read+0xb0/0xb0 [ 237.770142][ T5791] ? lockdep_hardirqs_on+0x7d/0x100 [ 237.775377][ T5791] ? _raw_spin_unlock_irq+0x2e/0x50 [ 237.780632][ T5791] ? ptrace_notify+0xfe/0x140 [ 237.785347][ T5791] do_syscall_64+0x39/0xb0 [ 237.789815][ T5791] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 237.795752][ T5791] RIP: 0033:0x7faecf034129 [ 237.800220][ T5791] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5790] close(7 [pid 5794] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5790] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5794] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5790] close(8 [pid 5794] <... openat resumed>) = 4 [pid 5790] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5794] openat(4, "syz1", O_RDWR|O_PATH [pid 5790] close(9 [pid 5794] <... openat resumed>) = 5 [pid 5790] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5794] openat(5, "memory.max", O_RDWR [pid 5790] close(10 [pid 5794] <... openat resumed>) = 6 [pid 5790] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5794] write(6, "0x000000000000040e", 18 [pid 5790] close(11) = -1 EBADF (Bad file descriptor) [pid 5790] close(12) = -1 EBADF (Bad file descriptor) [pid 5790] close(13) = -1 EBADF (Bad file descriptor) [pid 5790] close(14) = -1 EBADF (Bad file descriptor) [pid 5790] close(15) = -1 EBADF (Bad file descriptor) [pid 5790] close(16) = -1 EBADF (Bad file descriptor) [pid 5790] close(17) = -1 EBADF (Bad file descriptor) [pid 5790] close(18) = -1 EBADF (Bad file descriptor) [pid 5790] close(19) = -1 EBADF (Bad file descriptor) [pid 5790] close(20) = -1 EBADF (Bad file descriptor) [pid 5790] close(21) = -1 EBADF (Bad file descriptor) [ 237.819869][ T5791] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 237.828313][ T5791] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 237.836312][ T5791] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 237.844312][ T5791] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 237.852307][ T5791] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 237.860305][ T5791] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000031 [ 237.868332][ T5791] [pid 5790] close(22) = -1 EBADF (Bad file descriptor) [pid 5790] close(23) = -1 EBADF (Bad file descriptor) [pid 5790] close(24) = -1 EBADF (Bad file descriptor) [pid 5790] close(25) = -1 EBADF (Bad file descriptor) [pid 5790] close(26) = -1 EBADF (Bad file descriptor) [pid 5790] close(27) = -1 EBADF (Bad file descriptor) [pid 5790] close(28) = -1 EBADF (Bad file descriptor) [pid 5790] close(29) = -1 EBADF (Bad file descriptor) [pid 5790] exit_group(0) = ? [pid 5790] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5090] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./52/binderfs") = 0 [pid 5090] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./52/cgroup") = 0 [pid 5090] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./52/cgroup.net") = 0 [ 237.928690][ T5791] memory: usage 8kB, limit 0kB, failcnt 36 [ 237.935318][ T5791] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 237.943185][ T5791] Memory cgroup stats for /syz1: [ 237.943432][ T5791] anon 0 [ 237.943432][ T5791] file 0 [ 237.943432][ T5791] kernel 8192 [ 237.943432][ T5791] kernel_stack 0 [ 237.943432][ T5791] pagetables 0 [ 237.943432][ T5791] sec_pagetables 0 [ 237.943432][ T5791] percpu 0 [ 237.943432][ T5791] sock 0 [ 237.943432][ T5791] vmalloc 0 [ 237.943432][ T5791] shmem 0 [ 237.943432][ T5791] zswap 0 [ 237.943432][ T5791] zswapped 0 [ 237.943432][ T5791] file_mapped 0 [ 237.943432][ T5791] file_dirty 0 [ 237.943432][ T5791] file_writeback 0 [ 237.943432][ T5791] swapcached 0 [ 237.943432][ T5791] anon_thp 0 [ 237.943432][ T5791] file_thp 0 [ 237.943432][ T5791] shmem_thp 0 [ 237.943432][ T5791] inactive_anon 0 [ 237.943432][ T5791] active_anon 0 [ 237.943432][ T5791] inactive_file 0 [ 237.943432][ T5791] active_file 0 [ 237.943432][ T5791] unevictable 0 [ 237.943432][ T5791] slab_reclaimable 6752 [ 237.943432][ T5791] slab_unreclaimable 0 [ 237.943432][ T5791] slab 6752 [ 237.943432][ T5791] workingset_refault_anon 0 [ 237.943432][ T5791] workingset_refault_file 0 [ 237.943432][ T5791] workingset_activate_anon 0 [ 237.943432][ T5791] workingset_activate_file 0 [ 237.943432][ T5791] workingset_restore_anon 0 [ 237.943432][ T5791] workingset_restore_file 0 [ 237.943432][ T5791] workingset_nodereclaim 0 [ 237.943432][ T5791] pgscan 831 [ 237.943432][ T5791] pgsteal 2 [ 237.943432][ T5791] pgscan_kswapd 0 [ 237.943432][ T5791] pgscan_direct 831 [ 237.943432][ T5791] pgscan_khugepaged 0 [ 237.943432][ T5791] pgsteal_kswapd 0 [ 237.943432][ T5791] pgsteal_direct 2 [ 237.943432][ T5791] pgsteal_khugepaged 0 [ 237.943432][ T5791] pgfault 21 [ 237.943432][ T5791] pgmajfault 0 [ 237.943432][ T5791] pgrefill 830 [ 237.943432][ T5791] pgactivate 829 [ 237.943432][ T5791] pgdeactivate 830 [ 237.943432][ T5791] pglazyfree 0 [ 237.943432][ T5791] pglazyfreed 0 [ 237.943432][ T5791] zswpin 0 [ 237.943432][ T5791] zswpout 0 [ 237.943432][ T5791] thp_fault_alloc 0 [ 237.943432][ T5791] thp_collapse_alloc 0 [pid 5090] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./52/file0") = 0 [pid 5090] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./52/cgroup.cpu") = 0 [pid 5090] getdents64(3, [pid 5791] <... write resumed>) = 18 [pid 5090] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./52") = 0 [pid 5090] mkdir("./53", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 55 [ 238.139951][ T5791] Tasks state (memory values in pages): [ 238.147114][ T5791] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 238.157323][ T5791] Out of memory and no killable processes... [ 238.164075][ T5792] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 238.176592][ T5792] CPU: 0 PID: 5792 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5791] close(3) = 0 [pid 5791] close(4) = 0 [pid 5791] close(5) = 0 [pid 5791] close(6) = 0 [pid 5791] close(7) = -1 EBADF (Bad file descriptor) [pid 5791] close(8) = -1 EBADF (Bad file descriptor) [pid 5791] close(9) = -1 EBADF (Bad file descriptor) [ 238.186557][ T5792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 238.196672][ T5792] Call Trace: [ 238.200016][ T5792] [ 238.203004][ T5792] dump_stack_lvl+0x136/0x150 [ 238.207761][ T5792] dump_header+0x10a/0xd70 [ 238.212246][ T5792] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 238.218405][ T5792] out_of_memory+0xd64/0x1660 [ 238.223188][ T5792] ? oom_killer_disable+0x2b0/0x2b0 [ 238.228462][ T5792] ? find_held_lock+0x2d/0x110 [ 238.233301][ T5792] mem_cgroup_out_of_memory+0x206/0x270 [ 238.238937][ T5792] ? mem_cgroup_margin+0x130/0x130 [ 238.244142][ T5792] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 238.250008][ T5792] memory_max_write+0x2f9/0x3c0 [ 238.254917][ T5792] ? mem_cgroup_force_empty_write+0x160/0x160 [ 238.261036][ T5792] ? lock_sync+0x190/0x190 [ 238.265490][ T5792] cgroup_file_write+0x1e2/0x7b0 [ 238.270473][ T5792] ? mem_cgroup_force_empty_write+0x160/0x160 [ 238.276605][ T5792] ? kill_css+0x3b0/0x3b0 [ 238.280987][ T5792] ? lock_acquire+0x32/0xc0 [ 238.285537][ T5792] ? kill_css+0x3b0/0x3b0 [ 238.289914][ T5792] kernfs_fop_write_iter+0x3f1/0x600 [ 238.295252][ T5792] vfs_write+0x9ed/0xe10 [ 238.299548][ T5792] ? kernel_write+0x670/0x670 [ 238.304276][ T5792] ? find_held_lock+0x2d/0x110 [ 238.309085][ T5792] ? __fget_light+0x20a/0x270 [ 238.313819][ T5792] ksys_write+0x12b/0x250 [ 238.318196][ T5792] ? __ia32_sys_read+0xb0/0xb0 [ 238.323005][ T5792] ? lockdep_hardirqs_on+0x7d/0x100 [ 238.328234][ T5792] ? _raw_spin_unlock_irq+0x2e/0x50 [ 238.333465][ T5792] ? ptrace_notify+0xfe/0x140 [ 238.338182][ T5792] do_syscall_64+0x39/0xb0 [ 238.342647][ T5792] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 238.348577][ T5792] RIP: 0033:0x7faecf034129 [ 238.353017][ T5792] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 238.372654][ T5792] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 238.381096][ T5792] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 238.389091][ T5792] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 238.397091][ T5792] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 238.405084][ T5792] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 238.413080][ T5792] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000031 [ 238.421096][ T5792] [ 238.432398][ T5792] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5791] close(10./strace-static-x86_64: Process 5795 attached ) = -1 EBADF (Bad file descriptor) [pid 5795] chdir("./53") = 0 [pid 5795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5795] setpgid(0, 0) = 0 [pid 5795] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5795] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5795] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5795] write(3, "1000", 4) = 4 [pid 5795] close(3) = 0 [pid 5795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5795] mkdir("./file0", 000) = 0 [pid 5795] open("./file0", O_RDONLY) = 3 [pid 5795] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5795] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5795] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5795] openat(5, "memory.max", O_RDWR) = 6 [ 238.438283][ T5792] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 238.446481][ T5792] Memory cgroup stats for /syz1: [ 238.447379][ T5792] anon 0 [ 238.447379][ T5792] file 0 [ 238.447379][ T5792] kernel 8192 [ 238.447379][ T5792] kernel_stack 0 [ 238.447379][ T5792] pagetables 0 [ 238.447379][ T5792] sec_pagetables 0 [ 238.447379][ T5792] percpu 0 [ 238.447379][ T5792] sock 0 [ 238.447379][ T5792] vmalloc 0 [ 238.447379][ T5792] shmem 0 [ 238.447379][ T5792] zswap 0 [ 238.447379][ T5792] zswapped 0 [pid 5795] write(6, "0x000000000000040e", 18 [pid 5791] close(11) = -1 EBADF (Bad file descriptor) [pid 5791] close(12) = -1 EBADF (Bad file descriptor) [pid 5791] close(13) = -1 EBADF (Bad file descriptor) [pid 5791] close(14) = -1 EBADF (Bad file descriptor) [pid 5791] close(15) = -1 EBADF (Bad file descriptor) [pid 5791] close(16) = -1 EBADF (Bad file descriptor) [pid 5791] close(17) = -1 EBADF (Bad file descriptor) [pid 5791] close(18) = -1 EBADF (Bad file descriptor) [pid 5791] close(19) = -1 EBADF (Bad file descriptor) [pid 5791] close(20) = -1 EBADF (Bad file descriptor) [pid 5791] close(21) = -1 EBADF (Bad file descriptor) [pid 5791] close(22) = -1 EBADF (Bad file descriptor) [pid 5791] close(23) = -1 EBADF (Bad file descriptor) [pid 5791] close(24) = -1 EBADF (Bad file descriptor) [pid 5791] close(25) = -1 EBADF (Bad file descriptor) [pid 5791] close(26) = -1 EBADF (Bad file descriptor) [pid 5791] close(27) = -1 EBADF (Bad file descriptor) [pid 5791] close(28) = -1 EBADF (Bad file descriptor) [pid 5791] close(29) = -1 EBADF (Bad file descriptor) [pid 5791] exit_group(0) = ? [pid 5791] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./49/binderfs") = 0 [pid 5086] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 238.447379][ T5792] file_mapped 0 [ 238.447379][ T5792] file_dirty 0 [ 238.447379][ T5792] file_writeback 0 [ 238.447379][ T5792] swapcached 0 [ 238.447379][ T5792] anon_thp 0 [ 238.447379][ T5792] file_thp 0 [ 238.447379][ T5792] shmem_thp 0 [ 238.447379][ T5792] inactive_anon 0 [ 238.447379][ T5792] active_anon 0 [ 238.447379][ T5792] inactive_file 0 [ 238.447379][ T5792] active_file 0 [ 238.447379][ T5792] unevictable 0 [ 238.447379][ T5792] slab_reclaimable 6752 [ 238.447379][ T5792] slab_unreclaimable 0 [ 238.447379][ T5792] slab 6752 [pid 5086] unlink("./49/cgroup") = 0 [pid 5086] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./49/cgroup.net") = 0 [ 238.447379][ T5792] workingset_refault_anon 0 [ 238.447379][ T5792] workingset_refault_file 0 [ 238.447379][ T5792] workingset_activate_anon 0 [ 238.447379][ T5792] workingset_activate_file 0 [ 238.447379][ T5792] workingset_restore_anon 0 [ 238.447379][ T5792] workingset_restore_file 0 [ 238.447379][ T5792] workingset_nodereclaim 0 [ 238.447379][ T5792] pgscan 831 [ 238.447379][ T5792] pgsteal 2 [ 238.447379][ T5792] pgscan_kswapd 0 [ 238.447379][ T5792] pgscan_direct 831 [ 238.447379][ T5792] pgscan_khugepaged 0 [ 238.447379][ T5792] pgsteal_kswapd 0 [pid 5086] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 238.447379][ T5792] pgsteal_direct 2 [ 238.447379][ T5792] pgsteal_khugepaged 0 [ 238.447379][ T5792] pgfault 21 [ 238.447379][ T5792] pgmajfault 0 [ 238.447379][ T5792] pgrefill 830 [ 238.447379][ T5792] pgactivate 829 [ 238.447379][ T5792] pgdeactivate 830 [ 238.447379][ T5792] pglazyfree 0 [ 238.447379][ T5792] pglazyfreed 0 [ 238.447379][ T5792] zswpin 0 [ 238.447379][ T5792] zswpout 0 [ 238.447379][ T5792] thp_fault_alloc 0 [ 238.447379][ T5792] thp_collapse_alloc 0 [pid 5086] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./49/file0") = 0 [pid 5086] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./49/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./49") = 0 [pid 5086] mkdir("./50", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5796 attached , child_tidptr=0x555555c0c5d0) = 52 [ 238.639372][ T5792] Tasks state (memory values in pages): [ 238.660882][ T5792] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 238.670923][ T5792] Out of memory and no killable processes... [pid 5796] chdir("./50") = 0 [pid 5792] <... write resumed>) = 18 [pid 5796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5796] setpgid(0, 0) = 0 [pid 5796] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5796] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5796] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5796] write(3, "1000", 4) = 4 [pid 5796] close(3) = 0 [pid 5796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5796] mkdir("./file0", 000) = 0 [pid 5796] open("./file0", O_RDONLY) = 3 [pid 5796] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5796] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5796] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5796] openat(5, "memory.max", O_RDWR) = 6 [ 238.684463][ T5793] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 238.696179][ T5793] CPU: 1 PID: 5793 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 238.706155][ T5793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 238.716272][ T5793] Call Trace: [ 238.719593][ T5793] [ 238.722572][ T5793] dump_stack_lvl+0x136/0x150 [ 238.727343][ T5793] dump_header+0x10a/0xd70 [ 238.731840][ T5793] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 238.737998][ T5793] out_of_memory+0xd64/0x1660 [pid 5796] write(6, "0x000000000000040e", 18 [pid 5792] close(3) = 0 [pid 5792] close(4) = 0 [pid 5792] close(5) = 0 [pid 5792] close(6) = 0 [pid 5792] close(7) = -1 EBADF (Bad file descriptor) [pid 5792] close(8) = -1 EBADF (Bad file descriptor) [pid 5792] close(9) = -1 EBADF (Bad file descriptor) [pid 5792] close(10) = -1 EBADF (Bad file descriptor) [pid 5792] close(11) = -1 EBADF (Bad file descriptor) [pid 5792] close(12) = -1 EBADF (Bad file descriptor) [pid 5792] close(13) = -1 EBADF (Bad file descriptor) [pid 5792] close(14) = -1 EBADF (Bad file descriptor) [pid 5792] close(15) = -1 EBADF (Bad file descriptor) [pid 5792] close(16) = -1 EBADF (Bad file descriptor) [pid 5792] close(17) = -1 EBADF (Bad file descriptor) [ 238.742762][ T5793] ? oom_killer_disable+0x2b0/0x2b0 [ 238.748054][ T5793] ? find_held_lock+0x2d/0x110 [ 238.752895][ T5793] mem_cgroup_out_of_memory+0x206/0x270 [ 238.758518][ T5793] ? mem_cgroup_margin+0x130/0x130 [ 238.763716][ T5793] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 238.769622][ T5793] memory_max_write+0x2f9/0x3c0 [ 238.774560][ T5793] ? mem_cgroup_force_empty_write+0x160/0x160 [ 238.780718][ T5793] ? lock_sync+0x190/0x190 [ 238.785214][ T5793] cgroup_file_write+0x1e2/0x7b0 [pid 5792] close(18) = -1 EBADF (Bad file descriptor) [pid 5792] close(19) = -1 EBADF (Bad file descriptor) [pid 5792] close(20) = -1 EBADF (Bad file descriptor) [pid 5792] close(21) = -1 EBADF (Bad file descriptor) [pid 5792] close(22) = -1 EBADF (Bad file descriptor) [pid 5792] close(23) = -1 EBADF (Bad file descriptor) [pid 5792] close(24) = -1 EBADF (Bad file descriptor) [pid 5792] close(25) = -1 EBADF (Bad file descriptor) [pid 5792] close(26) = -1 EBADF (Bad file descriptor) [pid 5792] close(27) = -1 EBADF (Bad file descriptor) [pid 5792] close(28) = -1 EBADF (Bad file descriptor) [pid 5792] close(29) = -1 EBADF (Bad file descriptor) [pid 5792] exit_group(0) = ? [pid 5792] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5085] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 238.790254][ T5793] ? mem_cgroup_force_empty_write+0x160/0x160 [ 238.796408][ T5793] ? kill_css+0x3b0/0x3b0 [ 238.800824][ T5793] ? lock_acquire+0x32/0xc0 [ 238.805409][ T5793] ? kill_css+0x3b0/0x3b0 [ 238.809812][ T5793] kernfs_fop_write_iter+0x3f1/0x600 [ 238.815179][ T5793] vfs_write+0x9ed/0xe10 [ 238.819522][ T5793] ? kernel_write+0x670/0x670 [ 238.824306][ T5793] ? find_held_lock+0x2d/0x110 [ 238.829152][ T5793] ? __fget_light+0x20a/0x270 [ 238.833928][ T5793] ksys_write+0x12b/0x250 [ 238.838337][ T5793] ? __ia32_sys_read+0xb0/0xb0 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./49/binderfs") = 0 [pid 5085] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./49/cgroup") = 0 [pid 5085] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./49/cgroup.net") = 0 [ 238.843181][ T5793] ? lockdep_hardirqs_on+0x7d/0x100 [ 238.848457][ T5793] ? _raw_spin_unlock_irq+0x2e/0x50 [ 238.853823][ T5793] ? ptrace_notify+0xfe/0x140 [ 238.858582][ T5793] do_syscall_64+0x39/0xb0 [ 238.863077][ T5793] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 238.869076][ T5793] RIP: 0033:0x7faecf034129 [ 238.873581][ T5793] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 238.893271][ T5793] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 238.901759][ T5793] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 238.909784][ T5793] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 238.917808][ T5793] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 238.925883][ T5793] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 238.933913][ T5793] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000034 [pid 5085] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./49/file0") = 0 [pid 5085] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 238.941972][ T5793] [ 238.959354][ T5793] memory: usage 8kB, limit 0kB, failcnt 36 [ 238.965461][ T5793] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 238.972883][ T5793] Memory cgroup stats for /syz1: [ 238.973184][ T5793] anon 0 [ 238.973184][ T5793] file 0 [ 238.973184][ T5793] kernel 8192 [ 238.973184][ T5793] kernel_stack 0 [ 238.973184][ T5793] pagetables 0 [pid 5085] unlink("./49/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./49") = 0 [pid 5085] mkdir("./50", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5797 attached [pid 5797] chdir("./50" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 52 [pid 5797] <... chdir resumed>) = 0 [pid 5797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5797] setpgid(0, 0) = 0 [pid 5797] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5797] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5797] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5797] write(3, "1000", 4) = 4 [ 238.973184][ T5793] sec_pagetables 0 [ 238.973184][ T5793] percpu 0 [ 238.973184][ T5793] sock 0 [ 238.973184][ T5793] vmalloc 0 [ 238.973184][ T5793] shmem 0 [ 238.973184][ T5793] zswap 0 [ 238.973184][ T5793] zswapped 0 [ 238.973184][ T5793] file_mapped 0 [ 238.973184][ T5793] file_dirty 0 [ 238.973184][ T5793] file_writeback 0 [ 238.973184][ T5793] swapcached 0 [ 238.973184][ T5793] anon_thp 0 [ 238.973184][ T5793] file_thp 0 [ 238.973184][ T5793] shmem_thp 0 [ 238.973184][ T5793] inactive_anon 0 [ 238.973184][ T5793] active_anon 0 [pid 5797] close(3) = 0 [pid 5797] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5797] mkdir("./file0", 000) = 0 [pid 5797] open("./file0", O_RDONLY) = 3 [pid 5797] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5797] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5797] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5797] openat(5, "memory.max", O_RDWR) = 6 [ 238.973184][ T5793] inactive_file 0 [ 238.973184][ T5793] active_file 0 [ 238.973184][ T5793] unevictable 0 [ 238.973184][ T5793] slab_reclaimable 6752 [ 238.973184][ T5793] slab_unreclaimable 0 [ 238.973184][ T5793] slab 6752 [ 238.973184][ T5793] workingset_refault_anon 0 [ 238.973184][ T5793] workingset_refault_file 0 [ 238.973184][ T5793] workingset_activate_anon 0 [ 238.973184][ T5793] workingset_activate_file 0 [ 238.973184][ T5793] workingset_restore_anon 0 [ 238.973184][ T5793] workingset_restore_file 0 [ 238.973184][ T5793] workingset_nodereclaim 0 [ 238.973184][ T5793] pgscan 831 [ 238.973184][ T5793] pgsteal 2 [ 238.973184][ T5793] pgscan_kswapd 0 [ 238.973184][ T5793] pgscan_direct 831 [ 238.973184][ T5793] pgscan_khugepaged 0 [ 238.973184][ T5793] pgsteal_kswapd 0 [ 238.973184][ T5793] pgsteal_direct 2 [ 238.973184][ T5793] pgsteal_khugepaged 0 [ 238.973184][ T5793] pgfault 21 [ 238.973184][ T5793] pgmajfault 0 [ 238.973184][ T5793] pgrefill 830 [ 238.973184][ T5793] pgactivate 829 [ 238.973184][ T5793] pgdeactivate 830 [ 238.973184][ T5793] pglazyfree 0 [ 238.973184][ T5793] pglazyfreed 0 [ 238.973184][ T5793] zswpin 0 [ 238.973184][ T5793] zswpout 0 [ 238.973184][ T5793] thp_fault_alloc 0 [ 238.973184][ T5793] thp_collapse_alloc 0 [ 239.167808][ T5793] Tasks state (memory values in pages): [ 239.178669][ T5793] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5797] write(6, "0x000000000000040e", 18 [pid 5793] <... write resumed>) = 18 [pid 5793] close(3) = 0 [pid 5793] close(4) = 0 [pid 5793] close(5) = 0 [pid 5793] close(6) = 0 [pid 5793] close(7) = -1 EBADF (Bad file descriptor) [pid 5793] close(8) = -1 EBADF (Bad file descriptor) [pid 5793] close(9) = -1 EBADF (Bad file descriptor) [pid 5793] close(10) = -1 EBADF (Bad file descriptor) [pid 5793] close(11) = -1 EBADF (Bad file descriptor) [pid 5793] close(12) = -1 EBADF (Bad file descriptor) [pid 5793] close(13) = -1 EBADF (Bad file descriptor) [ 239.189248][ T5793] Out of memory and no killable processes... [ 239.195762][ T5794] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 239.208296][ T5794] CPU: 0 PID: 5794 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 239.218262][ T5794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 239.228366][ T5794] Call Trace: [ 239.231694][ T5794] [ 239.234678][ T5794] dump_stack_lvl+0x136/0x150 [ 239.239450][ T5794] dump_header+0x10a/0xd70 [ 239.243931][ T5794] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 239.250084][ T5794] out_of_memory+0xd64/0x1660 [ 239.254863][ T5794] ? oom_killer_disable+0x2b0/0x2b0 [ 239.260151][ T5794] mem_cgroup_out_of_memory+0x206/0x270 [ 239.265766][ T5794] ? mem_cgroup_margin+0x130/0x130 [ 239.270977][ T5794] memory_max_write+0x2f9/0x3c0 [ 239.275929][ T5794] ? mem_cgroup_force_empty_write+0x160/0x160 [ 239.282071][ T5794] ? lock_sync+0x190/0x190 [ 239.286533][ T5794] cgroup_file_write+0x1e2/0x7b0 [ 239.291514][ T5794] ? mem_cgroup_force_empty_write+0x160/0x160 [ 239.297650][ T5794] ? kill_css+0x3b0/0x3b0 [ 239.302117][ T5794] ? lock_acquire+0x32/0xc0 [ 239.306671][ T5794] ? kill_css+0x3b0/0x3b0 [ 239.311050][ T5794] kernfs_fop_write_iter+0x3f1/0x600 [ 239.316405][ T5794] vfs_write+0x9ed/0xe10 [ 239.320702][ T5794] ? kernel_write+0x670/0x670 [ 239.325430][ T5794] ? find_held_lock+0x2d/0x110 [ 239.330239][ T5794] ? __fget_light+0x20a/0x270 [ 239.334971][ T5794] ksys_write+0x12b/0x250 [ 239.339348][ T5794] ? __ia32_sys_read+0xb0/0xb0 [ 239.344154][ T5794] ? lockdep_hardirqs_on+0x7d/0x100 [ 239.349394][ T5794] ? _raw_spin_unlock_irq+0x2e/0x50 [ 239.354634][ T5794] ? ptrace_notify+0xfe/0x140 [ 239.359357][ T5794] do_syscall_64+0x39/0xb0 [ 239.363828][ T5794] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 239.369767][ T5794] RIP: 0033:0x7faecf034129 [ 239.374219][ T5794] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5793] close(14) = -1 EBADF (Bad file descriptor) [pid 5793] close(15) = -1 EBADF (Bad file descriptor) [pid 5793] close(16) = -1 EBADF (Bad file descriptor) [pid 5793] close(17) = -1 EBADF (Bad file descriptor) [pid 5793] close(18) = -1 EBADF (Bad file descriptor) [pid 5793] close(19) = -1 EBADF (Bad file descriptor) [pid 5793] close(20) = -1 EBADF (Bad file descriptor) [pid 5793] close(21) = -1 EBADF (Bad file descriptor) [pid 5793] close(22) = -1 EBADF (Bad file descriptor) [pid 5793] close(23) = -1 EBADF (Bad file descriptor) [pid 5793] close(24) = -1 EBADF (Bad file descriptor) [pid 5793] close(25) = -1 EBADF (Bad file descriptor) [pid 5793] close(26) = -1 EBADF (Bad file descriptor) [pid 5793] close(27) = -1 EBADF (Bad file descriptor) [pid 5793] close(28) = -1 EBADF (Bad file descriptor) [pid 5793] close(29) = -1 EBADF (Bad file descriptor) [pid 5793] exit_group(0) = ? [pid 5793] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5089] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./52/binderfs") = 0 [pid 5089] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./52/cgroup") = 0 [pid 5089] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./52/cgroup.net") = 0 [pid 5089] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./52/file0") = 0 [pid 5089] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./52/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./52") = 0 [pid 5089] mkdir("./53", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5798 attached [pid 5798] chdir("./53" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 55 [pid 5798] <... chdir resumed>) = 0 [pid 5798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5798] setpgid(0, 0) = 0 [ 239.393855][ T5794] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 239.402298][ T5794] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 239.410292][ T5794] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 239.418286][ T5794] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 239.426284][ T5794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 239.434302][ T5794] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000033 [ 239.442324][ T5794] [pid 5798] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5798] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5798] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5798] write(3, "1000", 4) = 4 [pid 5798] close(3) = 0 [pid 5798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5798] mkdir("./file0", 000) = 0 [pid 5798] open("./file0", O_RDONLY) = 3 [pid 5798] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5798] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5798] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5798] openat(5, "memory.max", O_RDWR) = 6 [ 239.494763][ T5794] memory: usage 8kB, limit 0kB, failcnt 36 [ 239.500661][ T5794] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 239.520669][ T5794] Memory cgroup stats for /syz1: [ 239.521024][ T5794] anon 0 [ 239.521024][ T5794] file 0 [ 239.521024][ T5794] kernel 8192 [ 239.521024][ T5794] kernel_stack 0 [ 239.521024][ T5794] pagetables 0 [ 239.521024][ T5794] sec_pagetables 0 [ 239.521024][ T5794] percpu 0 [ 239.521024][ T5794] sock 0 [ 239.521024][ T5794] vmalloc 0 [ 239.521024][ T5794] shmem 0 [ 239.521024][ T5794] zswap 0 [ 239.521024][ T5794] zswapped 0 [ 239.521024][ T5794] file_mapped 0 [ 239.521024][ T5794] file_dirty 0 [ 239.521024][ T5794] file_writeback 0 [ 239.521024][ T5794] swapcached 0 [ 239.521024][ T5794] anon_thp 0 [ 239.521024][ T5794] file_thp 0 [ 239.521024][ T5794] shmem_thp 0 [ 239.521024][ T5794] inactive_anon 0 [ 239.521024][ T5794] active_anon 0 [ 239.521024][ T5794] inactive_file 0 [ 239.521024][ T5794] active_file 0 [ 239.521024][ T5794] unevictable 0 [ 239.521024][ T5794] slab_reclaimable 6752 [ 239.521024][ T5794] slab_unreclaimable 0 [ 239.521024][ T5794] slab 6752 [ 239.521024][ T5794] workingset_refault_anon 0 [ 239.521024][ T5794] workingset_refault_file 0 [ 239.521024][ T5794] workingset_activate_anon 0 [ 239.521024][ T5794] workingset_activate_file 0 [ 239.521024][ T5794] workingset_restore_anon 0 [ 239.521024][ T5794] workingset_restore_file 0 [ 239.521024][ T5794] workingset_nodereclaim 0 [ 239.521024][ T5794] pgscan 831 [ 239.521024][ T5794] pgsteal 2 [ 239.521024][ T5794] pgscan_kswapd 0 [ 239.521024][ T5794] pgscan_direct 831 [ 239.521024][ T5794] pgscan_khugepaged 0 [ 239.521024][ T5794] pgsteal_kswapd 0 [ 239.521024][ T5794] pgsteal_direct 2 [ 239.521024][ T5794] pgsteal_khugepaged 0 [ 239.521024][ T5794] pgfault 21 [ 239.521024][ T5794] pgmajfault 0 [ 239.521024][ T5794] pgrefill 830 [ 239.521024][ T5794] pgactivate 829 [ 239.521024][ T5794] pgdeactivate 830 [ 239.521024][ T5794] pglazyfree 0 [ 239.521024][ T5794] pglazyfreed 0 [pid 5798] write(6, "0x000000000000040e", 18 [pid 5794] <... write resumed>) = 18 [ 239.521024][ T5794] zswpin 0 [ 239.521024][ T5794] zswpout 0 [ 239.521024][ T5794] thp_fault_alloc 0 [ 239.521024][ T5794] thp_collapse_alloc 0 [ 239.708815][ T5794] Tasks state (memory values in pages): [ 239.714818][ T5794] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 239.725660][ T5794] Out of memory and no killable processes... [ 239.733111][ T5795] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5794] close(3) = 0 [pid 5794] close(4) = 0 [pid 5794] close(5) = 0 [pid 5794] close(6) = 0 [pid 5794] close(7) = -1 EBADF (Bad file descriptor) [pid 5794] close(8) = -1 EBADF (Bad file descriptor) [pid 5794] close(9) = -1 EBADF (Bad file descriptor) [pid 5794] close(10) = -1 EBADF (Bad file descriptor) [pid 5794] close(11) = -1 EBADF (Bad file descriptor) [pid 5794] close(12) = -1 EBADF (Bad file descriptor) [pid 5794] close(13) = -1 EBADF (Bad file descriptor) [pid 5794] close(14) = -1 EBADF (Bad file descriptor) [pid 5794] close(15) = -1 EBADF (Bad file descriptor) [pid 5794] close(16) = -1 EBADF (Bad file descriptor) [pid 5794] close(17) = -1 EBADF (Bad file descriptor) [pid 5794] close(18) = -1 EBADF (Bad file descriptor) [pid 5794] close(19) = -1 EBADF (Bad file descriptor) [pid 5794] close(20) = -1 EBADF (Bad file descriptor) [pid 5794] close(21) = -1 EBADF (Bad file descriptor) [pid 5794] close(22) = -1 EBADF (Bad file descriptor) [pid 5794] close(23) = -1 EBADF (Bad file descriptor) [pid 5794] close(24) = -1 EBADF (Bad file descriptor) [pid 5794] close(25) = -1 EBADF (Bad file descriptor) [pid 5794] close(26) = -1 EBADF (Bad file descriptor) [pid 5794] close(27) = -1 EBADF (Bad file descriptor) [pid 5794] close(28) = -1 EBADF (Bad file descriptor) [pid 5794] close(29) = -1 EBADF (Bad file descriptor) [pid 5794] exit_group(0) = ? [pid 5794] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5087] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./51/binderfs") = 0 [pid 5087] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./51/cgroup") = 0 [pid 5087] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 239.747460][ T5795] CPU: 1 PID: 5795 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 239.757407][ T5795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 239.767512][ T5795] Call Trace: [ 239.770836][ T5795] [ 239.773816][ T5795] dump_stack_lvl+0x136/0x150 [ 239.778565][ T5795] dump_header+0x10a/0xd70 [ 239.783055][ T5795] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 239.789226][ T5795] out_of_memory+0xd64/0x1660 [pid 5087] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./51/cgroup.net") = 0 [ 239.793992][ T5795] ? oom_killer_disable+0x2b0/0x2b0 [ 239.799279][ T5795] ? find_held_lock+0x2d/0x110 [ 239.804108][ T5795] mem_cgroup_out_of_memory+0x206/0x270 [ 239.809694][ T5795] ? mem_cgroup_margin+0x130/0x130 [ 239.814840][ T5795] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 239.820686][ T5795] memory_max_write+0x2f9/0x3c0 [ 239.825574][ T5795] ? mem_cgroup_force_empty_write+0x160/0x160 [ 239.831680][ T5795] ? lock_sync+0x190/0x190 [ 239.836125][ T5795] cgroup_file_write+0x1e2/0x7b0 [ 239.841097][ T5795] ? mem_cgroup_force_empty_write+0x160/0x160 [ 239.847203][ T5795] ? kill_css+0x3b0/0x3b0 [ 239.851572][ T5795] ? lock_acquire+0x32/0xc0 [ 239.856122][ T5795] ? kill_css+0x3b0/0x3b0 [ 239.860481][ T5795] kernfs_fop_write_iter+0x3f1/0x600 [ 239.865803][ T5795] vfs_write+0x9ed/0xe10 [ 239.870094][ T5795] ? kernel_write+0x670/0x670 [ 239.874807][ T5795] ? find_held_lock+0x2d/0x110 [ 239.879615][ T5795] ? __fget_light+0x20a/0x270 [ 239.884340][ T5795] ksys_write+0x12b/0x250 [ 239.888728][ T5795] ? __ia32_sys_read+0xb0/0xb0 [ 239.893537][ T5795] ? lockdep_hardirqs_on+0x7d/0x100 [ 239.898785][ T5795] ? _raw_spin_unlock_irq+0x2e/0x50 [ 239.904023][ T5795] ? ptrace_notify+0xfe/0x140 [ 239.908732][ T5795] do_syscall_64+0x39/0xb0 [ 239.913186][ T5795] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 239.919103][ T5795] RIP: 0033:0x7faecf034129 [ 239.923535][ T5795] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5087] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 239.943172][ T5795] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 239.951639][ T5795] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 239.959649][ T5795] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 239.967639][ T5795] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 239.975641][ T5795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 239.983630][ T5795] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000035 [ 239.991650][ T5795] [pid 5087] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [ 240.007700][ T5795] memory: usage 8kB, limit 0kB, failcnt 36 [ 240.013924][ T5795] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 240.021018][ T5795] Memory cgroup stats for /syz1: [ 240.021305][ T5795] anon 0 [ 240.021305][ T5795] file 0 [ 240.021305][ T5795] kernel 8192 [ 240.021305][ T5795] kernel_stack 0 [ 240.021305][ T5795] pagetables 0 [ 240.021305][ T5795] sec_pagetables 0 [ 240.021305][ T5795] percpu 0 [ 240.021305][ T5795] sock 0 [ 240.021305][ T5795] vmalloc 0 [ 240.021305][ T5795] shmem 0 [ 240.021305][ T5795] zswap 0 [ 240.021305][ T5795] zswapped 0 [ 240.021305][ T5795] file_mapped 0 [ 240.021305][ T5795] file_dirty 0 [ 240.021305][ T5795] file_writeback 0 [ 240.021305][ T5795] swapcached 0 [ 240.021305][ T5795] anon_thp 0 [ 240.021305][ T5795] file_thp 0 [ 240.021305][ T5795] shmem_thp 0 [ 240.021305][ T5795] inactive_anon 0 [ 240.021305][ T5795] active_anon 0 [ 240.021305][ T5795] inactive_file 0 [ 240.021305][ T5795] active_file 0 [ 240.021305][ T5795] unevictable 0 [ 240.021305][ T5795] slab_reclaimable 6752 [ 240.021305][ T5795] slab_unreclaimable 0 [ 240.021305][ T5795] slab 6752 [ 240.021305][ T5795] workingset_refault_anon 0 [ 240.021305][ T5795] workingset_refault_file 0 [ 240.021305][ T5795] workingset_activate_anon 0 [ 240.021305][ T5795] workingset_activate_file 0 [ 240.021305][ T5795] workingset_restore_anon 0 [ 240.021305][ T5795] workingset_restore_file 0 [ 240.021305][ T5795] workingset_nodereclaim 0 [ 240.021305][ T5795] pgscan 831 [ 240.021305][ T5795] pgsteal 2 [ 240.021305][ T5795] pgscan_kswapd 0 [ 240.021305][ T5795] pgscan_direct 831 [pid 5087] rmdir("./51/file0") = 0 [ 240.021305][ T5795] pgscan_khugepaged 0 [ 240.021305][ T5795] pgsteal_kswapd 0 [ 240.021305][ T5795] pgsteal_direct 2 [ 240.021305][ T5795] pgsteal_khugepaged 0 [ 240.021305][ T5795] pgfault 21 [ 240.021305][ T5795] pgmajfault 0 [ 240.021305][ T5795] pgrefill 830 [ 240.021305][ T5795] pgactivate 829 [ 240.021305][ T5795] pgdeactivate 830 [ 240.021305][ T5795] pglazyfree 0 [ 240.021305][ T5795] pglazyfreed 0 [ 240.021305][ T5795] zswpin 0 [ 240.021305][ T5795] zswpout 0 [ 240.021305][ T5795] thp_fault_alloc 0 [ 240.021305][ T5795] thp_collapse_alloc 0 [pid 5087] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./51/cgroup.cpu", [pid 5795] <... write resumed>) = 18 [pid 5795] close(3) = 0 [pid 5795] close(4) = 0 [pid 5795] close(5) = 0 [pid 5795] close(6) = 0 [pid 5795] close(7) = -1 EBADF (Bad file descriptor) [pid 5795] close(8) = -1 EBADF (Bad file descriptor) [pid 5795] close(9) = -1 EBADF (Bad file descriptor) [pid 5795] close(10) = -1 EBADF (Bad file descriptor) [pid 5795] close(11) = -1 EBADF (Bad file descriptor) [pid 5795] close(12) = -1 EBADF (Bad file descriptor) [pid 5795] close(13) = -1 EBADF (Bad file descriptor) [pid 5795] close(14) = -1 EBADF (Bad file descriptor) [pid 5795] close(15) = -1 EBADF (Bad file descriptor) [pid 5795] close(16) = -1 EBADF (Bad file descriptor) [pid 5795] close(17) = -1 EBADF (Bad file descriptor) [pid 5795] close(18) = -1 EBADF (Bad file descriptor) [pid 5795] close(19) = -1 EBADF (Bad file descriptor) [pid 5795] close(20) = -1 EBADF (Bad file descriptor) [pid 5795] close(21) = -1 EBADF (Bad file descriptor) [pid 5795] close(22) = -1 EBADF (Bad file descriptor) [pid 5795] close(23) = -1 EBADF (Bad file descriptor) [pid 5795] close(24) = -1 EBADF (Bad file descriptor) [pid 5795] close(25) = -1 EBADF (Bad file descriptor) [pid 5795] close(26) = -1 EBADF (Bad file descriptor) [pid 5795] close(27) = -1 EBADF (Bad file descriptor) [pid 5795] close(28) = -1 EBADF (Bad file descriptor) [pid 5795] close(29) = -1 EBADF (Bad file descriptor) [pid 5795] exit_group(0) = ? [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./51/cgroup.cpu" [pid 5795] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5090] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5087] <... unlink resumed>) = 0 [pid 5087] getdents64(3, [pid 5090] <... openat resumed>) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3 [pid 5090] getdents64(3, [pid 5087] <... close resumed>) = 0 [pid 5087] rmdir("./51" [pid 5090] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./53/binderfs", [pid 5087] <... rmdir resumed>) = 0 [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] mkdir("./52", 0777 [pid 5090] unlink("./53/binderfs") = 0 [pid 5090] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... mkdir resumed>) = 0 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5090] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./53/cgroup") = 0 [pid 5090] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 240.214446][ T5795] Tasks state (memory values in pages): [ 240.220607][ T5795] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 240.232010][ T5795] Out of memory and no killable processes... [ 240.238127][ T5796] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 ./strace-static-x86_64: Process 5799 attached [pid 5799] chdir("./52" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 54 [pid 5799] <... chdir resumed>) = 0 [pid 5799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5799] setpgid(0, 0) = 0 [pid 5799] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5799] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5799] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5799] write(3, "1000", 4) = 4 [pid 5799] close(3) = 0 [pid 5799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5799] mkdir("./file0", 000) = 0 [pid 5799] open("./file0", O_RDONLY) = 3 [pid 5799] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5799] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5799] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5799] openat(5, "memory.max", O_RDWR) = 6 [ 240.261706][ T5796] CPU: 1 PID: 5796 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 240.271705][ T5796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 240.281824][ T5796] Call Trace: [ 240.285174][ T5796] [ 240.288168][ T5796] dump_stack_lvl+0x136/0x150 [ 240.292928][ T5796] dump_header+0x10a/0xd70 [ 240.297430][ T5796] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 240.303596][ T5796] out_of_memory+0xd64/0x1660 [ 240.308365][ T5796] ? oom_killer_disable+0x2b0/0x2b0 [pid 5799] write(6, "0x000000000000040e", 18 [pid 5090] unlink("./53/cgroup.net") = 0 [ 240.313647][ T5796] ? find_held_lock+0x2d/0x110 [ 240.318479][ T5796] mem_cgroup_out_of_memory+0x206/0x270 [ 240.324099][ T5796] ? mem_cgroup_margin+0x130/0x130 [ 240.329295][ T5796] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 240.335194][ T5796] memory_max_write+0x2f9/0x3c0 [ 240.340133][ T5796] ? mem_cgroup_force_empty_write+0x160/0x160 [ 240.346298][ T5796] ? lock_sync+0x190/0x190 [ 240.350793][ T5796] cgroup_file_write+0x1e2/0x7b0 [ 240.355815][ T5796] ? mem_cgroup_force_empty_write+0x160/0x160 [ 240.361968][ T5796] ? kill_css+0x3b0/0x3b0 [ 240.366376][ T5796] ? lock_acquire+0x32/0xc0 [ 240.370967][ T5796] ? kill_css+0x3b0/0x3b0 [ 240.375374][ T5796] kernfs_fop_write_iter+0x3f1/0x600 [ 240.380746][ T5796] vfs_write+0x9ed/0xe10 [ 240.385084][ T5796] ? kernel_write+0x670/0x670 [ 240.389841][ T5796] ? find_held_lock+0x2d/0x110 [ 240.394672][ T5796] ? __fget_light+0x20a/0x270 [ 240.399439][ T5796] ksys_write+0x12b/0x250 [ 240.403840][ T5796] ? __ia32_sys_read+0xb0/0xb0 [ 240.408658][ T5796] ? lockdep_hardirqs_on+0x7d/0x100 [ 240.413925][ T5796] ? _raw_spin_unlock_irq+0x2e/0x50 [ 240.419207][ T5796] ? ptrace_notify+0xfe/0x140 [ 240.423963][ T5796] do_syscall_64+0x39/0xb0 [ 240.428459][ T5796] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 240.434424][ T5796] RIP: 0033:0x7faecf034129 [ 240.438892][ T5796] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5090] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 240.458562][ T5796] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 240.467047][ T5796] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 240.475074][ T5796] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 240.483097][ T5796] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 240.491127][ T5796] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 240.499160][ T5796] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000032 [ 240.507219][ T5796] [pid 5090] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./53/file0") = 0 [pid 5090] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./53/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./53") = 0 [pid 5090] mkdir("./54", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 56 ./strace-static-x86_64: Process 5800 attached [ 240.520744][ T5796] memory: usage 8kB, limit 0kB, failcnt 36 [ 240.526911][ T5796] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 240.534512][ T5796] Memory cgroup stats for /syz1: [ 240.534800][ T5796] anon 0 [ 240.534800][ T5796] file 0 [ 240.534800][ T5796] kernel 8192 [ 240.534800][ T5796] kernel_stack 0 [ 240.534800][ T5796] pagetables 0 [ 240.534800][ T5796] sec_pagetables 0 [ 240.534800][ T5796] percpu 0 [ 240.534800][ T5796] sock 0 [ 240.534800][ T5796] vmalloc 0 [ 240.534800][ T5796] shmem 0 [pid 5800] chdir("./54") = 0 [pid 5800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5800] setpgid(0, 0) = 0 [pid 5800] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5800] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5800] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5800] write(3, "1000", 4) = 4 [pid 5800] close(3) = 0 [pid 5800] symlink("/dev/binderfs", "./binderfs") = 0 [ 240.534800][ T5796] zswap 0 [ 240.534800][ T5796] zswapped 0 [ 240.534800][ T5796] file_mapped 0 [ 240.534800][ T5796] file_dirty 0 [ 240.534800][ T5796] file_writeback 0 [ 240.534800][ T5796] swapcached 0 [ 240.534800][ T5796] anon_thp 0 [ 240.534800][ T5796] file_thp 0 [ 240.534800][ T5796] shmem_thp 0 [ 240.534800][ T5796] inactive_anon 0 [ 240.534800][ T5796] active_anon 0 [ 240.534800][ T5796] inactive_file 0 [ 240.534800][ T5796] active_file 0 [ 240.534800][ T5796] unevictable 0 [ 240.534800][ T5796] slab_reclaimable 6752 [pid 5800] mkdir("./file0", 000) = 0 [pid 5800] open("./file0", O_RDONLY) = 3 [pid 5800] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5800] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5800] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5800] openat(5, "memory.max", O_RDWR) = 6 [ 240.534800][ T5796] slab_unreclaimable 0 [ 240.534800][ T5796] slab 6752 [ 240.534800][ T5796] workingset_refault_anon 0 [ 240.534800][ T5796] workingset_refault_file 0 [ 240.534800][ T5796] workingset_activate_anon 0 [ 240.534800][ T5796] workingset_activate_file 0 [ 240.534800][ T5796] workingset_restore_anon 0 [ 240.534800][ T5796] workingset_restore_file 0 [ 240.534800][ T5796] workingset_nodereclaim 0 [ 240.534800][ T5796] pgscan 831 [ 240.534800][ T5796] pgsteal 2 [ 240.534800][ T5796] pgscan_kswapd 0 [ 240.534800][ T5796] pgscan_direct 831 [ 240.534800][ T5796] pgscan_khugepaged 0 [ 240.534800][ T5796] pgsteal_kswapd 0 [ 240.534800][ T5796] pgsteal_direct 2 [ 240.534800][ T5796] pgsteal_khugepaged 0 [ 240.534800][ T5796] pgfault 21 [ 240.534800][ T5796] pgmajfault 0 [ 240.534800][ T5796] pgrefill 830 [ 240.534800][ T5796] pgactivate 829 [ 240.534800][ T5796] pgdeactivate 830 [ 240.534800][ T5796] pglazyfree 0 [ 240.534800][ T5796] pglazyfreed 0 [ 240.534800][ T5796] zswpin 0 [ 240.534800][ T5796] zswpout 0 [ 240.534800][ T5796] thp_fault_alloc 0 [ 240.534800][ T5796] thp_collapse_alloc 0 [pid 5800] write(6, "0x000000000000040e", 18 [pid 5796] <... write resumed>) = 18 [pid 5796] close(3) = 0 [pid 5796] close(4) = 0 [pid 5796] close(5) = 0 [pid 5796] close(6) = 0 [pid 5796] close(7) = -1 EBADF (Bad file descriptor) [pid 5796] close(8) = -1 EBADF (Bad file descriptor) [pid 5796] close(9) = -1 EBADF (Bad file descriptor) [pid 5796] close(10) = -1 EBADF (Bad file descriptor) [pid 5796] close(11) = -1 EBADF (Bad file descriptor) [pid 5796] close(12) = -1 EBADF (Bad file descriptor) [pid 5796] close(13) = -1 EBADF (Bad file descriptor) [ 240.733097][ T5796] Tasks state (memory values in pages): [ 240.738725][ T5796] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 240.748806][ T5796] Out of memory and no killable processes... [ 240.756188][ T5797] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 240.770391][ T5797] CPU: 1 PID: 5797 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5796] close(14) = -1 EBADF (Bad file descriptor) [pid 5796] close(15) = -1 EBADF (Bad file descriptor) [pid 5796] close(16) = -1 EBADF (Bad file descriptor) [pid 5796] close(17) = -1 EBADF (Bad file descriptor) [pid 5796] close(18) = -1 EBADF (Bad file descriptor) [pid 5796] close(19) = -1 EBADF (Bad file descriptor) [pid 5796] close(20) = -1 EBADF (Bad file descriptor) [pid 5796] close(21) = -1 EBADF (Bad file descriptor) [pid 5796] close(22) = -1 EBADF (Bad file descriptor) [pid 5796] close(23) = -1 EBADF (Bad file descriptor) [pid 5796] close(24) = -1 EBADF (Bad file descriptor) [pid 5796] close(25) = -1 EBADF (Bad file descriptor) [pid 5796] close(26) = -1 EBADF (Bad file descriptor) [pid 5796] close(27) = -1 EBADF (Bad file descriptor) [pid 5796] close(28) = -1 EBADF (Bad file descriptor) [pid 5796] close(29) = -1 EBADF (Bad file descriptor) [pid 5796] exit_group(0) = ? [pid 5796] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 240.780373][ T5797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 240.790484][ T5797] Call Trace: [ 240.793811][ T5797] [ 240.796791][ T5797] dump_stack_lvl+0x136/0x150 [ 240.801559][ T5797] dump_header+0x10a/0xd70 [ 240.806049][ T5797] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 240.812218][ T5797] out_of_memory+0xd64/0x1660 [ 240.816985][ T5797] ? oom_killer_disable+0x2b0/0x2b0 [ 240.822280][ T5797] ? find_held_lock+0x2d/0x110 [ 240.827118][ T5797] mem_cgroup_out_of_memory+0x206/0x270 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./50/binderfs") = 0 [pid 5086] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./50/cgroup") = 0 [pid 5086] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./50/cgroup.net") = 0 [ 240.832759][ T5797] ? mem_cgroup_margin+0x130/0x130 [ 240.837959][ T5797] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 240.843850][ T5797] memory_max_write+0x2f9/0x3c0 [ 240.848786][ T5797] ? mem_cgroup_force_empty_write+0x160/0x160 [ 240.854943][ T5797] ? lock_sync+0x190/0x190 [ 240.859437][ T5797] cgroup_file_write+0x1e2/0x7b0 [ 240.864483][ T5797] ? mem_cgroup_force_empty_write+0x160/0x160 [ 240.870627][ T5797] ? kill_css+0x3b0/0x3b0 [ 240.875009][ T5797] ? lock_acquire+0x32/0xc0 [ 240.879582][ T5797] ? kill_css+0x3b0/0x3b0 [ 240.884007][ T5797] kernfs_fop_write_iter+0x3f1/0x600 [ 240.889378][ T5797] vfs_write+0x9ed/0xe10 [ 240.893707][ T5797] ? kernel_write+0x670/0x670 [ 240.898467][ T5797] ? find_held_lock+0x2d/0x110 [ 240.903317][ T5797] ? __fget_light+0x20a/0x270 [ 240.908088][ T5797] ksys_write+0x12b/0x250 [ 240.912494][ T5797] ? __ia32_sys_read+0xb0/0xb0 [ 240.917306][ T5797] ? lockdep_hardirqs_on+0x7d/0x100 [ 240.922552][ T5797] ? _raw_spin_unlock_irq+0x2e/0x50 [ 240.927821][ T5797] ? ptrace_notify+0xfe/0x140 [ 240.932575][ T5797] do_syscall_64+0x39/0xb0 [ 240.937064][ T5797] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 240.943006][ T5797] RIP: 0033:0x7faecf034129 [ 240.947479][ T5797] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 240.967246][ T5797] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 240.975731][ T5797] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5086] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 240.983833][ T5797] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 240.991837][ T5797] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 240.999863][ T5797] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 241.007890][ T5797] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000032 [ 241.015951][ T5797] [pid 5086] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./50/file0") = 0 [pid 5086] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./50/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./50") = 0 [pid 5086] mkdir("./51", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5801 attached [pid 5801] chdir("./51" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 53 [pid 5801] <... chdir resumed>) = 0 [ 241.032524][ T5797] memory: usage 8kB, limit 0kB, failcnt 36 [ 241.039075][ T5797] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 241.046410][ T5797] Memory cgroup stats for /syz1: [ 241.046824][ T5797] anon 0 [ 241.046824][ T5797] file 0 [ 241.046824][ T5797] kernel 8192 [ 241.046824][ T5797] kernel_stack 0 [ 241.046824][ T5797] pagetables 0 [ 241.046824][ T5797] sec_pagetables 0 [ 241.046824][ T5797] percpu 0 [ 241.046824][ T5797] sock 0 [ 241.046824][ T5797] vmalloc 0 [ 241.046824][ T5797] shmem 0 [ 241.046824][ T5797] zswap 0 [pid 5801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5801] setpgid(0, 0) = 0 [pid 5801] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5801] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5801] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5801] write(3, "1000", 4) = 4 [pid 5801] close(3) = 0 [pid 5801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5801] mkdir("./file0", 000) = 0 [pid 5801] open("./file0", O_RDONLY) = 3 [pid 5801] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5801] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5801] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5801] openat(5, "memory.max", O_RDWR) = 6 [ 241.046824][ T5797] zswapped 0 [ 241.046824][ T5797] file_mapped 0 [ 241.046824][ T5797] file_dirty 0 [ 241.046824][ T5797] file_writeback 0 [ 241.046824][ T5797] swapcached 0 [ 241.046824][ T5797] anon_thp 0 [ 241.046824][ T5797] file_thp 0 [ 241.046824][ T5797] shmem_thp 0 [ 241.046824][ T5797] inactive_anon 0 [ 241.046824][ T5797] active_anon 0 [ 241.046824][ T5797] inactive_file 0 [ 241.046824][ T5797] active_file 0 [ 241.046824][ T5797] unevictable 0 [ 241.046824][ T5797] slab_reclaimable 6752 [ 241.046824][ T5797] slab_unreclaimable 0 [ 241.046824][ T5797] slab 6752 [ 241.046824][ T5797] workingset_refault_anon 0 [ 241.046824][ T5797] workingset_refault_file 0 [ 241.046824][ T5797] workingset_activate_anon 0 [ 241.046824][ T5797] workingset_activate_file 0 [ 241.046824][ T5797] workingset_restore_anon 0 [ 241.046824][ T5797] workingset_restore_file 0 [ 241.046824][ T5797] workingset_nodereclaim 0 [ 241.046824][ T5797] pgscan 831 [ 241.046824][ T5797] pgsteal 2 [ 241.046824][ T5797] pgscan_kswapd 0 [ 241.046824][ T5797] pgscan_direct 831 [ 241.046824][ T5797] pgscan_khugepaged 0 [ 241.046824][ T5797] pgsteal_kswapd 0 [ 241.046824][ T5797] pgsteal_direct 2 [ 241.046824][ T5797] pgsteal_khugepaged 0 [ 241.046824][ T5797] pgfault 21 [ 241.046824][ T5797] pgmajfault 0 [ 241.046824][ T5797] pgrefill 830 [ 241.046824][ T5797] pgactivate 829 [ 241.046824][ T5797] pgdeactivate 830 [ 241.046824][ T5797] pglazyfree 0 [ 241.046824][ T5797] pglazyfreed 0 [ 241.046824][ T5797] zswpin 0 [ 241.046824][ T5797] zswpout 0 [ 241.046824][ T5797] thp_fault_alloc 0 [ 241.046824][ T5797] thp_collapse_alloc 0 [pid 5801] write(6, "0x000000000000040e", 18 [pid 5797] <... write resumed>) = 18 [pid 5797] close(3) = 0 [pid 5797] close(4) = 0 [pid 5797] close(5) = 0 [pid 5797] close(6) = 0 [pid 5797] close(7) = -1 EBADF (Bad file descriptor) [pid 5797] close(8) = -1 EBADF (Bad file descriptor) [pid 5797] close(9) = -1 EBADF (Bad file descriptor) [pid 5797] close(10) = -1 EBADF (Bad file descriptor) [ 241.234090][ T5797] Tasks state (memory values in pages): [ 241.239880][ T5797] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 241.249687][ T5797] Out of memory and no killable processes... [ 241.255852][ T5798] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 241.267239][ T5798] CPU: 1 PID: 5798 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5797] close(11) = -1 EBADF (Bad file descriptor) [pid 5797] close(12) = -1 EBADF (Bad file descriptor) [pid 5797] close(13) = -1 EBADF (Bad file descriptor) [pid 5797] close(14) = -1 EBADF (Bad file descriptor) [pid 5797] close(15) = -1 EBADF (Bad file descriptor) [pid 5797] close(16) = -1 EBADF (Bad file descriptor) [pid 5797] close(17) = -1 EBADF (Bad file descriptor) [pid 5797] close(18) = -1 EBADF (Bad file descriptor) [pid 5797] close(19) = -1 EBADF (Bad file descriptor) [pid 5797] close(20) = -1 EBADF (Bad file descriptor) [pid 5797] close(21) = -1 EBADF (Bad file descriptor) [pid 5797] close(22) = -1 EBADF (Bad file descriptor) [pid 5797] close(23) = -1 EBADF (Bad file descriptor) [pid 5797] close(24) = -1 EBADF (Bad file descriptor) [pid 5797] close(25) = -1 EBADF (Bad file descriptor) [pid 5797] close(26) = -1 EBADF (Bad file descriptor) [pid 5797] close(27) = -1 EBADF (Bad file descriptor) [pid 5797] close(28) = -1 EBADF (Bad file descriptor) [pid 5797] close(29) = -1 EBADF (Bad file descriptor) [ 241.277206][ T5798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 241.287316][ T5798] Call Trace: [ 241.290655][ T5798] [ 241.293643][ T5798] dump_stack_lvl+0x136/0x150 [ 241.298391][ T5798] dump_header+0x10a/0xd70 [ 241.302882][ T5798] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 241.309045][ T5798] out_of_memory+0xd64/0x1660 [ 241.313813][ T5798] ? oom_killer_disable+0x2b0/0x2b0 [ 241.319103][ T5798] mem_cgroup_out_of_memory+0x206/0x270 [ 241.324729][ T5798] ? mem_cgroup_margin+0x130/0x130 [ 241.329934][ T5798] memory_max_write+0x2f9/0x3c0 [pid 5797] exit_group(0) = ? [pid 5797] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./50/binderfs") = 0 [pid 5085] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./50/cgroup") = 0 [pid 5085] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 241.334862][ T5798] ? mem_cgroup_force_empty_write+0x160/0x160 [ 241.341033][ T5798] ? lock_sync+0x190/0x190 [ 241.345522][ T5798] cgroup_file_write+0x1e2/0x7b0 [ 241.350553][ T5798] ? mem_cgroup_force_empty_write+0x160/0x160 [ 241.356707][ T5798] ? kill_css+0x3b0/0x3b0 [ 241.361117][ T5798] ? lock_acquire+0x32/0xc0 [ 241.365708][ T5798] ? kill_css+0x3b0/0x3b0 [ 241.370121][ T5798] kernfs_fop_write_iter+0x3f1/0x600 [ 241.375494][ T5798] vfs_write+0x9ed/0xe10 [ 241.379824][ T5798] ? kernel_write+0x670/0x670 [pid 5085] unlink("./50/cgroup.net") = 0 [ 241.384607][ T5798] ? find_held_lock+0x2d/0x110 [ 241.389457][ T5798] ? __fget_light+0x20a/0x270 [ 241.394240][ T5798] ksys_write+0x12b/0x250 [ 241.398644][ T5798] ? __ia32_sys_read+0xb0/0xb0 [ 241.403490][ T5798] ? lockdep_hardirqs_on+0x7d/0x100 [ 241.408753][ T5798] ? _raw_spin_unlock_irq+0x2e/0x50 [ 241.413985][ T5798] ? ptrace_notify+0xfe/0x140 [ 241.418732][ T5798] do_syscall_64+0x39/0xb0 [ 241.423244][ T5798] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 241.429218][ T5798] RIP: 0033:0x7faecf034129 [ 241.433682][ T5798] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 241.453339][ T5798] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 241.461792][ T5798] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 241.469801][ T5798] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 241.477844][ T5798] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5085] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./50/file0") = 0 [pid 5085] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./50/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./50") = 0 [ 241.485864][ T5798] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 241.493856][ T5798] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000035 [ 241.501902][ T5798] [ 241.523620][ T5798] memory: usage 8kB, limit 0kB, failcnt 36 [ 241.529516][ T5798] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5085] mkdir("./51", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 53 ./strace-static-x86_64: Process 5802 attached [pid 5802] chdir("./51") = 0 [pid 5802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5802] setpgid(0, 0) = 0 [pid 5802] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5802] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5802] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5802] write(3, "1000", 4) = 4 [pid 5802] close(3) = 0 [pid 5802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5802] mkdir("./file0", 000) = 0 [pid 5802] open("./file0", O_RDONLY) = 3 [pid 5802] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5802] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5802] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 241.545689][ T5798] Memory cgroup stats for /syz1: [ 241.545983][ T5798] anon 0 [ 241.545983][ T5798] file 0 [ 241.545983][ T5798] kernel 8192 [ 241.545983][ T5798] kernel_stack 0 [ 241.545983][ T5798] pagetables 0 [ 241.545983][ T5798] sec_pagetables 0 [ 241.545983][ T5798] percpu 0 [ 241.545983][ T5798] sock 0 [ 241.545983][ T5798] vmalloc 0 [ 241.545983][ T5798] shmem 0 [ 241.545983][ T5798] zswap 0 [ 241.545983][ T5798] zswapped 0 [ 241.545983][ T5798] file_mapped 0 [ 241.545983][ T5798] file_dirty 0 [pid 5802] openat(5, "memory.max", O_RDWR) = 6 [ 241.545983][ T5798] file_writeback 0 [ 241.545983][ T5798] swapcached 0 [ 241.545983][ T5798] anon_thp 0 [ 241.545983][ T5798] file_thp 0 [ 241.545983][ T5798] shmem_thp 0 [ 241.545983][ T5798] inactive_anon 0 [ 241.545983][ T5798] active_anon 0 [ 241.545983][ T5798] inactive_file 0 [ 241.545983][ T5798] active_file 0 [ 241.545983][ T5798] unevictable 0 [ 241.545983][ T5798] slab_reclaimable 6752 [ 241.545983][ T5798] slab_unreclaimable 0 [ 241.545983][ T5798] slab 6752 [ 241.545983][ T5798] workingset_refault_anon 0 [ 241.545983][ T5798] workingset_refault_file 0 [ 241.545983][ T5798] workingset_activate_anon 0 [ 241.545983][ T5798] workingset_activate_file 0 [ 241.545983][ T5798] workingset_restore_anon 0 [ 241.545983][ T5798] workingset_restore_file 0 [ 241.545983][ T5798] workingset_nodereclaim 0 [ 241.545983][ T5798] pgscan 831 [ 241.545983][ T5798] pgsteal 2 [ 241.545983][ T5798] pgscan_kswapd 0 [ 241.545983][ T5798] pgscan_direct 831 [ 241.545983][ T5798] pgscan_khugepaged 0 [ 241.545983][ T5798] pgsteal_kswapd 0 [ 241.545983][ T5798] pgsteal_direct 2 [ 241.545983][ T5798] pgsteal_khugepaged 0 [ 241.545983][ T5798] pgfault 21 [ 241.545983][ T5798] pgmajfault 0 [ 241.545983][ T5798] pgrefill 830 [ 241.545983][ T5798] pgactivate 829 [ 241.545983][ T5798] pgdeactivate 830 [ 241.545983][ T5798] pglazyfree 0 [ 241.545983][ T5798] pglazyfreed 0 [ 241.545983][ T5798] zswpin 0 [ 241.545983][ T5798] zswpout 0 [ 241.545983][ T5798] thp_fault_alloc 0 [ 241.545983][ T5798] thp_collapse_alloc 0 [pid 5802] write(6, "0x000000000000040e", 18 [pid 5798] <... write resumed>) = 18 [pid 5798] close(3) = 0 [pid 5798] close(4) = 0 [pid 5798] close(5) = 0 [pid 5798] close(6) = 0 [pid 5798] close(7) = -1 EBADF (Bad file descriptor) [pid 5798] close(8) = -1 EBADF (Bad file descriptor) [pid 5798] close(9) = -1 EBADF (Bad file descriptor) [ 241.745890][ T5798] Tasks state (memory values in pages): [ 241.751515][ T5798] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 241.762540][ T5798] Out of memory and no killable processes... [ 241.769913][ T5799] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5798] close(10) = -1 EBADF (Bad file descriptor) [pid 5798] close(11) = -1 EBADF (Bad file descriptor) [pid 5798] close(12) = -1 EBADF (Bad file descriptor) [pid 5798] close(13) = -1 EBADF (Bad file descriptor) [pid 5798] close(14) = -1 EBADF (Bad file descriptor) [pid 5798] close(15) = -1 EBADF (Bad file descriptor) [pid 5798] close(16) = -1 EBADF (Bad file descriptor) [pid 5798] close(17) = -1 EBADF (Bad file descriptor) [pid 5798] close(18) = -1 EBADF (Bad file descriptor) [pid 5798] close(19) = -1 EBADF (Bad file descriptor) [pid 5798] close(20) = -1 EBADF (Bad file descriptor) [pid 5798] close(21) = -1 EBADF (Bad file descriptor) [pid 5798] close(22) = -1 EBADF (Bad file descriptor) [pid 5798] close(23) = -1 EBADF (Bad file descriptor) [pid 5798] close(24) = -1 EBADF (Bad file descriptor) [pid 5798] close(25) = -1 EBADF (Bad file descriptor) [pid 5798] close(26) = -1 EBADF (Bad file descriptor) [pid 5798] close(27) = -1 EBADF (Bad file descriptor) [pid 5798] close(28) = -1 EBADF (Bad file descriptor) [pid 5798] close(29) = -1 EBADF (Bad file descriptor) [pid 5798] exit_group(0) = ? [pid 5798] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 241.789207][ T5799] CPU: 1 PID: 5799 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 241.799191][ T5799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 241.809303][ T5799] Call Trace: [ 241.812634][ T5799] [ 241.815615][ T5799] dump_stack_lvl+0x136/0x150 [ 241.820365][ T5799] dump_header+0x10a/0xd70 [ 241.824850][ T5799] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 241.831017][ T5799] out_of_memory+0xd64/0x1660 [ 241.835776][ T5799] ? oom_killer_disable+0x2b0/0x2b0 [ 241.841056][ T5799] ? find_held_lock+0x2d/0x110 [pid 5089] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./53/binderfs") = 0 [pid 5089] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./53/cgroup") = 0 [pid 5089] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./53/cgroup.net") = 0 [ 241.845884][ T5799] mem_cgroup_out_of_memory+0x206/0x270 [ 241.851507][ T5799] ? mem_cgroup_margin+0x130/0x130 [ 241.856749][ T5799] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 241.862648][ T5799] memory_max_write+0x2f9/0x3c0 [ 241.867592][ T5799] ? mem_cgroup_force_empty_write+0x160/0x160 [ 241.873762][ T5799] ? lock_sync+0x190/0x190 [ 241.878305][ T5799] cgroup_file_write+0x1e2/0x7b0 [ 241.883332][ T5799] ? mem_cgroup_force_empty_write+0x160/0x160 [ 241.889479][ T5799] ? kill_css+0x3b0/0x3b0 [ 241.893888][ T5799] ? lock_acquire+0x32/0xc0 [ 241.898441][ T5799] ? kill_css+0x3b0/0x3b0 [ 241.902822][ T5799] kernfs_fop_write_iter+0x3f1/0x600 [ 241.908182][ T5799] vfs_write+0x9ed/0xe10 [ 241.912497][ T5799] ? kernel_write+0x670/0x670 [ 241.917225][ T5799] ? find_held_lock+0x2d/0x110 [ 241.922042][ T5799] ? __fget_light+0x20a/0x270 [ 241.926797][ T5799] ksys_write+0x12b/0x250 [ 241.931185][ T5799] ? __ia32_sys_read+0xb0/0xb0 [ 241.935998][ T5799] ? lockdep_hardirqs_on+0x7d/0x100 [ 241.941275][ T5799] ? _raw_spin_unlock_irq+0x2e/0x50 [ 241.946529][ T5799] ? ptrace_notify+0xfe/0x140 [ 241.951253][ T5799] do_syscall_64+0x39/0xb0 [ 241.955721][ T5799] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 241.961660][ T5799] RIP: 0033:0x7faecf034129 [ 241.966104][ T5799] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 241.985744][ T5799] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5089] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [ 241.994190][ T5799] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 242.002187][ T5799] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 242.010199][ T5799] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 242.018214][ T5799] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 242.026207][ T5799] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000034 [ 242.034243][ T5799] [pid 5089] rmdir("./53/file0") = 0 [pid 5089] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./53/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./53") = 0 [pid 5089] mkdir("./54", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5803 attached [pid 5803] chdir("./54" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 56 [pid 5803] <... chdir resumed>) = 0 [pid 5803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5803] setpgid(0, 0) = 0 [pid 5803] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5803] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5803] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5803] write(3, "1000", 4) = 4 [ 242.058958][ T5799] memory: usage 8kB, limit 0kB, failcnt 36 [ 242.071274][ T5799] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 242.091692][ T5799] Memory cgroup stats for /syz1: [ 242.091987][ T5799] anon 0 [ 242.091987][ T5799] file 0 [ 242.091987][ T5799] kernel 8192 [ 242.091987][ T5799] kernel_stack 0 [pid 5803] close(3) = 0 [pid 5803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5803] mkdir("./file0", 000) = 0 [pid 5803] open("./file0", O_RDONLY) = 3 [pid 5803] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5803] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5803] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5803] openat(5, "memory.max", O_RDWR) = 6 [ 242.091987][ T5799] pagetables 0 [ 242.091987][ T5799] sec_pagetables 0 [ 242.091987][ T5799] percpu 0 [ 242.091987][ T5799] sock 0 [ 242.091987][ T5799] vmalloc 0 [ 242.091987][ T5799] shmem 0 [ 242.091987][ T5799] zswap 0 [ 242.091987][ T5799] zswapped 0 [ 242.091987][ T5799] file_mapped 0 [ 242.091987][ T5799] file_dirty 0 [ 242.091987][ T5799] file_writeback 0 [ 242.091987][ T5799] swapcached 0 [ 242.091987][ T5799] anon_thp 0 [ 242.091987][ T5799] file_thp 0 [ 242.091987][ T5799] shmem_thp 0 [ 242.091987][ T5799] inactive_anon 0 [ 242.091987][ T5799] active_anon 0 [ 242.091987][ T5799] inactive_file 0 [ 242.091987][ T5799] active_file 0 [ 242.091987][ T5799] unevictable 0 [ 242.091987][ T5799] slab_reclaimable 6752 [ 242.091987][ T5799] slab_unreclaimable 0 [ 242.091987][ T5799] slab 6752 [ 242.091987][ T5799] workingset_refault_anon 0 [ 242.091987][ T5799] workingset_refault_file 0 [ 242.091987][ T5799] workingset_activate_anon 0 [ 242.091987][ T5799] workingset_activate_file 0 [ 242.091987][ T5799] workingset_restore_anon 0 [ 242.091987][ T5799] workingset_restore_file 0 [ 242.091987][ T5799] workingset_nodereclaim 0 [ 242.091987][ T5799] pgscan 831 [ 242.091987][ T5799] pgsteal 2 [ 242.091987][ T5799] pgscan_kswapd 0 [ 242.091987][ T5799] pgscan_direct 831 [ 242.091987][ T5799] pgscan_khugepaged 0 [ 242.091987][ T5799] pgsteal_kswapd 0 [ 242.091987][ T5799] pgsteal_direct 2 [ 242.091987][ T5799] pgsteal_khugepaged 0 [ 242.091987][ T5799] pgfault 21 [ 242.091987][ T5799] pgmajfault 0 [ 242.091987][ T5799] pgrefill 830 [ 242.091987][ T5799] pgactivate 829 [ 242.091987][ T5799] pgdeactivate 830 [ 242.091987][ T5799] pglazyfree 0 [ 242.091987][ T5799] pglazyfreed 0 [ 242.091987][ T5799] zswpin 0 [ 242.091987][ T5799] zswpout 0 [ 242.091987][ T5799] thp_fault_alloc 0 [ 242.091987][ T5799] thp_collapse_alloc 0 [ 242.294154][ T5799] Tasks state (memory values in pages): [ 242.299807][ T5799] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5803] write(6, "0x000000000000040e", 18 [pid 5799] <... write resumed>) = 18 [pid 5799] close(3) = 0 [pid 5799] close(4) = 0 [pid 5799] close(5) = 0 [pid 5799] close(6) = 0 [pid 5799] close(7) = -1 EBADF (Bad file descriptor) [pid 5799] close(8) = -1 EBADF (Bad file descriptor) [pid 5799] close(9) = -1 EBADF (Bad file descriptor) [pid 5799] close(10) = -1 EBADF (Bad file descriptor) [pid 5799] close(11) = -1 EBADF (Bad file descriptor) [pid 5799] close(12) = -1 EBADF (Bad file descriptor) [pid 5799] close(13) = -1 EBADF (Bad file descriptor) [pid 5799] close(14) = -1 EBADF (Bad file descriptor) [pid 5799] close(15) = -1 EBADF (Bad file descriptor) [pid 5799] close(16) = -1 EBADF (Bad file descriptor) [pid 5799] close(17) = -1 EBADF (Bad file descriptor) [pid 5799] close(18) = -1 EBADF (Bad file descriptor) [pid 5799] close(19) = -1 EBADF (Bad file descriptor) [pid 5799] close(20) = -1 EBADF (Bad file descriptor) [pid 5799] close(21) = -1 EBADF (Bad file descriptor) [pid 5799] close(22) = -1 EBADF (Bad file descriptor) [pid 5799] close(23) = -1 EBADF (Bad file descriptor) [pid 5799] close(24) = -1 EBADF (Bad file descriptor) [pid 5799] close(25) = -1 EBADF (Bad file descriptor) [ 242.309741][ T5799] Out of memory and no killable processes... [ 242.324962][ T5800] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5799] close(26) = -1 EBADF (Bad file descriptor) [pid 5799] close(27) = -1 EBADF (Bad file descriptor) [pid 5799] close(28) = -1 EBADF (Bad file descriptor) [ 242.365197][ T5800] CPU: 0 PID: 5800 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 242.375191][ T5800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 242.385310][ T5800] Call Trace: [ 242.388632][ T5800] [ 242.391603][ T5800] dump_stack_lvl+0x136/0x150 [ 242.396347][ T5800] dump_header+0x10a/0xd70 [ 242.400830][ T5800] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 242.406981][ T5800] out_of_memory+0xd64/0x1660 [ 242.411710][ T5800] ? oom_killer_disable+0x2b0/0x2b0 [ 242.416947][ T5800] ? find_held_lock+0x2d/0x110 [ 242.421754][ T5800] mem_cgroup_out_of_memory+0x206/0x270 [ 242.427350][ T5800] ? mem_cgroup_margin+0x130/0x130 [ 242.432522][ T5800] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 242.438382][ T5800] memory_max_write+0x2f9/0x3c0 [ 242.443289][ T5800] ? mem_cgroup_force_empty_write+0x160/0x160 [ 242.449408][ T5800] ? lock_sync+0x190/0x190 [ 242.453877][ T5800] cgroup_file_write+0x1e2/0x7b0 [ 242.458865][ T5800] ? mem_cgroup_force_empty_write+0x160/0x160 [ 242.464981][ T5800] ? kill_css+0x3b0/0x3b0 [ 242.469353][ T5800] ? lock_acquire+0x32/0xc0 [ 242.473902][ T5800] ? kill_css+0x3b0/0x3b0 [ 242.478276][ T5800] kernfs_fop_write_iter+0x3f1/0x600 [ 242.483614][ T5800] vfs_write+0x9ed/0xe10 [ 242.487907][ T5800] ? kernel_write+0x670/0x670 [ 242.492652][ T5800] ? find_held_lock+0x2d/0x110 [ 242.497460][ T5800] ? __fget_light+0x20a/0x270 [ 242.502193][ T5800] ksys_write+0x12b/0x250 [ 242.506591][ T5800] ? __ia32_sys_read+0xb0/0xb0 [ 242.511408][ T5800] ? lockdep_hardirqs_on+0x7d/0x100 [ 242.516679][ T5800] ? _raw_spin_unlock_irq+0x2e/0x50 [ 242.521934][ T5800] ? ptrace_notify+0xfe/0x140 [ 242.526656][ T5800] do_syscall_64+0x39/0xb0 [ 242.531130][ T5800] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 242.537060][ T5800] RIP: 0033:0x7faecf034129 [ 242.541501][ T5800] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5799] close(29) = -1 EBADF (Bad file descriptor) [ 242.561154][ T5800] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 242.569596][ T5800] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 242.577595][ T5800] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 242.585615][ T5800] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 242.593611][ T5800] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 242.601603][ T5800] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000036 [ 242.609623][ T5800] [pid 5799] exit_group(0) = ? [pid 5799] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5087] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 242.621784][ T5800] memory: usage 8kB, limit 0kB, failcnt 36 [ 242.627945][ T5800] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 242.637394][ T5800] Memory cgroup stats for /syz1: [ 242.637689][ T5800] anon 0 [ 242.637689][ T5800] file 0 [ 242.637689][ T5800] kernel 8192 [ 242.637689][ T5800] kernel_stack 0 [ 242.637689][ T5800] pagetables 0 [ 242.637689][ T5800] sec_pagetables 0 [ 242.637689][ T5800] percpu 0 [ 242.637689][ T5800] sock 0 [ 242.637689][ T5800] vmalloc 0 [ 242.637689][ T5800] shmem 0 [ 242.637689][ T5800] zswap 0 [ 242.637689][ T5800] zswapped 0 [ 242.637689][ T5800] file_mapped 0 [ 242.637689][ T5800] file_dirty 0 [ 242.637689][ T5800] file_writeback 0 [ 242.637689][ T5800] swapcached 0 [ 242.637689][ T5800] anon_thp 0 [ 242.637689][ T5800] file_thp 0 [ 242.637689][ T5800] shmem_thp 0 [ 242.637689][ T5800] inactive_anon 0 [ 242.637689][ T5800] active_anon 0 [ 242.637689][ T5800] inactive_file 0 [ 242.637689][ T5800] active_file 0 [ 242.637689][ T5800] unevictable 0 [ 242.637689][ T5800] slab_reclaimable 6752 [ 242.637689][ T5800] slab_unreclaimable 0 [ 242.637689][ T5800] slab 6752 [ 242.637689][ T5800] workingset_refault_anon 0 [ 242.637689][ T5800] workingset_refault_file 0 [ 242.637689][ T5800] workingset_activate_anon 0 [ 242.637689][ T5800] workingset_activate_file 0 [ 242.637689][ T5800] workingset_restore_anon 0 [ 242.637689][ T5800] workingset_restore_file 0 [ 242.637689][ T5800] workingset_nodereclaim 0 [ 242.637689][ T5800] pgscan 831 [ 242.637689][ T5800] pgsteal 2 [ 242.637689][ T5800] pgscan_kswapd 0 [ 242.637689][ T5800] pgscan_direct 831 [pid 5087] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./52/binderfs") = 0 [pid 5087] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./52/cgroup") = 0 [pid 5087] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./52/cgroup.net") = 0 [ 242.637689][ T5800] pgscan_khugepaged 0 [ 242.637689][ T5800] pgsteal_kswapd 0 [ 242.637689][ T5800] pgsteal_direct 2 [ 242.637689][ T5800] pgsteal_khugepaged 0 [ 242.637689][ T5800] pgfault 21 [ 242.637689][ T5800] pgmajfault 0 [ 242.637689][ T5800] pgrefill 830 [ 242.637689][ T5800] pgactivate 829 [ 242.637689][ T5800] pgdeactivate 830 [ 242.637689][ T5800] pglazyfree 0 [ 242.637689][ T5800] pglazyfreed 0 [ 242.637689][ T5800] zswpin 0 [ 242.637689][ T5800] zswpout 0 [ 242.637689][ T5800] thp_fault_alloc 0 [pid 5087] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5800] <... write resumed>) = 18 [pid 5800] close(3 [ 242.637689][ T5800] thp_collapse_alloc 0 [ 242.827508][ T5800] Tasks state (memory values in pages): [ 242.839776][ T5800] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 242.856261][ T5800] Out of memory and no killable processes... [pid 5087] close(4 [pid 5800] <... close resumed>) = 0 [pid 5087] <... close resumed>) = 0 [pid 5800] close(4 [pid 5087] rmdir("./52/file0" [pid 5800] <... close resumed>) = 0 [pid 5087] <... rmdir resumed>) = 0 [pid 5800] close(5 [pid 5087] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5800] <... close resumed>) = 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5800] close(6 [pid 5087] lstat("./52/cgroup.cpu", [pid 5800] <... close resumed>) = 0 [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5800] close(7 [pid 5087] unlink("./52/cgroup.cpu" [pid 5800] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5087] <... unlink resumed>) = 0 [pid 5800] close(8 [pid 5087] getdents64(3, [pid 5800] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5087] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5800] close(9 [pid 5087] close(3 [pid 5800] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5087] <... close resumed>) = 0 [pid 5800] close(10 [pid 5087] rmdir("./52" [pid 5800] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5087] <... rmdir resumed>) = 0 [ 242.864374][ T5801] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 242.875578][ T5801] CPU: 0 PID: 5801 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 242.885545][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 242.895661][ T5801] Call Trace: [ 242.898996][ T5801] [ 242.901976][ T5801] dump_stack_lvl+0x136/0x150 [ 242.906729][ T5801] dump_header+0x10a/0xd70 [ 242.911221][ T5801] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 242.917385][ T5801] out_of_memory+0xd64/0x1660 [pid 5800] close(11 [pid 5087] mkdir("./53", 0777 [pid 5800] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5087] <... mkdir resumed>) = 0 [pid 5800] close(12 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5800] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5800] close(13 [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 55 [pid 5800] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5800] close(14) = -1 EBADF (Bad file descriptor) [pid 5800] close(15) = -1 EBADF (Bad file descriptor) [ 242.922157][ T5801] ? oom_killer_disable+0x2b0/0x2b0 [ 242.927442][ T5801] mem_cgroup_out_of_memory+0x206/0x270 [ 242.933089][ T5801] ? mem_cgroup_margin+0x130/0x130 [ 242.938304][ T5801] memory_max_write+0x2f9/0x3c0 [ 242.943233][ T5801] ? mem_cgroup_force_empty_write+0x160/0x160 [ 242.949387][ T5801] ? lock_sync+0x190/0x190 [ 242.953892][ T5801] cgroup_file_write+0x1e2/0x7b0 [ 242.958909][ T5801] ? mem_cgroup_force_empty_write+0x160/0x160 [ 242.965041][ T5801] ? kill_css+0x3b0/0x3b0 [ 242.969415][ T5801] ? lock_acquire+0x32/0xc0 [ 242.973981][ T5801] ? kill_css+0x3b0/0x3b0 [ 242.978367][ T5801] kernfs_fop_write_iter+0x3f1/0x600 [ 242.983705][ T5801] vfs_write+0x9ed/0xe10 [ 242.988016][ T5801] ? kernel_write+0x670/0x670 [ 242.992744][ T5801] ? find_held_lock+0x2d/0x110 [ 242.997550][ T5801] ? __fget_light+0x20a/0x270 [ 243.002280][ T5801] ksys_write+0x12b/0x250 [ 243.006670][ T5801] ? __ia32_sys_read+0xb0/0xb0 [ 243.011481][ T5801] ? lockdep_hardirqs_on+0x7d/0x100 [ 243.016716][ T5801] ? _raw_spin_unlock_irq+0x2e/0x50 [ 243.021959][ T5801] ? ptrace_notify+0xfe/0x140 [ 243.026677][ T5801] do_syscall_64+0x39/0xb0 [ 243.031163][ T5801] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 243.037097][ T5801] RIP: 0033:0x7faecf034129 [ 243.041550][ T5801] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 243.061199][ T5801] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5800] close(16) = -1 EBADF (Bad file descriptor) [pid 5800] close(17) = -1 EBADF (Bad file descriptor) [pid 5800] close(18) = -1 EBADF (Bad file descriptor) [pid 5800] close(19) = -1 EBADF (Bad file descriptor) [pid 5800] close(20) = -1 EBADF (Bad file descriptor) [pid 5800] close(21) = -1 EBADF (Bad file descriptor) [pid 5800] close(22) = -1 EBADF (Bad file descriptor) [pid 5800] close(23) = -1 EBADF (Bad file descriptor) [pid 5800] close(24) = -1 EBADF (Bad file descriptor) [pid 5800] close(25) = -1 EBADF (Bad file descriptor) [pid 5800] close(26) = -1 EBADF (Bad file descriptor) [pid 5800] close(27) = -1 EBADF (Bad file descriptor) [pid 5800] close(28) = -1 EBADF (Bad file descriptor) [pid 5800] close(29) = -1 EBADF (Bad file descriptor) [pid 5800] exit_group(0) = ? [pid 5800] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5090] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./54/binderfs", ./strace-static-x86_64: Process 5804 attached {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./54/binderfs" [pid 5804] chdir("./53" [pid 5090] <... unlink resumed>) = 0 [pid 5090] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./54/cgroup" [pid 5804] <... chdir resumed>) = 0 [pid 5090] <... unlink resumed>) = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5090] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5804] <... prctl resumed>) = 0 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5804] setpgid(0, 0 [pid 5090] lstat("./54/cgroup.net", [pid 5804] <... setpgid resumed>) = 0 [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5804] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5090] unlink("./54/cgroup.net" [pid 5804] <... symlink resumed>) = 0 [pid 5090] <... unlink resumed>) = 0 [pid 5804] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5090] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5804] <... symlink resumed>) = 0 [pid 5090] <... umount2 resumed>) = 0 [pid 5804] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5090] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5804] <... symlink resumed>) = 0 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5090] lstat("./54/file0", [pid 5804] <... openat resumed>) = 3 [pid 5090] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5804] write(3, "1000", 4 [pid 5090] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5804] <... write resumed>) = 4 [pid 5090] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5804] close(3 [pid 5090] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 243.069646][ T5801] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 243.077660][ T5801] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 243.085673][ T5801] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 243.093673][ T5801] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 243.101674][ T5801] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000033 [ 243.109799][ T5801] [pid 5804] <... close resumed>) = 0 [pid 5090] <... openat resumed>) = 4 [pid 5804] symlink("/dev/binderfs", "./binderfs" [pid 5090] fstat(4, [pid 5804] <... symlink resumed>) = 0 [pid 5090] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5804] mkdir("./file0", 000 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5804] <... mkdir resumed>) = 0 [pid 5804] open("./file0", O_RDONLY [pid 5090] getdents64(4, [pid 5804] <... open resumed>) = 3 [pid 5090] <... getdents64 resumed>0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5804] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5090] close(4) = 0 [pid 5090] rmdir("./54/file0") = 0 [pid 5090] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./54/cgroup.cpu", [pid 5804] <... mount resumed>) = 0 [pid 5090] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./54/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5804] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5090] rmdir("./54") = 0 [pid 5090] mkdir("./55", 0777 [pid 5804] <... openat resumed>) = 4 [pid 5090] <... mkdir resumed>) = 0 [pid 5804] openat(4, "syz1", O_RDWR|O_PATH [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5805 attached [pid 5804] <... openat resumed>) = 5 [pid 5805] chdir("./55" [pid 5804] openat(5, "memory.max", O_RDWR [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 57 [pid 5805] <... chdir resumed>) = 0 [pid 5804] <... openat resumed>) = 6 [pid 5805] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5804] write(6, "0x000000000000040e", 18 [pid 5805] <... prctl resumed>) = 0 [pid 5805] setpgid(0, 0) = 0 [pid 5805] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5805] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5805] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5805] write(3, "1000", 4) = 4 [pid 5805] close(3) = 0 [ 243.163209][ T5801] memory: usage 8kB, limit 0kB, failcnt 36 [ 243.170437][ T5801] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 243.201862][ T5801] Memory cgroup stats for /syz1: [ 243.202118][ T5801] anon 0 [ 243.202118][ T5801] file 0 [pid 5805] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5805] mkdir("./file0", 000) = 0 [pid 5805] open("./file0", O_RDONLY) = 3 [pid 5805] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5805] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5805] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5805] openat(5, "memory.max", O_RDWR) = 6 [ 243.202118][ T5801] kernel 8192 [ 243.202118][ T5801] kernel_stack 0 [ 243.202118][ T5801] pagetables 0 [ 243.202118][ T5801] sec_pagetables 0 [ 243.202118][ T5801] percpu 0 [ 243.202118][ T5801] sock 0 [ 243.202118][ T5801] vmalloc 0 [ 243.202118][ T5801] shmem 0 [ 243.202118][ T5801] zswap 0 [ 243.202118][ T5801] zswapped 0 [ 243.202118][ T5801] file_mapped 0 [ 243.202118][ T5801] file_dirty 0 [ 243.202118][ T5801] file_writeback 0 [ 243.202118][ T5801] swapcached 0 [ 243.202118][ T5801] anon_thp 0 [ 243.202118][ T5801] file_thp 0 [ 243.202118][ T5801] shmem_thp 0 [ 243.202118][ T5801] inactive_anon 0 [ 243.202118][ T5801] active_anon 0 [ 243.202118][ T5801] inactive_file 0 [ 243.202118][ T5801] active_file 0 [ 243.202118][ T5801] unevictable 0 [ 243.202118][ T5801] slab_reclaimable 6752 [ 243.202118][ T5801] slab_unreclaimable 0 [ 243.202118][ T5801] slab 6752 [ 243.202118][ T5801] workingset_refault_anon 0 [ 243.202118][ T5801] workingset_refault_file 0 [ 243.202118][ T5801] workingset_activate_anon 0 [ 243.202118][ T5801] workingset_activate_file 0 [ 243.202118][ T5801] workingset_restore_anon 0 [ 243.202118][ T5801] workingset_restore_file 0 [ 243.202118][ T5801] workingset_nodereclaim 0 [ 243.202118][ T5801] pgscan 831 [ 243.202118][ T5801] pgsteal 2 [ 243.202118][ T5801] pgscan_kswapd 0 [ 243.202118][ T5801] pgscan_direct 831 [ 243.202118][ T5801] pgscan_khugepaged 0 [ 243.202118][ T5801] pgsteal_kswapd 0 [ 243.202118][ T5801] pgsteal_direct 2 [ 243.202118][ T5801] pgsteal_khugepaged 0 [ 243.202118][ T5801] pgfault 21 [ 243.202118][ T5801] pgmajfault 0 [ 243.202118][ T5801] pgrefill 830 [ 243.202118][ T5801] pgactivate 829 [ 243.202118][ T5801] pgdeactivate 830 [ 243.202118][ T5801] pglazyfree 0 [ 243.202118][ T5801] pglazyfreed 0 [ 243.202118][ T5801] zswpin 0 [ 243.202118][ T5801] zswpout 0 [ 243.202118][ T5801] thp_fault_alloc 0 [ 243.202118][ T5801] thp_collapse_alloc 0 [pid 5805] write(6, "0x000000000000040e", 18 [pid 5801] <... write resumed>) = 18 [pid 5801] close(3) = 0 [pid 5801] close(4) = 0 [pid 5801] close(5) = 0 [pid 5801] close(6) = 0 [pid 5801] close(7) = -1 EBADF (Bad file descriptor) [ 243.408992][ T5801] Tasks state (memory values in pages): [ 243.416338][ T5801] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 243.426322][ T5801] Out of memory and no killable processes... [ 243.433714][ T5802] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 243.444688][ T5802] CPU: 0 PID: 5802 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5801] close(8) = -1 EBADF (Bad file descriptor) [pid 5801] close(9) = -1 EBADF (Bad file descriptor) [pid 5801] close(10) = -1 EBADF (Bad file descriptor) [pid 5801] close(11) = -1 EBADF (Bad file descriptor) [pid 5801] close(12) = -1 EBADF (Bad file descriptor) [pid 5801] close(13) = -1 EBADF (Bad file descriptor) [pid 5801] close(14) = -1 EBADF (Bad file descriptor) [pid 5801] close(15) = -1 EBADF (Bad file descriptor) [pid 5801] close(16) = -1 EBADF (Bad file descriptor) [pid 5801] close(17) = -1 EBADF (Bad file descriptor) [pid 5801] close(18) = -1 EBADF (Bad file descriptor) [pid 5801] close(19) = -1 EBADF (Bad file descriptor) [pid 5801] close(20) = -1 EBADF (Bad file descriptor) [pid 5801] close(21) = -1 EBADF (Bad file descriptor) [pid 5801] close(22) = -1 EBADF (Bad file descriptor) [pid 5801] close(23) = -1 EBADF (Bad file descriptor) [pid 5801] close(24) = -1 EBADF (Bad file descriptor) [ 243.454646][ T5802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 243.464777][ T5802] Call Trace: [ 243.468102][ T5802] [ 243.471074][ T5802] dump_stack_lvl+0x136/0x150 [ 243.475828][ T5802] dump_header+0x10a/0xd70 [ 243.480318][ T5802] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 243.486496][ T5802] out_of_memory+0xd64/0x1660 [ 243.491294][ T5802] ? oom_killer_disable+0x2b0/0x2b0 [ 243.496583][ T5802] ? find_held_lock+0x2d/0x110 [ 243.501429][ T5802] mem_cgroup_out_of_memory+0x206/0x270 [pid 5801] close(25) = -1 EBADF (Bad file descriptor) [pid 5801] close(26) = -1 EBADF (Bad file descriptor) [pid 5801] close(27) = -1 EBADF (Bad file descriptor) [ 243.507062][ T5802] ? mem_cgroup_margin+0x130/0x130 [ 243.512271][ T5802] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 243.518177][ T5802] memory_max_write+0x2f9/0x3c0 [ 243.523123][ T5802] ? mem_cgroup_force_empty_write+0x160/0x160 [ 243.529281][ T5802] ? lock_sync+0x190/0x190 [ 243.533776][ T5802] cgroup_file_write+0x1e2/0x7b0 [ 243.538801][ T5802] ? mem_cgroup_force_empty_write+0x160/0x160 [ 243.544951][ T5802] ? kill_css+0x3b0/0x3b0 [ 243.549364][ T5802] ? lock_acquire+0x32/0xc0 [ 243.553955][ T5802] ? kill_css+0x3b0/0x3b0 [ 243.558359][ T5802] kernfs_fop_write_iter+0x3f1/0x600 [ 243.563755][ T5802] vfs_write+0x9ed/0xe10 [ 243.568094][ T5802] ? kernel_write+0x670/0x670 [ 243.572860][ T5802] ? find_held_lock+0x2d/0x110 [ 243.577716][ T5802] ? __fget_light+0x20a/0x270 [ 243.582476][ T5802] ksys_write+0x12b/0x250 [ 243.586890][ T5802] ? __ia32_sys_read+0xb0/0xb0 [ 243.591723][ T5802] ? lockdep_hardirqs_on+0x7d/0x100 [ 243.596992][ T5802] ? _raw_spin_unlock_irq+0x2e/0x50 [ 243.602280][ T5802] ? ptrace_notify+0xfe/0x140 [ 243.607021][ T5802] do_syscall_64+0x39/0xb0 [ 243.611530][ T5802] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 243.617487][ T5802] RIP: 0033:0x7faecf034129 [ 243.621955][ T5802] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 243.641622][ T5802] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 243.650097][ T5802] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5801] close(28) = -1 EBADF (Bad file descriptor) [pid 5801] close(29) = -1 EBADF (Bad file descriptor) [pid 5801] exit_group(0) = ? [pid 5801] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./51/binderfs") = 0 [pid 5086] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./51/cgroup") = 0 [pid 5086] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./51/cgroup.net") = 0 [pid 5086] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 243.658124][ T5802] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 243.666146][ T5802] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 243.674168][ T5802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 243.682182][ T5802] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000033 [ 243.690231][ T5802] [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./51/file0") = 0 [pid 5086] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./51/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./51") = 0 [pid 5086] mkdir("./52", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 54 ./strace-static-x86_64: Process 5806 attached [pid 5806] chdir("./52") = 0 [ 243.705272][ T5802] memory: usage 8kB, limit 0kB, failcnt 36 [ 243.711153][ T5802] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 243.719315][ T5802] Memory cgroup stats for /syz1: [ 243.719623][ T5802] anon 0 [ 243.719623][ T5802] file 0 [ 243.719623][ T5802] kernel 8192 [ 243.719623][ T5802] kernel_stack 0 [ 243.719623][ T5802] pagetables 0 [ 243.719623][ T5802] sec_pagetables 0 [ 243.719623][ T5802] percpu 0 [ 243.719623][ T5802] sock 0 [ 243.719623][ T5802] vmalloc 0 [ 243.719623][ T5802] shmem 0 [ 243.719623][ T5802] zswap 0 [ 243.719623][ T5802] zswapped 0 [pid 5806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5806] setpgid(0, 0) = 0 [pid 5806] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5806] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5806] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5806] write(3, "1000", 4) = 4 [pid 5806] close(3) = 0 [pid 5806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5806] mkdir("./file0", 000) = 0 [pid 5806] open("./file0", O_RDONLY) = 3 [pid 5806] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5806] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5806] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5806] openat(5, "memory.max", O_RDWR) = 6 [ 243.719623][ T5802] file_mapped 0 [ 243.719623][ T5802] file_dirty 0 [ 243.719623][ T5802] file_writeback 0 [ 243.719623][ T5802] swapcached 0 [ 243.719623][ T5802] anon_thp 0 [ 243.719623][ T5802] file_thp 0 [ 243.719623][ T5802] shmem_thp 0 [ 243.719623][ T5802] inactive_anon 0 [ 243.719623][ T5802] active_anon 0 [ 243.719623][ T5802] inactive_file 0 [ 243.719623][ T5802] active_file 0 [ 243.719623][ T5802] unevictable 0 [ 243.719623][ T5802] slab_reclaimable 6752 [ 243.719623][ T5802] slab_unreclaimable 0 [ 243.719623][ T5802] slab 6752 [ 243.719623][ T5802] workingset_refault_anon 0 [ 243.719623][ T5802] workingset_refault_file 0 [ 243.719623][ T5802] workingset_activate_anon 0 [ 243.719623][ T5802] workingset_activate_file 0 [ 243.719623][ T5802] workingset_restore_anon 0 [ 243.719623][ T5802] workingset_restore_file 0 [ 243.719623][ T5802] workingset_nodereclaim 0 [ 243.719623][ T5802] pgscan 831 [ 243.719623][ T5802] pgsteal 2 [ 243.719623][ T5802] pgscan_kswapd 0 [ 243.719623][ T5802] pgscan_direct 831 [ 243.719623][ T5802] pgscan_khugepaged 0 [ 243.719623][ T5802] pgsteal_kswapd 0 [ 243.719623][ T5802] pgsteal_direct 2 [ 243.719623][ T5802] pgsteal_khugepaged 0 [ 243.719623][ T5802] pgfault 21 [ 243.719623][ T5802] pgmajfault 0 [ 243.719623][ T5802] pgrefill 830 [ 243.719623][ T5802] pgactivate 829 [ 243.719623][ T5802] pgdeactivate 830 [ 243.719623][ T5802] pglazyfree 0 [ 243.719623][ T5802] pglazyfreed 0 [ 243.719623][ T5802] zswpin 0 [ 243.719623][ T5802] zswpout 0 [ 243.719623][ T5802] thp_fault_alloc 0 [ 243.719623][ T5802] thp_collapse_alloc 0 [pid 5806] write(6, "0x000000000000040e", 18 [pid 5802] <... write resumed>) = 18 [pid 5802] close(3) = 0 [pid 5802] close(4) = 0 [pid 5802] close(5) = 0 [pid 5802] close(6) = 0 [pid 5802] close(7) = -1 EBADF (Bad file descriptor) [pid 5802] close(8) = -1 EBADF (Bad file descriptor) [pid 5802] close(9) = -1 EBADF (Bad file descriptor) [ 243.934171][ T5802] Tasks state (memory values in pages): [ 243.941462][ T5802] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 243.952598][ T5802] Out of memory and no killable processes... [ 243.959446][ T5803] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 243.971271][ T5803] CPU: 0 PID: 5803 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5802] close(10) = -1 EBADF (Bad file descriptor) [pid 5802] close(11) = -1 EBADF (Bad file descriptor) [pid 5802] close(12) = -1 EBADF (Bad file descriptor) [pid 5802] close(13) = -1 EBADF (Bad file descriptor) [pid 5802] close(14) = -1 EBADF (Bad file descriptor) [pid 5802] close(15) = -1 EBADF (Bad file descriptor) [pid 5802] close(16) = -1 EBADF (Bad file descriptor) [pid 5802] close(17) = -1 EBADF (Bad file descriptor) [pid 5802] close(18) = -1 EBADF (Bad file descriptor) [pid 5802] close(19) = -1 EBADF (Bad file descriptor) [pid 5802] close(20) = -1 EBADF (Bad file descriptor) [pid 5802] close(21) = -1 EBADF (Bad file descriptor) [pid 5802] close(22) = -1 EBADF (Bad file descriptor) [pid 5802] close(23) = -1 EBADF (Bad file descriptor) [pid 5802] close(24) = -1 EBADF (Bad file descriptor) [pid 5802] close(25) = -1 EBADF (Bad file descriptor) [pid 5802] close(26) = -1 EBADF (Bad file descriptor) [ 243.981243][ T5803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 243.991352][ T5803] Call Trace: [ 243.994687][ T5803] [ 243.997660][ T5803] dump_stack_lvl+0x136/0x150 [ 244.002408][ T5803] dump_header+0x10a/0xd70 [ 244.006903][ T5803] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 244.013059][ T5803] out_of_memory+0xd64/0x1660 [ 244.017815][ T5803] ? oom_killer_disable+0x2b0/0x2b0 [ 244.023086][ T5803] ? find_held_lock+0x2d/0x110 [ 244.027923][ T5803] mem_cgroup_out_of_memory+0x206/0x270 [pid 5802] close(27) = -1 EBADF (Bad file descriptor) [pid 5802] close(28) = -1 EBADF (Bad file descriptor) [pid 5802] close(29) = -1 EBADF (Bad file descriptor) [pid 5802] exit_group(0) = ? [pid 5802] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5085] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 244.033552][ T5803] ? mem_cgroup_margin+0x130/0x130 [ 244.038762][ T5803] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 244.044659][ T5803] memory_max_write+0x2f9/0x3c0 [ 244.049601][ T5803] ? mem_cgroup_force_empty_write+0x160/0x160 [ 244.055778][ T5803] ? lock_sync+0x190/0x190 [ 244.060276][ T5803] cgroup_file_write+0x1e2/0x7b0 [ 244.065301][ T5803] ? mem_cgroup_force_empty_write+0x160/0x160 [ 244.071448][ T5803] ? kill_css+0x3b0/0x3b0 [ 244.075845][ T5803] ? lock_acquire+0x32/0xc0 [ 244.080654][ T5803] ? kill_css+0x3b0/0x3b0 [ 244.085033][ T5803] kernfs_fop_write_iter+0x3f1/0x600 [ 244.090385][ T5803] vfs_write+0x9ed/0xe10 [ 244.094680][ T5803] ? kernel_write+0x670/0x670 [ 244.099413][ T5803] ? find_held_lock+0x2d/0x110 [ 244.104226][ T5803] ? __fget_light+0x20a/0x270 [ 244.109064][ T5803] ksys_write+0x12b/0x250 [ 244.113442][ T5803] ? __ia32_sys_read+0xb0/0xb0 [ 244.118249][ T5803] ? lockdep_hardirqs_on+0x7d/0x100 [ 244.123487][ T5803] ? _raw_spin_unlock_irq+0x2e/0x50 [ 244.128726][ T5803] ? ptrace_notify+0xfe/0x140 [ 244.133457][ T5803] do_syscall_64+0x39/0xb0 [ 244.137915][ T5803] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 244.143842][ T5803] RIP: 0033:0x7faecf034129 [ 244.148283][ T5803] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 244.167924][ T5803] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 244.176371][ T5803] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 244.184370][ T5803] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 244.192379][ T5803] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 244.200383][ T5803] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 244.208384][ T5803] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000036 [ 244.216411][ T5803] [ 244.225512][ T5803] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5085] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./51/binderfs") = 0 [ 244.231395][ T5803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 244.241991][ T5803] Memory cgroup stats for /syz1: [ 244.242636][ T5803] anon 0 [ 244.242636][ T5803] file 0 [ 244.242636][ T5803] kernel 8192 [ 244.242636][ T5803] kernel_stack 0 [ 244.242636][ T5803] pagetables 0 [ 244.242636][ T5803] sec_pagetables 0 [ 244.242636][ T5803] percpu 0 [ 244.242636][ T5803] sock 0 [ 244.242636][ T5803] vmalloc 0 [ 244.242636][ T5803] shmem 0 [ 244.242636][ T5803] zswap 0 [ 244.242636][ T5803] zswapped 0 [ 244.242636][ T5803] file_mapped 0 [ 244.242636][ T5803] file_dirty 0 [ 244.242636][ T5803] file_writeback 0 [ 244.242636][ T5803] swapcached 0 [ 244.242636][ T5803] anon_thp 0 [ 244.242636][ T5803] file_thp 0 [ 244.242636][ T5803] shmem_thp 0 [ 244.242636][ T5803] inactive_anon 0 [ 244.242636][ T5803] active_anon 0 [ 244.242636][ T5803] inactive_file 0 [ 244.242636][ T5803] active_file 0 [ 244.242636][ T5803] unevictable 0 [ 244.242636][ T5803] slab_reclaimable 6752 [ 244.242636][ T5803] slab_unreclaimable 0 [ 244.242636][ T5803] slab 6752 [ 244.242636][ T5803] workingset_refault_anon 0 [ 244.242636][ T5803] workingset_refault_file 0 [ 244.242636][ T5803] workingset_activate_anon 0 [ 244.242636][ T5803] workingset_activate_file 0 [ 244.242636][ T5803] workingset_restore_anon 0 [ 244.242636][ T5803] workingset_restore_file 0 [ 244.242636][ T5803] workingset_nodereclaim 0 [ 244.242636][ T5803] pgscan 831 [ 244.242636][ T5803] pgsteal 2 [ 244.242636][ T5803] pgscan_kswapd 0 [ 244.242636][ T5803] pgscan_direct 831 [ 244.242636][ T5803] pgscan_khugepaged 0 [ 244.242636][ T5803] pgsteal_kswapd 0 [ 244.242636][ T5803] pgsteal_direct 2 [ 244.242636][ T5803] pgsteal_khugepaged 0 [ 244.242636][ T5803] pgfault 21 [ 244.242636][ T5803] pgmajfault 0 [ 244.242636][ T5803] pgrefill 830 [ 244.242636][ T5803] pgactivate 829 [ 244.242636][ T5803] pgdeactivate 830 [ 244.242636][ T5803] pglazyfree 0 [ 244.242636][ T5803] pglazyfreed 0 [ 244.242636][ T5803] zswpin 0 [ 244.242636][ T5803] zswpout 0 [ 244.242636][ T5803] thp_fault_alloc 0 [ 244.242636][ T5803] thp_collapse_alloc 0 [pid 5085] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./51/cgroup") = 0 [pid 5085] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./51/cgroup.net") = 0 [pid 5085] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./51/file0" [pid 5803] <... write resumed>) = 18 [pid 5085] <... rmdir resumed>) = 0 [pid 5085] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./51/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./51") = 0 [pid 5085] mkdir("./52", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5807 attached [ 244.434951][ T5803] Tasks state (memory values in pages): [ 244.440692][ T5803] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 244.450738][ T5803] Out of memory and no killable processes... [ 244.457146][ T5805] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 244.468651][ T5805] CPU: 1 PID: 5805 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5807] chdir("./52") = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 54 [pid 5807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5807] setpgid(0, 0) = 0 [pid 5807] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5807] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5807] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5807] write(3, "1000", 4) = 4 [pid 5807] close(3) = 0 [pid 5807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5807] mkdir("./file0", 000) = 0 [pid 5807] open("./file0", O_RDONLY) = 3 [pid 5807] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5807] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5807] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5807] openat(5, "memory.max", O_RDWR) = 6 [ 244.478617][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 244.488727][ T5805] Call Trace: [ 244.492050][ T5805] [ 244.495032][ T5805] dump_stack_lvl+0x136/0x150 [ 244.499786][ T5805] dump_header+0x10a/0xd70 [ 244.504272][ T5805] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 244.510435][ T5805] out_of_memory+0xd64/0x1660 [ 244.515203][ T5805] ? oom_killer_disable+0x2b0/0x2b0 [ 244.520495][ T5805] mem_cgroup_out_of_memory+0x206/0x270 [ 244.526119][ T5805] ? mem_cgroup_margin+0x130/0x130 [ 244.531323][ T5805] memory_max_write+0x2f9/0x3c0 [ 244.536226][ T5805] ? mem_cgroup_force_empty_write+0x160/0x160 [ 244.542350][ T5805] ? lock_sync+0x190/0x190 [ 244.546811][ T5805] cgroup_file_write+0x1e2/0x7b0 [ 244.551800][ T5805] ? mem_cgroup_force_empty_write+0x160/0x160 [ 244.557919][ T5805] ? kill_css+0x3b0/0x3b0 [ 244.562294][ T5805] ? lock_acquire+0x32/0xc0 [ 244.566845][ T5805] ? kill_css+0x3b0/0x3b0 [ 244.571222][ T5805] kernfs_fop_write_iter+0x3f1/0x600 [ 244.576562][ T5805] vfs_write+0x9ed/0xe10 [ 244.580861][ T5805] ? kernel_write+0x670/0x670 [ 244.585594][ T5805] ? find_held_lock+0x2d/0x110 [ 244.590407][ T5805] ? __fget_light+0x20a/0x270 [ 244.595134][ T5805] ksys_write+0x12b/0x250 [ 244.599509][ T5805] ? __ia32_sys_read+0xb0/0xb0 [ 244.604322][ T5805] ? lockdep_hardirqs_on+0x7d/0x100 [ 244.609556][ T5805] ? _raw_spin_unlock_irq+0x2e/0x50 [ 244.614796][ T5805] ? ptrace_notify+0xfe/0x140 [ 244.619511][ T5805] do_syscall_64+0x39/0xb0 [ 244.623980][ T5805] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 244.629912][ T5805] RIP: 0033:0x7faecf034129 [ 244.634356][ T5805] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 244.653994][ T5805] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 244.662442][ T5805] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 244.670435][ T5805] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 244.678438][ T5805] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5807] write(6, "0x000000000000040e", 18 [pid 5803] close(3) = 0 [pid 5803] close(4) = 0 [pid 5803] close(5) = 0 [pid 5803] close(6) = 0 [pid 5803] close(7) = -1 EBADF (Bad file descriptor) [pid 5803] close(8) = -1 EBADF (Bad file descriptor) [pid 5803] close(9) = -1 EBADF (Bad file descriptor) [pid 5803] close(10) = -1 EBADF (Bad file descriptor) [pid 5803] close(11) = -1 EBADF (Bad file descriptor) [pid 5803] close(12) = -1 EBADF (Bad file descriptor) [pid 5803] close(13) = -1 EBADF (Bad file descriptor) [pid 5803] close(14) = -1 EBADF (Bad file descriptor) [pid 5803] close(15) = -1 EBADF (Bad file descriptor) [pid 5803] close(16) = -1 EBADF (Bad file descriptor) [pid 5803] close(17) = -1 EBADF (Bad file descriptor) [pid 5803] close(18) = -1 EBADF (Bad file descriptor) [pid 5803] close(19) = -1 EBADF (Bad file descriptor) [pid 5803] close(20) = -1 EBADF (Bad file descriptor) [pid 5803] close(21) = -1 EBADF (Bad file descriptor) [pid 5803] close(22) = -1 EBADF (Bad file descriptor) [pid 5803] close(23) = -1 EBADF (Bad file descriptor) [pid 5803] close(24) = -1 EBADF (Bad file descriptor) [pid 5803] close(25) = -1 EBADF (Bad file descriptor) [ 244.686438][ T5805] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 244.694436][ T5805] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000037 [ 244.702460][ T5805] [pid 5803] close(26) = -1 EBADF (Bad file descriptor) [pid 5803] close(27) = -1 EBADF (Bad file descriptor) [pid 5803] close(28) = -1 EBADF (Bad file descriptor) [pid 5803] close(29) = -1 EBADF (Bad file descriptor) [pid 5803] exit_group(0) = ? [pid 5803] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5089] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./54/binderfs") = 0 [pid 5089] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./54/cgroup") = 0 [pid 5089] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 244.740729][ T5805] memory: usage 8kB, limit 0kB, failcnt 36 [ 244.746947][ T5805] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 244.754075][ T5805] Memory cgroup stats for /syz1: [ 244.754360][ T5805] anon 0 [ 244.754360][ T5805] file 0 [ 244.754360][ T5805] kernel 8192 [ 244.754360][ T5805] kernel_stack 0 [ 244.754360][ T5805] pagetables 0 [ 244.754360][ T5805] sec_pagetables 0 [ 244.754360][ T5805] percpu 0 [ 244.754360][ T5805] sock 0 [ 244.754360][ T5805] vmalloc 0 [ 244.754360][ T5805] shmem 0 [pid 5089] unlink("./54/cgroup.net") = 0 [ 244.754360][ T5805] zswap 0 [ 244.754360][ T5805] zswapped 0 [ 244.754360][ T5805] file_mapped 0 [ 244.754360][ T5805] file_dirty 0 [ 244.754360][ T5805] file_writeback 0 [ 244.754360][ T5805] swapcached 0 [ 244.754360][ T5805] anon_thp 0 [ 244.754360][ T5805] file_thp 0 [ 244.754360][ T5805] shmem_thp 0 [ 244.754360][ T5805] inactive_anon 0 [ 244.754360][ T5805] active_anon 0 [ 244.754360][ T5805] inactive_file 0 [ 244.754360][ T5805] active_file 0 [ 244.754360][ T5805] unevictable 0 [ 244.754360][ T5805] slab_reclaimable 6752 [ 244.754360][ T5805] slab_unreclaimable 0 [ 244.754360][ T5805] slab 6752 [ 244.754360][ T5805] workingset_refault_anon 0 [ 244.754360][ T5805] workingset_refault_file 0 [ 244.754360][ T5805] workingset_activate_anon 0 [ 244.754360][ T5805] workingset_activate_file 0 [ 244.754360][ T5805] workingset_restore_anon 0 [ 244.754360][ T5805] workingset_restore_file 0 [ 244.754360][ T5805] workingset_nodereclaim 0 [ 244.754360][ T5805] pgscan 831 [ 244.754360][ T5805] pgsteal 2 [ 244.754360][ T5805] pgscan_kswapd 0 [ 244.754360][ T5805] pgscan_direct 831 [pid 5089] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 244.754360][ T5805] pgscan_khugepaged 0 [ 244.754360][ T5805] pgsteal_kswapd 0 [ 244.754360][ T5805] pgsteal_direct 2 [ 244.754360][ T5805] pgsteal_khugepaged 0 [ 244.754360][ T5805] pgfault 21 [ 244.754360][ T5805] pgmajfault 0 [ 244.754360][ T5805] pgrefill 830 [ 244.754360][ T5805] pgactivate 829 [ 244.754360][ T5805] pgdeactivate 830 [ 244.754360][ T5805] pglazyfree 0 [ 244.754360][ T5805] pglazyfreed 0 [ 244.754360][ T5805] zswpin 0 [ 244.754360][ T5805] zswpout 0 [ 244.754360][ T5805] thp_fault_alloc 0 [ 244.754360][ T5805] thp_collapse_alloc 0 [pid 5089] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5805] <... write resumed>) = 18 [pid 5805] close(3) = 0 [pid 5805] close(4) = 0 [pid 5805] close(5) = 0 [pid 5805] close(6) = 0 [pid 5805] close(7) = -1 EBADF (Bad file descriptor) [pid 5805] close(8) = -1 EBADF (Bad file descriptor) [pid 5805] close(9) = -1 EBADF (Bad file descriptor) [pid 5805] close(10) = -1 EBADF (Bad file descriptor) [pid 5805] close(11) = -1 EBADF (Bad file descriptor) [pid 5805] close(12) = -1 EBADF (Bad file descriptor) [pid 5805] close(13) = -1 EBADF (Bad file descriptor) [pid 5805] close(14) = -1 EBADF (Bad file descriptor) [pid 5805] close(15) = -1 EBADF (Bad file descriptor) [pid 5805] close(16) = -1 EBADF (Bad file descriptor) [pid 5805] close(17) = -1 EBADF (Bad file descriptor) [pid 5805] close(18) = -1 EBADF (Bad file descriptor) [pid 5805] close(19) = -1 EBADF (Bad file descriptor) [pid 5805] close(20) = -1 EBADF (Bad file descriptor) [pid 5805] close(21) = -1 EBADF (Bad file descriptor) [pid 5805] close(22) = -1 EBADF (Bad file descriptor) [pid 5805] close(23) = -1 EBADF (Bad file descriptor) [pid 5805] close(24) = -1 EBADF (Bad file descriptor) [pid 5805] close(25) = -1 EBADF (Bad file descriptor) [pid 5805] close(26) = -1 EBADF (Bad file descriptor) [pid 5805] close(27) = -1 EBADF (Bad file descriptor) [pid 5805] close(28) = -1 EBADF (Bad file descriptor) [pid 5805] close(29 [pid 5089] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5805] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5805] exit_group(0) = ? [pid 5805] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5090] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 244.945839][ T5805] Tasks state (memory values in pages): [ 244.951457][ T5805] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 244.961087][ T5805] Out of memory and no killable processes... [ 244.967316][ T5804] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 244.981453][ T5804] CPU: 0 PID: 5804 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5090] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./55/binderfs") = 0 [pid 5090] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./55/cgroup") = 0 [pid 5090] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./55/cgroup.net") = 0 [pid 5090] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./54/file0") = 0 [pid 5089] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./54/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./54") = 0 [pid 5089] mkdir("./55", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 57 [ 244.991432][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 245.001542][ T5804] Call Trace: [ 245.004863][ T5804] [ 245.007848][ T5804] dump_stack_lvl+0x136/0x150 [ 245.012602][ T5804] dump_header+0x10a/0xd70 [ 245.017082][ T5804] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 245.023239][ T5804] out_of_memory+0xd64/0x1660 [ 245.028015][ T5804] ? oom_killer_disable+0x2b0/0x2b0 [ 245.033409][ T5804] mem_cgroup_out_of_memory+0x206/0x270 [ 245.039032][ T5804] ? mem_cgroup_margin+0x130/0x130 ./strace-static-x86_64: Process 5808 attached [pid 5808] chdir("./55") = 0 [pid 5808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5808] setpgid(0, 0) = 0 [pid 5808] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5808] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5808] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5808] write(3, "1000", 4) = 4 [pid 5808] close(3) = 0 [pid 5808] symlink("/dev/binderfs", "./binderfs") = 0 [ 245.044245][ T5804] memory_max_write+0x2f9/0x3c0 [ 245.049183][ T5804] ? mem_cgroup_force_empty_write+0x160/0x160 [ 245.055354][ T5804] ? lock_sync+0x190/0x190 [ 245.059850][ T5804] cgroup_file_write+0x1e2/0x7b0 [ 245.064883][ T5804] ? mem_cgroup_force_empty_write+0x160/0x160 [ 245.071120][ T5804] ? kill_css+0x3b0/0x3b0 [ 245.075558][ T5804] ? lock_acquire+0x32/0xc0 [ 245.080143][ T5804] ? kill_css+0x3b0/0x3b0 [ 245.084551][ T5804] kernfs_fop_write_iter+0x3f1/0x600 [ 245.089925][ T5804] vfs_write+0x9ed/0xe10 [ 245.094256][ T5804] ? kernel_write+0x670/0x670 [ 245.099050][ T5804] ? find_held_lock+0x2d/0x110 [ 245.103892][ T5804] ? __fget_light+0x20a/0x270 [ 245.108647][ T5804] ksys_write+0x12b/0x250 [ 245.113057][ T5804] ? __ia32_sys_read+0xb0/0xb0 [ 245.117913][ T5804] ? lockdep_hardirqs_on+0x7d/0x100 [ 245.123180][ T5804] ? _raw_spin_unlock_irq+0x2e/0x50 [ 245.128453][ T5804] ? ptrace_notify+0xfe/0x140 [ 245.133203][ T5804] do_syscall_64+0x39/0xb0 [ 245.137699][ T5804] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 245.143656][ T5804] RIP: 0033:0x7faecf034129 [ 245.148116][ T5804] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 245.167783][ T5804] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 245.176260][ T5804] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 245.184282][ T5804] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5808] mkdir("./file0", 000) = 0 [pid 5808] open("./file0", O_RDONLY) = 3 [pid 5808] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5808] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5808] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5808] openat(5, "memory.max", O_RDWR) = 6 [pid 5808] write(6, "0x000000000000040e", 18 [pid 5090] <... umount2 resumed>) = 0 [pid 5090] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [ 245.192304][ T5804] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 245.200358][ T5804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 245.208384][ T5804] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000035 [ 245.216439][ T5804] [pid 5090] rmdir("./55/file0") = 0 [pid 5090] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./55/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./55") = 0 [pid 5090] mkdir("./56", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5809 attached [pid 5809] chdir("./56" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 58 [pid 5809] <... chdir resumed>) = 0 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5809] setpgid(0, 0) = 0 [pid 5809] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5809] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5809] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5809] write(3, "1000", 4) = 4 [pid 5809] close(3) = 0 [ 245.241788][ T5804] memory: usage 8kB, limit 0kB, failcnt 36 [ 245.248321][ T5804] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 245.271694][ T5804] Memory cgroup stats for /syz1: [ 245.271991][ T5804] anon 0 [ 245.271991][ T5804] file 0 [ 245.271991][ T5804] kernel 8192 [ 245.271991][ T5804] kernel_stack 0 [ 245.271991][ T5804] pagetables 0 [pid 5809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5809] mkdir("./file0", 000) = 0 [pid 5809] open("./file0", O_RDONLY) = 3 [pid 5809] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5809] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5809] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5809] openat(5, "memory.max", O_RDWR) = 6 [ 245.271991][ T5804] sec_pagetables 0 [ 245.271991][ T5804] percpu 0 [ 245.271991][ T5804] sock 0 [ 245.271991][ T5804] vmalloc 0 [ 245.271991][ T5804] shmem 0 [ 245.271991][ T5804] zswap 0 [ 245.271991][ T5804] zswapped 0 [ 245.271991][ T5804] file_mapped 0 [ 245.271991][ T5804] file_dirty 0 [ 245.271991][ T5804] file_writeback 0 [ 245.271991][ T5804] swapcached 0 [ 245.271991][ T5804] anon_thp 0 [ 245.271991][ T5804] file_thp 0 [ 245.271991][ T5804] shmem_thp 0 [ 245.271991][ T5804] inactive_anon 0 [ 245.271991][ T5804] active_anon 0 [ 245.271991][ T5804] inactive_file 0 [ 245.271991][ T5804] active_file 0 [ 245.271991][ T5804] unevictable 0 [ 245.271991][ T5804] slab_reclaimable 6752 [ 245.271991][ T5804] slab_unreclaimable 0 [ 245.271991][ T5804] slab 6752 [ 245.271991][ T5804] workingset_refault_anon 0 [ 245.271991][ T5804] workingset_refault_file 0 [ 245.271991][ T5804] workingset_activate_anon 0 [ 245.271991][ T5804] workingset_activate_file 0 [ 245.271991][ T5804] workingset_restore_anon 0 [ 245.271991][ T5804] workingset_restore_file 0 [ 245.271991][ T5804] workingset_nodereclaim 0 [ 245.271991][ T5804] pgscan 831 [ 245.271991][ T5804] pgsteal 2 [ 245.271991][ T5804] pgscan_kswapd 0 [ 245.271991][ T5804] pgscan_direct 831 [ 245.271991][ T5804] pgscan_khugepaged 0 [ 245.271991][ T5804] pgsteal_kswapd 0 [ 245.271991][ T5804] pgsteal_direct 2 [ 245.271991][ T5804] pgsteal_khugepaged 0 [ 245.271991][ T5804] pgfault 21 [ 245.271991][ T5804] pgmajfault 0 [ 245.271991][ T5804] pgrefill 830 [ 245.271991][ T5804] pgactivate 829 [ 245.271991][ T5804] pgdeactivate 830 [ 245.271991][ T5804] pglazyfree 0 [ 245.271991][ T5804] pglazyfreed 0 [ 245.271991][ T5804] zswpin 0 [ 245.271991][ T5804] zswpout 0 [ 245.271991][ T5804] thp_fault_alloc 0 [ 245.271991][ T5804] thp_collapse_alloc 0 [ 245.463774][ T5804] Tasks state (memory values in pages): [ 245.471718][ T5804] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 245.483893][ T5804] Out of memory and no killable processes... [pid 5809] write(6, "0x000000000000040e", 18 [pid 5804] <... write resumed>) = 18 [pid 5804] close(3) = 0 [pid 5804] close(4) = 0 [pid 5804] close(5) = 0 [pid 5804] close(6) = 0 [pid 5804] close(7) = -1 EBADF (Bad file descriptor) [pid 5804] close(8) = -1 EBADF (Bad file descriptor) [pid 5804] close(9) = -1 EBADF (Bad file descriptor) [pid 5804] close(10) = -1 EBADF (Bad file descriptor) [pid 5804] close(11) = -1 EBADF (Bad file descriptor) [pid 5804] close(12) = -1 EBADF (Bad file descriptor) [pid 5804] close(13) = -1 EBADF (Bad file descriptor) [pid 5804] close(14) = -1 EBADF (Bad file descriptor) [pid 5804] close(15) = -1 EBADF (Bad file descriptor) [pid 5804] close(16) = -1 EBADF (Bad file descriptor) [pid 5804] close(17) = -1 EBADF (Bad file descriptor) [pid 5804] close(18) = -1 EBADF (Bad file descriptor) [pid 5804] close(19) = -1 EBADF (Bad file descriptor) [pid 5804] close(20) = -1 EBADF (Bad file descriptor) [pid 5804] close(21) = -1 EBADF (Bad file descriptor) [ 245.492488][ T5806] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 245.507809][ T5806] CPU: 0 PID: 5806 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 245.517798][ T5806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 245.527930][ T5806] Call Trace: [ 245.531260][ T5806] [ 245.534241][ T5806] dump_stack_lvl+0x136/0x150 [ 245.538992][ T5806] dump_header+0x10a/0xd70 [pid 5804] close(22) = -1 EBADF (Bad file descriptor) [pid 5804] close(23) = -1 EBADF (Bad file descriptor) [pid 5804] close(24) = -1 EBADF (Bad file descriptor) [pid 5804] close(25) = -1 EBADF (Bad file descriptor) [pid 5804] close(26) = -1 EBADF (Bad file descriptor) [pid 5804] close(27) = -1 EBADF (Bad file descriptor) [pid 5804] close(28) = -1 EBADF (Bad file descriptor) [pid 5804] close(29) = -1 EBADF (Bad file descriptor) [pid 5804] exit_group(0) = ? [pid 5804] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./53/binderfs") = 0 [pid 5087] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./53/cgroup") = 0 [pid 5087] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./53/cgroup.net") = 0 [ 245.543480][ T5806] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 245.549647][ T5806] out_of_memory+0xd64/0x1660 [ 245.554417][ T5806] ? oom_killer_disable+0x2b0/0x2b0 [ 245.559697][ T5806] ? find_held_lock+0x2d/0x110 [ 245.564531][ T5806] mem_cgroup_out_of_memory+0x206/0x270 [ 245.570158][ T5806] ? mem_cgroup_margin+0x130/0x130 [ 245.575358][ T5806] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 245.581269][ T5806] memory_max_write+0x2f9/0x3c0 [ 245.586203][ T5806] ? mem_cgroup_force_empty_write+0x160/0x160 [ 245.592363][ T5806] ? lock_sync+0x190/0x190 [ 245.596854][ T5806] cgroup_file_write+0x1e2/0x7b0 [ 245.601851][ T5806] ? mem_cgroup_force_empty_write+0x160/0x160 [ 245.607963][ T5806] ? kill_css+0x3b0/0x3b0 [ 245.612336][ T5806] ? lock_acquire+0x32/0xc0 [ 245.616884][ T5806] ? kill_css+0x3b0/0x3b0 [ 245.621257][ T5806] kernfs_fop_write_iter+0x3f1/0x600 [ 245.626591][ T5806] vfs_write+0x9ed/0xe10 [ 245.630883][ T5806] ? kernel_write+0x670/0x670 [ 245.635608][ T5806] ? find_held_lock+0x2d/0x110 [ 245.640412][ T5806] ? __fget_light+0x20a/0x270 [ 245.645139][ T5806] ksys_write+0x12b/0x250 [ 245.649513][ T5806] ? __ia32_sys_read+0xb0/0xb0 [ 245.654324][ T5806] ? lockdep_hardirqs_on+0x7d/0x100 [ 245.659563][ T5806] ? _raw_spin_unlock_irq+0x2e/0x50 [ 245.664801][ T5806] ? ptrace_notify+0xfe/0x140 [ 245.669521][ T5806] do_syscall_64+0x39/0xb0 [ 245.673986][ T5806] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 245.679917][ T5806] RIP: 0033:0x7faecf034129 [ 245.684361][ T5806] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 245.703997][ T5806] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 245.712443][ T5806] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 245.720447][ T5806] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 245.728462][ T5806] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 245.736463][ T5806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5087] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [ 245.744460][ T5806] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000034 [ 245.752478][ T5806] [ 245.760149][ T5806] memory: usage 8kB, limit 0kB, failcnt 36 [ 245.769497][ T5806] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 245.777337][ T5806] Memory cgroup stats for /syz1: [ 245.777903][ T5806] anon 0 [ 245.777903][ T5806] file 0 [ 245.777903][ T5806] kernel 8192 [pid 5087] close(4) = 0 [pid 5087] rmdir("./53/file0") = 0 [pid 5087] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./53/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./53") = 0 [pid 5087] mkdir("./54", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5811 attached [pid 5811] chdir("./54" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 56 [pid 5811] <... chdir resumed>) = 0 [pid 5811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5811] setpgid(0, 0) = 0 [pid 5811] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5811] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5811] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [ 245.777903][ T5806] kernel_stack 0 [ 245.777903][ T5806] pagetables 0 [ 245.777903][ T5806] sec_pagetables 0 [ 245.777903][ T5806] percpu 0 [ 245.777903][ T5806] sock 0 [ 245.777903][ T5806] vmalloc 0 [ 245.777903][ T5806] shmem 0 [ 245.777903][ T5806] zswap 0 [ 245.777903][ T5806] zswapped 0 [ 245.777903][ T5806] file_mapped 0 [ 245.777903][ T5806] file_dirty 0 [ 245.777903][ T5806] file_writeback 0 [ 245.777903][ T5806] swapcached 0 [ 245.777903][ T5806] anon_thp 0 [ 245.777903][ T5806] file_thp 0 [ 245.777903][ T5806] shmem_thp 0 [ 245.777903][ T5806] inactive_anon 0 [pid 5811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5811] write(3, "1000", 4) = 4 [pid 5811] close(3) = 0 [pid 5811] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5811] mkdir("./file0", 000) = 0 [pid 5811] open("./file0", O_RDONLY) = 3 [pid 5811] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5811] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5811] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5811] openat(5, "memory.max", O_RDWR) = 6 [ 245.777903][ T5806] active_anon 0 [ 245.777903][ T5806] inactive_file 0 [ 245.777903][ T5806] active_file 0 [ 245.777903][ T5806] unevictable 0 [ 245.777903][ T5806] slab_reclaimable 6752 [ 245.777903][ T5806] slab_unreclaimable 0 [ 245.777903][ T5806] slab 6752 [ 245.777903][ T5806] workingset_refault_anon 0 [ 245.777903][ T5806] workingset_refault_file 0 [ 245.777903][ T5806] workingset_activate_anon 0 [ 245.777903][ T5806] workingset_activate_file 0 [ 245.777903][ T5806] workingset_restore_anon 0 [ 245.777903][ T5806] workingset_restore_file 0 [ 245.777903][ T5806] workingset_nodereclaim 0 [ 245.777903][ T5806] pgscan 831 [ 245.777903][ T5806] pgsteal 2 [ 245.777903][ T5806] pgscan_kswapd 0 [ 245.777903][ T5806] pgscan_direct 831 [ 245.777903][ T5806] pgscan_khugepaged 0 [ 245.777903][ T5806] pgsteal_kswapd 0 [ 245.777903][ T5806] pgsteal_direct 2 [ 245.777903][ T5806] pgsteal_khugepaged 0 [ 245.777903][ T5806] pgfault 21 [ 245.777903][ T5806] pgmajfault 0 [ 245.777903][ T5806] pgrefill 830 [ 245.777903][ T5806] pgactivate 829 [ 245.777903][ T5806] pgdeactivate 830 [ 245.777903][ T5806] pglazyfree 0 [ 245.777903][ T5806] pglazyfreed 0 [ 245.777903][ T5806] zswpin 0 [ 245.777903][ T5806] zswpout 0 [ 245.777903][ T5806] thp_fault_alloc 0 [ 245.777903][ T5806] thp_collapse_alloc 0 [ 245.972473][ T5806] Tasks state (memory values in pages): [ 245.978103][ T5806] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5811] write(6, "0x000000000000040e", 18 [pid 5806] <... write resumed>) = 18 [pid 5806] close(3) = 0 [pid 5806] close(4) = 0 [pid 5806] close(5) = 0 [pid 5806] close(6) = 0 [pid 5806] close(7) = -1 EBADF (Bad file descriptor) [pid 5806] close(8) = -1 EBADF (Bad file descriptor) [pid 5806] close(9) = -1 EBADF (Bad file descriptor) [pid 5806] close(10) = -1 EBADF (Bad file descriptor) [pid 5806] close(11) = -1 EBADF (Bad file descriptor) [pid 5806] close(12) = -1 EBADF (Bad file descriptor) [pid 5806] close(13) = -1 EBADF (Bad file descriptor) [pid 5806] close(14) = -1 EBADF (Bad file descriptor) [pid 5806] close(15) = -1 EBADF (Bad file descriptor) [pid 5806] close(16) = -1 EBADF (Bad file descriptor) [pid 5806] close(17) = -1 EBADF (Bad file descriptor) [pid 5806] close(18) = -1 EBADF (Bad file descriptor) [pid 5806] close(19) = -1 EBADF (Bad file descriptor) [pid 5806] close(20) = -1 EBADF (Bad file descriptor) [pid 5806] close(21) = -1 EBADF (Bad file descriptor) [pid 5806] close(22) = -1 EBADF (Bad file descriptor) [pid 5806] close(23) = -1 EBADF (Bad file descriptor) [pid 5806] close(24) = -1 EBADF (Bad file descriptor) [pid 5806] close(25) = -1 EBADF (Bad file descriptor) [pid 5806] close(26) = -1 EBADF (Bad file descriptor) [pid 5806] close(27) = -1 EBADF (Bad file descriptor) [pid 5806] close(28) = -1 EBADF (Bad file descriptor) [pid 5806] close(29) = -1 EBADF (Bad file descriptor) [pid 5806] exit_group(0) = ? [pid 5806] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [ 245.998874][ T5806] Out of memory and no killable processes... [ 246.005465][ T5807] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 246.017583][ T5807] CPU: 1 PID: 5807 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 246.027548][ T5807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 246.037658][ T5807] Call Trace: [ 246.040976][ T5807] [ 246.043956][ T5807] dump_stack_lvl+0x136/0x150 [pid 5086] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./52/binderfs") = 0 [pid 5086] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./52/cgroup") = 0 [pid 5086] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./52/cgroup.net") = 0 [ 246.048698][ T5807] dump_header+0x10a/0xd70 [ 246.053179][ T5807] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 246.059349][ T5807] out_of_memory+0xd64/0x1660 [ 246.064111][ T5807] ? oom_killer_disable+0x2b0/0x2b0 [ 246.069408][ T5807] mem_cgroup_out_of_memory+0x206/0x270 [ 246.075035][ T5807] ? mem_cgroup_margin+0x130/0x130 [ 246.080242][ T5807] memory_max_write+0x2f9/0x3c0 [ 246.085174][ T5807] ? mem_cgroup_force_empty_write+0x160/0x160 [ 246.091344][ T5807] ? lock_sync+0x190/0x190 [ 246.095845][ T5807] cgroup_file_write+0x1e2/0x7b0 [ 246.100887][ T5807] ? mem_cgroup_force_empty_write+0x160/0x160 [ 246.107026][ T5807] ? kill_css+0x3b0/0x3b0 [ 246.111407][ T5807] ? lock_acquire+0x32/0xc0 [ 246.116002][ T5807] ? kill_css+0x3b0/0x3b0 [ 246.120402][ T5807] kernfs_fop_write_iter+0x3f1/0x600 [ 246.125743][ T5807] vfs_write+0x9ed/0xe10 [ 246.130074][ T5807] ? kernel_write+0x670/0x670 [ 246.134836][ T5807] ? find_held_lock+0x2d/0x110 [ 246.139681][ T5807] ? __fget_light+0x20a/0x270 [ 246.144445][ T5807] ksys_write+0x12b/0x250 [ 246.148847][ T5807] ? __ia32_sys_read+0xb0/0xb0 [ 246.153666][ T5807] ? lockdep_hardirqs_on+0x7d/0x100 [ 246.158909][ T5807] ? _raw_spin_unlock_irq+0x2e/0x50 [ 246.164168][ T5807] ? ptrace_notify+0xfe/0x140 [ 246.168922][ T5807] do_syscall_64+0x39/0xb0 [ 246.173415][ T5807] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 246.179374][ T5807] RIP: 0033:0x7faecf034129 [ 246.183843][ T5807] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 246.203515][ T5807] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 246.211986][ T5807] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 246.220086][ T5807] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 246.228107][ T5807] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 246.236129][ T5807] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5086] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 246.244145][ T5807] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000034 [ 246.252222][ T5807] [pid 5086] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./52/file0") = 0 [pid 5086] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./52/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./52") = 0 [pid 5086] mkdir("./53", 0777) = 0 [ 246.273658][ T5807] memory: usage 8kB, limit 0kB, failcnt 36 [ 246.289274][ T5807] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 246.296727][ T5807] Memory cgroup stats for /syz1: [ 246.297036][ T5807] anon 0 [ 246.297036][ T5807] file 0 [ 246.297036][ T5807] kernel 8192 [ 246.297036][ T5807] kernel_stack 0 [ 246.297036][ T5807] pagetables 0 [ 246.297036][ T5807] sec_pagetables 0 [ 246.297036][ T5807] percpu 0 [ 246.297036][ T5807] sock 0 [ 246.297036][ T5807] vmalloc 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 55 ./strace-static-x86_64: Process 5814 attached [pid 5814] chdir("./53") = 0 [pid 5814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5814] setpgid(0, 0) = 0 [pid 5814] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5814] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5814] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [ 246.297036][ T5807] shmem 0 [ 246.297036][ T5807] zswap 0 [ 246.297036][ T5807] zswapped 0 [ 246.297036][ T5807] file_mapped 0 [ 246.297036][ T5807] file_dirty 0 [ 246.297036][ T5807] file_writeback 0 [ 246.297036][ T5807] swapcached 0 [ 246.297036][ T5807] anon_thp 0 [ 246.297036][ T5807] file_thp 0 [ 246.297036][ T5807] shmem_thp 0 [ 246.297036][ T5807] inactive_anon 0 [ 246.297036][ T5807] active_anon 0 [ 246.297036][ T5807] inactive_file 0 [ 246.297036][ T5807] active_file 0 [ 246.297036][ T5807] unevictable 0 [ 246.297036][ T5807] slab_reclaimable 6752 [ 246.297036][ T5807] slab_unreclaimable 0 [ 246.297036][ T5807] slab 6752 [ 246.297036][ T5807] workingset_refault_anon 0 [ 246.297036][ T5807] workingset_refault_file 0 [ 246.297036][ T5807] workingset_activate_anon 0 [ 246.297036][ T5807] workingset_activate_file 0 [ 246.297036][ T5807] workingset_restore_anon 0 [ 246.297036][ T5807] workingset_restore_file 0 [ 246.297036][ T5807] workingset_nodereclaim 0 [ 246.297036][ T5807] pgscan 831 [ 246.297036][ T5807] pgsteal 2 [ 246.297036][ T5807] pgscan_kswapd 0 [ 246.297036][ T5807] pgscan_direct 831 [ 246.297036][ T5807] pgscan_khugepaged 0 [ 246.297036][ T5807] pgsteal_kswapd 0 [ 246.297036][ T5807] pgsteal_direct 2 [ 246.297036][ T5807] pgsteal_khugepaged 0 [ 246.297036][ T5807] pgfault 21 [ 246.297036][ T5807] pgmajfault 0 [ 246.297036][ T5807] pgrefill 830 [ 246.297036][ T5807] pgactivate 829 [ 246.297036][ T5807] pgdeactivate 830 [ 246.297036][ T5807] pglazyfree 0 [ 246.297036][ T5807] pglazyfreed 0 [ 246.297036][ T5807] zswpin 0 [ 246.297036][ T5807] zswpout 0 [ 246.297036][ T5807] thp_fault_alloc 0 [pid 5814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5814] write(3, "1000", 4) = 4 [pid 5814] close(3) = 0 [pid 5814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5814] mkdir("./file0", 000) = 0 [ 246.297036][ T5807] thp_collapse_alloc 0 [pid 5814] open("./file0", O_RDONLY) = 3 [pid 5814] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5814] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5814] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5814] openat(5, "memory.max", O_RDWR) = 6 [pid 5814] write(6, "0x000000000000040e", 18 [pid 5807] <... write resumed>) = 18 [pid 5807] close(3) = 0 [pid 5807] close(4) = 0 [pid 5807] close(5) = 0 [pid 5807] close(6) = 0 [pid 5807] close(7) = -1 EBADF (Bad file descriptor) [pid 5807] close(8) = -1 EBADF (Bad file descriptor) [pid 5807] close(9) = -1 EBADF (Bad file descriptor) [pid 5807] close(10) = -1 EBADF (Bad file descriptor) [ 246.504282][ T5807] Tasks state (memory values in pages): [ 246.509928][ T5807] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 246.522518][ T5807] Out of memory and no killable processes... [ 246.531142][ T5808] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5807] close(11) = -1 EBADF (Bad file descriptor) [pid 5807] close(12) = -1 EBADF (Bad file descriptor) [pid 5807] close(13) = -1 EBADF (Bad file descriptor) [pid 5807] close(14) = -1 EBADF (Bad file descriptor) [pid 5807] close(15) = -1 EBADF (Bad file descriptor) [pid 5807] close(16) = -1 EBADF (Bad file descriptor) [pid 5807] close(17) = -1 EBADF (Bad file descriptor) [pid 5807] close(18) = -1 EBADF (Bad file descriptor) [pid 5807] close(19) = -1 EBADF (Bad file descriptor) [pid 5807] close(20) = -1 EBADF (Bad file descriptor) [pid 5807] close(21) = -1 EBADF (Bad file descriptor) [pid 5807] close(22) = -1 EBADF (Bad file descriptor) [pid 5807] close(23) = -1 EBADF (Bad file descriptor) [pid 5807] close(24) = -1 EBADF (Bad file descriptor) [pid 5807] close(25) = -1 EBADF (Bad file descriptor) [pid 5807] close(26) = -1 EBADF (Bad file descriptor) [pid 5807] close(27) = -1 EBADF (Bad file descriptor) [pid 5807] close(28) = -1 EBADF (Bad file descriptor) [pid 5807] close(29) = -1 EBADF (Bad file descriptor) [pid 5807] exit_group(0) = ? [pid 5807] +++ exited with 0 +++ [ 246.558882][ T5808] CPU: 1 PID: 5808 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 246.568891][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 246.579010][ T5808] Call Trace: [ 246.582350][ T5808] [ 246.585332][ T5808] dump_stack_lvl+0x136/0x150 [ 246.590087][ T5808] dump_header+0x10a/0xd70 [ 246.594578][ T5808] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 246.600744][ T5808] out_of_memory+0xd64/0x1660 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5085] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./52/binderfs") = 0 [pid 5085] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./52/cgroup") = 0 [pid 5085] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./52/cgroup.net") = 0 [ 246.605522][ T5808] ? oom_killer_disable+0x2b0/0x2b0 [ 246.610820][ T5808] mem_cgroup_out_of_memory+0x206/0x270 [ 246.616464][ T5808] ? mem_cgroup_margin+0x130/0x130 [ 246.621683][ T5808] memory_max_write+0x2f9/0x3c0 [ 246.626629][ T5808] ? mem_cgroup_force_empty_write+0x160/0x160 [ 246.632786][ T5808] ? lock_sync+0x190/0x190 [ 246.637287][ T5808] cgroup_file_write+0x1e2/0x7b0 [ 246.642312][ T5808] ? mem_cgroup_force_empty_write+0x160/0x160 [ 246.648469][ T5808] ? kill_css+0x3b0/0x3b0 [ 246.652863][ T5808] ? lock_acquire+0x32/0xc0 [ 246.657422][ T5808] ? kill_css+0x3b0/0x3b0 [ 246.661852][ T5808] kernfs_fop_write_iter+0x3f1/0x600 [ 246.667202][ T5808] vfs_write+0x9ed/0xe10 [ 246.671498][ T5808] ? kernel_write+0x670/0x670 [ 246.676237][ T5808] ? find_held_lock+0x2d/0x110 [ 246.681042][ T5808] ? __fget_light+0x20a/0x270 [ 246.685786][ T5808] ksys_write+0x12b/0x250 [ 246.690162][ T5808] ? __ia32_sys_read+0xb0/0xb0 [ 246.694971][ T5808] ? lockdep_hardirqs_on+0x7d/0x100 [ 246.700225][ T5808] ? _raw_spin_unlock_irq+0x2e/0x50 [ 246.705462][ T5808] ? ptrace_notify+0xfe/0x140 [ 246.710180][ T5808] do_syscall_64+0x39/0xb0 [ 246.714643][ T5808] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 246.720576][ T5808] RIP: 0033:0x7faecf034129 [ 246.725075][ T5808] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 246.744712][ T5808] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 246.753156][ T5808] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 246.761162][ T5808] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 246.769154][ T5808] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 246.777147][ T5808] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 246.785140][ T5808] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000037 [ 246.793161][ T5808] [ 246.798518][ T5808] memory: usage 8kB, limit 0kB, failcnt 36 [ 246.804946][ T5808] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 246.812041][ T5808] Memory cgroup stats for /syz1: [ 246.812353][ T5808] anon 0 [ 246.812353][ T5808] file 0 [ 246.812353][ T5808] kernel 8192 [ 246.812353][ T5808] kernel_stack 0 [ 246.812353][ T5808] pagetables 0 [ 246.812353][ T5808] sec_pagetables 0 [ 246.812353][ T5808] percpu 0 [ 246.812353][ T5808] sock 0 [ 246.812353][ T5808] vmalloc 0 [ 246.812353][ T5808] shmem 0 [ 246.812353][ T5808] zswap 0 [ 246.812353][ T5808] zswapped 0 [ 246.812353][ T5808] file_mapped 0 [ 246.812353][ T5808] file_dirty 0 [pid 5085] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./52/file0") = 0 [pid 5085] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./52/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./52") = 0 [pid 5085] mkdir("./53", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5815 attached [pid 5815] chdir("./53") = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 55 [pid 5815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5815] setpgid(0, 0) = 0 [pid 5815] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5815] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5815] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5815] write(3, "1000", 4) = 4 [pid 5815] close(3) = 0 [pid 5815] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5815] mkdir("./file0", 000) = 0 [pid 5815] open("./file0", O_RDONLY) = 3 [pid 5815] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5815] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5815] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5815] openat(5, "memory.max", O_RDWR) = 6 [ 246.812353][ T5808] file_writeback 0 [ 246.812353][ T5808] swapcached 0 [ 246.812353][ T5808] anon_thp 0 [ 246.812353][ T5808] file_thp 0 [ 246.812353][ T5808] shmem_thp 0 [ 246.812353][ T5808] inactive_anon 0 [ 246.812353][ T5808] active_anon 0 [ 246.812353][ T5808] inactive_file 0 [ 246.812353][ T5808] active_file 0 [ 246.812353][ T5808] unevictable 0 [ 246.812353][ T5808] slab_reclaimable 6752 [ 246.812353][ T5808] slab_unreclaimable 0 [ 246.812353][ T5808] slab 6752 [ 246.812353][ T5808] workingset_refault_anon 0 [ 246.812353][ T5808] workingset_refault_file 0 [ 246.812353][ T5808] workingset_activate_anon 0 [ 246.812353][ T5808] workingset_activate_file 0 [ 246.812353][ T5808] workingset_restore_anon 0 [ 246.812353][ T5808] workingset_restore_file 0 [ 246.812353][ T5808] workingset_nodereclaim 0 [ 246.812353][ T5808] pgscan 831 [ 246.812353][ T5808] pgsteal 2 [ 246.812353][ T5808] pgscan_kswapd 0 [ 246.812353][ T5808] pgscan_direct 831 [ 246.812353][ T5808] pgscan_khugepaged 0 [ 246.812353][ T5808] pgsteal_kswapd 0 [ 246.812353][ T5808] pgsteal_direct 2 [ 246.812353][ T5808] pgsteal_khugepaged 0 [ 246.812353][ T5808] pgfault 21 [ 246.812353][ T5808] pgmajfault 0 [ 246.812353][ T5808] pgrefill 830 [ 246.812353][ T5808] pgactivate 829 [ 246.812353][ T5808] pgdeactivate 830 [ 246.812353][ T5808] pglazyfree 0 [ 246.812353][ T5808] pglazyfreed 0 [ 246.812353][ T5808] zswpin 0 [ 246.812353][ T5808] zswpout 0 [ 246.812353][ T5808] thp_fault_alloc 0 [ 246.812353][ T5808] thp_collapse_alloc 0 [ 247.003303][ T5808] Tasks state (memory values in pages): [pid 5815] write(6, "0x000000000000040e", 18 [pid 5808] <... write resumed>) = 18 [pid 5808] close(3) = 0 [pid 5808] close(4) = 0 [pid 5808] close(5) = 0 [pid 5808] close(6) = 0 [pid 5808] close(7) = -1 EBADF (Bad file descriptor) [pid 5808] close(8) = -1 EBADF (Bad file descriptor) [pid 5808] close(9) = -1 EBADF (Bad file descriptor) [pid 5808] close(10) = -1 EBADF (Bad file descriptor) [pid 5808] close(11) = -1 EBADF (Bad file descriptor) [pid 5808] close(12) = -1 EBADF (Bad file descriptor) [pid 5808] close(13) = -1 EBADF (Bad file descriptor) [ 247.009117][ T5808] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 247.019237][ T5808] Out of memory and no killable processes... [ 247.026477][ T5809] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 247.049452][ T5809] CPU: 0 PID: 5809 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5808] close(14) = -1 EBADF (Bad file descriptor) [pid 5808] close(15) = -1 EBADF (Bad file descriptor) [pid 5808] close(16) = -1 EBADF (Bad file descriptor) [pid 5808] close(17) = -1 EBADF (Bad file descriptor) [pid 5808] close(18) = -1 EBADF (Bad file descriptor) [pid 5808] close(19) = -1 EBADF (Bad file descriptor) [pid 5808] close(20) = -1 EBADF (Bad file descriptor) [pid 5808] close(21) = -1 EBADF (Bad file descriptor) [pid 5808] close(22) = -1 EBADF (Bad file descriptor) [pid 5808] close(23) = -1 EBADF (Bad file descriptor) [pid 5808] close(24) = -1 EBADF (Bad file descriptor) [pid 5808] close(25) = -1 EBADF (Bad file descriptor) [pid 5808] close(26) = -1 EBADF (Bad file descriptor) [pid 5808] close(27) = -1 EBADF (Bad file descriptor) [pid 5808] close(28) = -1 EBADF (Bad file descriptor) [pid 5808] close(29) = -1 EBADF (Bad file descriptor) [pid 5808] exit_group(0) = ? [pid 5808] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5089] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 247.059444][ T5809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 247.069559][ T5809] Call Trace: [ 247.072890][ T5809] [ 247.075886][ T5809] dump_stack_lvl+0x136/0x150 [ 247.080637][ T5809] dump_header+0x10a/0xd70 [ 247.085135][ T5809] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 247.091311][ T5809] out_of_memory+0xd64/0x1660 [ 247.096079][ T5809] ? oom_killer_disable+0x2b0/0x2b0 [ 247.101361][ T5809] ? find_held_lock+0x2d/0x110 [pid 5089] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./55/binderfs") = 0 [pid 5089] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./55/cgroup") = 0 [pid 5089] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./55/cgroup.net") = 0 [ 247.106205][ T5809] mem_cgroup_out_of_memory+0x206/0x270 [ 247.111858][ T5809] ? mem_cgroup_margin+0x130/0x130 [ 247.117057][ T5809] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 247.122953][ T5809] memory_max_write+0x2f9/0x3c0 [ 247.127899][ T5809] ? mem_cgroup_force_empty_write+0x160/0x160 [ 247.134059][ T5809] ? lock_sync+0x190/0x190 [ 247.138549][ T5809] cgroup_file_write+0x1e2/0x7b0 [ 247.143570][ T5809] ? mem_cgroup_force_empty_write+0x160/0x160 [ 247.149711][ T5809] ? kill_css+0x3b0/0x3b0 [ 247.154094][ T5809] ? lock_acquire+0x32/0xc0 [ 247.158659][ T5809] ? kill_css+0x3b0/0x3b0 [ 247.163032][ T5809] kernfs_fop_write_iter+0x3f1/0x600 [ 247.168401][ T5809] vfs_write+0x9ed/0xe10 [ 247.172712][ T5809] ? kernel_write+0x670/0x670 [ 247.177472][ T5809] ? find_held_lock+0x2d/0x110 [ 247.182303][ T5809] ? __fget_light+0x20a/0x270 [ 247.187062][ T5809] ksys_write+0x12b/0x250 [ 247.191475][ T5809] ? __ia32_sys_read+0xb0/0xb0 [ 247.196302][ T5809] ? lockdep_hardirqs_on+0x7d/0x100 [ 247.201563][ T5809] ? _raw_spin_unlock_irq+0x2e/0x50 [ 247.206831][ T5809] ? ptrace_notify+0xfe/0x140 [ 247.211579][ T5809] do_syscall_64+0x39/0xb0 [ 247.216072][ T5809] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 247.222021][ T5809] RIP: 0033:0x7faecf034129 [ 247.226471][ T5809] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 247.246143][ T5809] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5089] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 247.254615][ T5809] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 247.262623][ T5809] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 247.270647][ T5809] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 247.278668][ T5809] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 247.286693][ T5809] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000038 [ 247.294756][ T5809] [pid 5089] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./55/file0") = 0 [pid 5089] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./55/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./55") = 0 [pid 5089] mkdir("./56", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 58 [ 247.313786][ T5809] memory: usage 8kB, limit 0kB, failcnt 36 [ 247.320584][ T5809] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 247.328366][ T5809] Memory cgroup stats for /syz1: [ 247.328714][ T5809] anon 0 [ 247.328714][ T5809] file 0 [ 247.328714][ T5809] kernel 8192 [ 247.328714][ T5809] kernel_stack 0 [ 247.328714][ T5809] pagetables 0 [ 247.328714][ T5809] sec_pagetables 0 [ 247.328714][ T5809] percpu 0 [ 247.328714][ T5809] sock 0 [ 247.328714][ T5809] vmalloc 0 [ 247.328714][ T5809] shmem 0 [ 247.328714][ T5809] zswap 0 [ 247.328714][ T5809] zswapped 0 [ 247.328714][ T5809] file_mapped 0 [ 247.328714][ T5809] file_dirty 0 [ 247.328714][ T5809] file_writeback 0 [ 247.328714][ T5809] swapcached 0 [ 247.328714][ T5809] anon_thp 0 [ 247.328714][ T5809] file_thp 0 [ 247.328714][ T5809] shmem_thp 0 [ 247.328714][ T5809] inactive_anon 0 [ 247.328714][ T5809] active_anon 0 [ 247.328714][ T5809] inactive_file 0 [ 247.328714][ T5809] active_file 0 [ 247.328714][ T5809] unevictable 0 [ 247.328714][ T5809] slab_reclaimable 6752 [ 247.328714][ T5809] slab_unreclaimable 0 [ 247.328714][ T5809] slab 6752 [ 247.328714][ T5809] workingset_refault_anon 0 [ 247.328714][ T5809] workingset_refault_file 0 [ 247.328714][ T5809] workingset_activate_anon 0 [ 247.328714][ T5809] workingset_activate_file 0 [ 247.328714][ T5809] workingset_restore_anon 0 [ 247.328714][ T5809] workingset_restore_file 0 [ 247.328714][ T5809] workingset_nodereclaim 0 [ 247.328714][ T5809] pgscan 831 [ 247.328714][ T5809] pgsteal 2 [ 247.328714][ T5809] pgscan_kswapd 0 [ 247.328714][ T5809] pgscan_direct 831 ./strace-static-x86_64: Process 5816 attached [pid 5816] chdir("./56") = 0 [pid 5816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5816] setpgid(0, 0) = 0 [pid 5816] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5816] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5816] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5816] write(3, "1000", 4) = 4 [pid 5816] close(3) = 0 [pid 5816] symlink("/dev/binderfs", "./binderfs") = 0 [ 247.328714][ T5809] pgscan_khugepaged 0 [ 247.328714][ T5809] pgsteal_kswapd 0 [ 247.328714][ T5809] pgsteal_direct 2 [ 247.328714][ T5809] pgsteal_khugepaged 0 [ 247.328714][ T5809] pgfault 21 [ 247.328714][ T5809] pgmajfault 0 [ 247.328714][ T5809] pgrefill 830 [ 247.328714][ T5809] pgactivate 829 [ 247.328714][ T5809] pgdeactivate 830 [ 247.328714][ T5809] pglazyfree 0 [ 247.328714][ T5809] pglazyfreed 0 [ 247.328714][ T5809] zswpin 0 [ 247.328714][ T5809] zswpout 0 [ 247.328714][ T5809] thp_fault_alloc 0 [ 247.328714][ T5809] thp_collapse_alloc 0 [pid 5816] mkdir("./file0", 000) = 0 [pid 5816] open("./file0", O_RDONLY) = 3 [pid 5816] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5816] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5816] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5816] openat(5, "memory.max", O_RDWR) = 6 [pid 5816] write(6, "0x000000000000040e", 18 [pid 5809] <... write resumed>) = 18 [pid 5809] close(3) = 0 [pid 5809] close(4) = 0 [pid 5809] close(5) = 0 [pid 5809] close(6) = 0 [pid 5809] close(7) = -1 EBADF (Bad file descriptor) [pid 5809] close(8) = -1 EBADF (Bad file descriptor) [pid 5809] close(9) = -1 EBADF (Bad file descriptor) [pid 5809] close(10) = -1 EBADF (Bad file descriptor) [pid 5809] close(11) = -1 EBADF (Bad file descriptor) [pid 5809] close(12) = -1 EBADF (Bad file descriptor) [pid 5809] close(13) = -1 EBADF (Bad file descriptor) [pid 5809] close(14) = -1 EBADF (Bad file descriptor) [pid 5809] close(15) = -1 EBADF (Bad file descriptor) [pid 5809] close(16) = -1 EBADF (Bad file descriptor) [pid 5809] close(17) = -1 EBADF (Bad file descriptor) [pid 5809] close(18) = -1 EBADF (Bad file descriptor) [pid 5809] close(19) = -1 EBADF (Bad file descriptor) [pid 5809] close(20) = -1 EBADF (Bad file descriptor) [ 247.562583][ T5809] Tasks state (memory values in pages): [ 247.569883][ T5809] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 247.580025][ T5809] Out of memory and no killable processes... [ 247.590148][ T5811] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5809] close(21) = -1 EBADF (Bad file descriptor) [pid 5809] close(22) = -1 EBADF (Bad file descriptor) [pid 5809] close(23) = -1 EBADF (Bad file descriptor) [pid 5809] close(24) = -1 EBADF (Bad file descriptor) [pid 5809] close(25) = -1 EBADF (Bad file descriptor) [pid 5809] close(26) = -1 EBADF (Bad file descriptor) [pid 5809] close(27) = -1 EBADF (Bad file descriptor) [pid 5809] close(28) = -1 EBADF (Bad file descriptor) [pid 5809] close(29) = -1 EBADF (Bad file descriptor) [pid 5809] exit_group(0) = ? [pid 5809] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5090] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./56/binderfs") = 0 [pid 5090] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 247.628598][ T5811] CPU: 0 PID: 5811 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 247.638592][ T5811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 247.648710][ T5811] Call Trace: [ 247.652043][ T5811] [ 247.655032][ T5811] dump_stack_lvl+0x136/0x150 [ 247.659783][ T5811] dump_header+0x10a/0xd70 [ 247.664281][ T5811] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 247.670450][ T5811] out_of_memory+0xd64/0x1660 [pid 5090] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./56/cgroup") = 0 [pid 5090] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./56/cgroup.net") = 0 [ 247.675215][ T5811] ? oom_killer_disable+0x2b0/0x2b0 [ 247.680512][ T5811] ? find_held_lock+0x2d/0x110 [ 247.685353][ T5811] mem_cgroup_out_of_memory+0x206/0x270 [ 247.690988][ T5811] ? mem_cgroup_margin+0x130/0x130 [ 247.696190][ T5811] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 247.702075][ T5811] memory_max_write+0x2f9/0x3c0 [ 247.706975][ T5811] ? mem_cgroup_force_empty_write+0x160/0x160 [ 247.713093][ T5811] ? lock_sync+0x190/0x190 [ 247.717550][ T5811] cgroup_file_write+0x1e2/0x7b0 [ 247.722535][ T5811] ? mem_cgroup_force_empty_write+0x160/0x160 [ 247.728650][ T5811] ? kill_css+0x3b0/0x3b0 [ 247.733028][ T5811] ? lock_acquire+0x32/0xc0 [ 247.737579][ T5811] ? kill_css+0x3b0/0x3b0 [ 247.741952][ T5811] kernfs_fop_write_iter+0x3f1/0x600 [ 247.747291][ T5811] vfs_write+0x9ed/0xe10 [ 247.751592][ T5811] ? kernel_write+0x670/0x670 [ 247.756332][ T5811] ? find_held_lock+0x2d/0x110 [ 247.761141][ T5811] ? __fget_light+0x20a/0x270 [ 247.765867][ T5811] ksys_write+0x12b/0x250 [ 247.770248][ T5811] ? __ia32_sys_read+0xb0/0xb0 [ 247.775064][ T5811] ? lockdep_hardirqs_on+0x7d/0x100 [ 247.780317][ T5811] ? _raw_spin_unlock_irq+0x2e/0x50 [ 247.785563][ T5811] ? ptrace_notify+0xfe/0x140 [ 247.790284][ T5811] do_syscall_64+0x39/0xb0 [ 247.794750][ T5811] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 247.800690][ T5811] RIP: 0033:0x7faecf034129 [ 247.805138][ T5811] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5090] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 247.824777][ T5811] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 247.833222][ T5811] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 247.841228][ T5811] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 247.849231][ T5811] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 247.857234][ T5811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 247.865237][ T5811] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000036 [ 247.873267][ T5811] [pid 5090] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./56/file0") = 0 [pid 5090] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./56/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./56") = 0 [pid 5090] mkdir("./57", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5818 attached [pid 5818] chdir("./57" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 59 [pid 5818] <... chdir resumed>) = 0 [pid 5818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 247.891061][ T5811] memory: usage 8kB, limit 0kB, failcnt 36 [ 247.901424][ T5811] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 247.909016][ T5811] Memory cgroup stats for /syz1: [ 247.909311][ T5811] anon 0 [ 247.909311][ T5811] file 0 [ 247.909311][ T5811] kernel 8192 [ 247.909311][ T5811] kernel_stack 0 [ 247.909311][ T5811] pagetables 0 [ 247.909311][ T5811] sec_pagetables 0 [ 247.909311][ T5811] percpu 0 [ 247.909311][ T5811] sock 0 [pid 5818] setpgid(0, 0) = 0 [pid 5818] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5818] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5818] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5818] write(3, "1000", 4) = 4 [pid 5818] close(3) = 0 [pid 5818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5818] mkdir("./file0", 000) = 0 [pid 5818] open("./file0", O_RDONLY) = 3 [pid 5818] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5818] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5818] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5818] openat(5, "memory.max", O_RDWR) = 6 [ 247.909311][ T5811] vmalloc 0 [ 247.909311][ T5811] shmem 0 [ 247.909311][ T5811] zswap 0 [ 247.909311][ T5811] zswapped 0 [ 247.909311][ T5811] file_mapped 0 [ 247.909311][ T5811] file_dirty 0 [ 247.909311][ T5811] file_writeback 0 [ 247.909311][ T5811] swapcached 0 [ 247.909311][ T5811] anon_thp 0 [ 247.909311][ T5811] file_thp 0 [ 247.909311][ T5811] shmem_thp 0 [ 247.909311][ T5811] inactive_anon 0 [ 247.909311][ T5811] active_anon 0 [ 247.909311][ T5811] inactive_file 0 [ 247.909311][ T5811] active_file 0 [ 247.909311][ T5811] unevictable 0 [ 247.909311][ T5811] slab_reclaimable 6752 [ 247.909311][ T5811] slab_unreclaimable 0 [ 247.909311][ T5811] slab 6752 [ 247.909311][ T5811] workingset_refault_anon 0 [ 247.909311][ T5811] workingset_refault_file 0 [ 247.909311][ T5811] workingset_activate_anon 0 [ 247.909311][ T5811] workingset_activate_file 0 [ 247.909311][ T5811] workingset_restore_anon 0 [ 247.909311][ T5811] workingset_restore_file 0 [ 247.909311][ T5811] workingset_nodereclaim 0 [ 247.909311][ T5811] pgscan 831 [ 247.909311][ T5811] pgsteal 2 [ 247.909311][ T5811] pgscan_kswapd 0 [ 247.909311][ T5811] pgscan_direct 831 [ 247.909311][ T5811] pgscan_khugepaged 0 [ 247.909311][ T5811] pgsteal_kswapd 0 [ 247.909311][ T5811] pgsteal_direct 2 [ 247.909311][ T5811] pgsteal_khugepaged 0 [ 247.909311][ T5811] pgfault 21 [ 247.909311][ T5811] pgmajfault 0 [ 247.909311][ T5811] pgrefill 830 [ 247.909311][ T5811] pgactivate 829 [ 247.909311][ T5811] pgdeactivate 830 [ 247.909311][ T5811] pglazyfree 0 [ 247.909311][ T5811] pglazyfreed 0 [ 247.909311][ T5811] zswpin 0 [ 247.909311][ T5811] zswpout 0 [ 247.909311][ T5811] thp_fault_alloc 0 [pid 5818] write(6, "0x000000000000040e", 18 [pid 5811] <... write resumed>) = 18 [pid 5811] close(3) = 0 [ 247.909311][ T5811] thp_collapse_alloc 0 [ 248.101640][ T5811] Tasks state (memory values in pages): [ 248.107251][ T5811] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 248.118004][ T5811] Out of memory and no killable processes... [ 248.125936][ T5814] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 248.138039][ T5814] CPU: 0 PID: 5814 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 248.148004][ T5814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 248.158119][ T5814] Call Trace: [ 248.161443][ T5814] [ 248.164416][ T5814] dump_stack_lvl+0x136/0x150 [ 248.169157][ T5814] dump_header+0x10a/0xd70 [ 248.173661][ T5814] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 248.179835][ T5814] out_of_memory+0xd64/0x1660 [ 248.184618][ T5814] ? oom_killer_disable+0x2b0/0x2b0 [pid 5811] close(4) = 0 [pid 5811] close(5) = 0 [pid 5811] close(6) = 0 [pid 5811] close(7) = -1 EBADF (Bad file descriptor) [pid 5811] close(8) = -1 EBADF (Bad file descriptor) [pid 5811] close(9) = -1 EBADF (Bad file descriptor) [pid 5811] close(10) = -1 EBADF (Bad file descriptor) [pid 5811] close(11) = -1 EBADF (Bad file descriptor) [pid 5811] close(12) = -1 EBADF (Bad file descriptor) [pid 5811] close(13) = -1 EBADF (Bad file descriptor) [pid 5811] close(14) = -1 EBADF (Bad file descriptor) [pid 5811] close(15) = -1 EBADF (Bad file descriptor) [pid 5811] close(16) = -1 EBADF (Bad file descriptor) [pid 5811] close(17) = -1 EBADF (Bad file descriptor) [pid 5811] close(18) = -1 EBADF (Bad file descriptor) [pid 5811] close(19) = -1 EBADF (Bad file descriptor) [pid 5811] close(20) = -1 EBADF (Bad file descriptor) [pid 5811] close(21) = -1 EBADF (Bad file descriptor) [pid 5811] close(22) = -1 EBADF (Bad file descriptor) [pid 5811] close(23) = -1 EBADF (Bad file descriptor) [pid 5811] close(24) = -1 EBADF (Bad file descriptor) [pid 5811] close(25) = -1 EBADF (Bad file descriptor) [pid 5811] close(26) = -1 EBADF (Bad file descriptor) [pid 5811] close(27) = -1 EBADF (Bad file descriptor) [pid 5811] close(28) = -1 EBADF (Bad file descriptor) [pid 5811] close(29) = -1 EBADF (Bad file descriptor) [pid 5811] exit_group(0) = ? [pid 5811] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./54/binderfs") = 0 [pid 5087] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./54/cgroup") = 0 [pid 5087] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./54/cgroup.net") = 0 [ 248.189925][ T5814] mem_cgroup_out_of_memory+0x206/0x270 [ 248.195551][ T5814] ? mem_cgroup_margin+0x130/0x130 [ 248.200775][ T5814] memory_max_write+0x2f9/0x3c0 [ 248.205711][ T5814] ? mem_cgroup_force_empty_write+0x160/0x160 [ 248.211864][ T5814] ? lock_sync+0x190/0x190 [ 248.216353][ T5814] cgroup_file_write+0x1e2/0x7b0 [ 248.221368][ T5814] ? mem_cgroup_force_empty_write+0x160/0x160 [ 248.227508][ T5814] ? kill_css+0x3b0/0x3b0 [ 248.231891][ T5814] ? lock_acquire+0x32/0xc0 [ 248.236453][ T5814] ? kill_css+0x3b0/0x3b0 [ 248.240825][ T5814] kernfs_fop_write_iter+0x3f1/0x600 [ 248.246182][ T5814] vfs_write+0x9ed/0xe10 [ 248.250479][ T5814] ? kernel_write+0x670/0x670 [ 248.255227][ T5814] ? find_held_lock+0x2d/0x110 [ 248.260037][ T5814] ? __fget_light+0x20a/0x270 [ 248.264767][ T5814] ksys_write+0x12b/0x250 [ 248.269171][ T5814] ? __ia32_sys_read+0xb0/0xb0 [ 248.273983][ T5814] ? lockdep_hardirqs_on+0x7d/0x100 [ 248.279248][ T5814] ? _raw_spin_unlock_irq+0x2e/0x50 [ 248.284509][ T5814] ? ptrace_notify+0xfe/0x140 [ 248.289229][ T5814] do_syscall_64+0x39/0xb0 [ 248.293694][ T5814] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 248.299641][ T5814] RIP: 0033:0x7faecf034129 [ 248.304084][ T5814] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 248.323723][ T5814] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 248.332172][ T5814] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5087] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./54/file0") = 0 [pid 5087] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./54/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [ 248.340173][ T5814] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 248.348172][ T5814] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 248.356169][ T5814] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 248.364166][ T5814] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000035 [ 248.372188][ T5814] [pid 5087] rmdir("./54") = 0 [pid 5087] mkdir("./55", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 57 ./strace-static-x86_64: Process 5819 attached [ 248.411383][ T5814] memory: usage 8kB, limit 0kB, failcnt 36 [ 248.421753][ T5814] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 248.429360][ T5814] Memory cgroup stats for /syz1: [ 248.429650][ T5814] anon 0 [ 248.429650][ T5814] file 0 [ 248.429650][ T5814] kernel 8192 [ 248.429650][ T5814] kernel_stack 0 [ 248.429650][ T5814] pagetables 0 [ 248.429650][ T5814] sec_pagetables 0 [ 248.429650][ T5814] percpu 0 [ 248.429650][ T5814] sock 0 [ 248.429650][ T5814] vmalloc 0 [ 248.429650][ T5814] shmem 0 [ 248.429650][ T5814] zswap 0 [ 248.429650][ T5814] zswapped 0 [ 248.429650][ T5814] file_mapped 0 [ 248.429650][ T5814] file_dirty 0 [ 248.429650][ T5814] file_writeback 0 [ 248.429650][ T5814] swapcached 0 [ 248.429650][ T5814] anon_thp 0 [ 248.429650][ T5814] file_thp 0 [ 248.429650][ T5814] shmem_thp 0 [ 248.429650][ T5814] inactive_anon 0 [ 248.429650][ T5814] active_anon 0 [ 248.429650][ T5814] inactive_file 0 [ 248.429650][ T5814] active_file 0 [ 248.429650][ T5814] unevictable 0 [ 248.429650][ T5814] slab_reclaimable 6752 [ 248.429650][ T5814] slab_unreclaimable 0 [ 248.429650][ T5814] slab 6752 [ 248.429650][ T5814] workingset_refault_anon 0 [ 248.429650][ T5814] workingset_refault_file 0 [ 248.429650][ T5814] workingset_activate_anon 0 [ 248.429650][ T5814] workingset_activate_file 0 [ 248.429650][ T5814] workingset_restore_anon 0 [ 248.429650][ T5814] workingset_restore_file 0 [ 248.429650][ T5814] workingset_nodereclaim 0 [ 248.429650][ T5814] pgscan 831 [ 248.429650][ T5814] pgsteal 2 [ 248.429650][ T5814] pgscan_kswapd 0 [ 248.429650][ T5814] pgscan_direct 831 [ 248.429650][ T5814] pgscan_khugepaged 0 [ 248.429650][ T5814] pgsteal_kswapd 0 [ 248.429650][ T5814] pgsteal_direct 2 [ 248.429650][ T5814] pgsteal_khugepaged 0 [ 248.429650][ T5814] pgfault 21 [ 248.429650][ T5814] pgmajfault 0 [ 248.429650][ T5814] pgrefill 830 [ 248.429650][ T5814] pgactivate 829 [ 248.429650][ T5814] pgdeactivate 830 [ 248.429650][ T5814] pglazyfree 0 [ 248.429650][ T5814] pglazyfreed 0 [ 248.429650][ T5814] zswpin 0 [ 248.429650][ T5814] zswpout 0 [ 248.429650][ T5814] thp_fault_alloc 0 [pid 5819] chdir("./55") = 0 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5819] setpgid(0, 0) = 0 [pid 5819] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5819] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5819] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5819] write(3, "1000", 4) = 4 [pid 5819] close(3) = 0 [pid 5819] symlink("/dev/binderfs", "./binderfs") = 0 [ 248.429650][ T5814] thp_collapse_alloc 0 [ 248.627599][ T5814] Tasks state (memory values in pages): [ 248.640837][ T5814] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 248.653331][ T5814] Out of memory and no killable processes... [pid 5819] mkdir("./file0", 000) = 0 [pid 5819] open("./file0", O_RDONLY) = 3 [pid 5819] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5819] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5819] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5814] <... write resumed>) = 18 [pid 5819] openat(5, "memory.max", O_RDWR) = 6 [pid 5819] write(6, "0x000000000000040e", 18 [pid 5814] close(3) = 0 [pid 5814] close(4) = 0 [pid 5814] close(5) = 0 [pid 5814] close(6) = 0 [pid 5814] close(7) = -1 EBADF (Bad file descriptor) [pid 5814] close(8) = -1 EBADF (Bad file descriptor) [pid 5814] close(9) = -1 EBADF (Bad file descriptor) [pid 5814] close(10) = -1 EBADF (Bad file descriptor) [pid 5814] close(11) = -1 EBADF (Bad file descriptor) [pid 5814] close(12) = -1 EBADF (Bad file descriptor) [pid 5814] close(13) = -1 EBADF (Bad file descriptor) [pid 5814] close(14) = -1 EBADF (Bad file descriptor) [pid 5814] close(15) = -1 EBADF (Bad file descriptor) [pid 5814] close(16) = -1 EBADF (Bad file descriptor) [ 248.664055][ T5815] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 248.679233][ T5815] CPU: 0 PID: 5815 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 248.689203][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 248.699310][ T5815] Call Trace: [ 248.702635][ T5815] [ 248.705627][ T5815] dump_stack_lvl+0x136/0x150 [pid 5814] close(17) = -1 EBADF (Bad file descriptor) [pid 5814] close(18) = -1 EBADF (Bad file descriptor) [pid 5814] close(19) = -1 EBADF (Bad file descriptor) [pid 5814] close(20) = -1 EBADF (Bad file descriptor) [pid 5814] close(21) = -1 EBADF (Bad file descriptor) [pid 5814] close(22) = -1 EBADF (Bad file descriptor) [pid 5814] close(23) = -1 EBADF (Bad file descriptor) [pid 5814] close(24) = -1 EBADF (Bad file descriptor) [pid 5814] close(25) = -1 EBADF (Bad file descriptor) [pid 5814] close(26) = -1 EBADF (Bad file descriptor) [pid 5814] close(27) = -1 EBADF (Bad file descriptor) [pid 5814] close(28) = -1 EBADF (Bad file descriptor) [pid 5814] close(29) = -1 EBADF (Bad file descriptor) [pid 5814] exit_group(0) = ? [pid 5814] +++ exited with 0 +++ [ 248.710374][ T5815] dump_header+0x10a/0xd70 [ 248.714860][ T5815] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 248.721041][ T5815] out_of_memory+0xd64/0x1660 [ 248.725803][ T5815] ? oom_killer_disable+0x2b0/0x2b0 [ 248.731091][ T5815] mem_cgroup_out_of_memory+0x206/0x270 [ 248.736719][ T5815] ? mem_cgroup_margin+0x130/0x130 [ 248.741937][ T5815] memory_max_write+0x2f9/0x3c0 [ 248.746871][ T5815] ? mem_cgroup_force_empty_write+0x160/0x160 [ 248.753031][ T5815] ? lock_sync+0x190/0x190 [ 248.757536][ T5815] cgroup_file_write+0x1e2/0x7b0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./53/binderfs") = 0 [ 248.762579][ T5815] ? mem_cgroup_force_empty_write+0x160/0x160 [ 248.768727][ T5815] ? kill_css+0x3b0/0x3b0 [ 248.773112][ T5815] ? lock_acquire+0x32/0xc0 [ 248.777876][ T5815] ? kill_css+0x3b0/0x3b0 [ 248.782257][ T5815] kernfs_fop_write_iter+0x3f1/0x600 [ 248.787608][ T5815] vfs_write+0x9ed/0xe10 [ 248.791899][ T5815] ? kernel_write+0x670/0x670 [ 248.796627][ T5815] ? find_held_lock+0x2d/0x110 [ 248.801443][ T5815] ? __fget_light+0x20a/0x270 [ 248.806177][ T5815] ksys_write+0x12b/0x250 [ 248.810553][ T5815] ? __ia32_sys_read+0xb0/0xb0 [ 248.815368][ T5815] ? lockdep_hardirqs_on+0x7d/0x100 [ 248.820603][ T5815] ? _raw_spin_unlock_irq+0x2e/0x50 [ 248.825841][ T5815] ? ptrace_notify+0xfe/0x140 [ 248.830565][ T5815] do_syscall_64+0x39/0xb0 [ 248.835029][ T5815] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 248.840961][ T5815] RIP: 0033:0x7faecf034129 [ 248.845416][ T5815] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 248.865052][ T5815] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 248.873499][ T5815] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 248.881495][ T5815] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 248.889494][ T5815] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 248.897487][ T5815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 248.905508][ T5815] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000035 [pid 5086] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./53/cgroup") = 0 [pid 5086] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./53/cgroup.net") = 0 [pid 5086] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./53/file0") = 0 [ 248.913546][ T5815] [ 248.930740][ T5815] memory: usage 8kB, limit 0kB, failcnt 36 [ 248.939921][ T5815] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 248.948274][ T5815] Memory cgroup stats for /syz1: [ 248.948749][ T5815] anon 0 [ 248.948749][ T5815] file 0 [ 248.948749][ T5815] kernel 8192 [pid 5086] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./53/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./53") = 0 [pid 5086] mkdir("./54", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 56 [ 248.948749][ T5815] kernel_stack 0 [ 248.948749][ T5815] pagetables 0 [ 248.948749][ T5815] sec_pagetables 0 [ 248.948749][ T5815] percpu 0 [ 248.948749][ T5815] sock 0 [ 248.948749][ T5815] vmalloc 0 [ 248.948749][ T5815] shmem 0 [ 248.948749][ T5815] zswap 0 [ 248.948749][ T5815] zswapped 0 [ 248.948749][ T5815] file_mapped 0 [ 248.948749][ T5815] file_dirty 0 [ 248.948749][ T5815] file_writeback 0 [ 248.948749][ T5815] swapcached 0 [ 248.948749][ T5815] anon_thp 0 [ 248.948749][ T5815] file_thp 0 [ 248.948749][ T5815] shmem_thp 0 [ 248.948749][ T5815] inactive_anon 0 [ 248.948749][ T5815] active_anon 0 [ 248.948749][ T5815] inactive_file 0 [ 248.948749][ T5815] active_file 0 [ 248.948749][ T5815] unevictable 0 [ 248.948749][ T5815] slab_reclaimable 6752 [ 248.948749][ T5815] slab_unreclaimable 0 [ 248.948749][ T5815] slab 6752 [ 248.948749][ T5815] workingset_refault_anon 0 [ 248.948749][ T5815] workingset_refault_file 0 [ 248.948749][ T5815] workingset_activate_anon 0 [ 248.948749][ T5815] workingset_activate_file 0 [ 248.948749][ T5815] workingset_restore_anon 0 [ 248.948749][ T5815] workingset_restore_file 0 [ 248.948749][ T5815] workingset_nodereclaim 0 [ 248.948749][ T5815] pgscan 831 [ 248.948749][ T5815] pgsteal 2 [ 248.948749][ T5815] pgscan_kswapd 0 [ 248.948749][ T5815] pgscan_direct 831 [ 248.948749][ T5815] pgscan_khugepaged 0 [ 248.948749][ T5815] pgsteal_kswapd 0 [ 248.948749][ T5815] pgsteal_direct 2 [ 248.948749][ T5815] pgsteal_khugepaged 0 [ 248.948749][ T5815] pgfault 21 [ 248.948749][ T5815] pgmajfault 0 [ 248.948749][ T5815] pgrefill 830 [ 248.948749][ T5815] pgactivate 829 [ 248.948749][ T5815] pgdeactivate 830 ./strace-static-x86_64: Process 5821 attached [pid 5821] chdir("./54") = 0 [ 248.948749][ T5815] pglazyfree 0 [ 248.948749][ T5815] pglazyfreed 0 [ 248.948749][ T5815] zswpin 0 [ 248.948749][ T5815] zswpout 0 [ 248.948749][ T5815] thp_fault_alloc 0 [ 248.948749][ T5815] thp_collapse_alloc 0 [ 249.139341][ T5815] Tasks state (memory values in pages): [ 249.145159][ T5815] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 249.155456][ T5815] Out of memory and no killable processes... [pid 5821] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5815] <... write resumed>) = 18 [ 249.162055][ T5816] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 249.172855][ T5816] CPU: 0 PID: 5816 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 249.182814][ T5816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 249.192899][ T5816] Call Trace: [ 249.196196][ T5816] [ 249.199149][ T5816] dump_stack_lvl+0x136/0x150 [ 249.203863][ T5816] dump_header+0x10a/0xd70 [ 249.208314][ T5816] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 249.214448][ T5816] out_of_memory+0xd64/0x1660 [ 249.219173][ T5816] ? oom_killer_disable+0x2b0/0x2b0 [ 249.224414][ T5816] ? find_held_lock+0x2d/0x110 [ 249.229215][ T5816] mem_cgroup_out_of_memory+0x206/0x270 [ 249.234802][ T5816] ? mem_cgroup_margin+0x130/0x130 [ 249.239962][ T5816] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 249.245833][ T5816] memory_max_write+0x2f9/0x3c0 [ 249.250726][ T5816] ? mem_cgroup_force_empty_write+0x160/0x160 [ 249.256845][ T5816] ? lock_sync+0x190/0x190 [ 249.261301][ T5816] cgroup_file_write+0x1e2/0x7b0 [ 249.266288][ T5816] ? mem_cgroup_force_empty_write+0x160/0x160 [ 249.272402][ T5816] ? kill_css+0x3b0/0x3b0 [ 249.276776][ T5816] ? lock_acquire+0x32/0xc0 [ 249.281327][ T5816] ? kill_css+0x3b0/0x3b0 [ 249.285701][ T5816] kernfs_fop_write_iter+0x3f1/0x600 [ 249.291041][ T5816] vfs_write+0x9ed/0xe10 [ 249.295345][ T5816] ? kernel_write+0x670/0x670 [ 249.300071][ T5816] ? find_held_lock+0x2d/0x110 [ 249.304876][ T5816] ? __fget_light+0x20a/0x270 [ 249.309606][ T5816] ksys_write+0x12b/0x250 [ 249.313986][ T5816] ? __ia32_sys_read+0xb0/0xb0 [ 249.318799][ T5816] ? lockdep_hardirqs_on+0x7d/0x100 [ 249.324035][ T5816] ? _raw_spin_unlock_irq+0x2e/0x50 [ 249.329281][ T5816] ? ptrace_notify+0xfe/0x140 [ 249.334001][ T5816] do_syscall_64+0x39/0xb0 [ 249.338466][ T5816] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 249.344403][ T5816] RIP: 0033:0x7faecf034129 [ 249.348846][ T5816] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 249.368482][ T5816] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 249.376927][ T5816] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 249.384933][ T5816] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 249.392927][ T5816] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 249.400920][ T5816] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 249.408926][ T5816] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000038 [ 249.416947][ T5816] [pid 5821] <... prctl resumed>) = 0 [pid 5821] setpgid(0, 0) = 0 [pid 5815] close(3 [pid 5821] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5815] <... close resumed>) = 0 [pid 5821] <... symlink resumed>) = 0 [pid 5815] close(4) = 0 [pid 5815] close(5) = 0 [pid 5821] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5815] close(6 [pid 5821] <... symlink resumed>) = 0 [pid 5815] <... close resumed>) = 0 [pid 5815] close(7) = -1 EBADF (Bad file descriptor) [pid 5821] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5815] close(8 [pid 5821] <... symlink resumed>) = 0 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5815] close(9 [pid 5821] <... openat resumed>) = 3 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] write(3, "1000", 4 [pid 5815] close(10 [pid 5821] <... write resumed>) = 4 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] close(3 [pid 5815] close(11 [pid 5821] <... close resumed>) = 0 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] symlink("/dev/binderfs", "./binderfs" [pid 5815] close(12 [pid 5821] <... symlink resumed>) = 0 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] mkdir("./file0", 000 [pid 5815] close(13 [pid 5821] <... mkdir resumed>) = 0 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] open("./file0", O_RDONLY [pid 5815] close(14 [pid 5821] <... open resumed>) = 3 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] mount(NULL, "./file0", "cgroup2", 0, NULL [ 249.441718][ T5816] memory: usage 8kB, limit 0kB, failcnt 36 [ 249.447607][ T5816] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5815] close(15 [pid 5821] <... mount resumed>) = 0 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5815] close(16 [pid 5821] <... openat resumed>) = 4 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] openat(4, "syz1", O_RDWR|O_PATH [pid 5815] close(17 [pid 5821] <... openat resumed>) = 5 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] openat(5, "memory.max", O_RDWR [pid 5815] close(18 [pid 5821] <... openat resumed>) = 6 [pid 5815] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5821] write(6, "0x000000000000040e", 18 [pid 5815] close(19) = -1 EBADF (Bad file descriptor) [pid 5815] close(20) = -1 EBADF (Bad file descriptor) [pid 5815] close(21) = -1 EBADF (Bad file descriptor) [pid 5815] close(22) = -1 EBADF (Bad file descriptor) [pid 5815] close(23) = -1 EBADF (Bad file descriptor) [pid 5815] close(24) = -1 EBADF (Bad file descriptor) [pid 5815] close(25) = -1 EBADF (Bad file descriptor) [pid 5815] close(26) = -1 EBADF (Bad file descriptor) [pid 5815] close(27) = -1 EBADF (Bad file descriptor) [pid 5815] close(28) = -1 EBADF (Bad file descriptor) [pid 5815] close(29) = -1 EBADF (Bad file descriptor) [pid 5815] exit_group(0) = ? [pid 5815] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [ 249.485074][ T5816] Memory cgroup stats for /syz1: [ 249.485363][ T5816] anon 0 [ 249.485363][ T5816] file 0 [ 249.485363][ T5816] kernel 8192 [ 249.485363][ T5816] kernel_stack 0 [ 249.485363][ T5816] pagetables 0 [ 249.485363][ T5816] sec_pagetables 0 [ 249.485363][ T5816] percpu 0 [ 249.485363][ T5816] sock 0 [ 249.485363][ T5816] vmalloc 0 [ 249.485363][ T5816] shmem 0 [ 249.485363][ T5816] zswap 0 [ 249.485363][ T5816] zswapped 0 [ 249.485363][ T5816] file_mapped 0 [ 249.485363][ T5816] file_dirty 0 [pid 5085] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./53/binderfs") = 0 [pid 5085] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./53/cgroup") = 0 [pid 5085] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./53/cgroup.net") = 0 [ 249.485363][ T5816] file_writeback 0 [ 249.485363][ T5816] swapcached 0 [ 249.485363][ T5816] anon_thp 0 [ 249.485363][ T5816] file_thp 0 [ 249.485363][ T5816] shmem_thp 0 [ 249.485363][ T5816] inactive_anon 0 [ 249.485363][ T5816] active_anon 0 [ 249.485363][ T5816] inactive_file 0 [ 249.485363][ T5816] active_file 0 [ 249.485363][ T5816] unevictable 0 [ 249.485363][ T5816] slab_reclaimable 6752 [ 249.485363][ T5816] slab_unreclaimable 0 [ 249.485363][ T5816] slab 6752 [ 249.485363][ T5816] workingset_refault_anon 0 [ 249.485363][ T5816] workingset_refault_file 0 [ 249.485363][ T5816] workingset_activate_anon 0 [ 249.485363][ T5816] workingset_activate_file 0 [ 249.485363][ T5816] workingset_restore_anon 0 [ 249.485363][ T5816] workingset_restore_file 0 [ 249.485363][ T5816] workingset_nodereclaim 0 [ 249.485363][ T5816] pgscan 831 [ 249.485363][ T5816] pgsteal 2 [ 249.485363][ T5816] pgscan_kswapd 0 [ 249.485363][ T5816] pgscan_direct 831 [ 249.485363][ T5816] pgscan_khugepaged 0 [ 249.485363][ T5816] pgsteal_kswapd 0 [ 249.485363][ T5816] pgsteal_direct 2 [ 249.485363][ T5816] pgsteal_khugepaged 0 [pid 5085] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./53/file0") = 0 [pid 5085] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 249.485363][ T5816] pgfault 21 [ 249.485363][ T5816] pgmajfault 0 [ 249.485363][ T5816] pgrefill 830 [ 249.485363][ T5816] pgactivate 829 [ 249.485363][ T5816] pgdeactivate 830 [ 249.485363][ T5816] pglazyfree 0 [ 249.485363][ T5816] pglazyfreed 0 [ 249.485363][ T5816] zswpin 0 [ 249.485363][ T5816] zswpout 0 [ 249.485363][ T5816] thp_fault_alloc 0 [ 249.485363][ T5816] thp_collapse_alloc 0 [pid 5085] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./53/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./53") = 0 [pid 5085] mkdir("./54", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5823 attached [pid 5823] chdir("./54" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 56 [pid 5823] <... chdir resumed>) = 0 [pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5823] setpgid(0, 0) = 0 [pid 5823] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5823] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5823] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5823] write(3, "1000", 4) = 4 [pid 5823] close(3 [pid 5816] <... write resumed>) = 18 [pid 5816] close(3 [pid 5823] <... close resumed>) = 0 [pid 5816] <... close resumed>) = 0 [pid 5823] symlink("/dev/binderfs", "./binderfs" [pid 5816] close(4) = 0 [pid 5823] <... symlink resumed>) = 0 [pid 5816] close(5) = 0 [pid 5816] close(6) = 0 [pid 5816] close(7) = -1 EBADF (Bad file descriptor) [pid 5816] close(8) = -1 EBADF (Bad file descriptor) [pid 5816] close(9) = -1 EBADF (Bad file descriptor) [pid 5816] close(10 [pid 5823] mkdir("./file0", 000 [pid 5816] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5816] close(11) = -1 EBADF (Bad file descriptor) [pid 5823] <... mkdir resumed>) = 0 [ 249.690306][ T5816] Tasks state (memory values in pages): [ 249.701296][ T5816] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 249.722359][ T5816] Out of memory and no killable processes... [ 249.728687][ T5818] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5816] close(12 [pid 5823] open("./file0", O_RDONLY [pid 5816] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5823] <... open resumed>) = 3 [pid 5823] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5823] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5823] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5823] openat(5, "memory.max", O_RDWR) = 6 [pid 5823] write(6, "0x000000000000040e", 18 [pid 5816] close(13) = -1 EBADF (Bad file descriptor) [pid 5816] close(14) = -1 EBADF (Bad file descriptor) [pid 5816] close(15) = -1 EBADF (Bad file descriptor) [pid 5816] close(16) = -1 EBADF (Bad file descriptor) [pid 5816] close(17) = -1 EBADF (Bad file descriptor) [pid 5816] close(18) = -1 EBADF (Bad file descriptor) [pid 5816] close(19) = -1 EBADF (Bad file descriptor) [pid 5816] close(20) = -1 EBADF (Bad file descriptor) [pid 5816] close(21) = -1 EBADF (Bad file descriptor) [pid 5816] close(22) = -1 EBADF (Bad file descriptor) [pid 5816] close(23) = -1 EBADF (Bad file descriptor) [pid 5816] close(24) = -1 EBADF (Bad file descriptor) [ 249.747342][ T5818] CPU: 1 PID: 5818 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 249.757333][ T5818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 249.767438][ T5818] Call Trace: [ 249.770759][ T5818] [ 249.773732][ T5818] dump_stack_lvl+0x136/0x150 [ 249.778479][ T5818] dump_header+0x10a/0xd70 [ 249.782957][ T5818] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 249.789126][ T5818] out_of_memory+0xd64/0x1660 [pid 5816] close(25) = -1 EBADF (Bad file descriptor) [pid 5816] close(26) = -1 EBADF (Bad file descriptor) [pid 5816] close(27) = -1 EBADF (Bad file descriptor) [pid 5816] close(28) = -1 EBADF (Bad file descriptor) [pid 5816] close(29) = -1 EBADF (Bad file descriptor) [pid 5816] exit_group(0) = ? [pid 5816] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5089] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./56/binderfs") = 0 [pid 5089] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./56/cgroup") = 0 [pid 5089] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./56/cgroup.net") = 0 [ 249.793896][ T5818] ? oom_killer_disable+0x2b0/0x2b0 [ 249.799189][ T5818] mem_cgroup_out_of_memory+0x206/0x270 [ 249.804816][ T5818] ? mem_cgroup_margin+0x130/0x130 [ 249.810037][ T5818] memory_max_write+0x2f9/0x3c0 [ 249.814978][ T5818] ? mem_cgroup_force_empty_write+0x160/0x160 [ 249.821146][ T5818] ? lock_sync+0x190/0x190 [ 249.825714][ T5818] cgroup_file_write+0x1e2/0x7b0 [ 249.830739][ T5818] ? mem_cgroup_force_empty_write+0x160/0x160 [ 249.836896][ T5818] ? kill_css+0x3b0/0x3b0 [ 249.841320][ T5818] ? lock_acquire+0x32/0xc0 [ 249.845886][ T5818] ? kill_css+0x3b0/0x3b0 [ 249.850274][ T5818] kernfs_fop_write_iter+0x3f1/0x600 [ 249.855645][ T5818] vfs_write+0x9ed/0xe10 [ 249.859975][ T5818] ? kernel_write+0x670/0x670 [ 249.864767][ T5818] ? find_held_lock+0x2d/0x110 [ 249.869588][ T5818] ? __fget_light+0x20a/0x270 [ 249.874333][ T5818] ksys_write+0x12b/0x250 [ 249.878700][ T5818] ? __ia32_sys_read+0xb0/0xb0 [ 249.883512][ T5818] ? lockdep_hardirqs_on+0x7d/0x100 [ 249.888801][ T5818] ? _raw_spin_unlock_irq+0x2e/0x50 [ 249.894061][ T5818] ? ptrace_notify+0xfe/0x140 [ 249.898802][ T5818] do_syscall_64+0x39/0xb0 [ 249.903313][ T5818] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 249.909285][ T5818] RIP: 0033:0x7faecf034129 [ 249.913740][ T5818] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 249.933375][ T5818] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5089] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 249.941826][ T5818] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 249.949844][ T5818] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 249.957853][ T5818] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 249.965841][ T5818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 249.973855][ T5818] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000039 [ 249.981928][ T5818] [pid 5089] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./56/file0") = 0 [pid 5089] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./56/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./56") = 0 [pid 5089] mkdir("./57", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 59 ./strace-static-x86_64: Process 5824 attached [ 249.994304][ T5818] memory: usage 8kB, limit 0kB, failcnt 36 [ 250.000328][ T5818] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 250.007933][ T5818] Memory cgroup stats for /syz1: [ 250.008214][ T5818] anon 0 [ 250.008214][ T5818] file 0 [ 250.008214][ T5818] kernel 8192 [ 250.008214][ T5818] kernel_stack 0 [ 250.008214][ T5818] pagetables 0 [ 250.008214][ T5818] sec_pagetables 0 [ 250.008214][ T5818] percpu 0 [ 250.008214][ T5818] sock 0 [ 250.008214][ T5818] vmalloc 0 [ 250.008214][ T5818] shmem 0 [ 250.008214][ T5818] zswap 0 [pid 5824] chdir("./57") = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] setpgid(0, 0) = 0 [pid 5824] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5824] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5824] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5824] write(3, "1000", 4) = 4 [pid 5824] close(3) = 0 [pid 5824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5824] mkdir("./file0", 000) = 0 [pid 5824] open("./file0", O_RDONLY) = 3 [pid 5824] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5824] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5824] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 250.008214][ T5818] zswapped 0 [ 250.008214][ T5818] file_mapped 0 [ 250.008214][ T5818] file_dirty 0 [ 250.008214][ T5818] file_writeback 0 [ 250.008214][ T5818] swapcached 0 [ 250.008214][ T5818] anon_thp 0 [ 250.008214][ T5818] file_thp 0 [ 250.008214][ T5818] shmem_thp 0 [ 250.008214][ T5818] inactive_anon 0 [ 250.008214][ T5818] active_anon 0 [ 250.008214][ T5818] inactive_file 0 [ 250.008214][ T5818] active_file 0 [ 250.008214][ T5818] unevictable 0 [ 250.008214][ T5818] slab_reclaimable 6752 [ 250.008214][ T5818] slab_unreclaimable 0 [pid 5824] openat(5, "memory.max", O_RDWR) = 6 [ 250.008214][ T5818] slab 6752 [ 250.008214][ T5818] workingset_refault_anon 0 [ 250.008214][ T5818] workingset_refault_file 0 [ 250.008214][ T5818] workingset_activate_anon 0 [ 250.008214][ T5818] workingset_activate_file 0 [ 250.008214][ T5818] workingset_restore_anon 0 [ 250.008214][ T5818] workingset_restore_file 0 [ 250.008214][ T5818] workingset_nodereclaim 0 [ 250.008214][ T5818] pgscan 831 [ 250.008214][ T5818] pgsteal 2 [ 250.008214][ T5818] pgscan_kswapd 0 [ 250.008214][ T5818] pgscan_direct 831 [ 250.008214][ T5818] pgscan_khugepaged 0 [ 250.008214][ T5818] pgsteal_kswapd 0 [ 250.008214][ T5818] pgsteal_direct 2 [ 250.008214][ T5818] pgsteal_khugepaged 0 [ 250.008214][ T5818] pgfault 21 [ 250.008214][ T5818] pgmajfault 0 [ 250.008214][ T5818] pgrefill 830 [ 250.008214][ T5818] pgactivate 829 [ 250.008214][ T5818] pgdeactivate 830 [ 250.008214][ T5818] pglazyfree 0 [ 250.008214][ T5818] pglazyfreed 0 [ 250.008214][ T5818] zswpin 0 [ 250.008214][ T5818] zswpout 0 [ 250.008214][ T5818] thp_fault_alloc 0 [ 250.008214][ T5818] thp_collapse_alloc 0 [pid 5824] write(6, "0x000000000000040e", 18 [pid 5818] <... write resumed>) = 18 [pid 5818] close(3) = 0 [pid 5818] close(4) = 0 [pid 5818] close(5) = 0 [pid 5818] close(6) = 0 [pid 5818] close(7) = -1 EBADF (Bad file descriptor) [ 250.197088][ T5818] Tasks state (memory values in pages): [ 250.205566][ T5818] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 250.218048][ T5818] Out of memory and no killable processes... [ 250.227063][ T5819] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5818] close(8) = -1 EBADF (Bad file descriptor) [pid 5818] close(9) = -1 EBADF (Bad file descriptor) [pid 5818] close(10) = -1 EBADF (Bad file descriptor) [pid 5818] close(11) = -1 EBADF (Bad file descriptor) [pid 5818] close(12) = -1 EBADF (Bad file descriptor) [pid 5818] close(13) = -1 EBADF (Bad file descriptor) [pid 5818] close(14) = -1 EBADF (Bad file descriptor) [pid 5818] close(15) = -1 EBADF (Bad file descriptor) [pid 5818] close(16) = -1 EBADF (Bad file descriptor) [pid 5818] close(17) = -1 EBADF (Bad file descriptor) [pid 5818] close(18) = -1 EBADF (Bad file descriptor) [pid 5818] close(19) = -1 EBADF (Bad file descriptor) [pid 5818] close(20) = -1 EBADF (Bad file descriptor) [pid 5818] close(21) = -1 EBADF (Bad file descriptor) [pid 5818] close(22) = -1 EBADF (Bad file descriptor) [pid 5818] close(23) = -1 EBADF (Bad file descriptor) [pid 5818] close(24) = -1 EBADF (Bad file descriptor) [pid 5818] close(25) = -1 EBADF (Bad file descriptor) [pid 5818] close(26) = -1 EBADF (Bad file descriptor) [pid 5818] close(27) = -1 EBADF (Bad file descriptor) [pid 5818] close(28) = -1 EBADF (Bad file descriptor) [pid 5818] close(29) = -1 EBADF (Bad file descriptor) [pid 5818] exit_group(0) = ? [ 250.245376][ T5819] CPU: 1 PID: 5819 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 250.255365][ T5819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 250.265482][ T5819] Call Trace: [ 250.268843][ T5819] [ 250.271825][ T5819] dump_stack_lvl+0x136/0x150 [ 250.276577][ T5819] dump_header+0x10a/0xd70 [ 250.281065][ T5819] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 250.287284][ T5819] out_of_memory+0xd64/0x1660 [ 250.292053][ T5819] ? oom_killer_disable+0x2b0/0x2b0 [pid 5818] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5090] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./57/binderfs") = 0 [pid 5090] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./57/cgroup") = 0 [pid 5090] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./57/cgroup.net") = 0 [ 250.297333][ T5819] ? find_held_lock+0x2d/0x110 [ 250.302165][ T5819] mem_cgroup_out_of_memory+0x206/0x270 [ 250.307873][ T5819] ? mem_cgroup_margin+0x130/0x130 [ 250.313076][ T5819] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 250.318984][ T5819] memory_max_write+0x2f9/0x3c0 [ 250.323923][ T5819] ? mem_cgroup_force_empty_write+0x160/0x160 [ 250.330107][ T5819] ? lock_sync+0x190/0x190 [ 250.334615][ T5819] cgroup_file_write+0x1e2/0x7b0 [ 250.339650][ T5819] ? mem_cgroup_force_empty_write+0x160/0x160 [ 250.345819][ T5819] ? kill_css+0x3b0/0x3b0 [ 250.350228][ T5819] ? lock_acquire+0x32/0xc0 [ 250.354811][ T5819] ? kill_css+0x3b0/0x3b0 [ 250.359202][ T5819] kernfs_fop_write_iter+0x3f1/0x600 [ 250.364525][ T5819] vfs_write+0x9ed/0xe10 [ 250.368826][ T5819] ? kernel_write+0x670/0x670 [ 250.373585][ T5819] ? find_held_lock+0x2d/0x110 [ 250.378406][ T5819] ? __fget_light+0x20a/0x270 [ 250.383146][ T5819] ksys_write+0x12b/0x250 [ 250.387555][ T5819] ? __ia32_sys_read+0xb0/0xb0 [ 250.392384][ T5819] ? lockdep_hardirqs_on+0x7d/0x100 [ 250.397611][ T5819] ? _raw_spin_unlock_irq+0x2e/0x50 [ 250.402849][ T5819] ? ptrace_notify+0xfe/0x140 [ 250.407580][ T5819] do_syscall_64+0x39/0xb0 [ 250.412075][ T5819] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 250.418033][ T5819] RIP: 0033:0x7faecf034129 [ 250.422489][ T5819] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 250.442131][ T5819] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5090] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 250.450572][ T5819] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 250.458597][ T5819] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 250.466615][ T5819] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 250.474671][ T5819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 250.482689][ T5819] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000037 [ 250.490742][ T5819] [pid 5090] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./57/file0") = 0 [pid 5090] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./57/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./57") = 0 [pid 5090] mkdir("./58", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 60 ./strace-static-x86_64: Process 5825 attached [ 250.514103][ T5819] memory: usage 8kB, limit 0kB, failcnt 36 [ 250.520139][ T5819] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 250.536027][ T5819] Memory cgroup stats for /syz1: [ 250.536332][ T5819] anon 0 [ 250.536332][ T5819] file 0 [ 250.536332][ T5819] kernel 8192 [ 250.536332][ T5819] kernel_stack 0 [ 250.536332][ T5819] pagetables 0 [ 250.536332][ T5819] sec_pagetables 0 [ 250.536332][ T5819] percpu 0 [pid 5825] chdir("./58") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5825] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5825] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5825] mkdir("./file0", 000) = 0 [pid 5825] open("./file0", O_RDONLY) = 3 [pid 5825] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5825] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5825] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5825] openat(5, "memory.max", O_RDWR) = 6 [ 250.536332][ T5819] sock 0 [ 250.536332][ T5819] vmalloc 0 [ 250.536332][ T5819] shmem 0 [ 250.536332][ T5819] zswap 0 [ 250.536332][ T5819] zswapped 0 [ 250.536332][ T5819] file_mapped 0 [ 250.536332][ T5819] file_dirty 0 [ 250.536332][ T5819] file_writeback 0 [ 250.536332][ T5819] swapcached 0 [ 250.536332][ T5819] anon_thp 0 [ 250.536332][ T5819] file_thp 0 [ 250.536332][ T5819] shmem_thp 0 [ 250.536332][ T5819] inactive_anon 0 [ 250.536332][ T5819] active_anon 0 [ 250.536332][ T5819] inactive_file 0 [ 250.536332][ T5819] active_file 0 [ 250.536332][ T5819] unevictable 0 [ 250.536332][ T5819] slab_reclaimable 6752 [ 250.536332][ T5819] slab_unreclaimable 0 [ 250.536332][ T5819] slab 6752 [ 250.536332][ T5819] workingset_refault_anon 0 [ 250.536332][ T5819] workingset_refault_file 0 [ 250.536332][ T5819] workingset_activate_anon 0 [ 250.536332][ T5819] workingset_activate_file 0 [ 250.536332][ T5819] workingset_restore_anon 0 [ 250.536332][ T5819] workingset_restore_file 0 [ 250.536332][ T5819] workingset_nodereclaim 0 [ 250.536332][ T5819] pgscan 831 [ 250.536332][ T5819] pgsteal 2 [ 250.536332][ T5819] pgscan_kswapd 0 [ 250.536332][ T5819] pgscan_direct 831 [ 250.536332][ T5819] pgscan_khugepaged 0 [ 250.536332][ T5819] pgsteal_kswapd 0 [ 250.536332][ T5819] pgsteal_direct 2 [ 250.536332][ T5819] pgsteal_khugepaged 0 [ 250.536332][ T5819] pgfault 21 [ 250.536332][ T5819] pgmajfault 0 [ 250.536332][ T5819] pgrefill 830 [ 250.536332][ T5819] pgactivate 829 [ 250.536332][ T5819] pgdeactivate 830 [ 250.536332][ T5819] pglazyfree 0 [ 250.536332][ T5819] pglazyfreed 0 [ 250.536332][ T5819] zswpin 0 [ 250.536332][ T5819] zswpout 0 [pid 5825] write(6, "0x000000000000040e", 18 [pid 5819] <... write resumed>) = 18 [pid 5819] close(3) = 0 [pid 5819] close(4) = 0 [pid 5819] close(5) = 0 [pid 5819] close(6) = 0 [pid 5819] close(7) = -1 EBADF (Bad file descriptor) [pid 5819] close(8) = -1 EBADF (Bad file descriptor) [pid 5819] close(9) = -1 EBADF (Bad file descriptor) [pid 5819] close(10) = -1 EBADF (Bad file descriptor) [pid 5819] close(11) = -1 EBADF (Bad file descriptor) [pid 5819] close(12) = -1 EBADF (Bad file descriptor) [pid 5819] close(13) = -1 EBADF (Bad file descriptor) [pid 5819] close(14) = -1 EBADF (Bad file descriptor) [pid 5819] close(15) = -1 EBADF (Bad file descriptor) [pid 5819] close(16) = -1 EBADF (Bad file descriptor) [pid 5819] close(17) = -1 EBADF (Bad file descriptor) [pid 5819] close(18) = -1 EBADF (Bad file descriptor) [pid 5819] close(19) = -1 EBADF (Bad file descriptor) [pid 5819] close(20) = -1 EBADF (Bad file descriptor) [pid 5819] close(21) = -1 EBADF (Bad file descriptor) [pid 5819] close(22) = -1 EBADF (Bad file descriptor) [ 250.536332][ T5819] thp_fault_alloc 0 [ 250.536332][ T5819] thp_collapse_alloc 0 [ 250.724677][ T5819] Tasks state (memory values in pages): [ 250.730564][ T5819] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 250.745253][ T5819] Out of memory and no killable processes... [ 250.752908][ T5821] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5819] close(23) = -1 EBADF (Bad file descriptor) [pid 5819] close(24) = -1 EBADF (Bad file descriptor) [pid 5819] close(25) = -1 EBADF (Bad file descriptor) [pid 5819] close(26) = -1 EBADF (Bad file descriptor) [pid 5819] close(27) = -1 EBADF (Bad file descriptor) [pid 5819] close(28) = -1 EBADF (Bad file descriptor) [pid 5819] close(29) = -1 EBADF (Bad file descriptor) [pid 5819] exit_group(0) = ? [pid 5819] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 250.772693][ T5821] CPU: 0 PID: 5821 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 250.782685][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 250.792803][ T5821] Call Trace: [ 250.796164][ T5821] [ 250.799142][ T5821] dump_stack_lvl+0x136/0x150 [ 250.803890][ T5821] dump_header+0x10a/0xd70 [ 250.808367][ T5821] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 250.814524][ T5821] out_of_memory+0xd64/0x1660 [pid 5087] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./55/binderfs") = 0 [pid 5087] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./55/cgroup") = 0 [pid 5087] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 250.819282][ T5821] ? oom_killer_disable+0x2b0/0x2b0 [ 250.824571][ T5821] mem_cgroup_out_of_memory+0x206/0x270 [ 250.830202][ T5821] ? mem_cgroup_margin+0x130/0x130 [ 250.835420][ T5821] memory_max_write+0x2f9/0x3c0 [ 250.840361][ T5821] ? mem_cgroup_force_empty_write+0x160/0x160 [ 250.846516][ T5821] ? lock_sync+0x190/0x190 [ 250.851009][ T5821] cgroup_file_write+0x1e2/0x7b0 [ 250.856103][ T5821] ? mem_cgroup_force_empty_write+0x160/0x160 [ 250.862226][ T5821] ? kill_css+0x3b0/0x3b0 [ 250.866598][ T5821] ? lock_acquire+0x32/0xc0 [ 250.871158][ T5821] ? kill_css+0x3b0/0x3b0 [ 250.875531][ T5821] kernfs_fop_write_iter+0x3f1/0x600 [ 250.880874][ T5821] vfs_write+0x9ed/0xe10 [ 250.885193][ T5821] ? kernel_write+0x670/0x670 [ 250.889951][ T5821] ? find_held_lock+0x2d/0x110 [ 250.894771][ T5821] ? __fget_light+0x20a/0x270 [ 250.899517][ T5821] ksys_write+0x12b/0x250 [ 250.903905][ T5821] ? __ia32_sys_read+0xb0/0xb0 [ 250.908716][ T5821] ? lockdep_hardirqs_on+0x7d/0x100 [ 250.913950][ T5821] ? _raw_spin_unlock_irq+0x2e/0x50 [ 250.919200][ T5821] ? ptrace_notify+0xfe/0x140 [ 250.923920][ T5821] do_syscall_64+0x39/0xb0 [ 250.928385][ T5821] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 250.934316][ T5821] RIP: 0033:0x7faecf034129 [ 250.938758][ T5821] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 250.958414][ T5821] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5087] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./55/cgroup.net") = 0 [ 250.966945][ T5821] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 250.974943][ T5821] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 250.982936][ T5821] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 250.990953][ T5821] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 250.998951][ T5821] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000036 [ 251.007004][ T5821] [ 251.016526][ T5821] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5087] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./55/file0") = 0 [pid 5087] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./55/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./55") = 0 [ 251.024314][ T5821] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 251.034892][ T5821] Memory cgroup stats for /syz1: [ 251.043551][ T5821] anon 0 [ 251.043551][ T5821] file 0 [ 251.043551][ T5821] kernel 8192 [ 251.043551][ T5821] kernel_stack 0 [ 251.043551][ T5821] pagetables 0 [ 251.043551][ T5821] sec_pagetables 0 [ 251.043551][ T5821] percpu 0 [ 251.043551][ T5821] sock 0 [pid 5087] mkdir("./56", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 58 [ 251.043551][ T5821] vmalloc 0 [ 251.043551][ T5821] shmem 0 [ 251.043551][ T5821] zswap 0 [ 251.043551][ T5821] zswapped 0 [ 251.043551][ T5821] file_mapped 0 [ 251.043551][ T5821] file_dirty 0 [ 251.043551][ T5821] file_writeback 0 [ 251.043551][ T5821] swapcached 0 [ 251.043551][ T5821] anon_thp 0 [ 251.043551][ T5821] file_thp 0 [ 251.043551][ T5821] shmem_thp 0 [ 251.043551][ T5821] inactive_anon 0 [ 251.043551][ T5821] active_anon 0 [ 251.043551][ T5821] inactive_file 0 [ 251.043551][ T5821] active_file 0 [ 251.043551][ T5821] unevictable 0 [ 251.043551][ T5821] slab_reclaimable 6752 [ 251.043551][ T5821] slab_unreclaimable 0 [ 251.043551][ T5821] slab 6752 [ 251.043551][ T5821] workingset_refault_anon 0 [ 251.043551][ T5821] workingset_refault_file 0 [ 251.043551][ T5821] workingset_activate_anon 0 [ 251.043551][ T5821] workingset_activate_file 0 [ 251.043551][ T5821] workingset_restore_anon 0 [ 251.043551][ T5821] workingset_restore_file 0 [ 251.043551][ T5821] workingset_nodereclaim 0 [ 251.043551][ T5821] pgscan 831 [ 251.043551][ T5821] pgsteal 2 [ 251.043551][ T5821] pgscan_kswapd 0 [ 251.043551][ T5821] pgscan_direct 831 [ 251.043551][ T5821] pgscan_khugepaged 0 [ 251.043551][ T5821] pgsteal_kswapd 0 [ 251.043551][ T5821] pgsteal_direct 2 [ 251.043551][ T5821] pgsteal_khugepaged 0 [ 251.043551][ T5821] pgfault 21 [ 251.043551][ T5821] pgmajfault 0 [ 251.043551][ T5821] pgrefill 830 [ 251.043551][ T5821] pgactivate 829 [ 251.043551][ T5821] pgdeactivate 830 [ 251.043551][ T5821] pglazyfree 0 [ 251.043551][ T5821] pglazyfreed 0 [ 251.043551][ T5821] zswpin 0 [ 251.043551][ T5821] zswpout 0 ./strace-static-x86_64: Process 5826 attached [pid 5826] chdir("./56") = 0 [pid 5826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5826] setpgid(0, 0) = 0 [pid 5826] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5826] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5826] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] write(3, "1000", 4) = 4 [pid 5826] close(3) = 0 [pid 5826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5826] mkdir("./file0", 000) = 0 [pid 5826] open("./file0", O_RDONLY) = 3 [pid 5826] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5826] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5826] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5826] openat(5, "memory.max", O_RDWR) = 6 [ 251.043551][ T5821] thp_fault_alloc 0 [ 251.043551][ T5821] thp_collapse_alloc 0 [ 251.241765][ T5821] Tasks state (memory values in pages): [ 251.248287][ T5821] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5826] write(6, "0x000000000000040e", 18 [pid 5821] <... write resumed>) = 18 [pid 5821] close(3) = 0 [pid 5821] close(4) = 0 [pid 5821] close(5) = 0 [pid 5821] close(6) = 0 [pid 5821] close(7) = -1 EBADF (Bad file descriptor) [pid 5821] close(8) = -1 EBADF (Bad file descriptor) [pid 5821] close(9) = -1 EBADF (Bad file descriptor) [pid 5821] close(10) = -1 EBADF (Bad file descriptor) [pid 5821] close(11) = -1 EBADF (Bad file descriptor) [pid 5821] close(12) = -1 EBADF (Bad file descriptor) [pid 5821] close(13) = -1 EBADF (Bad file descriptor) [pid 5821] close(14) = -1 EBADF (Bad file descriptor) [pid 5821] close(15) = -1 EBADF (Bad file descriptor) [pid 5821] close(16) = -1 EBADF (Bad file descriptor) [pid 5821] close(17) = -1 EBADF (Bad file descriptor) [pid 5821] close(18) = -1 EBADF (Bad file descriptor) [pid 5821] close(19) = -1 EBADF (Bad file descriptor) [pid 5821] close(20) = -1 EBADF (Bad file descriptor) [pid 5821] close(21) = -1 EBADF (Bad file descriptor) [pid 5821] close(22) = -1 EBADF (Bad file descriptor) [pid 5821] close(23) = -1 EBADF (Bad file descriptor) [pid 5821] close(24) = -1 EBADF (Bad file descriptor) [pid 5821] close(25) = -1 EBADF (Bad file descriptor) [pid 5821] close(26) = -1 EBADF (Bad file descriptor) [pid 5821] close(27) = -1 EBADF (Bad file descriptor) [pid 5821] close(28) = -1 EBADF (Bad file descriptor) [pid 5821] close(29) = -1 EBADF (Bad file descriptor) [pid 5821] exit_group(0) = ? [pid 5821] +++ exited with 0 +++ [ 251.275157][ T5821] Out of memory and no killable processes... [ 251.281268][ T5823] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 251.308511][ T5823] CPU: 1 PID: 5823 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./54/binderfs") = 0 [pid 5086] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./54/cgroup") = 0 [pid 5086] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./54/cgroup.net") = 0 [ 251.318506][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 251.328623][ T5823] Call Trace: [ 251.331948][ T5823] [ 251.334936][ T5823] dump_stack_lvl+0x136/0x150 [ 251.339691][ T5823] dump_header+0x10a/0xd70 [ 251.344184][ T5823] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 251.350348][ T5823] out_of_memory+0xd64/0x1660 [ 251.355114][ T5823] ? oom_killer_disable+0x2b0/0x2b0 [ 251.360393][ T5823] mem_cgroup_out_of_memory+0x206/0x270 [ 251.365997][ T5823] ? mem_cgroup_margin+0x130/0x130 [ 251.371186][ T5823] memory_max_write+0x2f9/0x3c0 [ 251.376105][ T5823] ? mem_cgroup_force_empty_write+0x160/0x160 [ 251.382246][ T5823] ? lock_sync+0x190/0x190 [ 251.386734][ T5823] cgroup_file_write+0x1e2/0x7b0 [ 251.391740][ T5823] ? mem_cgroup_force_empty_write+0x160/0x160 [ 251.397857][ T5823] ? kill_css+0x3b0/0x3b0 [ 251.402282][ T5823] ? lock_acquire+0x32/0xc0 [ 251.406861][ T5823] ? kill_css+0x3b0/0x3b0 [ 251.411243][ T5823] kernfs_fop_write_iter+0x3f1/0x600 [ 251.416584][ T5823] vfs_write+0x9ed/0xe10 [ 251.420898][ T5823] ? kernel_write+0x670/0x670 [ 251.425616][ T5823] ? find_held_lock+0x2d/0x110 [ 251.430445][ T5823] ? __fget_light+0x20a/0x270 [ 251.435196][ T5823] ksys_write+0x12b/0x250 [ 251.439577][ T5823] ? __ia32_sys_read+0xb0/0xb0 [ 251.444417][ T5823] ? lockdep_hardirqs_on+0x7d/0x100 [ 251.449671][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 251.454944][ T5823] ? ptrace_notify+0xfe/0x140 [ 251.459686][ T5823] do_syscall_64+0x39/0xb0 [ 251.464170][ T5823] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 251.470106][ T5823] RIP: 0033:0x7faecf034129 [ 251.474562][ T5823] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 251.494228][ T5823] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 251.502706][ T5823] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 251.510723][ T5823] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 251.511262][ T41] unregister_netdevice: waiting for lo to become free. Usage count = 2 [ 251.518712][ T5823] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 251.518736][ T5823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 251.518757][ T5823] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000036 [ 251.518807][ T5823] [ 251.528273][ T41] leaked reference. [ 251.540572][ T5823] memory: usage 8kB, limit 0kB, failcnt 36 [ 251.543439][ T41] ipv6_add_dev+0x43e/0x13b0 [ 251.543476][ T41] addrconf_notify+0x63d/0x19f0 [pid 5086] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 251.543513][ T41] notifier_call_chain+0xb5/0x200 [ 251.543555][ T41] call_netdevice_notifiers_info+0xb5/0x130 [ 251.551610][ T5823] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 251.554553][ T41] register_netdevice+0xfb4/0x1640 [ 251.558355][ T5823] Memory cgroup stats for /syz1 [ 251.564162][ T41] register_netdev+0x31/0x50 [ 251.564201][ T41] loopback_net_init+0x7a/0x170 [ 251.568971][ T5823] : [ 251.573757][ T41] ops_init+0xb9/0x6b0 [ 251.573787][ T41] setup_net+0x793/0xe60 [ 251.573815][ T41] copy_net_ns+0x320/0x6b0 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./54/file0") = 0 [ 251.573844][ T41] create_new_namespaces+0x3f6/0xb20 [ 251.579120][ T5823] anon 0 [ 251.579120][ T5823] file 0 [ 251.579120][ T5823] kernel 8192 [ 251.579120][ T5823] kernel_stack 0 [ 251.579120][ T5823] pagetables 0 [ 251.579120][ T5823] sec_pagetables 0 [ 251.579120][ T5823] percpu 0 [ 251.579120][ T5823] sock 0 [ 251.579120][ T5823] vmalloc 0 [ 251.579120][ T5823] shmem 0 [ 251.579120][ T5823] zswap 0 [ 251.579120][ T5823] zswapped 0 [ 251.579120][ T5823] file_mapped 0 [ 251.579120][ T5823] file_dirty 0 [ 251.579120][ T5823] file_writeback 0 [ 251.579120][ T5823] swapcached 0 [ 251.579120][ T5823] anon_thp 0 [ 251.579120][ T5823] file_thp 0 [ 251.579120][ T5823] shmem_thp 0 [ 251.579120][ T5823] inactive_anon 0 [ 251.579120][ T5823] active_anon 0 [ 251.579120][ T5823] inactive_file 0 [ 251.579120][ T5823] active_file 0 [ 251.579120][ T5823] unevictable 0 [ 251.579120][ T5823] slab_reclaimable 6752 [ 251.579120][ T5823] slab_unreclaimable 0 [ 251.579120][ T5823] slab 6752 [ 251.579120][ T5823] workingset_refault_anon 0 [ 251.579120][ T5823] workingset_refault_file 0 [ 251.579120][ T5823] workingset_activate_anon 0 [ 251.579120][ T5823] workingset_activate_file 0 [ 251.579120][ T5823] workingset_restore_anon 0 [ 251.579120][ T5823] workingset_restore_file 0 [ 251.579120][ T5823] workingset_nodereclaim 0 [ 251.579120][ T5823] pgscan 831 [ 251.579120][ T5823] pgsteal 2 [ 251.579120][ T5823] pgscan_kswapd 0 [ 251.579120][ T5823] pgscan_direct 831 [ 251.579120][ T5823] pgscan_khugepaged 0 [ 251.579120][ T5823] pgsteal_kswapd 0 [ 251.579120][ T5823] pgsteal_direct 2 [ 251.579120][ T5823] pgsteal_khugepaged 0 [pid 5086] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./54/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 251.579120][ T5823] pgfault 21 [ 251.579120][ T5823] pgmajfault 0 [ 251.579120][ T5823] pgrefill 830 [ 251.579120][ T5823] pgactivate 829 [ 251.579120][ T5823] pgdeactivate 830 [ 251.579120][ T5823] pglazyfree 0 [ 251.579120][ T5823] pglazyfreed 0 [ 251.579120][ T5823] zswpin 0 [ 251.579120][ T5823] zswpout 0 [ 251.579120][ T5823] thp_fault_alloc 0 [ 251.579120][ T5823] thp_collapse_alloc 0 [ 251.584748][ T41] unshare_nsproxy_namespaces+0xc1/0x1f0 [ 251.584796][ T41] ksys_unshare+0x449/0x920 [pid 5086] close(3) = 0 [pid 5086] rmdir("./54") = 0 [pid 5086] mkdir("./55", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5827 attached [pid 5827] chdir("./55" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 57 [pid 5827] <... chdir resumed>) = 0 [pid 5827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5827] setpgid(0, 0) = 0 [ 251.584834][ T41] __x64_sys_unshare+0x31/0x40 [ 251.584873][ T41] do_syscall_64+0x39/0xb0 [ 251.584923][ T41] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 251.841734][ T5823] Tasks state (memory values in pages): [ 251.847383][ T5823] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5827] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5827] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5823] <... write resumed>) = 18 [pid 5823] close(3) = 0 [pid 5823] close(4) = 0 [pid 5823] close(5) = 0 [pid 5823] close(6) = 0 [pid 5823] close(7) = -1 EBADF (Bad file descriptor) [pid 5823] close(8) = -1 EBADF (Bad file descriptor) [pid 5823] close(9) = -1 EBADF (Bad file descriptor) [pid 5823] close(10) = -1 EBADF (Bad file descriptor) [pid 5823] close(11) = -1 EBADF (Bad file descriptor) [pid 5823] close(12) = -1 EBADF (Bad file descriptor) [pid 5823] close(13) = -1 EBADF (Bad file descriptor) [pid 5823] close(14) = -1 EBADF (Bad file descriptor) [pid 5823] close(15) = -1 EBADF (Bad file descriptor) [pid 5823] close(16) = -1 EBADF (Bad file descriptor) [pid 5823] close(17) = -1 EBADF (Bad file descriptor) [pid 5823] close(18) = -1 EBADF (Bad file descriptor) [pid 5823] close(19) = -1 EBADF (Bad file descriptor) [pid 5823] close(20) = -1 EBADF (Bad file descriptor) [pid 5823] close(21) = -1 EBADF (Bad file descriptor) [pid 5823] close(22) = -1 EBADF (Bad file descriptor) [pid 5823] close(23) = -1 EBADF (Bad file descriptor) [pid 5823] close(24) = -1 EBADF (Bad file descriptor) [pid 5823] close(25) = -1 EBADF (Bad file descriptor) [pid 5823] close(26) = -1 EBADF (Bad file descriptor) [pid 5823] close(27) = -1 EBADF (Bad file descriptor) [pid 5823] close(28) = -1 EBADF (Bad file descriptor) [pid 5823] close(29) = -1 EBADF (Bad file descriptor) [pid 5823] exit_group(0) = ? [pid 5823] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5085] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, [pid 5827] <... symlink resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5827] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5827] <... symlink resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./54/binderfs" [pid 5827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5085] <... unlink resumed>) = 0 [pid 5085] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./54/cgroup", [pid 5827] <... openat resumed>) = 3 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./54/cgroup" [pid 5827] write(3, "1000", 4 [pid 5085] <... unlink resumed>) = 0 [pid 5827] <... write resumed>) = 4 [pid 5085] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5827] close(3 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5827] <... close resumed>) = 0 [pid 5085] lstat("./54/cgroup.net", [pid 5827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5827] mkdir("./file0", 000 [pid 5085] unlink("./54/cgroup.net" [pid 5827] <... mkdir resumed>) = 0 [pid 5827] open("./file0", O_RDONLY [pid 5085] <... unlink resumed>) = 0 [pid 5827] <... open resumed>) = 3 [pid 5827] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5085] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5827] <... mount resumed>) = 0 [pid 5827] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5827] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 251.873043][ T5823] Out of memory and no killable processes... [ 251.880216][ T5824] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 251.914793][ T5824] CPU: 0 PID: 5824 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5827] openat(5, "memory.max", O_RDWR) = 6 [ 251.924801][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 251.934911][ T5824] Call Trace: [ 251.938248][ T5824] [ 251.941224][ T5824] dump_stack_lvl+0x136/0x150 [ 251.945987][ T5824] dump_header+0x10a/0xd70 [ 251.950476][ T5824] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 251.956632][ T5824] out_of_memory+0xd64/0x1660 [ 251.961408][ T5824] ? oom_killer_disable+0x2b0/0x2b0 [ 251.966682][ T5824] ? find_held_lock+0x2d/0x110 [ 251.971492][ T5824] mem_cgroup_out_of_memory+0x206/0x270 [ 251.977094][ T5824] ? mem_cgroup_margin+0x130/0x130 [ 251.982262][ T5824] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 251.988138][ T5824] memory_max_write+0x2f9/0x3c0 [ 251.993056][ T5824] ? mem_cgroup_force_empty_write+0x160/0x160 [ 251.999193][ T5824] ? lock_sync+0x190/0x190 [ 252.003662][ T5824] cgroup_file_write+0x1e2/0x7b0 [ 252.008653][ T5824] ? mem_cgroup_force_empty_write+0x160/0x160 [ 252.014769][ T5824] ? kill_css+0x3b0/0x3b0 [ 252.019149][ T5824] ? lock_acquire+0x32/0xc0 [ 252.023720][ T5824] ? kill_css+0x3b0/0x3b0 [ 252.028134][ T5824] kernfs_fop_write_iter+0x3f1/0x600 [ 252.033490][ T5824] vfs_write+0x9ed/0xe10 [ 252.037795][ T5824] ? kernel_write+0x670/0x670 [ 252.042526][ T5824] ? find_held_lock+0x2d/0x110 [ 252.047334][ T5824] ? __fget_light+0x20a/0x270 [ 252.052070][ T5824] ksys_write+0x12b/0x250 [ 252.056469][ T5824] ? __ia32_sys_read+0xb0/0xb0 [ 252.061304][ T5824] ? lockdep_hardirqs_on+0x7d/0x100 [ 252.066557][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50 [ 252.071800][ T5824] ? ptrace_notify+0xfe/0x140 [ 252.076547][ T5824] do_syscall_64+0x39/0xb0 [ 252.081008][ T5824] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 252.086938][ T5824] RIP: 0033:0x7faecf034129 [ 252.091381][ T5824] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 252.111018][ T5824] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 252.119463][ T5824] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 252.127463][ T5824] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 252.135460][ T5824] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 252.143466][ T5824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 252.151486][ T5824] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000039 [ 252.159510][ T5824] [ 252.167815][ T5824] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5827] write(6, "0x000000000000040e", 18 [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./54/file0") = 0 [pid 5085] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./54/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./54") = 0 [ 252.173845][ T5824] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 252.181688][ T5824] Memory cgroup stats for /syz1: [ 252.182220][ T5824] anon 0 [ 252.182220][ T5824] file 0 [ 252.182220][ T5824] kernel 8192 [ 252.182220][ T5824] kernel_stack 0 [ 252.182220][ T5824] pagetables 0 [ 252.182220][ T5824] sec_pagetables 0 [ 252.182220][ T5824] percpu 0 [ 252.182220][ T5824] sock 0 [ 252.182220][ T5824] vmalloc 0 [ 252.182220][ T5824] shmem 0 [ 252.182220][ T5824] zswap 0 [ 252.182220][ T5824] zswapped 0 [ 252.182220][ T5824] file_mapped 0 [ 252.182220][ T5824] file_dirty 0 [pid 5085] mkdir("./55", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5828 attached [pid 5828] chdir("./55" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 57 [pid 5828] <... chdir resumed>) = 0 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5828] setpgid(0, 0) = 0 [pid 5828] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5828] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5828] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] write(3, "1000", 4) = 4 [pid 5828] close(3) = 0 [pid 5828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] mkdir("./file0", 000) = 0 [pid 5828] open("./file0", O_RDONLY) = 3 [pid 5828] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5828] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 252.182220][ T5824] file_writeback 0 [ 252.182220][ T5824] swapcached 0 [ 252.182220][ T5824] anon_thp 0 [ 252.182220][ T5824] file_thp 0 [ 252.182220][ T5824] shmem_thp 0 [ 252.182220][ T5824] inactive_anon 0 [ 252.182220][ T5824] active_anon 0 [ 252.182220][ T5824] inactive_file 0 [ 252.182220][ T5824] active_file 0 [ 252.182220][ T5824] unevictable 0 [ 252.182220][ T5824] slab_reclaimable 6752 [ 252.182220][ T5824] slab_unreclaimable 0 [ 252.182220][ T5824] slab 6752 [ 252.182220][ T5824] workingset_refault_anon 0 [pid 5828] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5828] openat(5, "memory.max", O_RDWR) = 6 [ 252.182220][ T5824] workingset_refault_file 0 [ 252.182220][ T5824] workingset_activate_anon 0 [ 252.182220][ T5824] workingset_activate_file 0 [ 252.182220][ T5824] workingset_restore_anon 0 [ 252.182220][ T5824] workingset_restore_file 0 [ 252.182220][ T5824] workingset_nodereclaim 0 [ 252.182220][ T5824] pgscan 831 [ 252.182220][ T5824] pgsteal 2 [ 252.182220][ T5824] pgscan_kswapd 0 [ 252.182220][ T5824] pgscan_direct 831 [ 252.182220][ T5824] pgscan_khugepaged 0 [ 252.182220][ T5824] pgsteal_kswapd 0 [ 252.182220][ T5824] pgsteal_direct 2 [ 252.182220][ T5824] pgsteal_khugepaged 0 [ 252.182220][ T5824] pgfault 21 [ 252.182220][ T5824] pgmajfault 0 [ 252.182220][ T5824] pgrefill 830 [ 252.182220][ T5824] pgactivate 829 [ 252.182220][ T5824] pgdeactivate 830 [ 252.182220][ T5824] pglazyfree 0 [ 252.182220][ T5824] pglazyfreed 0 [ 252.182220][ T5824] zswpin 0 [ 252.182220][ T5824] zswpout 0 [ 252.182220][ T5824] thp_fault_alloc 0 [ 252.182220][ T5824] thp_collapse_alloc 0 [ 252.369067][ T5824] Tasks state (memory values in pages): [pid 5828] write(6, "0x000000000000040e", 18 [pid 5824] <... write resumed>) = 18 [pid 5824] close(3) = 0 [pid 5824] close(4) = 0 [pid 5824] close(5) = 0 [pid 5824] close(6) = 0 [pid 5824] close(7) = -1 EBADF (Bad file descriptor) [pid 5824] close(8) = -1 EBADF (Bad file descriptor) [pid 5824] close(9) = -1 EBADF (Bad file descriptor) [pid 5824] close(10) = -1 EBADF (Bad file descriptor) [pid 5824] close(11) = -1 EBADF (Bad file descriptor) [pid 5824] close(12) = -1 EBADF (Bad file descriptor) [pid 5824] close(13) = -1 EBADF (Bad file descriptor) [pid 5824] close(14) = -1 EBADF (Bad file descriptor) [pid 5824] close(15) = -1 EBADF (Bad file descriptor) [pid 5824] close(16) = -1 EBADF (Bad file descriptor) [pid 5824] close(17) = -1 EBADF (Bad file descriptor) [pid 5824] close(18) = -1 EBADF (Bad file descriptor) [pid 5824] close(19) = -1 EBADF (Bad file descriptor) [pid 5824] close(20) = -1 EBADF (Bad file descriptor) [pid 5824] close(21) = -1 EBADF (Bad file descriptor) [pid 5824] close(22) = -1 EBADF (Bad file descriptor) [pid 5824] close(23) = -1 EBADF (Bad file descriptor) [pid 5824] close(24) = -1 EBADF (Bad file descriptor) [pid 5824] close(25) = -1 EBADF (Bad file descriptor) [pid 5824] close(26) = -1 EBADF (Bad file descriptor) [pid 5824] close(27) = -1 EBADF (Bad file descriptor) [ 252.375443][ T5824] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 252.385031][ T5824] Out of memory and no killable processes... [ 252.391112][ T5825] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 252.402441][ T5825] CPU: 0 PID: 5825 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 252.412396][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 252.422478][ T5825] Call Trace: [ 252.425774][ T5825] [ 252.428726][ T5825] dump_stack_lvl+0x136/0x150 [ 252.433444][ T5825] dump_header+0x10a/0xd70 [ 252.437894][ T5825] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 252.444014][ T5825] out_of_memory+0xd64/0x1660 [ 252.448739][ T5825] ? oom_killer_disable+0x2b0/0x2b0 [ 252.453977][ T5825] ? find_held_lock+0x2d/0x110 [ 252.458772][ T5825] mem_cgroup_out_of_memory+0x206/0x270 [ 252.464358][ T5825] ? mem_cgroup_margin+0x130/0x130 [ 252.469529][ T5825] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 252.475386][ T5825] memory_max_write+0x2f9/0x3c0 [ 252.480284][ T5825] ? mem_cgroup_force_empty_write+0x160/0x160 [ 252.486404][ T5825] ? lock_sync+0x190/0x190 [ 252.490873][ T5825] cgroup_file_write+0x1e2/0x7b0 [ 252.495872][ T5825] ? mem_cgroup_force_empty_write+0x160/0x160 [ 252.501988][ T5825] ? kill_css+0x3b0/0x3b0 [ 252.506368][ T5825] ? lock_acquire+0x32/0xc0 [ 252.510930][ T5825] ? kill_css+0x3b0/0x3b0 [ 252.515310][ T5825] kernfs_fop_write_iter+0x3f1/0x600 [ 252.520647][ T5825] vfs_write+0x9ed/0xe10 [ 252.524943][ T5825] ? kernel_write+0x670/0x670 [ 252.529686][ T5825] ? __fget_light+0x1b3/0x270 [ 252.534434][ T5825] ? __fget_light+0x20a/0x270 [ 252.539185][ T5825] ksys_write+0x12b/0x250 [ 252.543563][ T5825] ? __ia32_sys_read+0xb0/0xb0 [ 252.548374][ T5825] ? lockdep_hardirqs_on+0x7d/0x100 [ 252.553607][ T5825] ? _raw_spin_unlock_irq+0x2e/0x50 [ 252.558846][ T5825] ? ptrace_notify+0xfe/0x140 [ 252.563566][ T5825] do_syscall_64+0x39/0xb0 [ 252.568028][ T5825] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 252.573961][ T5825] RIP: 0033:0x7faecf034129 [ 252.578407][ T5825] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 252.598040][ T5825] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 252.606494][ T5825] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 252.614489][ T5825] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 252.622491][ T5825] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5824] close(28) = -1 EBADF (Bad file descriptor) [pid 5824] close(29) = -1 EBADF (Bad file descriptor) [pid 5824] exit_group(0) = ? [pid 5824] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5089] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 252.630488][ T5825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 252.638486][ T5825] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000003a [ 252.646506][ T5825] [ 252.652148][ T5825] memory: usage 8kB, limit 0kB, failcnt 36 [ 252.658035][ T5825] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 252.673800][ T5825] Memory cgroup stats for /syz1: [ 252.674082][ T5825] anon 0 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./57/binderfs") = 0 [pid 5089] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./57/cgroup") = 0 [pid 5089] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./57/cgroup.net") = 0 [ 252.674082][ T5825] file 0 [ 252.674082][ T5825] kernel 8192 [ 252.674082][ T5825] kernel_stack 0 [ 252.674082][ T5825] pagetables 0 [ 252.674082][ T5825] sec_pagetables 0 [ 252.674082][ T5825] percpu 0 [ 252.674082][ T5825] sock 0 [ 252.674082][ T5825] vmalloc 0 [ 252.674082][ T5825] shmem 0 [ 252.674082][ T5825] zswap 0 [ 252.674082][ T5825] zswapped 0 [ 252.674082][ T5825] file_mapped 0 [ 252.674082][ T5825] file_dirty 0 [ 252.674082][ T5825] file_writeback 0 [ 252.674082][ T5825] swapcached 0 [ 252.674082][ T5825] anon_thp 0 [ 252.674082][ T5825] file_thp 0 [ 252.674082][ T5825] shmem_thp 0 [ 252.674082][ T5825] inactive_anon 0 [ 252.674082][ T5825] active_anon 0 [ 252.674082][ T5825] inactive_file 0 [ 252.674082][ T5825] active_file 0 [ 252.674082][ T5825] unevictable 0 [ 252.674082][ T5825] slab_reclaimable 6752 [ 252.674082][ T5825] slab_unreclaimable 0 [ 252.674082][ T5825] slab 6752 [ 252.674082][ T5825] workingset_refault_anon 0 [ 252.674082][ T5825] workingset_refault_file 0 [ 252.674082][ T5825] workingset_activate_anon 0 [ 252.674082][ T5825] workingset_activate_file 0 [ 252.674082][ T5825] workingset_restore_anon 0 [ 252.674082][ T5825] workingset_restore_file 0 [ 252.674082][ T5825] workingset_nodereclaim 0 [ 252.674082][ T5825] pgscan 831 [ 252.674082][ T5825] pgsteal 2 [ 252.674082][ T5825] pgscan_kswapd 0 [ 252.674082][ T5825] pgscan_direct 831 [ 252.674082][ T5825] pgscan_khugepaged 0 [ 252.674082][ T5825] pgsteal_kswapd 0 [ 252.674082][ T5825] pgsteal_direct 2 [ 252.674082][ T5825] pgsteal_khugepaged 0 [ 252.674082][ T5825] pgfault 21 [ 252.674082][ T5825] pgmajfault 0 [pid 5089] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 252.674082][ T5825] pgrefill 830 [ 252.674082][ T5825] pgactivate 829 [ 252.674082][ T5825] pgdeactivate 830 [ 252.674082][ T5825] pglazyfree 0 [ 252.674082][ T5825] pglazyfreed 0 [ 252.674082][ T5825] zswpin 0 [ 252.674082][ T5825] zswpout 0 [ 252.674082][ T5825] thp_fault_alloc 0 [ 252.674082][ T5825] thp_collapse_alloc 0 [ 252.876482][ T5825] Tasks state (memory values in pages): [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./57/file0") = 0 [pid 5089] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./57/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./57" [pid 5825] <... write resumed>) = 18 [pid 5089] <... rmdir resumed>) = 0 [pid 5089] mkdir("./58", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached [pid 5829] chdir("./58" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 60 [pid 5829] <... chdir resumed>) = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5829] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 252.882701][ T5825] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 252.892744][ T5825] Out of memory and no killable processes... [ 252.898948][ T5826] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 252.909926][ T5826] CPU: 1 PID: 5826 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 252.919895][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 252.930010][ T5826] Call Trace: [pid 5829] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] mkdir("./file0", 000) = 0 [pid 5829] open("./file0", O_RDONLY) = 3 [pid 5829] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5829] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5829] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5829] openat(5, "memory.max", O_RDWR) = 6 [ 252.933341][ T5826] [ 252.936327][ T5826] dump_stack_lvl+0x136/0x150 [ 252.941099][ T5826] dump_header+0x10a/0xd70 [ 252.945594][ T5826] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 252.951791][ T5826] out_of_memory+0xd64/0x1660 [ 252.956556][ T5826] ? oom_killer_disable+0x2b0/0x2b0 [ 252.961862][ T5826] mem_cgroup_out_of_memory+0x206/0x270 [ 252.967479][ T5826] ? mem_cgroup_margin+0x130/0x130 [ 252.972689][ T5826] memory_max_write+0x2f9/0x3c0 [ 252.977618][ T5826] ? mem_cgroup_force_empty_write+0x160/0x160 [pid 5829] write(6, "0x000000000000040e", 18 [pid 5825] close(3) = 0 [pid 5825] close(4) = 0 [pid 5825] close(5) = 0 [pid 5825] close(6) = 0 [pid 5825] close(7) = -1 EBADF (Bad file descriptor) [pid 5825] close(8) = -1 EBADF (Bad file descriptor) [pid 5825] close(9) = -1 EBADF (Bad file descriptor) [pid 5825] close(10) = -1 EBADF (Bad file descriptor) [pid 5825] close(11) = -1 EBADF (Bad file descriptor) [pid 5825] close(12) = -1 EBADF (Bad file descriptor) [ 252.983767][ T5826] ? lock_sync+0x190/0x190 [ 252.988255][ T5826] cgroup_file_write+0x1e2/0x7b0 [ 252.993269][ T5826] ? mem_cgroup_force_empty_write+0x160/0x160 [ 252.999413][ T5826] ? kill_css+0x3b0/0x3b0 [ 253.003825][ T5826] ? lock_acquire+0x32/0xc0 [ 253.008411][ T5826] ? kill_css+0x3b0/0x3b0 [ 253.012818][ T5826] kernfs_fop_write_iter+0x3f1/0x600 [ 253.018197][ T5826] vfs_write+0x9ed/0xe10 [ 253.022521][ T5826] ? kernel_write+0x670/0x670 [ 253.027278][ T5826] ? find_held_lock+0x2d/0x110 [pid 5825] close(13) = -1 EBADF (Bad file descriptor) [pid 5825] close(14) = -1 EBADF (Bad file descriptor) [pid 5825] close(15) = -1 EBADF (Bad file descriptor) [pid 5825] close(16) = -1 EBADF (Bad file descriptor) [pid 5825] close(17) = -1 EBADF (Bad file descriptor) [pid 5825] close(18) = -1 EBADF (Bad file descriptor) [pid 5825] close(19) = -1 EBADF (Bad file descriptor) [pid 5825] close(20) = -1 EBADF (Bad file descriptor) [pid 5825] close(21) = -1 EBADF (Bad file descriptor) [pid 5825] close(22) = -1 EBADF (Bad file descriptor) [pid 5825] close(23) = -1 EBADF (Bad file descriptor) [pid 5825] close(24) = -1 EBADF (Bad file descriptor) [pid 5825] close(25) = -1 EBADF (Bad file descriptor) [pid 5825] close(26) = -1 EBADF (Bad file descriptor) [pid 5825] close(27) = -1 EBADF (Bad file descriptor) [pid 5825] close(28) = -1 EBADF (Bad file descriptor) [pid 5825] close(29) = -1 EBADF (Bad file descriptor) [pid 5825] exit_group(0) = ? [pid 5825] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 253.032121][ T5826] ? __fget_light+0x20a/0x270 [ 253.036897][ T5826] ksys_write+0x12b/0x250 [ 253.041316][ T5826] ? __ia32_sys_read+0xb0/0xb0 [ 253.046162][ T5826] ? lockdep_hardirqs_on+0x7d/0x100 [ 253.051442][ T5826] ? _raw_spin_unlock_irq+0x2e/0x50 [ 253.056713][ T5826] ? ptrace_notify+0xfe/0x140 [ 253.061491][ T5826] do_syscall_64+0x39/0xb0 [ 253.066020][ T5826] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 253.071985][ T5826] RIP: 0033:0x7faecf034129 [pid 5090] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./58/binderfs") = 0 [pid 5090] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./58/cgroup") = 0 [pid 5090] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./58/cgroup.net") = 0 [ 253.076453][ T5826] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 253.096120][ T5826] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 253.104602][ T5826] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 253.112635][ T5826] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 253.120650][ T5826] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5090] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./58/file0") = 0 [pid 5090] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./58/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./58") = 0 [pid 5090] mkdir("./59", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached [ 253.128701][ T5826] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 253.136699][ T5826] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000038 [ 253.144735][ T5826] [ 253.171647][ T5826] memory: usage 8kB, limit 0kB, failcnt 36 [ 253.177546][ T5826] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5830] chdir("./59" [pid 5090] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 61 [pid 5830] <... chdir resumed>) = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5830] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5830] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] mkdir("./file0", 000) = 0 [pid 5830] open("./file0", O_RDONLY) = 3 [pid 5830] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5830] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5830] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5830] openat(5, "memory.max", O_RDWR) = 6 [ 253.196378][ T5826] Memory cgroup stats for /syz1: [ 253.196667][ T5826] anon 0 [ 253.196667][ T5826] file 0 [ 253.196667][ T5826] kernel 8192 [ 253.196667][ T5826] kernel_stack 0 [ 253.196667][ T5826] pagetables 0 [ 253.196667][ T5826] sec_pagetables 0 [ 253.196667][ T5826] percpu 0 [ 253.196667][ T5826] sock 0 [ 253.196667][ T5826] vmalloc 0 [ 253.196667][ T5826] shmem 0 [ 253.196667][ T5826] zswap 0 [ 253.196667][ T5826] zswapped 0 [ 253.196667][ T5826] file_mapped 0 [ 253.196667][ T5826] file_dirty 0 [ 253.196667][ T5826] file_writeback 0 [ 253.196667][ T5826] swapcached 0 [ 253.196667][ T5826] anon_thp 0 [ 253.196667][ T5826] file_thp 0 [ 253.196667][ T5826] shmem_thp 0 [ 253.196667][ T5826] inactive_anon 0 [ 253.196667][ T5826] active_anon 0 [ 253.196667][ T5826] inactive_file 0 [ 253.196667][ T5826] active_file 0 [ 253.196667][ T5826] unevictable 0 [ 253.196667][ T5826] slab_reclaimable 6752 [ 253.196667][ T5826] slab_unreclaimable 0 [ 253.196667][ T5826] slab 6752 [ 253.196667][ T5826] workingset_refault_anon 0 [ 253.196667][ T5826] workingset_refault_file 0 [ 253.196667][ T5826] workingset_activate_anon 0 [ 253.196667][ T5826] workingset_activate_file 0 [ 253.196667][ T5826] workingset_restore_anon 0 [ 253.196667][ T5826] workingset_restore_file 0 [ 253.196667][ T5826] workingset_nodereclaim 0 [ 253.196667][ T5826] pgscan 831 [ 253.196667][ T5826] pgsteal 2 [ 253.196667][ T5826] pgscan_kswapd 0 [ 253.196667][ T5826] pgscan_direct 831 [ 253.196667][ T5826] pgscan_khugepaged 0 [ 253.196667][ T5826] pgsteal_kswapd 0 [ 253.196667][ T5826] pgsteal_direct 2 [ 253.196667][ T5826] pgsteal_khugepaged 0 [ 253.196667][ T5826] pgfault 21 [ 253.196667][ T5826] pgmajfault 0 [ 253.196667][ T5826] pgrefill 830 [ 253.196667][ T5826] pgactivate 829 [ 253.196667][ T5826] pgdeactivate 830 [ 253.196667][ T5826] pglazyfree 0 [ 253.196667][ T5826] pglazyfreed 0 [ 253.196667][ T5826] zswpin 0 [ 253.196667][ T5826] zswpout 0 [ 253.196667][ T5826] thp_fault_alloc 0 [ 253.196667][ T5826] thp_collapse_alloc 0 [ 253.385505][ T5826] Tasks state (memory values in pages): [pid 5830] write(6, "0x000000000000040e", 18 [pid 5826] <... write resumed>) = 18 [pid 5826] close(3) = 0 [pid 5826] close(4) = 0 [pid 5826] close(5) = 0 [pid 5826] close(6) = 0 [pid 5826] close(7) = -1 EBADF (Bad file descriptor) [pid 5826] close(8) = -1 EBADF (Bad file descriptor) [pid 5826] close(9) = -1 EBADF (Bad file descriptor) [pid 5826] close(10) = -1 EBADF (Bad file descriptor) [pid 5826] close(11) = -1 EBADF (Bad file descriptor) [pid 5826] close(12) = -1 EBADF (Bad file descriptor) [pid 5826] close(13) = -1 EBADF (Bad file descriptor) [pid 5826] close(14) = -1 EBADF (Bad file descriptor) [pid 5826] close(15) = -1 EBADF (Bad file descriptor) [ 253.391288][ T5826] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 253.401107][ T5826] Out of memory and no killable processes... [ 253.407338][ T5827] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 253.417863][ T5827] CPU: 1 PID: 5827 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 253.427831][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 253.437947][ T5827] Call Trace: [ 253.441277][ T5827] [pid 5826] close(16) = -1 EBADF (Bad file descriptor) [pid 5826] close(17) = -1 EBADF (Bad file descriptor) [pid 5826] close(18) = -1 EBADF (Bad file descriptor) [pid 5826] close(19) = -1 EBADF (Bad file descriptor) [pid 5826] close(20) = -1 EBADF (Bad file descriptor) [pid 5826] close(21) = -1 EBADF (Bad file descriptor) [pid 5826] close(22) = -1 EBADF (Bad file descriptor) [pid 5826] close(23) = -1 EBADF (Bad file descriptor) [pid 5826] close(24) = -1 EBADF (Bad file descriptor) [pid 5826] close(25) = -1 EBADF (Bad file descriptor) [pid 5826] close(26) = -1 EBADF (Bad file descriptor) [pid 5826] close(27) = -1 EBADF (Bad file descriptor) [pid 5826] close(28) = -1 EBADF (Bad file descriptor) [pid 5826] close(29) = -1 EBADF (Bad file descriptor) [pid 5826] exit_group(0) = ? [pid 5826] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 253.444259][ T5827] dump_stack_lvl+0x136/0x150 [ 253.449015][ T5827] dump_header+0x10a/0xd70 [ 253.453504][ T5827] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 253.459669][ T5827] out_of_memory+0xd64/0x1660 [ 253.464443][ T5827] ? oom_killer_disable+0x2b0/0x2b0 [ 253.469753][ T5827] mem_cgroup_out_of_memory+0x206/0x270 [ 253.475384][ T5827] ? mem_cgroup_margin+0x130/0x130 [ 253.480586][ T5827] memory_max_write+0x2f9/0x3c0 [ 253.485538][ T5827] ? mem_cgroup_force_empty_write+0x160/0x160 [ 253.491703][ T5827] ? lock_sync+0x190/0x190 [pid 5087] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5087] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./56/binderfs") = 0 [pid 5087] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./56/cgroup") = 0 [pid 5087] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./56/cgroup.net") = 0 [ 253.496248][ T5827] cgroup_file_write+0x1e2/0x7b0 [ 253.501278][ T5827] ? mem_cgroup_force_empty_write+0x160/0x160 [ 253.507434][ T5827] ? kill_css+0x3b0/0x3b0 [ 253.511856][ T5827] ? lock_acquire+0x32/0xc0 [ 253.516456][ T5827] ? kill_css+0x3b0/0x3b0 [ 253.520870][ T5827] kernfs_fop_write_iter+0x3f1/0x600 [ 253.526264][ T5827] vfs_write+0x9ed/0xe10 [ 253.530596][ T5827] ? kernel_write+0x670/0x670 [ 253.535353][ T5827] ? find_held_lock+0x2d/0x110 [ 253.540204][ T5827] ? __fget_light+0x20a/0x270 [ 253.544972][ T5827] ksys_write+0x12b/0x250 [ 253.549398][ T5827] ? __ia32_sys_read+0xb0/0xb0 [ 253.554226][ T5827] ? lockdep_hardirqs_on+0x7d/0x100 [ 253.559452][ T5827] ? _raw_spin_unlock_irq+0x2e/0x50 [ 253.564702][ T5827] ? ptrace_notify+0xfe/0x140 [ 253.569460][ T5827] do_syscall_64+0x39/0xb0 [ 253.573959][ T5827] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 253.579916][ T5827] RIP: 0033:0x7faecf034129 [ 253.584382][ T5827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 253.604052][ T5827] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 253.612532][ T5827] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 253.620558][ T5827] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 253.628589][ T5827] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 253.636613][ T5827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [pid 5087] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./56/file0") = 0 [pid 5087] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./56/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [ 253.644635][ T5827] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000037 [ 253.652691][ T5827] [ 253.674388][ T5827] memory: usage 8kB, limit 0kB, failcnt 36 [ 253.680286][ T5827] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5087] rmdir("./56") = 0 [pid 5087] mkdir("./57", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 59 ./strace-static-x86_64: Process 5831 attached [pid 5831] chdir("./57") = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5831] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5831] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] mkdir("./file0", 000) = 0 [pid 5831] open("./file0", O_RDONLY) = 3 [pid 5831] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5831] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 253.695897][ T5827] Memory cgroup stats for /syz1: [ 253.696186][ T5827] anon 0 [ 253.696186][ T5827] file 0 [ 253.696186][ T5827] kernel 8192 [ 253.696186][ T5827] kernel_stack 0 [ 253.696186][ T5827] pagetables 0 [ 253.696186][ T5827] sec_pagetables 0 [ 253.696186][ T5827] percpu 0 [ 253.696186][ T5827] sock 0 [ 253.696186][ T5827] vmalloc 0 [ 253.696186][ T5827] shmem 0 [ 253.696186][ T5827] zswap 0 [ 253.696186][ T5827] zswapped 0 [ 253.696186][ T5827] file_mapped 0 [ 253.696186][ T5827] file_dirty 0 [ 253.696186][ T5827] file_writeback 0 [pid 5831] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5831] openat(5, "memory.max", O_RDWR) = 6 [ 253.696186][ T5827] swapcached 0 [ 253.696186][ T5827] anon_thp 0 [ 253.696186][ T5827] file_thp 0 [ 253.696186][ T5827] shmem_thp 0 [ 253.696186][ T5827] inactive_anon 0 [ 253.696186][ T5827] active_anon 0 [ 253.696186][ T5827] inactive_file 0 [ 253.696186][ T5827] active_file 0 [ 253.696186][ T5827] unevictable 0 [ 253.696186][ T5827] slab_reclaimable 6752 [ 253.696186][ T5827] slab_unreclaimable 0 [ 253.696186][ T5827] slab 6752 [ 253.696186][ T5827] workingset_refault_anon 0 [ 253.696186][ T5827] workingset_refault_file 0 [ 253.696186][ T5827] workingset_activate_anon 0 [ 253.696186][ T5827] workingset_activate_file 0 [ 253.696186][ T5827] workingset_restore_anon 0 [ 253.696186][ T5827] workingset_restore_file 0 [ 253.696186][ T5827] workingset_nodereclaim 0 [ 253.696186][ T5827] pgscan 831 [ 253.696186][ T5827] pgsteal 2 [ 253.696186][ T5827] pgscan_kswapd 0 [ 253.696186][ T5827] pgscan_direct 831 [ 253.696186][ T5827] pgscan_khugepaged 0 [ 253.696186][ T5827] pgsteal_kswapd 0 [ 253.696186][ T5827] pgsteal_direct 2 [ 253.696186][ T5827] pgsteal_khugepaged 0 [ 253.696186][ T5827] pgfault 21 [ 253.696186][ T5827] pgmajfault 0 [ 253.696186][ T5827] pgrefill 830 [ 253.696186][ T5827] pgactivate 829 [ 253.696186][ T5827] pgdeactivate 830 [ 253.696186][ T5827] pglazyfree 0 [ 253.696186][ T5827] pglazyfreed 0 [ 253.696186][ T5827] zswpin 0 [ 253.696186][ T5827] zswpout 0 [ 253.696186][ T5827] thp_fault_alloc 0 [ 253.696186][ T5827] thp_collapse_alloc 0 [ 253.883620][ T5827] Tasks state (memory values in pages): [ 253.889240][ T5827] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 253.898970][ T5827] Out of memory and no killable processes... [ 253.905683][ T5828] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 253.916386][ T5828] CPU: 0 PID: 5828 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 253.926359][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 253.936462][ T5828] Call Trace: [ 253.939790][ T5828] [ 253.942777][ T5828] dump_stack_lvl+0x136/0x150 [pid 5831] write(6, "0x000000000000040e", 18 [pid 5827] <... write resumed>) = 18 [pid 5827] close(3) = 0 [pid 5827] close(4) = 0 [pid 5827] close(5) = 0 [pid 5827] close(6) = 0 [pid 5827] close(7) = -1 EBADF (Bad file descriptor) [pid 5827] close(8) = -1 EBADF (Bad file descriptor) [ 253.947525][ T5828] dump_header+0x10a/0xd70 [ 253.952009][ T5828] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 253.958165][ T5828] out_of_memory+0xd64/0x1660 [ 253.962932][ T5828] ? oom_killer_disable+0x2b0/0x2b0 [ 253.968222][ T5828] mem_cgroup_out_of_memory+0x206/0x270 [ 253.973846][ T5828] ? mem_cgroup_margin+0x130/0x130 [ 253.979061][ T5828] memory_max_write+0x2f9/0x3c0 [ 253.983994][ T5828] ? mem_cgroup_force_empty_write+0x160/0x160 [ 253.990146][ T5828] ? lock_sync+0x190/0x190 [ 253.994631][ T5828] cgroup_file_write+0x1e2/0x7b0 [pid 5827] close(9) = -1 EBADF (Bad file descriptor) [pid 5827] close(10) = -1 EBADF (Bad file descriptor) [pid 5827] close(11) = -1 EBADF (Bad file descriptor) [pid 5827] close(12) = -1 EBADF (Bad file descriptor) [pid 5827] close(13) = -1 EBADF (Bad file descriptor) [pid 5827] close(14) = -1 EBADF (Bad file descriptor) [pid 5827] close(15) = -1 EBADF (Bad file descriptor) [pid 5827] close(16) = -1 EBADF (Bad file descriptor) [pid 5827] close(17) = -1 EBADF (Bad file descriptor) [ 253.999643][ T5828] ? mem_cgroup_force_empty_write+0x160/0x160 [ 254.005799][ T5828] ? kill_css+0x3b0/0x3b0 [ 254.010209][ T5828] ? lock_acquire+0x32/0xc0 [ 254.014812][ T5828] ? kill_css+0x3b0/0x3b0 [ 254.019217][ T5828] kernfs_fop_write_iter+0x3f1/0x600 [ 254.024587][ T5828] vfs_write+0x9ed/0xe10 [ 254.028957][ T5828] ? kernel_write+0x670/0x670 [ 254.033732][ T5828] ? find_held_lock+0x2d/0x110 [ 254.038578][ T5828] ? __fget_light+0x20a/0x270 [ 254.043352][ T5828] ksys_write+0x12b/0x250 [ 254.047769][ T5828] ? __ia32_sys_read+0xb0/0xb0 [ 254.052617][ T5828] ? lockdep_hardirqs_on+0x7d/0x100 [ 254.057887][ T5828] ? _raw_spin_unlock_irq+0x2e/0x50 [ 254.063161][ T5828] ? ptrace_notify+0xfe/0x140 [ 254.067915][ T5828] do_syscall_64+0x39/0xb0 [ 254.072412][ T5828] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 254.078378][ T5828] RIP: 0033:0x7faecf034129 [ 254.082848][ T5828] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 254.102525][ T5828] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 254.111008][ T5828] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 254.119046][ T5828] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 254.127076][ T5828] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 254.135101][ T5828] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 254.143132][ T5828] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000037 [pid 5827] close(18) = -1 EBADF (Bad file descriptor) [pid 5827] close(19) = -1 EBADF (Bad file descriptor) [pid 5827] close(20) = -1 EBADF (Bad file descriptor) [pid 5827] close(21) = -1 EBADF (Bad file descriptor) [pid 5827] close(22) = -1 EBADF (Bad file descriptor) [pid 5827] close(23) = -1 EBADF (Bad file descriptor) [pid 5827] close(24) = -1 EBADF (Bad file descriptor) [pid 5827] close(25) = -1 EBADF (Bad file descriptor) [pid 5827] close(26) = -1 EBADF (Bad file descriptor) [pid 5827] close(27) = -1 EBADF (Bad file descriptor) [pid 5827] close(28) = -1 EBADF (Bad file descriptor) [pid 5827] close(29) = -1 EBADF (Bad file descriptor) [pid 5827] exit_group(0) = ? [pid 5827] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5086] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./55/binderfs") = 0 [pid 5086] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./55/cgroup") = 0 [pid 5086] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./55/cgroup.net") = 0 [pid 5086] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./55/file0") = 0 [pid 5086] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./55/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 254.151188][ T5828] [ 254.170397][ T5828] memory: usage 8kB, limit 0kB, failcnt 36 [ 254.177476][ T5828] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 254.185334][ T5828] Memory cgroup stats for /syz1: [ 254.185633][ T5828] anon 0 [ 254.185633][ T5828] file 0 [ 254.185633][ T5828] kernel 8192 [pid 5086] close(3) = 0 [pid 5086] rmdir("./55") = 0 [pid 5086] mkdir("./56", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 58 [ 254.185633][ T5828] kernel_stack 0 [ 254.185633][ T5828] pagetables 0 [ 254.185633][ T5828] sec_pagetables 0 [ 254.185633][ T5828] percpu 0 [ 254.185633][ T5828] sock 0 [ 254.185633][ T5828] vmalloc 0 [ 254.185633][ T5828] shmem 0 [ 254.185633][ T5828] zswap 0 [ 254.185633][ T5828] zswapped 0 [ 254.185633][ T5828] file_mapped 0 [ 254.185633][ T5828] file_dirty 0 [ 254.185633][ T5828] file_writeback 0 [ 254.185633][ T5828] swapcached 0 [ 254.185633][ T5828] anon_thp 0 [ 254.185633][ T5828] file_thp 0 [ 254.185633][ T5828] shmem_thp 0 [ 254.185633][ T5828] inactive_anon 0 [ 254.185633][ T5828] active_anon 0 [ 254.185633][ T5828] inactive_file 0 [ 254.185633][ T5828] active_file 0 [ 254.185633][ T5828] unevictable 0 [ 254.185633][ T5828] slab_reclaimable 6752 [ 254.185633][ T5828] slab_unreclaimable 0 [ 254.185633][ T5828] slab 6752 [ 254.185633][ T5828] workingset_refault_anon 0 [ 254.185633][ T5828] workingset_refault_file 0 [ 254.185633][ T5828] workingset_activate_anon 0 [ 254.185633][ T5828] workingset_activate_file 0 [ 254.185633][ T5828] workingset_restore_anon 0 ./strace-static-x86_64: Process 5832 attached [pid 5832] chdir("./56") = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [ 254.185633][ T5828] workingset_restore_file 0 [ 254.185633][ T5828] workingset_nodereclaim 0 [ 254.185633][ T5828] pgscan 831 [ 254.185633][ T5828] pgsteal 2 [ 254.185633][ T5828] pgscan_kswapd 0 [ 254.185633][ T5828] pgscan_direct 831 [ 254.185633][ T5828] pgscan_khugepaged 0 [ 254.185633][ T5828] pgsteal_kswapd 0 [ 254.185633][ T5828] pgsteal_direct 2 [ 254.185633][ T5828] pgsteal_khugepaged 0 [ 254.185633][ T5828] pgfault 21 [ 254.185633][ T5828] pgmajfault 0 [ 254.185633][ T5828] pgrefill 830 [ 254.185633][ T5828] pgactivate 829 [ 254.185633][ T5828] pgdeactivate 830 [pid 5832] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5832] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5832] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] mkdir("./file0", 000) = 0 [pid 5832] open("./file0", O_RDONLY) = 3 [pid 5832] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5832] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5832] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5832] openat(5, "memory.max", O_RDWR) = 6 [ 254.185633][ T5828] pglazyfree 0 [ 254.185633][ T5828] pglazyfreed 0 [ 254.185633][ T5828] zswpin 0 [ 254.185633][ T5828] zswpout 0 [ 254.185633][ T5828] thp_fault_alloc 0 [ 254.185633][ T5828] thp_collapse_alloc 0 [ 254.385551][ T5828] Tasks state (memory values in pages): [ 254.391172][ T5828] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5832] write(6, "0x000000000000040e", 18 [pid 5828] <... write resumed>) = 18 [pid 5828] close(3) = 0 [pid 5828] close(4) = 0 [pid 5828] close(5) = 0 [pid 5828] close(6) = 0 [pid 5828] close(7) = -1 EBADF (Bad file descriptor) [pid 5828] close(8) = -1 EBADF (Bad file descriptor) [pid 5828] close(9) = -1 EBADF (Bad file descriptor) [ 254.402053][ T5828] Out of memory and no killable processes... [ 254.408184][ T5829] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 254.419075][ T5829] CPU: 0 PID: 5829 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 254.429032][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 254.439146][ T5829] Call Trace: [ 254.442474][ T5829] [ 254.445460][ T5829] dump_stack_lvl+0x136/0x150 [pid 5828] close(10) = -1 EBADF (Bad file descriptor) [pid 5828] close(11) = -1 EBADF (Bad file descriptor) [pid 5828] close(12) = -1 EBADF (Bad file descriptor) [pid 5828] close(13) = -1 EBADF (Bad file descriptor) [pid 5828] close(14) = -1 EBADF (Bad file descriptor) [pid 5828] close(15) = -1 EBADF (Bad file descriptor) [pid 5828] close(16) = -1 EBADF (Bad file descriptor) [pid 5828] close(17) = -1 EBADF (Bad file descriptor) [pid 5828] close(18) = -1 EBADF (Bad file descriptor) [pid 5828] close(19) = -1 EBADF (Bad file descriptor) [pid 5828] close(20) = -1 EBADF (Bad file descriptor) [pid 5828] close(21) = -1 EBADF (Bad file descriptor) [pid 5828] close(22) = -1 EBADF (Bad file descriptor) [pid 5828] close(23) = -1 EBADF (Bad file descriptor) [pid 5828] close(24) = -1 EBADF (Bad file descriptor) [pid 5828] close(25) = -1 EBADF (Bad file descriptor) [pid 5828] close(26) = -1 EBADF (Bad file descriptor) [pid 5828] close(27) = -1 EBADF (Bad file descriptor) [pid 5828] close(28) = -1 EBADF (Bad file descriptor) [ 254.450209][ T5829] dump_header+0x10a/0xd70 [ 254.454700][ T5829] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 254.460861][ T5829] out_of_memory+0xd64/0x1660 [ 254.465625][ T5829] ? oom_killer_disable+0x2b0/0x2b0 [ 254.470910][ T5829] ? find_held_lock+0x2d/0x110 [ 254.475768][ T5829] mem_cgroup_out_of_memory+0x206/0x270 [ 254.481387][ T5829] ? mem_cgroup_margin+0x130/0x130 [ 254.486584][ T5829] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 254.492493][ T5829] memory_max_write+0x2f9/0x3c0 [pid 5828] close(29) = -1 EBADF (Bad file descriptor) [pid 5828] exit_group(0) = ? [pid 5828] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5085] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 254.497433][ T5829] ? mem_cgroup_force_empty_write+0x160/0x160 [ 254.503587][ T5829] ? lock_sync+0x190/0x190 [ 254.508085][ T5829] cgroup_file_write+0x1e2/0x7b0 [ 254.513110][ T5829] ? mem_cgroup_force_empty_write+0x160/0x160 [ 254.519260][ T5829] ? kill_css+0x3b0/0x3b0 [ 254.523678][ T5829] ? lock_acquire+0x32/0xc0 [ 254.528269][ T5829] ? kill_css+0x3b0/0x3b0 [ 254.532686][ T5829] kernfs_fop_write_iter+0x3f1/0x600 [ 254.538056][ T5829] vfs_write+0x9ed/0xe10 [ 254.542385][ T5829] ? kernel_write+0x670/0x670 [ 254.547144][ T5829] ? find_held_lock+0x2d/0x110 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./55/binderfs") = 0 [pid 5085] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./55/cgroup") = 0 [pid 5085] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 254.551985][ T5829] ? __fget_light+0x20a/0x270 [ 254.556749][ T5829] ksys_write+0x12b/0x250 [ 254.561155][ T5829] ? __ia32_sys_read+0xb0/0xb0 [ 254.565995][ T5829] ? lockdep_hardirqs_on+0x7d/0x100 [ 254.571262][ T5829] ? _raw_spin_unlock_irq+0x2e/0x50 [ 254.576531][ T5829] ? ptrace_notify+0xfe/0x140 [ 254.581284][ T5829] do_syscall_64+0x39/0xb0 [ 254.585773][ T5829] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 254.591744][ T5829] RIP: 0033:0x7faecf034129 [ 254.596207][ T5829] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 254.615876][ T5829] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 254.624352][ T5829] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 254.632376][ T5829] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 254.640395][ T5829] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [pid 5085] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./55/cgroup.net") = 0 [pid 5085] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [ 254.648418][ T5829] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 254.656440][ T5829] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000003a [ 254.664490][ T5829] [ 254.681478][ T5829] memory: usage 8kB, limit 0kB, failcnt 36 [ 254.687732][ T5829] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 254.696814][ T5829] Memory cgroup stats for /syz1: [pid 5085] rmdir("./55/file0") = 0 [pid 5085] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./55/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./55") = 0 [pid 5085] mkdir("./56", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 58 [ 254.697166][ T5829] anon 0 [ 254.697166][ T5829] file 0 [ 254.697166][ T5829] kernel 8192 [ 254.697166][ T5829] kernel_stack 0 [ 254.697166][ T5829] pagetables 0 [ 254.697166][ T5829] sec_pagetables 0 [ 254.697166][ T5829] percpu 0 [ 254.697166][ T5829] sock 0 [ 254.697166][ T5829] vmalloc 0 [ 254.697166][ T5829] shmem 0 [ 254.697166][ T5829] zswap 0 [ 254.697166][ T5829] zswapped 0 [ 254.697166][ T5829] file_mapped 0 [ 254.697166][ T5829] file_dirty 0 [ 254.697166][ T5829] file_writeback 0 [ 254.697166][ T5829] swapcached 0 ./strace-static-x86_64: Process 5833 attached [pid 5833] chdir("./56") = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5833] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5833] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 254.697166][ T5829] anon_thp 0 [ 254.697166][ T5829] file_thp 0 [ 254.697166][ T5829] shmem_thp 0 [ 254.697166][ T5829] inactive_anon 0 [ 254.697166][ T5829] active_anon 0 [ 254.697166][ T5829] inactive_file 0 [ 254.697166][ T5829] active_file 0 [ 254.697166][ T5829] unevictable 0 [ 254.697166][ T5829] slab_reclaimable 6752 [ 254.697166][ T5829] slab_unreclaimable 0 [ 254.697166][ T5829] slab 6752 [ 254.697166][ T5829] workingset_refault_anon 0 [ 254.697166][ T5829] workingset_refault_file 0 [ 254.697166][ T5829] workingset_activate_anon 0 [ 254.697166][ T5829] workingset_activate_file 0 [ 254.697166][ T5829] workingset_restore_anon 0 [ 254.697166][ T5829] workingset_restore_file 0 [ 254.697166][ T5829] workingset_nodereclaim 0 [ 254.697166][ T5829] pgscan 831 [ 254.697166][ T5829] pgsteal 2 [ 254.697166][ T5829] pgscan_kswapd 0 [ 254.697166][ T5829] pgscan_direct 831 [ 254.697166][ T5829] pgscan_khugepaged 0 [ 254.697166][ T5829] pgsteal_kswapd 0 [ 254.697166][ T5829] pgsteal_direct 2 [ 254.697166][ T5829] pgsteal_khugepaged 0 [ 254.697166][ T5829] pgfault 21 [ 254.697166][ T5829] pgmajfault 0 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5833] mkdir("./file0", 000) = 0 [pid 5833] open("./file0", O_RDONLY) = 3 [pid 5833] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 254.697166][ T5829] pgrefill 830 [ 254.697166][ T5829] pgactivate 829 [ 254.697166][ T5829] pgdeactivate 830 [ 254.697166][ T5829] pglazyfree 0 [ 254.697166][ T5829] pglazyfreed 0 [ 254.697166][ T5829] zswpin 0 [ 254.697166][ T5829] zswpout 0 [ 254.697166][ T5829] thp_fault_alloc 0 [ 254.697166][ T5829] thp_collapse_alloc 0 [pid 5833] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5833] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5833] openat(5, "memory.max", O_RDWR) = 6 [pid 5833] write(6, "0x000000000000040e", 18 [pid 5829] <... write resumed>) = 18 [pid 5829] close(3) = 0 [pid 5829] close(4) = 0 [pid 5829] close(5) = 0 [pid 5829] close(6) = 0 [pid 5829] close(7) = -1 EBADF (Bad file descriptor) [pid 5829] close(8) = -1 EBADF (Bad file descriptor) [pid 5829] close(9) = -1 EBADF (Bad file descriptor) [pid 5829] close(10) = -1 EBADF (Bad file descriptor) [pid 5829] close(11) = -1 EBADF (Bad file descriptor) [pid 5829] close(12) = -1 EBADF (Bad file descriptor) [pid 5829] close(13) = -1 EBADF (Bad file descriptor) [ 254.904403][ T5829] Tasks state (memory values in pages): [ 254.910901][ T5829] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 254.922654][ T5829] Out of memory and no killable processes... [ 254.929596][ T5830] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 254.940712][ T5830] CPU: 1 PID: 5830 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5829] close(14) = -1 EBADF (Bad file descriptor) [pid 5829] close(15) = -1 EBADF (Bad file descriptor) [pid 5829] close(16) = -1 EBADF (Bad file descriptor) [pid 5829] close(17) = -1 EBADF (Bad file descriptor) [pid 5829] close(18) = -1 EBADF (Bad file descriptor) [pid 5829] close(19) = -1 EBADF (Bad file descriptor) [pid 5829] close(20) = -1 EBADF (Bad file descriptor) [pid 5829] close(21) = -1 EBADF (Bad file descriptor) [pid 5829] close(22) = -1 EBADF (Bad file descriptor) [pid 5829] close(23) = -1 EBADF (Bad file descriptor) [pid 5829] close(24) = -1 EBADF (Bad file descriptor) [pid 5829] close(25) = -1 EBADF (Bad file descriptor) [pid 5829] close(26) = -1 EBADF (Bad file descriptor) [pid 5829] close(27) = -1 EBADF (Bad file descriptor) [pid 5829] close(28) = -1 EBADF (Bad file descriptor) [pid 5829] close(29) = -1 EBADF (Bad file descriptor) [pid 5829] exit_group(0) = ? [pid 5829] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5089] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./58/binderfs") = 0 [pid 5089] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./58/cgroup") = 0 [pid 5089] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./58/cgroup.net") = 0 [ 254.950683][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 254.960814][ T5830] Call Trace: [ 254.964151][ T5830] [ 254.967133][ T5830] dump_stack_lvl+0x136/0x150 [ 254.971884][ T5830] dump_header+0x10a/0xd70 [ 254.976374][ T5830] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 254.982550][ T5830] out_of_memory+0xd64/0x1660 [ 254.987329][ T5830] ? oom_killer_disable+0x2b0/0x2b0 [ 254.992610][ T5830] ? find_held_lock+0x2d/0x110 [ 254.997440][ T5830] mem_cgroup_out_of_memory+0x206/0x270 [ 255.003048][ T5830] ? mem_cgroup_margin+0x130/0x130 [ 255.008209][ T5830] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 255.014061][ T5830] memory_max_write+0x2f9/0x3c0 [ 255.018970][ T5830] ? mem_cgroup_force_empty_write+0x160/0x160 [ 255.025090][ T5830] ? lock_sync+0x190/0x190 [ 255.029555][ T5830] cgroup_file_write+0x1e2/0x7b0 [ 255.034570][ T5830] ? mem_cgroup_force_empty_write+0x160/0x160 [ 255.040707][ T5830] ? kill_css+0x3b0/0x3b0 [ 255.045117][ T5830] ? lock_acquire+0x32/0xc0 [ 255.049696][ T5830] ? kill_css+0x3b0/0x3b0 [ 255.054086][ T5830] kernfs_fop_write_iter+0x3f1/0x600 [ 255.059457][ T5830] vfs_write+0x9ed/0xe10 [ 255.063800][ T5830] ? kernel_write+0x670/0x670 [ 255.068517][ T5830] ? find_held_lock+0x2d/0x110 [ 255.073323][ T5830] ? __fget_light+0x20a/0x270 [ 255.078070][ T5830] ksys_write+0x12b/0x250 [ 255.082457][ T5830] ? __ia32_sys_read+0xb0/0xb0 [ 255.087264][ T5830] ? lockdep_hardirqs_on+0x7d/0x100 [ 255.092511][ T5830] ? _raw_spin_unlock_irq+0x2e/0x50 [ 255.097783][ T5830] ? ptrace_notify+0xfe/0x140 [ 255.102516][ T5830] do_syscall_64+0x39/0xb0 [ 255.106990][ T5830] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 255.112946][ T5830] RIP: 0033:0x7faecf034129 [ 255.117399][ T5830] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 255.137049][ T5830] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 255.145529][ T5830] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 255.153551][ T5830] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 255.161577][ T5830] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 255.169607][ T5830] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 255.177616][ T5830] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000003b [ 255.185637][ T5830] [ 255.195081][ T5830] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5089] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./58/file0") = 0 [pid 5089] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./58/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./58") = 0 [pid 5089] mkdir("./59", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 61 ./strace-static-x86_64: Process 5834 attached [pid 5834] chdir("./59") = 0 [ 255.200966][ T5830] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 255.218916][ T5830] Memory cgroup stats for /syz1: [ 255.219329][ T5830] anon 0 [ 255.219329][ T5830] file 0 [ 255.219329][ T5830] kernel 8192 [ 255.219329][ T5830] kernel_stack 0 [ 255.219329][ T5830] pagetables 0 [ 255.219329][ T5830] sec_pagetables 0 [ 255.219329][ T5830] percpu 0 [ 255.219329][ T5830] sock 0 [ 255.219329][ T5830] vmalloc 0 [ 255.219329][ T5830] shmem 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5834] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5834] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5834] mkdir("./file0", 000) = 0 [pid 5834] open("./file0", O_RDONLY) = 3 [pid 5834] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5834] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5834] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5834] openat(5, "memory.max", O_RDWR) = 6 [ 255.219329][ T5830] zswap 0 [ 255.219329][ T5830] zswapped 0 [ 255.219329][ T5830] file_mapped 0 [ 255.219329][ T5830] file_dirty 0 [ 255.219329][ T5830] file_writeback 0 [ 255.219329][ T5830] swapcached 0 [ 255.219329][ T5830] anon_thp 0 [ 255.219329][ T5830] file_thp 0 [ 255.219329][ T5830] shmem_thp 0 [ 255.219329][ T5830] inactive_anon 0 [ 255.219329][ T5830] active_anon 0 [ 255.219329][ T5830] inactive_file 0 [ 255.219329][ T5830] active_file 0 [ 255.219329][ T5830] unevictable 0 [ 255.219329][ T5830] slab_reclaimable 6752 [ 255.219329][ T5830] slab_unreclaimable 0 [ 255.219329][ T5830] slab 6752 [ 255.219329][ T5830] workingset_refault_anon 0 [ 255.219329][ T5830] workingset_refault_file 0 [ 255.219329][ T5830] workingset_activate_anon 0 [ 255.219329][ T5830] workingset_activate_file 0 [ 255.219329][ T5830] workingset_restore_anon 0 [ 255.219329][ T5830] workingset_restore_file 0 [ 255.219329][ T5830] workingset_nodereclaim 0 [ 255.219329][ T5830] pgscan 831 [ 255.219329][ T5830] pgsteal 2 [ 255.219329][ T5830] pgscan_kswapd 0 [ 255.219329][ T5830] pgscan_direct 831 [ 255.219329][ T5830] pgscan_khugepaged 0 [ 255.219329][ T5830] pgsteal_kswapd 0 [ 255.219329][ T5830] pgsteal_direct 2 [ 255.219329][ T5830] pgsteal_khugepaged 0 [ 255.219329][ T5830] pgfault 21 [ 255.219329][ T5830] pgmajfault 0 [ 255.219329][ T5830] pgrefill 830 [ 255.219329][ T5830] pgactivate 829 [ 255.219329][ T5830] pgdeactivate 830 [ 255.219329][ T5830] pglazyfree 0 [ 255.219329][ T5830] pglazyfreed 0 [ 255.219329][ T5830] zswpin 0 [ 255.219329][ T5830] zswpout 0 [ 255.219329][ T5830] thp_fault_alloc 0 [ 255.219329][ T5830] thp_collapse_alloc 0 [pid 5834] write(6, "0x000000000000040e", 18 [pid 5830] <... write resumed>) = 18 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] close(5) = 0 [pid 5830] close(6) = 0 [pid 5830] close(7) = -1 EBADF (Bad file descriptor) [pid 5830] close(8) = -1 EBADF (Bad file descriptor) [pid 5830] close(9) = -1 EBADF (Bad file descriptor) [pid 5830] close(10) = -1 EBADF (Bad file descriptor) [pid 5830] close(11) = -1 EBADF (Bad file descriptor) [pid 5830] close(12) = -1 EBADF (Bad file descriptor) [pid 5830] close(13) = -1 EBADF (Bad file descriptor) [pid 5830] close(14) = -1 EBADF (Bad file descriptor) [pid 5830] close(15) = -1 EBADF (Bad file descriptor) [pid 5830] close(16) = -1 EBADF (Bad file descriptor) [pid 5830] close(17) = -1 EBADF (Bad file descriptor) [pid 5830] close(18) = -1 EBADF (Bad file descriptor) [pid 5830] close(19) = -1 EBADF (Bad file descriptor) [pid 5830] close(20) = -1 EBADF (Bad file descriptor) [pid 5830] close(21) = -1 EBADF (Bad file descriptor) [pid 5830] close(22) = -1 EBADF (Bad file descriptor) [pid 5830] close(23) = -1 EBADF (Bad file descriptor) [pid 5830] close(24) = -1 EBADF (Bad file descriptor) [pid 5830] close(25) = -1 EBADF (Bad file descriptor) [pid 5830] close(26) = -1 EBADF (Bad file descriptor) [pid 5830] close(27) = -1 EBADF (Bad file descriptor) [pid 5830] close(28) = -1 EBADF (Bad file descriptor) [pid 5830] close(29) = -1 EBADF (Bad file descriptor) [pid 5830] exit_group(0) = ? [pid 5830] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5090] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 255.411841][ T5830] Tasks state (memory values in pages): [ 255.417454][ T5830] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 255.427825][ T5830] Out of memory and no killable processes... [ 255.434948][ T5831] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 255.448949][ T5831] CPU: 0 PID: 5831 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./59/binderfs") = 0 [pid 5090] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./59/cgroup") = 0 [pid 5090] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./59/cgroup.net") = 0 [ 255.458942][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 255.469055][ T5831] Call Trace: [ 255.472391][ T5831] [ 255.475374][ T5831] dump_stack_lvl+0x136/0x150 [ 255.480116][ T5831] dump_header+0x10a/0xd70 [ 255.484587][ T5831] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 255.490720][ T5831] out_of_memory+0xd64/0x1660 [ 255.495499][ T5831] ? oom_killer_disable+0x2b0/0x2b0 [ 255.500789][ T5831] mem_cgroup_out_of_memory+0x206/0x270 [ 255.506412][ T5831] ? mem_cgroup_margin+0x130/0x130 [ 255.511622][ T5831] memory_max_write+0x2f9/0x3c0 [ 255.516558][ T5831] ? mem_cgroup_force_empty_write+0x160/0x160 [ 255.522716][ T5831] ? lock_sync+0x190/0x190 [ 255.527205][ T5831] cgroup_file_write+0x1e2/0x7b0 [ 255.532220][ T5831] ? mem_cgroup_force_empty_write+0x160/0x160 [ 255.538365][ T5831] ? kill_css+0x3b0/0x3b0 [ 255.542770][ T5831] ? lock_acquire+0x32/0xc0 [ 255.547367][ T5831] ? kill_css+0x3b0/0x3b0 [ 255.551774][ T5831] kernfs_fop_write_iter+0x3f1/0x600 [ 255.557114][ T5831] vfs_write+0x9ed/0xe10 [ 255.561411][ T5831] ? kernel_write+0x670/0x670 [ 255.566141][ T5831] ? find_held_lock+0x2d/0x110 [ 255.570950][ T5831] ? __fget_light+0x20a/0x270 [ 255.575695][ T5831] ksys_write+0x12b/0x250 [ 255.580070][ T5831] ? __ia32_sys_read+0xb0/0xb0 [ 255.584882][ T5831] ? lockdep_hardirqs_on+0x7d/0x100 [ 255.590118][ T5831] ? _raw_spin_unlock_irq+0x2e/0x50 [ 255.595360][ T5831] ? ptrace_notify+0xfe/0x140 [ 255.600076][ T5831] do_syscall_64+0x39/0xb0 [ 255.604535][ T5831] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 255.610465][ T5831] RIP: 0033:0x7faecf034129 [ 255.614918][ T5831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 255.634557][ T5831] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 255.643005][ T5831] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 255.651006][ T5831] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5090] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 255.659005][ T5831] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 255.667002][ T5831] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 255.675002][ T5831] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000039 [ 255.683020][ T5831] [ 255.691492][ T5831] memory: usage 8kB, limit 0kB, failcnt 36 [ 255.700502][ T5831] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5090] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./59/file0") = 0 [pid 5090] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./59/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./59") = 0 [pid 5090] mkdir("./60", 0777) = 0 [ 255.708737][ T5831] Memory cgroup stats for /syz1: [ 255.709138][ T5831] anon 0 [ 255.709138][ T5831] file 0 [ 255.709138][ T5831] kernel 8192 [ 255.709138][ T5831] kernel_stack 0 [ 255.709138][ T5831] pagetables 0 [ 255.709138][ T5831] sec_pagetables 0 [ 255.709138][ T5831] percpu 0 [ 255.709138][ T5831] sock 0 [ 255.709138][ T5831] vmalloc 0 [ 255.709138][ T5831] shmem 0 [ 255.709138][ T5831] zswap 0 [ 255.709138][ T5831] zswapped 0 [ 255.709138][ T5831] file_mapped 0 [ 255.709138][ T5831] file_dirty 0 [ 255.709138][ T5831] file_writeback 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 62 ./strace-static-x86_64: Process 5835 attached [pid 5835] chdir("./60") = 0 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] setpgid(0, 0) = 0 [pid 5835] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5835] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5835] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1000", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5835] mkdir("./file0", 000) = 0 [pid 5835] open("./file0", O_RDONLY) = 3 [pid 5835] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5835] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 255.709138][ T5831] swapcached 0 [ 255.709138][ T5831] anon_thp 0 [ 255.709138][ T5831] file_thp 0 [ 255.709138][ T5831] shmem_thp 0 [ 255.709138][ T5831] inactive_anon 0 [ 255.709138][ T5831] active_anon 0 [ 255.709138][ T5831] inactive_file 0 [ 255.709138][ T5831] active_file 0 [ 255.709138][ T5831] unevictable 0 [ 255.709138][ T5831] slab_reclaimable 6752 [ 255.709138][ T5831] slab_unreclaimable 0 [ 255.709138][ T5831] slab 6752 [ 255.709138][ T5831] workingset_refault_anon 0 [ 255.709138][ T5831] workingset_refault_file 0 [ 255.709138][ T5831] workingset_activate_anon 0 [pid 5835] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5835] openat(5, "memory.max", O_RDWR) = 6 [ 255.709138][ T5831] workingset_activate_file 0 [ 255.709138][ T5831] workingset_restore_anon 0 [ 255.709138][ T5831] workingset_restore_file 0 [ 255.709138][ T5831] workingset_nodereclaim 0 [ 255.709138][ T5831] pgscan 831 [ 255.709138][ T5831] pgsteal 2 [ 255.709138][ T5831] pgscan_kswapd 0 [ 255.709138][ T5831] pgscan_direct 831 [ 255.709138][ T5831] pgscan_khugepaged 0 [ 255.709138][ T5831] pgsteal_kswapd 0 [ 255.709138][ T5831] pgsteal_direct 2 [ 255.709138][ T5831] pgsteal_khugepaged 0 [ 255.709138][ T5831] pgfault 21 [ 255.709138][ T5831] pgmajfault 0 [ 255.709138][ T5831] pgrefill 830 [ 255.709138][ T5831] pgactivate 829 [ 255.709138][ T5831] pgdeactivate 830 [ 255.709138][ T5831] pglazyfree 0 [ 255.709138][ T5831] pglazyfreed 0 [ 255.709138][ T5831] zswpin 0 [ 255.709138][ T5831] zswpout 0 [ 255.709138][ T5831] thp_fault_alloc 0 [ 255.709138][ T5831] thp_collapse_alloc 0 [ 255.904311][ T5831] Tasks state (memory values in pages): [pid 5835] write(6, "0x000000000000040e", 18 [pid 5831] <... write resumed>) = 18 [pid 5831] close(3) = 0 [pid 5831] close(4) = 0 [pid 5831] close(5) = 0 [pid 5831] close(6) = 0 [pid 5831] close(7) = -1 EBADF (Bad file descriptor) [pid 5831] close(8) = -1 EBADF (Bad file descriptor) [pid 5831] close(9) = -1 EBADF (Bad file descriptor) [pid 5831] close(10) = -1 EBADF (Bad file descriptor) [pid 5831] close(11) = -1 EBADF (Bad file descriptor) [pid 5831] close(12) = -1 EBADF (Bad file descriptor) [pid 5831] close(13) = -1 EBADF (Bad file descriptor) [pid 5831] close(14) = -1 EBADF (Bad file descriptor) [pid 5831] close(15) = -1 EBADF (Bad file descriptor) [pid 5831] close(16) = -1 EBADF (Bad file descriptor) [ 255.910015][ T5831] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 255.924421][ T5831] Out of memory and no killable processes... [ 255.930726][ T5832] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 255.941776][ T5832] CPU: 1 PID: 5832 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 255.951729][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5831] close(17) = -1 EBADF (Bad file descriptor) [pid 5831] close(18) = -1 EBADF (Bad file descriptor) [pid 5831] close(19) = -1 EBADF (Bad file descriptor) [pid 5831] close(20) = -1 EBADF (Bad file descriptor) [pid 5831] close(21) = -1 EBADF (Bad file descriptor) [pid 5831] close(22) = -1 EBADF (Bad file descriptor) [pid 5831] close(23) = -1 EBADF (Bad file descriptor) [pid 5831] close(24) = -1 EBADF (Bad file descriptor) [pid 5831] close(25) = -1 EBADF (Bad file descriptor) [pid 5831] close(26) = -1 EBADF (Bad file descriptor) [pid 5831] close(27) = -1 EBADF (Bad file descriptor) [pid 5831] close(28) = -1 EBADF (Bad file descriptor) [pid 5831] close(29) = -1 EBADF (Bad file descriptor) [pid 5831] exit_group(0) = ? [pid 5831] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5087] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./57/binderfs") = 0 [pid 5087] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./57/cgroup") = 0 [pid 5087] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./57/cgroup.net") = 0 [ 255.961854][ T5832] Call Trace: [ 255.965178][ T5832] [ 255.968174][ T5832] dump_stack_lvl+0x136/0x150 [ 255.972920][ T5832] dump_header+0x10a/0xd70 [ 255.977406][ T5832] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 255.983589][ T5832] out_of_memory+0xd64/0x1660 [ 255.988367][ T5832] ? oom_killer_disable+0x2b0/0x2b0 [ 255.993648][ T5832] ? find_held_lock+0x2d/0x110 [ 255.998476][ T5832] mem_cgroup_out_of_memory+0x206/0x270 [ 256.004105][ T5832] ? mem_cgroup_margin+0x130/0x130 [ 256.009294][ T5832] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 256.015182][ T5832] memory_max_write+0x2f9/0x3c0 [ 256.020119][ T5832] ? mem_cgroup_force_empty_write+0x160/0x160 [ 256.026269][ T5832] ? lock_sync+0x190/0x190 [ 256.030759][ T5832] cgroup_file_write+0x1e2/0x7b0 [ 256.035776][ T5832] ? mem_cgroup_force_empty_write+0x160/0x160 [ 256.041921][ T5832] ? kill_css+0x3b0/0x3b0 [ 256.046324][ T5832] ? lock_acquire+0x32/0xc0 [ 256.050905][ T5832] ? kill_css+0x3b0/0x3b0 [ 256.055299][ T5832] kernfs_fop_write_iter+0x3f1/0x600 [ 256.060636][ T5832] vfs_write+0x9ed/0xe10 [ 256.064926][ T5832] ? kernel_write+0x670/0x670 [ 256.069655][ T5832] ? find_held_lock+0x2d/0x110 [ 256.074463][ T5832] ? __fget_light+0x20a/0x270 [ 256.079187][ T5832] ksys_write+0x12b/0x250 [ 256.083567][ T5832] ? __ia32_sys_read+0xb0/0xb0 [ 256.088374][ T5832] ? lockdep_hardirqs_on+0x7d/0x100 [ 256.093625][ T5832] ? _raw_spin_unlock_irq+0x2e/0x50 [ 256.098867][ T5832] ? ptrace_notify+0xfe/0x140 [ 256.103607][ T5832] do_syscall_64+0x39/0xb0 [ 256.108073][ T5832] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 256.114001][ T5832] RIP: 0033:0x7faecf034129 [ 256.118461][ T5832] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 256.138096][ T5832] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 256.146540][ T5832] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 256.154538][ T5832] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5087] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [pid 5087] rmdir("./57/file0") = 0 [pid 5087] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./57/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [ 256.162541][ T5832] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 256.170541][ T5832] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 256.178539][ T5832] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000038 [ 256.186567][ T5832] [ 256.201156][ T5832] memory: usage 8kB, limit 0kB, failcnt 36 [ 256.207323][ T5832] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./57") = 0 [pid 5087] mkdir("./58", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached [pid 5836] chdir("./58" [pid 5087] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 60 [pid 5836] <... chdir resumed>) = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5836] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5836] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5836] mkdir("./file0", 000) = 0 [pid 5836] open("./file0", O_RDONLY) = 3 [pid 5836] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5836] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5836] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 256.231605][ T5832] Memory cgroup stats for /syz1: [ 256.232021][ T5832] anon 0 [ 256.232021][ T5832] file 0 [ 256.232021][ T5832] kernel 8192 [ 256.232021][ T5832] kernel_stack 0 [ 256.232021][ T5832] pagetables 0 [ 256.232021][ T5832] sec_pagetables 0 [ 256.232021][ T5832] percpu 0 [ 256.232021][ T5832] sock 0 [ 256.232021][ T5832] vmalloc 0 [ 256.232021][ T5832] shmem 0 [ 256.232021][ T5832] zswap 0 [ 256.232021][ T5832] zswapped 0 [ 256.232021][ T5832] file_mapped 0 [ 256.232021][ T5832] file_dirty 0 [pid 5836] openat(5, "memory.max", O_RDWR) = 6 [ 256.232021][ T5832] file_writeback 0 [ 256.232021][ T5832] swapcached 0 [ 256.232021][ T5832] anon_thp 0 [ 256.232021][ T5832] file_thp 0 [ 256.232021][ T5832] shmem_thp 0 [ 256.232021][ T5832] inactive_anon 0 [ 256.232021][ T5832] active_anon 0 [ 256.232021][ T5832] inactive_file 0 [ 256.232021][ T5832] active_file 0 [ 256.232021][ T5832] unevictable 0 [ 256.232021][ T5832] slab_reclaimable 6752 [ 256.232021][ T5832] slab_unreclaimable 0 [ 256.232021][ T5832] slab 6752 [ 256.232021][ T5832] workingset_refault_anon 0 [ 256.232021][ T5832] workingset_refault_file 0 [ 256.232021][ T5832] workingset_activate_anon 0 [ 256.232021][ T5832] workingset_activate_file 0 [ 256.232021][ T5832] workingset_restore_anon 0 [ 256.232021][ T5832] workingset_restore_file 0 [ 256.232021][ T5832] workingset_nodereclaim 0 [ 256.232021][ T5832] pgscan 831 [ 256.232021][ T5832] pgsteal 2 [ 256.232021][ T5832] pgscan_kswapd 0 [ 256.232021][ T5832] pgscan_direct 831 [ 256.232021][ T5832] pgscan_khugepaged 0 [ 256.232021][ T5832] pgsteal_kswapd 0 [ 256.232021][ T5832] pgsteal_direct 2 [ 256.232021][ T5832] pgsteal_khugepaged 0 [ 256.232021][ T5832] pgfault 21 [ 256.232021][ T5832] pgmajfault 0 [ 256.232021][ T5832] pgrefill 830 [ 256.232021][ T5832] pgactivate 829 [ 256.232021][ T5832] pgdeactivate 830 [ 256.232021][ T5832] pglazyfree 0 [ 256.232021][ T5832] pglazyfreed 0 [ 256.232021][ T5832] zswpin 0 [ 256.232021][ T5832] zswpout 0 [ 256.232021][ T5832] thp_fault_alloc 0 [ 256.232021][ T5832] thp_collapse_alloc 0 [ 256.426831][ T5832] Tasks state (memory values in pages): [pid 5836] write(6, "0x000000000000040e", 18 [pid 5832] <... write resumed>) = 18 [pid 5832] close(3) = 0 [pid 5832] close(4) = 0 [pid 5832] close(5) = 0 [pid 5832] close(6) = 0 [pid 5832] close(7) = -1 EBADF (Bad file descriptor) [pid 5832] close(8) = -1 EBADF (Bad file descriptor) [pid 5832] close(9) = -1 EBADF (Bad file descriptor) [pid 5832] close(10) = -1 EBADF (Bad file descriptor) [pid 5832] close(11) = -1 EBADF (Bad file descriptor) [ 256.432514][ T5832] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 256.442205][ T5832] Out of memory and no killable processes... [ 256.448295][ T5833] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 256.459760][ T5833] CPU: 0 PID: 5833 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 256.469734][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 256.479858][ T5833] Call Trace: [pid 5832] close(12) = -1 EBADF (Bad file descriptor) [pid 5832] close(13) = -1 EBADF (Bad file descriptor) [pid 5832] close(14) = -1 EBADF (Bad file descriptor) [pid 5832] close(15) = -1 EBADF (Bad file descriptor) [pid 5832] close(16) = -1 EBADF (Bad file descriptor) [pid 5832] close(17) = -1 EBADF (Bad file descriptor) [pid 5832] close(18) = -1 EBADF (Bad file descriptor) [pid 5832] close(19) = -1 EBADF (Bad file descriptor) [pid 5832] close(20) = -1 EBADF (Bad file descriptor) [pid 5832] close(21) = -1 EBADF (Bad file descriptor) [pid 5832] close(22) = -1 EBADF (Bad file descriptor) [pid 5832] close(23) = -1 EBADF (Bad file descriptor) [pid 5832] close(24) = -1 EBADF (Bad file descriptor) [pid 5832] close(25) = -1 EBADF (Bad file descriptor) [pid 5832] close(26) = -1 EBADF (Bad file descriptor) [pid 5832] close(27) = -1 EBADF (Bad file descriptor) [pid 5832] close(28) = -1 EBADF (Bad file descriptor) [pid 5832] close(29) = -1 EBADF (Bad file descriptor) [pid 5832] exit_group(0) = ? [ 256.483190][ T5833] [ 256.486177][ T5833] dump_stack_lvl+0x136/0x150 [ 256.490948][ T5833] dump_header+0x10a/0xd70 [ 256.495448][ T5833] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 256.501726][ T5833] out_of_memory+0xd64/0x1660 [ 256.506499][ T5833] ? oom_killer_disable+0x2b0/0x2b0 [ 256.511786][ T5833] ? find_held_lock+0x2d/0x110 [ 256.516634][ T5833] mem_cgroup_out_of_memory+0x206/0x270 [ 256.522276][ T5833] ? mem_cgroup_margin+0x130/0x130 [ 256.527491][ T5833] ? _raw_spin_unlock_irqrestore+0x54/0x70 [pid 5832] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 256.533399][ T5833] memory_max_write+0x2f9/0x3c0 [ 256.538340][ T5833] ? mem_cgroup_force_empty_write+0x160/0x160 [ 256.544487][ T5833] ? lock_sync+0x190/0x190 [ 256.548957][ T5833] cgroup_file_write+0x1e2/0x7b0 [ 256.553957][ T5833] ? mem_cgroup_force_empty_write+0x160/0x160 [ 256.560076][ T5833] ? kill_css+0x3b0/0x3b0 [ 256.564452][ T5833] ? lock_acquire+0x32/0xc0 [ 256.569005][ T5833] ? kill_css+0x3b0/0x3b0 [ 256.573394][ T5833] kernfs_fop_write_iter+0x3f1/0x600 [ 256.578736][ T5833] vfs_write+0x9ed/0xe10 [ 256.583071][ T5833] ? kernel_write+0x670/0x670 [ 256.587802][ T5833] ? find_held_lock+0x2d/0x110 [ 256.592610][ T5833] ? __fget_light+0x20a/0x270 [ 256.597353][ T5833] ksys_write+0x12b/0x250 [ 256.601730][ T5833] ? __ia32_sys_read+0xb0/0xb0 [ 256.606541][ T5833] ? lockdep_hardirqs_on+0x7d/0x100 [ 256.611778][ T5833] ? _raw_spin_unlock_irq+0x2e/0x50 [ 256.617023][ T5833] ? ptrace_notify+0xfe/0x140 [ 256.621762][ T5833] do_syscall_64+0x39/0xb0 [ 256.626228][ T5833] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 256.632173][ T5833] RIP: 0033:0x7faecf034129 [ 256.636617][ T5833] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 256.656251][ T5833] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 256.664698][ T5833] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 256.672696][ T5833] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 256.680695][ T5833] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 256.688691][ T5833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 256.696714][ T5833] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000038 [ 256.704757][ T5833] [ 256.720729][ T5833] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5086] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./56/binderfs") = 0 [pid 5086] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./56/cgroup") = 0 [pid 5086] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./56/cgroup.net") = 0 [ 256.728387][ T5833] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 256.738548][ T5833] Memory cgroup stats for /syz1: [ 256.742172][ T5833] anon 0 [ 256.742172][ T5833] file 0 [ 256.742172][ T5833] kernel 8192 [ 256.742172][ T5833] kernel_stack 0 [ 256.742172][ T5833] pagetables 0 [ 256.742172][ T5833] sec_pagetables 0 [ 256.742172][ T5833] percpu 0 [ 256.742172][ T5833] sock 0 [ 256.742172][ T5833] vmalloc 0 [ 256.742172][ T5833] shmem 0 [ 256.742172][ T5833] zswap 0 [ 256.742172][ T5833] zswapped 0 [ 256.742172][ T5833] file_mapped 0 [ 256.742172][ T5833] file_dirty 0 [ 256.742172][ T5833] file_writeback 0 [ 256.742172][ T5833] swapcached 0 [ 256.742172][ T5833] anon_thp 0 [ 256.742172][ T5833] file_thp 0 [ 256.742172][ T5833] shmem_thp 0 [ 256.742172][ T5833] inactive_anon 0 [ 256.742172][ T5833] active_anon 0 [ 256.742172][ T5833] inactive_file 0 [ 256.742172][ T5833] active_file 0 [ 256.742172][ T5833] unevictable 0 [ 256.742172][ T5833] slab_reclaimable 6752 [ 256.742172][ T5833] slab_unreclaimable 0 [ 256.742172][ T5833] slab 6752 [ 256.742172][ T5833] workingset_refault_anon 0 [ 256.742172][ T5833] workingset_refault_file 0 [ 256.742172][ T5833] workingset_activate_anon 0 [ 256.742172][ T5833] workingset_activate_file 0 [ 256.742172][ T5833] workingset_restore_anon 0 [ 256.742172][ T5833] workingset_restore_file 0 [ 256.742172][ T5833] workingset_nodereclaim 0 [ 256.742172][ T5833] pgscan 831 [ 256.742172][ T5833] pgsteal 2 [ 256.742172][ T5833] pgscan_kswapd 0 [ 256.742172][ T5833] pgscan_direct 831 [ 256.742172][ T5833] pgscan_khugepaged 0 [ 256.742172][ T5833] pgsteal_kswapd 0 [ 256.742172][ T5833] pgsteal_direct 2 [ 256.742172][ T5833] pgsteal_khugepaged 0 [ 256.742172][ T5833] pgfault 21 [ 256.742172][ T5833] pgmajfault 0 [ 256.742172][ T5833] pgrefill 830 [ 256.742172][ T5833] pgactivate 829 [ 256.742172][ T5833] pgdeactivate 830 [ 256.742172][ T5833] pglazyfree 0 [ 256.742172][ T5833] pglazyfreed 0 [ 256.742172][ T5833] zswpin 0 [ 256.742172][ T5833] zswpout 0 [ 256.742172][ T5833] thp_fault_alloc 0 [ 256.742172][ T5833] thp_collapse_alloc 0 [pid 5086] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./56/file0" [pid 5833] <... write resumed>) = 18 [pid 5086] <... rmdir resumed>) = 0 [pid 5086] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5833] close(3 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./56/cgroup.cpu", [pid 5833] <... close resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./56/cgroup.cpu" [pid 5833] close(4 [pid 5086] <... unlink resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5086] getdents64(3, [pid 5833] close(5 [pid 5086] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5833] <... close resumed>) = 0 [pid 5086] close(3 [ 256.931978][ T5833] Tasks state (memory values in pages): [ 256.937600][ T5833] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 256.953100][ T5833] Out of memory and no killable processes... [ 256.961604][ T5834] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 256.982648][ T5834] CPU: 1 PID: 5834 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 256.992637][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 257.002748][ T5834] Call Trace: [ 257.006074][ T5834] [ 257.009052][ T5834] dump_stack_lvl+0x136/0x150 [ 257.013807][ T5834] dump_header+0x10a/0xd70 [ 257.018288][ T5834] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 257.024447][ T5834] out_of_memory+0xd64/0x1660 [ 257.029222][ T5834] ? oom_killer_disable+0x2b0/0x2b0 [pid 5833] close(6 [pid 5086] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5086] rmdir("./56") = 0 [pid 5086] mkdir("./57", 0777) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached [pid 5837] chdir("./57" [pid 5086] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 59 [pid 5837] <... chdir resumed>) = 0 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5837] setpgid(0, 0) = 0 [pid 5837] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5837] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5837] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5837] write(3, "1000", 4) = 4 [pid 5837] close(3) = 0 [pid 5837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5837] mkdir("./file0", 000) = 0 [pid 5837] open("./file0", O_RDONLY) = 3 [pid 5837] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5837] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5837] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5837] openat(5, "memory.max", O_RDWR) = 6 [pid 5837] write(6, "0x000000000000040e", 18 [pid 5833] close(7) = -1 EBADF (Bad file descriptor) [pid 5833] close(8) = -1 EBADF (Bad file descriptor) [pid 5833] close(9) = -1 EBADF (Bad file descriptor) [pid 5833] close(10) = -1 EBADF (Bad file descriptor) [pid 5833] close(11) = -1 EBADF (Bad file descriptor) [pid 5833] close(12) = -1 EBADF (Bad file descriptor) [pid 5833] close(13) = -1 EBADF (Bad file descriptor) [pid 5833] close(14) = -1 EBADF (Bad file descriptor) [pid 5833] close(15) = -1 EBADF (Bad file descriptor) [pid 5833] close(16) = -1 EBADF (Bad file descriptor) [pid 5833] close(17) = -1 EBADF (Bad file descriptor) [pid 5833] close(18) = -1 EBADF (Bad file descriptor) [pid 5833] close(19) = -1 EBADF (Bad file descriptor) [pid 5833] close(20) = -1 EBADF (Bad file descriptor) [pid 5833] close(21) = -1 EBADF (Bad file descriptor) [pid 5833] close(22) = -1 EBADF (Bad file descriptor) [pid 5833] close(23) = -1 EBADF (Bad file descriptor) [ 257.034516][ T5834] mem_cgroup_out_of_memory+0x206/0x270 [ 257.040136][ T5834] ? mem_cgroup_margin+0x130/0x130 [ 257.045319][ T5834] memory_max_write+0x2f9/0x3c0 [ 257.050245][ T5834] ? mem_cgroup_force_empty_write+0x160/0x160 [ 257.056397][ T5834] ? lock_sync+0x190/0x190 [ 257.060977][ T5834] cgroup_file_write+0x1e2/0x7b0 [ 257.066076][ T5834] ? mem_cgroup_force_empty_write+0x160/0x160 [ 257.072223][ T5834] ? kill_css+0x3b0/0x3b0 [ 257.076637][ T5834] ? lock_acquire+0x32/0xc0 [ 257.081225][ T5834] ? kill_css+0x3b0/0x3b0 [pid 5833] close(24) = -1 EBADF (Bad file descriptor) [pid 5833] close(25) = -1 EBADF (Bad file descriptor) [pid 5833] close(26) = -1 EBADF (Bad file descriptor) [pid 5833] close(27) = -1 EBADF (Bad file descriptor) [pid 5833] close(28) = -1 EBADF (Bad file descriptor) [pid 5833] close(29) = -1 EBADF (Bad file descriptor) [pid 5833] exit_group(0) = ? [pid 5833] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5085] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./56/binderfs") = 0 [pid 5085] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./56/cgroup") = 0 [ 257.085631][ T5834] kernfs_fop_write_iter+0x3f1/0x600 [ 257.091003][ T5834] vfs_write+0x9ed/0xe10 [ 257.095335][ T5834] ? kernel_write+0x670/0x670 [ 257.100103][ T5834] ? find_held_lock+0x2d/0x110 [ 257.104942][ T5834] ? __fget_light+0x20a/0x270 [ 257.109694][ T5834] ksys_write+0x12b/0x250 [ 257.114119][ T5834] ? __ia32_sys_read+0xb0/0xb0 [ 257.118958][ T5834] ? lockdep_hardirqs_on+0x7d/0x100 [ 257.124244][ T5834] ? _raw_spin_unlock_irq+0x2e/0x50 [ 257.129528][ T5834] ? ptrace_notify+0xfe/0x140 [pid 5085] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./56/cgroup.net") = 0 [ 257.134285][ T5834] do_syscall_64+0x39/0xb0 [ 257.138788][ T5834] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 257.144751][ T5834] RIP: 0033:0x7faecf034129 [ 257.149212][ T5834] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 257.168883][ T5834] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 257.177365][ T5834] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [pid 5085] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5085] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 257.185388][ T5834] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 257.193435][ T5834] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 257.201449][ T5834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 257.209462][ T5834] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000003b [ 257.217520][ T5834] [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./56/file0") = 0 [pid 5085] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./56/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./56") = 0 [pid 5085] mkdir("./57", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached [pid 5838] chdir("./57" [pid 5085] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 59 [pid 5838] <... chdir resumed>) = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5838] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [ 257.237848][ T5834] memory: usage 8kB, limit 0kB, failcnt 36 [ 257.245682][ T5834] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 257.259798][ T5834] Memory cgroup stats for /syz1: [ 257.260099][ T5834] anon 0 [ 257.260099][ T5834] file 0 [ 257.260099][ T5834] kernel 8192 [ 257.260099][ T5834] kernel_stack 0 [ 257.260099][ T5834] pagetables 0 [ 257.260099][ T5834] sec_pagetables 0 [ 257.260099][ T5834] percpu 0 [pid 5838] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] mkdir("./file0", 000) = 0 [pid 5838] open("./file0", O_RDONLY) = 3 [pid 5838] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5838] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5838] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5838] openat(5, "memory.max", O_RDWR) = 6 [ 257.260099][ T5834] sock 0 [ 257.260099][ T5834] vmalloc 0 [ 257.260099][ T5834] shmem 0 [ 257.260099][ T5834] zswap 0 [ 257.260099][ T5834] zswapped 0 [ 257.260099][ T5834] file_mapped 0 [ 257.260099][ T5834] file_dirty 0 [ 257.260099][ T5834] file_writeback 0 [ 257.260099][ T5834] swapcached 0 [ 257.260099][ T5834] anon_thp 0 [ 257.260099][ T5834] file_thp 0 [ 257.260099][ T5834] shmem_thp 0 [ 257.260099][ T5834] inactive_anon 0 [ 257.260099][ T5834] active_anon 0 [ 257.260099][ T5834] inactive_file 0 [ 257.260099][ T5834] active_file 0 [ 257.260099][ T5834] unevictable 0 [ 257.260099][ T5834] slab_reclaimable 6752 [ 257.260099][ T5834] slab_unreclaimable 0 [ 257.260099][ T5834] slab 6752 [ 257.260099][ T5834] workingset_refault_anon 0 [ 257.260099][ T5834] workingset_refault_file 0 [ 257.260099][ T5834] workingset_activate_anon 0 [ 257.260099][ T5834] workingset_activate_file 0 [ 257.260099][ T5834] workingset_restore_anon 0 [ 257.260099][ T5834] workingset_restore_file 0 [ 257.260099][ T5834] workingset_nodereclaim 0 [ 257.260099][ T5834] pgscan 831 [ 257.260099][ T5834] pgsteal 2 [ 257.260099][ T5834] pgscan_kswapd 0 [ 257.260099][ T5834] pgscan_direct 831 [ 257.260099][ T5834] pgscan_khugepaged 0 [ 257.260099][ T5834] pgsteal_kswapd 0 [ 257.260099][ T5834] pgsteal_direct 2 [ 257.260099][ T5834] pgsteal_khugepaged 0 [ 257.260099][ T5834] pgfault 21 [ 257.260099][ T5834] pgmajfault 0 [ 257.260099][ T5834] pgrefill 830 [ 257.260099][ T5834] pgactivate 829 [ 257.260099][ T5834] pgdeactivate 830 [ 257.260099][ T5834] pglazyfree 0 [ 257.260099][ T5834] pglazyfreed 0 [ 257.260099][ T5834] zswpin 0 [ 257.260099][ T5834] zswpout 0 [pid 5838] write(6, "0x000000000000040e", 18 [pid 5834] <... write resumed>) = 18 [ 257.260099][ T5834] thp_fault_alloc 0 [ 257.260099][ T5834] thp_collapse_alloc 0 [ 257.452341][ T5834] Tasks state (memory values in pages): [ 257.457952][ T5834] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 257.467574][ T5834] Out of memory and no killable processes... [ 257.473797][ T5835] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5834] close(3) = 0 [pid 5834] close(4) = 0 [pid 5834] close(5) = 0 [pid 5834] close(6) = 0 [pid 5834] close(7) = -1 EBADF (Bad file descriptor) [pid 5834] close(8) = -1 EBADF (Bad file descriptor) [pid 5834] close(9) = -1 EBADF (Bad file descriptor) [pid 5834] close(10) = -1 EBADF (Bad file descriptor) [pid 5834] close(11) = -1 EBADF (Bad file descriptor) [pid 5834] close(12) = -1 EBADF (Bad file descriptor) [pid 5834] close(13) = -1 EBADF (Bad file descriptor) [pid 5834] close(14) = -1 EBADF (Bad file descriptor) [pid 5834] close(15) = -1 EBADF (Bad file descriptor) [pid 5834] close(16) = -1 EBADF (Bad file descriptor) [pid 5834] close(17) = -1 EBADF (Bad file descriptor) [pid 5834] close(18) = -1 EBADF (Bad file descriptor) [ 257.484410][ T5835] CPU: 1 PID: 5835 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 257.494383][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 257.504503][ T5835] Call Trace: [ 257.507834][ T5835] [ 257.510816][ T5835] dump_stack_lvl+0x136/0x150 [ 257.515574][ T5835] dump_header+0x10a/0xd70 [ 257.520064][ T5835] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 257.526245][ T5835] out_of_memory+0xd64/0x1660 [ 257.531011][ T5835] ? oom_killer_disable+0x2b0/0x2b0 [pid 5834] close(19) = -1 EBADF (Bad file descriptor) [pid 5834] close(20) = -1 EBADF (Bad file descriptor) [pid 5834] close(21) = -1 EBADF (Bad file descriptor) [pid 5834] close(22) = -1 EBADF (Bad file descriptor) [pid 5834] close(23) = -1 EBADF (Bad file descriptor) [pid 5834] close(24) = -1 EBADF (Bad file descriptor) [pid 5834] close(25) = -1 EBADF (Bad file descriptor) [pid 5834] close(26) = -1 EBADF (Bad file descriptor) [pid 5834] close(27) = -1 EBADF (Bad file descriptor) [pid 5834] close(28) = -1 EBADF (Bad file descriptor) [pid 5834] close(29) = -1 EBADF (Bad file descriptor) [pid 5834] exit_group(0) = ? [pid 5834] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [ 257.536293][ T5835] ? find_held_lock+0x2d/0x110 [ 257.541134][ T5835] mem_cgroup_out_of_memory+0x206/0x270 [ 257.546769][ T5835] ? mem_cgroup_margin+0x130/0x130 [ 257.551965][ T5835] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 257.557852][ T5835] memory_max_write+0x2f9/0x3c0 [ 257.562783][ T5835] ? mem_cgroup_force_empty_write+0x160/0x160 [ 257.568953][ T5835] ? lock_sync+0x190/0x190 [ 257.573453][ T5835] cgroup_file_write+0x1e2/0x7b0 [ 257.578484][ T5835] ? mem_cgroup_force_empty_write+0x160/0x160 [ 257.584643][ T5835] ? kill_css+0x3b0/0x3b0 [pid 5089] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 257.589061][ T5835] ? lock_acquire+0x32/0xc0 [ 257.593642][ T5835] ? kill_css+0x3b0/0x3b0 [ 257.598023][ T5835] kernfs_fop_write_iter+0x3f1/0x600 [ 257.603362][ T5835] vfs_write+0x9ed/0xe10 [ 257.607659][ T5835] ? kernel_write+0x670/0x670 [ 257.612390][ T5835] ? find_held_lock+0x2d/0x110 [ 257.617204][ T5835] ? __fget_light+0x20a/0x270 [ 257.621933][ T5835] ksys_write+0x12b/0x250 [ 257.626314][ T5835] ? __ia32_sys_read+0xb0/0xb0 [ 257.631122][ T5835] ? lockdep_hardirqs_on+0x7d/0x100 [ 257.636356][ T5835] ? _raw_spin_unlock_irq+0x2e/0x50 [ 257.641612][ T5835] ? ptrace_notify+0xfe/0x140 [ 257.646336][ T5835] do_syscall_64+0x39/0xb0 [ 257.650803][ T5835] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 257.656735][ T5835] RIP: 0033:0x7faecf034129 [ 257.661202][ T5835] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 257.680840][ T5835] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5089] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./59/binderfs") = 0 [pid 5089] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./59/cgroup") = 0 [pid 5089] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 257.689287][ T5835] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 257.697308][ T5835] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 257.705306][ T5835] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 257.713302][ T5835] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 257.721308][ T5835] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000003c [ 257.729327][ T5835] [pid 5089] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./59/cgroup.net") = 0 [pid 5089] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./59/file0") = 0 [ 257.773194][ T5835] memory: usage 8kB, limit 0kB, failcnt 36 [ 257.779127][ T5835] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 257.794825][ T5835] Memory cgroup stats for /syz1: [ 257.795103][ T5835] anon 0 [ 257.795103][ T5835] file 0 [ 257.795103][ T5835] kernel 8192 [ 257.795103][ T5835] kernel_stack 0 [ 257.795103][ T5835] pagetables 0 [ 257.795103][ T5835] sec_pagetables 0 [ 257.795103][ T5835] percpu 0 [ 257.795103][ T5835] sock 0 [ 257.795103][ T5835] vmalloc 0 [ 257.795103][ T5835] shmem 0 [ 257.795103][ T5835] zswap 0 [ 257.795103][ T5835] zswapped 0 [ 257.795103][ T5835] file_mapped 0 [ 257.795103][ T5835] file_dirty 0 [ 257.795103][ T5835] file_writeback 0 [ 257.795103][ T5835] swapcached 0 [ 257.795103][ T5835] anon_thp 0 [ 257.795103][ T5835] file_thp 0 [ 257.795103][ T5835] shmem_thp 0 [ 257.795103][ T5835] inactive_anon 0 [ 257.795103][ T5835] active_anon 0 [ 257.795103][ T5835] inactive_file 0 [ 257.795103][ T5835] active_file 0 [ 257.795103][ T5835] unevictable 0 [ 257.795103][ T5835] slab_reclaimable 6752 [ 257.795103][ T5835] slab_unreclaimable 0 [ 257.795103][ T5835] slab 6752 [ 257.795103][ T5835] workingset_refault_anon 0 [ 257.795103][ T5835] workingset_refault_file 0 [ 257.795103][ T5835] workingset_activate_anon 0 [ 257.795103][ T5835] workingset_activate_file 0 [ 257.795103][ T5835] workingset_restore_anon 0 [ 257.795103][ T5835] workingset_restore_file 0 [ 257.795103][ T5835] workingset_nodereclaim 0 [ 257.795103][ T5835] pgscan 831 [ 257.795103][ T5835] pgsteal 2 [ 257.795103][ T5835] pgscan_kswapd 0 [ 257.795103][ T5835] pgscan_direct 831 [ 257.795103][ T5835] pgscan_khugepaged 0 [ 257.795103][ T5835] pgsteal_kswapd 0 [ 257.795103][ T5835] pgsteal_direct 2 [ 257.795103][ T5835] pgsteal_khugepaged 0 [ 257.795103][ T5835] pgfault 21 [ 257.795103][ T5835] pgmajfault 0 [ 257.795103][ T5835] pgrefill 830 [ 257.795103][ T5835] pgactivate 829 [ 257.795103][ T5835] pgdeactivate 830 [ 257.795103][ T5835] pglazyfree 0 [ 257.795103][ T5835] pglazyfreed 0 [ 257.795103][ T5835] zswpin 0 [ 257.795103][ T5835] zswpout 0 [pid 5089] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./59/cgroup.cpu") = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./59") = 0 [pid 5089] mkdir("./60", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 62 ./strace-static-x86_64: Process 5839 attached [ 257.795103][ T5835] thp_fault_alloc 0 [ 257.795103][ T5835] thp_collapse_alloc 0 [ 257.987773][ T5835] Tasks state (memory values in pages): [ 258.001067][ T5835] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 258.010923][ T5835] Out of memory and no killable processes... [pid 5839] chdir("./60" [pid 5835] <... write resumed>) = 18 [pid 5839] <... chdir resumed>) = 0 [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] setpgid(0, 0) = 0 [pid 5839] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5839] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5839] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5839] write(3, "1000", 4) = 4 [pid 5839] close(3) = 0 [pid 5839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] mkdir("./file0", 000) = 0 [pid 5839] open("./file0", O_RDONLY) = 3 [pid 5839] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5839] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 258.017340][ T5836] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 258.028337][ T5836] CPU: 1 PID: 5836 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 258.038309][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 258.048433][ T5836] Call Trace: [ 258.051780][ T5836] [ 258.054775][ T5836] dump_stack_lvl+0x136/0x150 [ 258.059538][ T5836] dump_header+0x10a/0xd70 [ 258.064040][ T5836] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [pid 5839] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5839] openat(5, "memory.max", O_RDWR) = 6 [pid 5839] write(6, "0x000000000000040e", 18 [pid 5835] close(3) = 0 [pid 5835] close(4) = 0 [pid 5835] close(5) = 0 [pid 5835] close(6) = 0 [pid 5835] close(7) = -1 EBADF (Bad file descriptor) [pid 5835] close(8) = -1 EBADF (Bad file descriptor) [pid 5835] close(9) = -1 EBADF (Bad file descriptor) [pid 5835] close(10) = -1 EBADF (Bad file descriptor) [pid 5835] close(11) = -1 EBADF (Bad file descriptor) [ 258.070206][ T5836] out_of_memory+0xd64/0x1660 [ 258.074990][ T5836] ? oom_killer_disable+0x2b0/0x2b0 [ 258.080265][ T5836] ? find_held_lock+0x2d/0x110 [ 258.085090][ T5836] mem_cgroup_out_of_memory+0x206/0x270 [ 258.090717][ T5836] ? mem_cgroup_margin+0x130/0x130 [ 258.095902][ T5836] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 258.101811][ T5836] memory_max_write+0x2f9/0x3c0 [ 258.106746][ T5836] ? mem_cgroup_force_empty_write+0x160/0x160 [ 258.112893][ T5836] ? lock_sync+0x190/0x190 [ 258.117387][ T5836] cgroup_file_write+0x1e2/0x7b0 [pid 5835] close(12) = -1 EBADF (Bad file descriptor) [pid 5835] close(13) = -1 EBADF (Bad file descriptor) [pid 5835] close(14) = -1 EBADF (Bad file descriptor) [ 258.122420][ T5836] ? mem_cgroup_force_empty_write+0x160/0x160 [ 258.128571][ T5836] ? kill_css+0x3b0/0x3b0 [ 258.132973][ T5836] ? lock_acquire+0x32/0xc0 [ 258.137560][ T5836] ? kill_css+0x3b0/0x3b0 [ 258.141938][ T5836] kernfs_fop_write_iter+0x3f1/0x600 [ 258.147274][ T5836] vfs_write+0x9ed/0xe10 [ 258.151659][ T5836] ? kernel_write+0x670/0x670 [ 258.156387][ T5836] ? find_held_lock+0x2d/0x110 [ 258.161192][ T5836] ? __fget_light+0x20a/0x270 [ 258.165912][ T5836] ksys_write+0x12b/0x250 [ 258.170295][ T5836] ? __ia32_sys_read+0xb0/0xb0 [ 258.175104][ T5836] ? lockdep_hardirqs_on+0x7d/0x100 [ 258.180345][ T5836] ? _raw_spin_unlock_irq+0x2e/0x50 [ 258.185641][ T5836] ? ptrace_notify+0xfe/0x140 [ 258.190361][ T5836] do_syscall_64+0x39/0xb0 [ 258.194826][ T5836] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 258.200763][ T5836] RIP: 0033:0x7faecf034129 [ 258.205198][ T5836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 258.224842][ T5836] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 258.233286][ T5836] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 258.241283][ T5836] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 258.249293][ T5836] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 258.257304][ T5836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 258.265300][ T5836] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000003a [pid 5835] close(15) = -1 EBADF (Bad file descriptor) [pid 5835] close(16) = -1 EBADF (Bad file descriptor) [pid 5835] close(17) = -1 EBADF (Bad file descriptor) [pid 5835] close(18) = -1 EBADF (Bad file descriptor) [pid 5835] close(19) = -1 EBADF (Bad file descriptor) [pid 5835] close(20) = -1 EBADF (Bad file descriptor) [pid 5835] close(21) = -1 EBADF (Bad file descriptor) [pid 5835] close(22) = -1 EBADF (Bad file descriptor) [pid 5835] close(23) = -1 EBADF (Bad file descriptor) [pid 5835] close(24) = -1 EBADF (Bad file descriptor) [pid 5835] close(25) = -1 EBADF (Bad file descriptor) [pid 5835] close(26) = -1 EBADF (Bad file descriptor) [pid 5835] close(27) = -1 EBADF (Bad file descriptor) [pid 5835] close(28) = -1 EBADF (Bad file descriptor) [pid 5835] close(29) = -1 EBADF (Bad file descriptor) [pid 5835] exit_group(0) = ? [pid 5835] +++ exited with 0 +++ [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5090] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [ 258.273322][ T5836] [ 258.277502][ T5836] memory: usage 8kB, limit 0kB, failcnt 36 [ 258.289858][ T5836] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 258.302867][ T5836] Memory cgroup stats for /syz1: [ 258.303152][ T5836] anon 0 [ 258.303152][ T5836] file 0 [ 258.303152][ T5836] kernel 8192 [ 258.303152][ T5836] kernel_stack 0 [ 258.303152][ T5836] pagetables 0 [pid 5090] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./60/binderfs") = 0 [pid 5090] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./60/cgroup") = 0 [pid 5090] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./60/cgroup.net") = 0 [ 258.303152][ T5836] sec_pagetables 0 [ 258.303152][ T5836] percpu 0 [ 258.303152][ T5836] sock 0 [ 258.303152][ T5836] vmalloc 0 [ 258.303152][ T5836] shmem 0 [ 258.303152][ T5836] zswap 0 [ 258.303152][ T5836] zswapped 0 [ 258.303152][ T5836] file_mapped 0 [ 258.303152][ T5836] file_dirty 0 [ 258.303152][ T5836] file_writeback 0 [ 258.303152][ T5836] swapcached 0 [ 258.303152][ T5836] anon_thp 0 [ 258.303152][ T5836] file_thp 0 [ 258.303152][ T5836] shmem_thp 0 [ 258.303152][ T5836] inactive_anon 0 [ 258.303152][ T5836] active_anon 0 [ 258.303152][ T5836] inactive_file 0 [ 258.303152][ T5836] active_file 0 [ 258.303152][ T5836] unevictable 0 [ 258.303152][ T5836] slab_reclaimable 6752 [ 258.303152][ T5836] slab_unreclaimable 0 [ 258.303152][ T5836] slab 6752 [ 258.303152][ T5836] workingset_refault_anon 0 [ 258.303152][ T5836] workingset_refault_file 0 [ 258.303152][ T5836] workingset_activate_anon 0 [ 258.303152][ T5836] workingset_activate_file 0 [ 258.303152][ T5836] workingset_restore_anon 0 [ 258.303152][ T5836] workingset_restore_file 0 [ 258.303152][ T5836] workingset_nodereclaim 0 [ 258.303152][ T5836] pgscan 831 [ 258.303152][ T5836] pgsteal 2 [ 258.303152][ T5836] pgscan_kswapd 0 [ 258.303152][ T5836] pgscan_direct 831 [ 258.303152][ T5836] pgscan_khugepaged 0 [ 258.303152][ T5836] pgsteal_kswapd 0 [ 258.303152][ T5836] pgsteal_direct 2 [ 258.303152][ T5836] pgsteal_khugepaged 0 [ 258.303152][ T5836] pgfault 21 [ 258.303152][ T5836] pgmajfault 0 [ 258.303152][ T5836] pgrefill 830 [ 258.303152][ T5836] pgactivate 829 [ 258.303152][ T5836] pgdeactivate 830 [ 258.303152][ T5836] pglazyfree 0 [ 258.303152][ T5836] pglazyfreed 0 [pid 5090] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5090] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./60/file0") = 0 [pid 5090] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./60/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [ 258.303152][ T5836] zswpin 0 [ 258.303152][ T5836] zswpout 0 [ 258.303152][ T5836] thp_fault_alloc 0 [ 258.303152][ T5836] thp_collapse_alloc 0 [ 258.499315][ T5836] Tasks state (memory values in pages): [ 258.505879][ T5836] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 258.517477][ T5836] Out of memory and no killable processes... [pid 5090] rmdir("./60") = 0 [pid 5836] <... write resumed>) = 18 [pid 5090] mkdir("./61", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 63 [pid 5836] close(3) = 0 [pid 5836] close(4) = 0 [pid 5836] close(5) = 0 [pid 5836] close(6) = 0 [pid 5836] close(7) = -1 EBADF (Bad file descriptor) [pid 5836] close(8) = -1 EBADF (Bad file descriptor) [pid 5836] close(9) = -1 EBADF (Bad file descriptor) [pid 5836] close(10) = -1 EBADF (Bad file descriptor) [pid 5836] close(11) = -1 EBADF (Bad file descriptor) [pid 5836] close(12) = -1 EBADF (Bad file descriptor) [pid 5836] close(13) = -1 EBADF (Bad file descriptor) [pid 5836] close(14) = -1 EBADF (Bad file descriptor) [pid 5836] close(15) = -1 EBADF (Bad file descriptor) [pid 5836] close(16) = -1 EBADF (Bad file descriptor) [ 258.524480][ T5837] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 258.536327][ T5837] CPU: 0 PID: 5837 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 258.546297][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 258.556415][ T5837] Call Trace: [ 258.559750][ T5837] [ 258.562732][ T5837] dump_stack_lvl+0x136/0x150 [ 258.567493][ T5837] dump_header+0x10a/0xd70 [pid 5836] close(17) = -1 EBADF (Bad file descriptor) [pid 5836] close(18) = -1 EBADF (Bad file descriptor) [pid 5836] close(19) = -1 EBADF (Bad file descriptor) [pid 5836] close(20) = -1 EBADF (Bad file descriptor) [pid 5836] close(21) = -1 EBADF (Bad file descriptor) [pid 5836] close(22) = -1 EBADF (Bad file descriptor) [pid 5836] close(23) = -1 EBADF (Bad file descriptor) [pid 5836] close(24) = -1 EBADF (Bad file descriptor) [pid 5836] close(25) = -1 EBADF (Bad file descriptor) [pid 5836] close(26) = -1 EBADF (Bad file descriptor) [pid 5836] close(27) = -1 EBADF (Bad file descriptor) [pid 5836] close(28) = -1 EBADF (Bad file descriptor) [pid 5836] close(29) = -1 EBADF (Bad file descriptor) [pid 5836] exit_group(0) = ? [pid 5836] +++ exited with 0 +++ [ 258.571974][ T5837] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 258.578138][ T5837] out_of_memory+0xd64/0x1660 [ 258.582908][ T5837] ? oom_killer_disable+0x2b0/0x2b0 [ 258.588208][ T5837] mem_cgroup_out_of_memory+0x206/0x270 [ 258.593844][ T5837] ? mem_cgroup_margin+0x130/0x130 [ 258.599065][ T5837] memory_max_write+0x2f9/0x3c0 [ 258.603998][ T5837] ? mem_cgroup_force_empty_write+0x160/0x160 [ 258.610122][ T5837] ? lock_sync+0x190/0x190 [ 258.614592][ T5837] cgroup_file_write+0x1e2/0x7b0 [ 258.619580][ T5837] ? mem_cgroup_force_empty_write+0x160/0x160 [ 258.625693][ T5837] ? kill_css+0x3b0/0x3b0 [ 258.630068][ T5837] ? lock_acquire+0x32/0xc0 [ 258.634616][ T5837] ? kill_css+0x3b0/0x3b0 [ 258.639007][ T5837] kernfs_fop_write_iter+0x3f1/0x600 [ 258.644343][ T5837] vfs_write+0x9ed/0xe10 [ 258.648648][ T5837] ? kernel_write+0x670/0x670 [ 258.653374][ T5837] ? find_held_lock+0x2d/0x110 [ 258.658186][ T5837] ? __fget_light+0x20a/0x270 [ 258.662916][ T5837] ksys_write+0x12b/0x250 [ 258.667295][ T5837] ? __ia32_sys_read+0xb0/0xb0 [ 258.672102][ T5837] ? lockdep_hardirqs_on+0x7d/0x100 [ 258.677336][ T5837] ? _raw_spin_unlock_irq+0x2e/0x50 [ 258.682579][ T5837] ? ptrace_notify+0xfe/0x140 [ 258.687300][ T5837] do_syscall_64+0x39/0xb0 [ 258.691766][ T5837] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 258.697698][ T5837] RIP: 0033:0x7faecf034129 [ 258.702153][ T5837] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- ./strace-static-x86_64: Process 5840 attached [pid 5087] restart_syscall(<... resuming interrupted clone ...> [pid 5840] chdir("./61" [pid 5087] <... restart_syscall resumed>) = 0 [pid 5840] <... chdir resumed>) = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5840] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5087] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5840] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [ 258.721793][ T5837] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 258.730240][ T5837] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 258.738237][ T5837] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 258.746236][ T5837] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 258.754231][ T5837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 258.762225][ T5837] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000039 [ 258.770246][ T5837] [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] <... openat resumed>) = 3 [pid 5840] mkdir("./file0", 000 [pid 5087] fstat(3, [pid 5840] <... mkdir resumed>) = 0 [pid 5087] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5840] open("./file0", O_RDONLY [pid 5087] getdents64(3, [pid 5840] <... open resumed>) = 3 [pid 5087] <... getdents64 resumed>0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5840] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5087] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5087] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5840] openat(5, "memory.max", O_RDWR) = 6 [pid 5087] lstat("./58/binderfs", [pid 5840] write(6, "0x000000000000040e", 18 [pid 5087] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./58/binderfs") = 0 [pid 5087] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./58/cgroup") = 0 [pid 5087] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./58/cgroup.net") = 0 [pid 5087] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5087] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5087] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5087] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5087] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5087] close(4) = 0 [ 258.813949][ T5837] memory: usage 8kB, limit 0kB, failcnt 36 [ 258.851196][ T5837] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5087] rmdir("./58/file0") = 0 [pid 5087] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./58/cgroup.cpu") = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5087] close(3) = 0 [pid 5087] rmdir("./58") = 0 [pid 5087] mkdir("./59", 0777) = 0 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 61 [ 258.860183][ T5837] Memory cgroup stats for /syz1: [ 258.860469][ T5837] anon 0 [ 258.860469][ T5837] file 0 [ 258.860469][ T5837] kernel 8192 [ 258.860469][ T5837] kernel_stack 0 [ 258.860469][ T5837] pagetables 0 [ 258.860469][ T5837] sec_pagetables 0 [ 258.860469][ T5837] percpu 0 [ 258.860469][ T5837] sock 0 [ 258.860469][ T5837] vmalloc 0 [ 258.860469][ T5837] shmem 0 [ 258.860469][ T5837] zswap 0 [ 258.860469][ T5837] zswapped 0 [ 258.860469][ T5837] file_mapped 0 [ 258.860469][ T5837] file_dirty 0 [ 258.860469][ T5837] file_writeback 0 ./strace-static-x86_64: Process 5841 attached [pid 5841] chdir("./59") = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5841] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5841] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] mkdir("./file0", 000) = 0 [pid 5841] open("./file0", O_RDONLY) = 3 [pid 5841] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 258.860469][ T5837] swapcached 0 [ 258.860469][ T5837] anon_thp 0 [ 258.860469][ T5837] file_thp 0 [ 258.860469][ T5837] shmem_thp 0 [ 258.860469][ T5837] inactive_anon 0 [ 258.860469][ T5837] active_anon 0 [ 258.860469][ T5837] inactive_file 0 [ 258.860469][ T5837] active_file 0 [ 258.860469][ T5837] unevictable 0 [ 258.860469][ T5837] slab_reclaimable 6752 [ 258.860469][ T5837] slab_unreclaimable 0 [ 258.860469][ T5837] slab 6752 [ 258.860469][ T5837] workingset_refault_anon 0 [ 258.860469][ T5837] workingset_refault_file 0 [ 258.860469][ T5837] workingset_activate_anon 0 [ 258.860469][ T5837] workingset_activate_file 0 [ 258.860469][ T5837] workingset_restore_anon 0 [ 258.860469][ T5837] workingset_restore_file 0 [ 258.860469][ T5837] workingset_nodereclaim 0 [ 258.860469][ T5837] pgscan 831 [ 258.860469][ T5837] pgsteal 2 [ 258.860469][ T5837] pgscan_kswapd 0 [ 258.860469][ T5837] pgscan_direct 831 [ 258.860469][ T5837] pgscan_khugepaged 0 [ 258.860469][ T5837] pgsteal_kswapd 0 [ 258.860469][ T5837] pgsteal_direct 2 [ 258.860469][ T5837] pgsteal_khugepaged 0 [ 258.860469][ T5837] pgfault 21 [pid 5841] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5841] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5841] openat(5, "memory.max", O_RDWR) = 6 [ 258.860469][ T5837] pgmajfault 0 [ 258.860469][ T5837] pgrefill 830 [ 258.860469][ T5837] pgactivate 829 [ 258.860469][ T5837] pgdeactivate 830 [ 258.860469][ T5837] pglazyfree 0 [ 258.860469][ T5837] pglazyfreed 0 [ 258.860469][ T5837] zswpin 0 [ 258.860469][ T5837] zswpout 0 [ 258.860469][ T5837] thp_fault_alloc 0 [ 258.860469][ T5837] thp_collapse_alloc 0 [pid 5841] write(6, "0x000000000000040e", 18 [pid 5837] <... write resumed>) = 18 [pid 5837] close(3) = 0 [pid 5837] close(4) = 0 [pid 5837] close(5) = 0 [ 259.068945][ T5837] Tasks state (memory values in pages): [ 259.075005][ T5837] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 259.086461][ T5837] Out of memory and no killable processes... [ 259.094183][ T5838] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 259.105950][ T5838] CPU: 0 PID: 5838 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5837] close(6) = 0 [pid 5837] close(7) = -1 EBADF (Bad file descriptor) [pid 5837] close(8) = -1 EBADF (Bad file descriptor) [pid 5837] close(9) = -1 EBADF (Bad file descriptor) [pid 5837] close(10) = -1 EBADF (Bad file descriptor) [pid 5837] close(11) = -1 EBADF (Bad file descriptor) [pid 5837] close(12) = -1 EBADF (Bad file descriptor) [pid 5837] close(13) = -1 EBADF (Bad file descriptor) [pid 5837] close(14) = -1 EBADF (Bad file descriptor) [pid 5837] close(15) = -1 EBADF (Bad file descriptor) [pid 5837] close(16) = -1 EBADF (Bad file descriptor) [pid 5837] close(17) = -1 EBADF (Bad file descriptor) [pid 5837] close(18) = -1 EBADF (Bad file descriptor) [pid 5837] close(19) = -1 EBADF (Bad file descriptor) [pid 5837] close(20) = -1 EBADF (Bad file descriptor) [pid 5837] close(21) = -1 EBADF (Bad file descriptor) [ 259.115920][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 259.126032][ T5838] Call Trace: [ 259.129354][ T5838] [ 259.132333][ T5838] dump_stack_lvl+0x136/0x150 [ 259.137087][ T5838] dump_header+0x10a/0xd70 [ 259.141576][ T5838] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 259.147737][ T5838] out_of_memory+0xd64/0x1660 [ 259.152496][ T5838] ? oom_killer_disable+0x2b0/0x2b0 [ 259.157787][ T5838] mem_cgroup_out_of_memory+0x206/0x270 [ 259.163413][ T5838] ? mem_cgroup_margin+0x130/0x130 [pid 5837] close(22) = -1 EBADF (Bad file descriptor) [pid 5837] close(23) = -1 EBADF (Bad file descriptor) [pid 5837] close(24) = -1 EBADF (Bad file descriptor) [pid 5837] close(25) = -1 EBADF (Bad file descriptor) [pid 5837] close(26) = -1 EBADF (Bad file descriptor) [ 259.168623][ T5838] memory_max_write+0x2f9/0x3c0 [ 259.173562][ T5838] ? mem_cgroup_force_empty_write+0x160/0x160 [ 259.179714][ T5838] ? lock_sync+0x190/0x190 [ 259.184204][ T5838] cgroup_file_write+0x1e2/0x7b0 [ 259.189185][ T5838] ? mem_cgroup_force_empty_write+0x160/0x160 [ 259.195300][ T5838] ? kill_css+0x3b0/0x3b0 [ 259.199696][ T5838] ? lock_acquire+0x32/0xc0 [ 259.204243][ T5838] ? kill_css+0x3b0/0x3b0 [ 259.208613][ T5838] kernfs_fop_write_iter+0x3f1/0x600 [ 259.213948][ T5838] vfs_write+0x9ed/0xe10 [ 259.218238][ T5838] ? kernel_write+0x670/0x670 [ 259.222962][ T5838] ? find_held_lock+0x2d/0x110 [ 259.227769][ T5838] ? __fget_light+0x20a/0x270 [ 259.232496][ T5838] ksys_write+0x12b/0x250 [ 259.236892][ T5838] ? __ia32_sys_read+0xb0/0xb0 [ 259.241701][ T5838] ? lockdep_hardirqs_on+0x7d/0x100 [ 259.246936][ T5838] ? _raw_spin_unlock_irq+0x2e/0x50 [ 259.252174][ T5838] ? ptrace_notify+0xfe/0x140 [ 259.256895][ T5838] do_syscall_64+0x39/0xb0 [ 259.261385][ T5838] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 259.267323][ T5838] RIP: 0033:0x7faecf034129 [ 259.271787][ T5838] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 259.291427][ T5838] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 259.299877][ T5838] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 259.307875][ T5838] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5837] close(27) = -1 EBADF (Bad file descriptor) [ 259.315873][ T5838] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 259.323872][ T5838] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 259.331878][ T5838] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 0000000000000039 [ 259.339903][ T5838] [ 259.351009][ T5838] memory: usage 8kB, limit 0kB, failcnt 36 [ 259.357018][ T5838] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 259.364504][ T5838] Memory cgroup stats for /syz1: [pid 5837] close(28) = -1 EBADF (Bad file descriptor) [pid 5837] close(29) = -1 EBADF (Bad file descriptor) [pid 5837] exit_group(0) = ? [pid 5837] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5086] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5086] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./57/binderfs") = 0 [pid 5086] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5086] unlink("./57/cgroup") = 0 [pid 5086] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./57/cgroup.net") = 0 [ 259.364879][ T5838] anon 0 [ 259.364879][ T5838] file 0 [ 259.364879][ T5838] kernel 8192 [ 259.364879][ T5838] kernel_stack 0 [ 259.364879][ T5838] pagetables 0 [ 259.364879][ T5838] sec_pagetables 0 [ 259.364879][ T5838] percpu 0 [ 259.364879][ T5838] sock 0 [ 259.364879][ T5838] vmalloc 0 [ 259.364879][ T5838] shmem 0 [ 259.364879][ T5838] zswap 0 [ 259.364879][ T5838] zswapped 0 [ 259.364879][ T5838] file_mapped 0 [ 259.364879][ T5838] file_dirty 0 [ 259.364879][ T5838] file_writeback 0 [ 259.364879][ T5838] swapcached 0 [ 259.364879][ T5838] anon_thp 0 [ 259.364879][ T5838] file_thp 0 [ 259.364879][ T5838] shmem_thp 0 [ 259.364879][ T5838] inactive_anon 0 [ 259.364879][ T5838] active_anon 0 [ 259.364879][ T5838] inactive_file 0 [ 259.364879][ T5838] active_file 0 [ 259.364879][ T5838] unevictable 0 [ 259.364879][ T5838] slab_reclaimable 6752 [ 259.364879][ T5838] slab_unreclaimable 0 [ 259.364879][ T5838] slab 6752 [ 259.364879][ T5838] workingset_refault_anon 0 [ 259.364879][ T5838] workingset_refault_file 0 [ 259.364879][ T5838] workingset_activate_anon 0 [ 259.364879][ T5838] workingset_activate_file 0 [ 259.364879][ T5838] workingset_restore_anon 0 [ 259.364879][ T5838] workingset_restore_file 0 [ 259.364879][ T5838] workingset_nodereclaim 0 [ 259.364879][ T5838] pgscan 831 [ 259.364879][ T5838] pgsteal 2 [ 259.364879][ T5838] pgscan_kswapd 0 [ 259.364879][ T5838] pgscan_direct 831 [ 259.364879][ T5838] pgscan_khugepaged 0 [ 259.364879][ T5838] pgsteal_kswapd 0 [ 259.364879][ T5838] pgsteal_direct 2 [ 259.364879][ T5838] pgsteal_khugepaged 0 [ 259.364879][ T5838] pgfault 21 [ 259.364879][ T5838] pgmajfault 0 [pid 5086] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5086] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 259.364879][ T5838] pgrefill 830 [ 259.364879][ T5838] pgactivate 829 [ 259.364879][ T5838] pgdeactivate 830 [ 259.364879][ T5838] pglazyfree 0 [ 259.364879][ T5838] pglazyfreed 0 [ 259.364879][ T5838] zswpin 0 [ 259.364879][ T5838] zswpout 0 [ 259.364879][ T5838] thp_fault_alloc 0 [ 259.364879][ T5838] thp_collapse_alloc 0 [ 259.558204][ T5838] Tasks state (memory values in pages): [pid 5086] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5838] <... write resumed>) = 18 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./57/file0") = 0 [pid 5086] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5086] unlink("./57/cgroup.cpu") = 0 [pid 5086] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./57") = 0 [pid 5838] close(3 [pid 5086] mkdir("./58", 0777 [pid 5838] <... close resumed>) = 0 [pid 5838] close(4 [pid 5086] <... mkdir resumed>) = 0 [ 259.565777][ T5838] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 259.576659][ T5838] Out of memory and no killable processes... [ 259.591163][ T5839] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 259.605101][ T5839] CPU: 1 PID: 5839 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [pid 5838] <... close resumed>) = 0 [pid 5838] close(5) = 0 [pid 5838] close(6) = 0 [pid 5838] close(7) = -1 EBADF (Bad file descriptor) [pid 5838] close(8) = -1 EBADF (Bad file descriptor) [pid 5838] close(9) = -1 EBADF (Bad file descriptor) [pid 5838] close(10) = -1 EBADF (Bad file descriptor) [pid 5838] close(11) = -1 EBADF (Bad file descriptor) [pid 5838] close(12) = -1 EBADF (Bad file descriptor) [pid 5838] close(13) = -1 EBADF (Bad file descriptor) [pid 5838] close(14) = -1 EBADF (Bad file descriptor) [pid 5838] close(15) = -1 EBADF (Bad file descriptor) [pid 5838] close(16) = -1 EBADF (Bad file descriptor) [pid 5838] close(17) = -1 EBADF (Bad file descriptor) [pid 5838] close(18) = -1 EBADF (Bad file descriptor) [pid 5838] close(19) = -1 EBADF (Bad file descriptor) [pid 5838] close(20) = -1 EBADF (Bad file descriptor) [pid 5838] close(21) = -1 EBADF (Bad file descriptor) [pid 5838] close(22) = -1 EBADF (Bad file descriptor) [pid 5838] close(23) = -1 EBADF (Bad file descriptor) [pid 5838] close(24) = -1 EBADF (Bad file descriptor) [pid 5838] close(25) = -1 EBADF (Bad file descriptor) [pid 5838] close(26) = -1 EBADF (Bad file descriptor) [pid 5838] close(27) = -1 EBADF (Bad file descriptor) [pid 5838] close(28) = -1 EBADF (Bad file descriptor) [pid 5838] close(29) = -1 EBADF (Bad file descriptor) [pid 5838] exit_group(0) = ? [pid 5838] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5085] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5085] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./57/binderfs") = 0 [pid 5085] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5085] unlink("./57/cgroup") = 0 [pid 5085] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./57/cgroup.net") = 0 [pid 5085] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 60 ./strace-static-x86_64: Process 5842 attached [pid 5842] chdir("./58") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 259.615088][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 259.625195][ T5839] Call Trace: [ 259.628515][ T5839] [ 259.631493][ T5839] dump_stack_lvl+0x136/0x150 [ 259.636248][ T5839] dump_header+0x10a/0xd70 [ 259.640738][ T5839] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 259.646900][ T5839] out_of_memory+0xd64/0x1660 [ 259.651698][ T5839] ? oom_killer_disable+0x2b0/0x2b0 [ 259.656985][ T5839] ? find_held_lock+0x2d/0x110 [ 259.661820][ T5839] mem_cgroup_out_of_memory+0x206/0x270 [pid 5842] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5842] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] mkdir("./file0", 000) = 0 [pid 5842] open("./file0", O_RDONLY) = 3 [pid 5842] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5842] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5842] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5842] openat(5, "memory.max", O_RDWR) = 6 [ 259.667439][ T5839] ? mem_cgroup_margin+0x130/0x130 [ 259.672638][ T5839] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 259.678543][ T5839] memory_max_write+0x2f9/0x3c0 [ 259.683484][ T5839] ? mem_cgroup_force_empty_write+0x160/0x160 [ 259.689638][ T5839] ? mark_held_locks+0x9f/0xe0 [ 259.694478][ T5839] cgroup_file_write+0x1e2/0x7b0 [ 259.699496][ T5839] ? mem_cgroup_force_empty_write+0x160/0x160 [ 259.705640][ T5839] ? kill_css+0x3b0/0x3b0 [ 259.710071][ T5839] ? kill_css+0x3b0/0x3b0 [ 259.714473][ T5839] kernfs_fop_write_iter+0x3f1/0x600 [ 259.719837][ T5839] vfs_write+0x9ed/0xe10 [ 259.724163][ T5839] ? kernel_write+0x670/0x670 [ 259.728927][ T5839] ? find_held_lock+0x2d/0x110 [ 259.733793][ T5839] ? __fget_light+0x20a/0x270 [ 259.738557][ T5839] ksys_write+0x12b/0x250 [ 259.742967][ T5839] ? __ia32_sys_read+0xb0/0xb0 [ 259.747808][ T5839] ? lockdep_hardirqs_on+0x7d/0x100 [ 259.753052][ T5839] ? _raw_spin_unlock_irq+0x2e/0x50 [ 259.758296][ T5839] ? ptrace_notify+0xfe/0x140 [ 259.763073][ T5839] do_syscall_64+0x39/0xb0 [ 259.767578][ T5839] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 259.773530][ T5839] RIP: 0033:0x7faecf034129 [ 259.777995][ T5839] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 259.797660][ T5839] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 259.806159][ T5839] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 259.814166][ T5839] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 259.822186][ T5839] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 259.830207][ T5839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 259.838236][ T5839] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000003c [ 259.846268][ T5839] [ 259.855638][ T5839] memory: usage 8kB, limit 0kB, failcnt 36 [ 259.861516][ T5839] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5842] write(6, "0x000000000000040e", 18 [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./57/file0") = 0 [pid 5085] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5085] unlink("./57/cgroup.cpu") = 0 [pid 5085] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./57") = 0 [ 259.868658][ T5839] Memory cgroup stats for /syz1: [ 259.868888][ T5839] anon 0 [ 259.868888][ T5839] file 0 [ 259.868888][ T5839] kernel 8192 [ 259.868888][ T5839] kernel_stack 0 [ 259.868888][ T5839] pagetables 0 [ 259.868888][ T5839] sec_pagetables 0 [ 259.868888][ T5839] percpu 0 [ 259.868888][ T5839] sock 0 [ 259.868888][ T5839] vmalloc 0 [ 259.868888][ T5839] shmem 0 [ 259.868888][ T5839] zswap 0 [ 259.868888][ T5839] zswapped 0 [ 259.868888][ T5839] file_mapped 0 [ 259.868888][ T5839] file_dirty 0 [ 259.868888][ T5839] file_writeback 0 [pid 5085] mkdir("./58", 0777) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 60 [ 259.868888][ T5839] swapcached 0 [ 259.868888][ T5839] anon_thp 0 [ 259.868888][ T5839] file_thp 0 [ 259.868888][ T5839] shmem_thp 0 [ 259.868888][ T5839] inactive_anon 0 [ 259.868888][ T5839] active_anon 0 [ 259.868888][ T5839] inactive_file 0 [ 259.868888][ T5839] active_file 0 [ 259.868888][ T5839] unevictable 0 [ 259.868888][ T5839] slab_reclaimable 6752 [ 259.868888][ T5839] slab_unreclaimable 0 [ 259.868888][ T5839] slab 6752 [ 259.868888][ T5839] workingset_refault_anon 0 [ 259.868888][ T5839] workingset_refault_file 0 [ 259.868888][ T5839] workingset_activate_anon 0 [ 259.868888][ T5839] workingset_activate_file 0 [ 259.868888][ T5839] workingset_restore_anon 0 [ 259.868888][ T5839] workingset_restore_file 0 [ 259.868888][ T5839] workingset_nodereclaim 0 [ 259.868888][ T5839] pgscan 831 [ 259.868888][ T5839] pgsteal 2 [ 259.868888][ T5839] pgscan_kswapd 0 [ 259.868888][ T5839] pgscan_direct 831 [ 259.868888][ T5839] pgscan_khugepaged 0 [ 259.868888][ T5839] pgsteal_kswapd 0 [ 259.868888][ T5839] pgsteal_direct 2 [ 259.868888][ T5839] pgsteal_khugepaged 0 [ 259.868888][ T5839] pgfault 21 ./strace-static-x86_64: Process 5843 attached [pid 5843] chdir("./58") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5843] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5843] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [ 259.868888][ T5839] pgmajfault 0 [ 259.868888][ T5839] pgrefill 830 [ 259.868888][ T5839] pgactivate 829 [ 259.868888][ T5839] pgdeactivate 830 [ 259.868888][ T5839] pglazyfree 0 [ 259.868888][ T5839] pglazyfreed 0 [ 259.868888][ T5839] zswpin 0 [ 259.868888][ T5839] zswpout 0 [ 259.868888][ T5839] thp_fault_alloc 0 [ 259.868888][ T5839] thp_collapse_alloc 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5843] mkdir("./file0", 000) = 0 [pid 5843] open("./file0", O_RDONLY) = 3 [pid 5843] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5843] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5843] openat(5, "memory.max", O_RDWR) = 6 [pid 5843] write(6, "0x000000000000040e", 18 [pid 5839] <... write resumed>) = 18 [ 260.093536][ T5839] Tasks state (memory values in pages): [ 260.099261][ T5839] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 260.117631][ T5839] Out of memory and no killable processes... [ 260.125556][ T5840] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5839] close(3) = 0 [pid 5839] close(4) = 0 [pid 5839] close(5) = 0 [pid 5839] close(6) = 0 [pid 5839] close(7) = -1 EBADF (Bad file descriptor) [pid 5839] close(8) = -1 EBADF (Bad file descriptor) [pid 5839] close(9) = -1 EBADF (Bad file descriptor) [pid 5839] close(10) = -1 EBADF (Bad file descriptor) [pid 5839] close(11) = -1 EBADF (Bad file descriptor) [pid 5839] close(12) = -1 EBADF (Bad file descriptor) [pid 5839] close(13) = -1 EBADF (Bad file descriptor) [pid 5839] close(14) = -1 EBADF (Bad file descriptor) [ 260.144124][ T5840] CPU: 1 PID: 5840 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 260.154092][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 260.164192][ T5840] Call Trace: [ 260.167511][ T5840] [ 260.170491][ T5840] dump_stack_lvl+0x136/0x150 [ 260.175245][ T5840] dump_header+0x10a/0xd70 [ 260.179748][ T5840] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 260.185914][ T5840] out_of_memory+0xd64/0x1660 [ 260.190683][ T5840] ? oom_killer_disable+0x2b0/0x2b0 [ 260.195966][ T5840] mem_cgroup_out_of_memory+0x206/0x270 [ 260.201568][ T5840] ? mem_cgroup_margin+0x130/0x130 [ 260.206740][ T5840] memory_max_write+0x2f9/0x3c0 [ 260.211649][ T5840] ? mem_cgroup_force_empty_write+0x160/0x160 [ 260.217769][ T5840] ? lock_sync+0x190/0x190 [ 260.222228][ T5840] cgroup_file_write+0x1e2/0x7b0 [ 260.227218][ T5840] ? mem_cgroup_force_empty_write+0x160/0x160 [ 260.233334][ T5840] ? kill_css+0x3b0/0x3b0 [ 260.237708][ T5840] ? lock_acquire+0x32/0xc0 [ 260.242284][ T5840] ? kill_css+0x3b0/0x3b0 [ 260.246660][ T5840] kernfs_fop_write_iter+0x3f1/0x600 [ 260.251997][ T5840] vfs_write+0x9ed/0xe10 [ 260.256300][ T5840] ? kernel_write+0x670/0x670 [ 260.261044][ T5840] ? find_held_lock+0x2d/0x110 [ 260.265853][ T5840] ? __fget_light+0x20a/0x270 [ 260.270582][ T5840] ksys_write+0x12b/0x250 [ 260.274958][ T5840] ? __ia32_sys_read+0xb0/0xb0 [ 260.279765][ T5840] ? lockdep_hardirqs_on+0x7d/0x100 [ 260.285022][ T5840] ? _raw_spin_unlock_irq+0x2e/0x50 [ 260.290262][ T5840] ? ptrace_notify+0xfe/0x140 [ 260.295003][ T5840] do_syscall_64+0x39/0xb0 [ 260.299484][ T5840] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 260.305414][ T5840] RIP: 0033:0x7faecf034129 [ 260.309854][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 260.329497][ T5840] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 260.337942][ T5840] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 260.345942][ T5840] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 260.353942][ T5840] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 260.361942][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 260.369941][ T5840] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000003d [ 260.377961][ T5840] [ 260.388212][ T5840] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5839] close(15) = -1 EBADF (Bad file descriptor) [pid 5839] close(16) = -1 EBADF (Bad file descriptor) [pid 5839] close(17) = -1 EBADF (Bad file descriptor) [pid 5839] close(18) = -1 EBADF (Bad file descriptor) [pid 5839] close(19) = -1 EBADF (Bad file descriptor) [ 260.394160][ T5840] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 260.403657][ T5840] Memory cgroup stats for /syz1: [ 260.404110][ T5840] anon 0 [ 260.404110][ T5840] file 0 [ 260.404110][ T5840] kernel 8192 [ 260.404110][ T5840] kernel_stack 0 [ 260.404110][ T5840] pagetables 0 [ 260.404110][ T5840] sec_pagetables 0 [ 260.404110][ T5840] percpu 0 [ 260.404110][ T5840] sock 0 [ 260.404110][ T5840] vmalloc 0 [ 260.404110][ T5840] shmem 0 [ 260.404110][ T5840] zswap 0 [ 260.404110][ T5840] zswapped 0 [pid 5839] close(20) = -1 EBADF (Bad file descriptor) [pid 5839] close(21) = -1 EBADF (Bad file descriptor) [pid 5839] close(22) = -1 EBADF (Bad file descriptor) [pid 5839] close(23) = -1 EBADF (Bad file descriptor) [pid 5839] close(24) = -1 EBADF (Bad file descriptor) [pid 5839] close(25) = -1 EBADF (Bad file descriptor) [pid 5839] close(26) = -1 EBADF (Bad file descriptor) [pid 5839] close(27) = -1 EBADF (Bad file descriptor) [pid 5839] close(28) = -1 EBADF (Bad file descriptor) [pid 5839] close(29) = -1 EBADF (Bad file descriptor) [pid 5839] exit_group(0) = ? [pid 5839] +++ exited with 0 +++ [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5089] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5089] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5089] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] unlink("./60/binderfs") = 0 [pid 5089] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5089] unlink("./60/cgroup") = 0 [pid 5089] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./60/cgroup.net") = 0 [ 260.404110][ T5840] file_mapped 0 [ 260.404110][ T5840] file_dirty 0 [ 260.404110][ T5840] file_writeback 0 [ 260.404110][ T5840] swapcached 0 [ 260.404110][ T5840] anon_thp 0 [ 260.404110][ T5840] file_thp 0 [ 260.404110][ T5840] shmem_thp 0 [ 260.404110][ T5840] inactive_anon 0 [ 260.404110][ T5840] active_anon 0 [ 260.404110][ T5840] inactive_file 0 [ 260.404110][ T5840] active_file 0 [ 260.404110][ T5840] unevictable 0 [ 260.404110][ T5840] slab_reclaimable 6752 [ 260.404110][ T5840] slab_unreclaimable 0 [ 260.404110][ T5840] slab 6752 [ 260.404110][ T5840] workingset_refault_anon 0 [ 260.404110][ T5840] workingset_refault_file 0 [ 260.404110][ T5840] workingset_activate_anon 0 [ 260.404110][ T5840] workingset_activate_file 0 [ 260.404110][ T5840] workingset_restore_anon 0 [ 260.404110][ T5840] workingset_restore_file 0 [ 260.404110][ T5840] workingset_nodereclaim 0 [ 260.404110][ T5840] pgscan 831 [ 260.404110][ T5840] pgsteal 2 [ 260.404110][ T5840] pgscan_kswapd 0 [ 260.404110][ T5840] pgscan_direct 831 [ 260.404110][ T5840] pgscan_khugepaged 0 [ 260.404110][ T5840] pgsteal_kswapd 0 [pid 5089] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5089] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 260.404110][ T5840] pgsteal_direct 2 [ 260.404110][ T5840] pgsteal_khugepaged 0 [ 260.404110][ T5840] pgfault 21 [ 260.404110][ T5840] pgmajfault 0 [ 260.404110][ T5840] pgrefill 830 [ 260.404110][ T5840] pgactivate 829 [ 260.404110][ T5840] pgdeactivate 830 [ 260.404110][ T5840] pglazyfree 0 [ 260.404110][ T5840] pglazyfreed 0 [ 260.404110][ T5840] zswpin 0 [ 260.404110][ T5840] zswpout 0 [ 260.404110][ T5840] thp_fault_alloc 0 [ 260.404110][ T5840] thp_collapse_alloc 0 [pid 5089] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5089] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5089] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5089] close(4) = 0 [pid 5089] rmdir("./60/file0") = 0 [pid 5089] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5089] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5089] unlink("./60/cgroup.cpu" [pid 5840] <... write resumed>) = 18 [pid 5089] <... unlink resumed>) = 0 [pid 5840] close(3) = 0 [pid 5840] close(4) = 0 [pid 5840] close(5) = 0 [pid 5840] close(6) = 0 [pid 5840] close(7) = -1 EBADF (Bad file descriptor) [pid 5840] close(8) = -1 EBADF (Bad file descriptor) [pid 5840] close(9) = -1 EBADF (Bad file descriptor) [pid 5840] close(10) = -1 EBADF (Bad file descriptor) [pid 5840] close(11) = -1 EBADF (Bad file descriptor) [pid 5840] close(12) = -1 EBADF (Bad file descriptor) [pid 5840] close(13) = -1 EBADF (Bad file descriptor) [pid 5840] close(14) = -1 EBADF (Bad file descriptor) [pid 5840] close(15) = -1 EBADF (Bad file descriptor) [pid 5840] close(16) = -1 EBADF (Bad file descriptor) [pid 5840] close(17) = -1 EBADF (Bad file descriptor) [pid 5840] close(18) = -1 EBADF (Bad file descriptor) [pid 5840] close(19) = -1 EBADF (Bad file descriptor) [pid 5840] close(20) = -1 EBADF (Bad file descriptor) [pid 5840] close(21) = -1 EBADF (Bad file descriptor) [pid 5840] close(22) = -1 EBADF (Bad file descriptor) [pid 5840] close(23) = -1 EBADF (Bad file descriptor) [pid 5840] close(24) = -1 EBADF (Bad file descriptor) [pid 5840] close(25) = -1 EBADF (Bad file descriptor) [pid 5840] close(26) = -1 EBADF (Bad file descriptor) [pid 5840] close(27) = -1 EBADF (Bad file descriptor) [pid 5840] close(28) = -1 EBADF (Bad file descriptor) [pid 5840] close(29) = -1 EBADF (Bad file descriptor) [pid 5840] exit_group(0) = ? [pid 5840] +++ exited with 0 +++ [pid 5089] getdents64(3, [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 260.603247][ T5840] Tasks state (memory values in pages): [ 260.608873][ T5840] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 260.619297][ T5840] Out of memory and no killable processes... [ 260.636527][ T5841] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5090] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5090] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5090] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5090] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5090] unlink("./61/binderfs") = 0 [pid 5090] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5090] unlink("./61/cgroup") = 0 [pid 5090] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./61/cgroup.net") = 0 [pid 5090] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... getdents64 resumed>0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5089] close(3) = 0 [pid 5089] rmdir("./60") = 0 [pid 5089] mkdir("./61", 0777) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached [pid 5844] chdir("./61" [pid 5089] <... clone resumed>, child_tidptr=0x555555c0c5d0) = 63 [pid 5844] <... chdir resumed>) = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5844] setpgid(0, 0) = 0 [pid 5844] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5844] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5844] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [ 260.648043][ T5841] CPU: 1 PID: 5841 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 260.658050][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 260.668160][ T5841] Call Trace: [ 260.671490][ T5841] [ 260.674476][ T5841] dump_stack_lvl+0x136/0x150 [ 260.679234][ T5841] dump_header+0x10a/0xd70 [ 260.683729][ T5841] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 260.689895][ T5841] out_of_memory+0xd64/0x1660 [ 260.694665][ T5841] ? oom_killer_disable+0x2b0/0x2b0 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5844] mkdir("./file0", 000) = 0 [pid 5844] open("./file0", O_RDONLY) = 3 [pid 5844] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5844] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5844] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5844] openat(5, "memory.max", O_RDWR) = 6 [ 260.699948][ T5841] ? find_held_lock+0x2d/0x110 [ 260.704788][ T5841] mem_cgroup_out_of_memory+0x206/0x270 [ 260.710404][ T5841] ? mem_cgroup_margin+0x130/0x130 [ 260.715625][ T5841] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 260.721530][ T5841] memory_max_write+0x2f9/0x3c0 [ 260.726471][ T5841] ? mem_cgroup_force_empty_write+0x160/0x160 [ 260.732626][ T5841] ? lock_sync+0x190/0x190 [ 260.737112][ T5841] cgroup_file_write+0x1e2/0x7b0 [ 260.742132][ T5841] ? mem_cgroup_force_empty_write+0x160/0x160 [ 260.748290][ T5841] ? kill_css+0x3b0/0x3b0 [ 260.752700][ T5841] ? lock_acquire+0x32/0xc0 [ 260.757286][ T5841] ? kill_css+0x3b0/0x3b0 [ 260.761674][ T5841] kernfs_fop_write_iter+0x3f1/0x600 [ 260.767016][ T5841] vfs_write+0x9ed/0xe10 [ 260.771348][ T5841] ? kernel_write+0x670/0x670 [ 260.776114][ T5841] ? find_held_lock+0x2d/0x110 [ 260.780952][ T5841] ? __fget_light+0x20a/0x270 [ 260.785707][ T5841] ksys_write+0x12b/0x250 [ 260.790091][ T5841] ? __ia32_sys_read+0xb0/0xb0 [ 260.794912][ T5841] ? lockdep_hardirqs_on+0x7d/0x100 [ 260.800173][ T5841] ? _raw_spin_unlock_irq+0x2e/0x50 [ 260.805461][ T5841] ? ptrace_notify+0xfe/0x140 [ 260.810211][ T5841] do_syscall_64+0x39/0xb0 [ 260.814712][ T5841] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 260.820674][ T5841] RIP: 0033:0x7faecf034129 [ 260.825127][ T5841] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 260.844771][ T5841] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5844] write(6, "0x000000000000040e", 18 [pid 5090] <... umount2 resumed>) = 0 [ 260.853255][ T5841] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 260.861280][ T5841] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 260.869303][ T5841] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 260.877314][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 260.885315][ T5841] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000003b [ 260.893374][ T5841] [pid 5090] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5090] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5090] getdents64(4, 0x555555c15660 /* 2 entries */, 32768) = 48 [pid 5090] getdents64(4, 0x555555c15660 /* 0 entries */, 32768) = 0 [pid 5090] close(4) = 0 [pid 5090] rmdir("./61/file0") = 0 [pid 5090] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5090] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5090] unlink("./61/cgroup.cpu") = 0 [pid 5090] getdents64(3, 0x555555c0d620 /* 0 entries */, 32768) = 0 [pid 5090] close(3) = 0 [pid 5090] rmdir("./61") = 0 [pid 5090] mkdir("./62", 0777) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c0c5d0) = 64 [ 260.909606][ T5841] memory: usage 8kB, limit 0kB, failcnt 36 [ 260.915723][ T5841] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 260.923181][ T5841] Memory cgroup stats for /syz1: [ 260.923481][ T5841] anon 0 [ 260.923481][ T5841] file 0 [ 260.923481][ T5841] kernel 8192 [ 260.923481][ T5841] kernel_stack 0 [ 260.923481][ T5841] pagetables 0 [ 260.923481][ T5841] sec_pagetables 0 [ 260.923481][ T5841] percpu 0 [ 260.923481][ T5841] sock 0 [ 260.923481][ T5841] vmalloc 0 [ 260.923481][ T5841] shmem 0 ./strace-static-x86_64: Process 5845 attached [pid 5845] chdir("./62") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [ 260.923481][ T5841] zswap 0 [ 260.923481][ T5841] zswapped 0 [ 260.923481][ T5841] file_mapped 0 [ 260.923481][ T5841] file_dirty 0 [ 260.923481][ T5841] file_writeback 0 [ 260.923481][ T5841] swapcached 0 [ 260.923481][ T5841] anon_thp 0 [ 260.923481][ T5841] file_thp 0 [ 260.923481][ T5841] shmem_thp 0 [ 260.923481][ T5841] inactive_anon 0 [ 260.923481][ T5841] active_anon 0 [ 260.923481][ T5841] inactive_file 0 [ 260.923481][ T5841] active_file 0 [ 260.923481][ T5841] unevictable 0 [ 260.923481][ T5841] slab_reclaimable 6752 [ 260.923481][ T5841] slab_unreclaimable 0 [ 260.923481][ T5841] slab 6752 [ 260.923481][ T5841] workingset_refault_anon 0 [ 260.923481][ T5841] workingset_refault_file 0 [ 260.923481][ T5841] workingset_activate_anon 0 [ 260.923481][ T5841] workingset_activate_file 0 [ 260.923481][ T5841] workingset_restore_anon 0 [ 260.923481][ T5841] workingset_restore_file 0 [ 260.923481][ T5841] workingset_nodereclaim 0 [ 260.923481][ T5841] pgscan 831 [ 260.923481][ T5841] pgsteal 2 [ 260.923481][ T5841] pgscan_kswapd 0 [ 260.923481][ T5841] pgscan_direct 831 [ 260.923481][ T5841] pgscan_khugepaged 0 [ 260.923481][ T5841] pgsteal_kswapd 0 [ 260.923481][ T5841] pgsteal_direct 2 [ 260.923481][ T5841] pgsteal_khugepaged 0 [ 260.923481][ T5841] pgfault 21 [ 260.923481][ T5841] pgmajfault 0 [ 260.923481][ T5841] pgrefill 830 [ 260.923481][ T5841] pgactivate 829 [ 260.923481][ T5841] pgdeactivate 830 [ 260.923481][ T5841] pglazyfree 0 [ 260.923481][ T5841] pglazyfreed 0 [ 260.923481][ T5841] zswpin 0 [ 260.923481][ T5841] zswpout 0 [ 260.923481][ T5841] thp_fault_alloc 0 [ 260.923481][ T5841] thp_collapse_alloc 0 [pid 5845] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5845] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5845] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] mkdir("./file0", 000) = 0 [pid 5845] open("./file0", O_RDONLY) = 3 [pid 5845] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 261.115556][ T5841] Tasks state (memory values in pages): [ 261.122168][ T5841] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 261.150560][ T5841] Out of memory and no killable processes... [pid 5845] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5841] <... write resumed>) = 18 [pid 5841] close(3) = 0 [pid 5841] close(4) = 0 [pid 5841] close(5) = 0 [pid 5841] close(6) = 0 [pid 5841] close(7) = -1 EBADF (Bad file descriptor) [pid 5841] close(8) = -1 EBADF (Bad file descriptor) [pid 5841] close(9) = -1 EBADF (Bad file descriptor) [pid 5841] close(10) = -1 EBADF (Bad file descriptor) [pid 5841] close(11) = -1 EBADF (Bad file descriptor) [ 261.157119][ T5842] syz-executor384 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 261.168419][ T5842] CPU: 0 PID: 5842 Comm: syz-executor384 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 261.178375][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 261.188457][ T5842] Call Trace: [ 261.191759][ T5842] [ 261.194720][ T5842] dump_stack_lvl+0x136/0x150 [ 261.199456][ T5842] dump_header+0x10a/0xd70 [ 261.203909][ T5842] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 261.210028][ T5842] out_of_memory+0xd64/0x1660 [ 261.214754][ T5842] ? oom_killer_disable+0x2b0/0x2b0 [ 261.220001][ T5842] mem_cgroup_out_of_memory+0x206/0x270 [ 261.225586][ T5842] ? mem_cgroup_margin+0x130/0x130 [ 261.230761][ T5842] memory_max_write+0x2f9/0x3c0 [ 261.235665][ T5842] ? mem_cgroup_force_empty_write+0x160/0x160 [ 261.241785][ T5842] ? lock_sync+0x190/0x190 [ 261.246242][ T5842] cgroup_file_write+0x1e2/0x7b0 [ 261.251226][ T5842] ? mem_cgroup_force_empty_write+0x160/0x160 [ 261.257343][ T5842] ? kill_css+0x3b0/0x3b0 [ 261.261720][ T5842] ? lock_acquire+0x32/0xc0 [ 261.266296][ T5842] ? kill_css+0x3b0/0x3b0 [ 261.270670][ T5842] kernfs_fop_write_iter+0x3f1/0x600 [ 261.276009][ T5842] vfs_write+0x9ed/0xe10 [ 261.280322][ T5842] ? kernel_write+0x670/0x670 [ 261.285053][ T5842] ? find_held_lock+0x2d/0x110 [ 261.289871][ T5842] ? __fget_light+0x20a/0x270 [ 261.294600][ T5842] ksys_write+0x12b/0x250 [ 261.298980][ T5842] ? __ia32_sys_read+0xb0/0xb0 [ 261.303791][ T5842] ? lockdep_hardirqs_on+0x7d/0x100 [ 261.309026][ T5842] ? _raw_spin_unlock_irq+0x2e/0x50 [ 261.314268][ T5842] ? ptrace_notify+0xfe/0x140 [ 261.318984][ T5842] do_syscall_64+0x39/0xb0 [ 261.323452][ T5842] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 261.329381][ T5842] RIP: 0033:0x7faecf034129 [ 261.333824][ T5842] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 261.353463][ T5842] RSP: 002b:00007fff01927a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5841] close(12 [pid 5845] openat(4, "syz1", O_RDWR|O_PATH [pid 5841] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5845] <... openat resumed>) = 5 [pid 5841] close(13 [pid 5845] openat(5, "memory.max", O_RDWR [pid 5841] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5845] <... openat resumed>) = 6 [pid 5841] close(14 [ 261.361910][ T5842] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faecf034129 [ 261.369925][ T5842] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 261.377923][ T5842] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007fff01927a80 [ 261.385937][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff01927a7c [ 261.393935][ T5842] R13: 00007fff01927a90 R14: 00007fff01927ad0 R15: 000000000000003a [ 261.401983][ T5842] [ 261.408352][ T5842] memory: usage 8kB, limit 0kB, failcnt 36 [pid 5845] write(6, "0x000000000000040e", 18 [pid 5841] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] close(15) = -1 EBADF (Bad file descriptor) [pid 5841] close(16) = -1 EBADF (Bad file descriptor) [pid 5841] close(17) = -1 EBADF (Bad file descriptor) [pid 5841] close(18) = -1 EBADF (Bad file descriptor) [pid 5841] close(19) = -1 EBADF (Bad file descriptor) [pid 5841] close(20) = -1 EBADF (Bad file descriptor) [pid 5841] close(21) = -1 EBADF (Bad file descriptor) [pid 5841] close(22) = -1 EBADF (Bad file descriptor) [pid 5841] close(23) = -1 EBADF (Bad file descriptor) [pid 5841] close(24) = -1 EBADF (Bad file descriptor) [pid 5841] close(25) = -1 EBADF (Bad file descriptor) [pid 5841] close(26) = -1 EBADF (Bad file descriptor) [pid 5841] close(27) = -1 EBADF (Bad file descriptor) [pid 5841] close(28) = -1 EBADF (Bad file descriptor) [pid 5841] close(29) = -1 EBADF (Bad file descriptor) [pid 5841] exit_group(0) = ? [pid 5841] +++ exited with 0 +++ [pid 5087] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 261.430744][ T5842] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 261.446921][ T5842] Memory cgroup stats for /syz1: [ 261.447162][ T5842] anon 0 [ 261.447162][ T5842] file 0 [ 261.447162][ T5842] kernel 8192 [ 261.447162][ T5842] kernel_stack 0 [ 261.447162][ T5842] pagetables 0 [ 261.447162][ T5842] sec_pagetables 0 [ 261.447162][ T5842] percpu 0 [ 261.447162][ T5842] sock 0 [ 261.447162][ T5842] vmalloc 0 [pid 5087] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5087] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] getdents64(3, 0x555555c0d620 /* 7 entries */, 32768) = 208 [pid 5087] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5087] unlink("./59/binderfs") = 0 [pid 5087] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5087] unlink("./59/cgroup") = 0 [pid 5087] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5087] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5087] unlink("./59/cgroup.net") = 0 [ 261.447162][ T5842] shmem 0 [ 261.447162][ T5842] zswap 0 [ 261.447162][ T5842] zswapped 0 [ 261.447162][ T5842] file_mapped 0 [ 261.447162][ T5842] file_dirty 0 [ 261.447162][ T5842] file_writeback 0 [ 261.447162][ T5842] swapcached 0 [ 261.447162][ T5842] anon_thp 0 [ 261.447162][ T5842] file_thp 0 [ 261.447162][ T5842] shmem_thp 0 [ 261.447162][ T5842] inactive_anon 0 [ 261.447162][ T5842] active_anon 0 [ 261.447162][ T5842] inactive_file 0 [ 261.447162][ T5842] active_file 0 [ 261.447162][ T5842] unevictable 0 [ 261.447162][ T5842] slab_reclaimable 6752 [ 261.447162][ T5842] slab_unreclaimable 0 [ 261.447162][ T5842] slab 6752 [ 261.447162][ T5842] workingset_refault_anon 0 [ 261.447162][ T5842] workingset_refault_file 0 [ 261.447162][ T5842] workingset_activate_anon 0 [ 261.447162][ T5842] workingset_activate_file 0 [ 261.447162][ T5842] workingset_restore_anon 0 [ 261.447162][ T5842] workingset_restore_file 0 [ 261.447162][ T5842] workingset_nodereclaim 0 [ 261.447162][ T5842] pgscan 831 [ 261.447162][ T5842] pgsteal 2 [ 261.447162][ T5842] pgscan_kswapd 0